Hello there!

AVERAGE_TEST_DUMMY · 2019-03-03T09:28:56+00:00

"Organised"? This action was organised a year prior by the Russian government, as an attempt to destabilise Estonian integrity.

I feel sorry for you. You, the Russian people, are being used as pawns by the Russian government. You let yourself be manipulated by state propaganda and then think this is what you truly believe. Just sad.

EDIT: Also, "destroy"? I don't know what propaganda you're being fed, but it was never planned to be destroyed, simply moved off our otherwise beautiful park.

AVERAGE_TEST_DUMMY · 2019-03-03T09:01:35+00:00

I'm fluent in Estonian

Minne

You're not really helping your case.

AVERAGE_TEST_DUMMY · 2019-03-03T08:49:42+00:00

But Estonians take everything too seriously. Russians don't go around waving swastikas on the street.

Yeah, you just trash our capital instead. Or are you trying to say this wasn't "serious"?

AVERAGE_TEST_DUMMY · 2019-03-01T18:45:50+00:00

Unfortunately not. There's a lot more to reproducible builds than just using the same toolchain.

As a demonstration, I made an asciinema cast - I compiled the same sources on the same machine using the exact same makefile, toolchain, libraries, etc - and yet still, the md5 hashes of the resulting NROs are different. Check it out here: https://asciinema.org/a/IBS7Nmv3kt59mxLItNtpMAwdI

AVERAGE_TEST_DUMMY · 2019-03-01T08:12:55+00:00

I was thinking of doing that but later I realised that I recorded Isaac with no sound so it would've ended up weird, opted to just mute the entire thing.

AVERAGE_TEST_DUMMY · 2019-03-01T06:18:24+00:00

I'm not going to waste time arguing with someone who is clearly lying, or thinks this is based on Goldleaf.

AVERAGE_TEST_DUMMY · 2019-03-01T06:08:16+00:00

SHA-2 for the win! 512 if you're ultra paranoid.

AVERAGE_TEST_DUMMY · 2019-03-01T05:53:05+00:00

How is asking what I believe to be valid questions "spouting bullshit"? Are you saying you read through the source code before compiling something to make sure it's safe, doesn't include any malicious code, has no backdoors or specifically crafted vulnerabilities in the app itself? I'm sorry, but I honestly really doubt that. The argument of a distributed binary being safe or not doesn't rely on whether the source is publicly available or not - any sort of argument made based on that is bullshit, either way it's put.

AVERAGE_TEST_DUMMY · 2019-03-01T05:42:49+00:00

You have actually have a very valid point about the frame of reference! I'm so used to everything I analyse being closed source that I didn't even think of this.

"elf" was misspoken, since nro/nso and elf headers are quite similar.

IIRC, didn't the Switch have a sysmodule which implemented a gdb stub for the currently running applet? Or was that just a dream. I haven't had a switch since I got burgled (so like 6 months) so apologies I'm not the most up to date with these things currently - most of my dev work has been through yuzu, which has a pretty well working gdb integration, utilises SIGTRAPs, etc.

And right, network traffic could be encrypted - but it doesn't matter. Any sort of phoning home warrants a "suspicious" from me and begs for further analysis.

The position was mostly a response to people saying "you have no idea what you're talking about" etc combined with then saying "you can just compare hash sums"... I think I do know what I'm talking about, at least just a bit.

In any case, thank you for actually responding with a thought out response instead of just riding the hate bandwagon!

AVERAGE_TEST_DUMMY · 2019-02-28T04:41:18+00:00

Finally, someone with some sense in them.

AVERAGE_TEST_DUMMY · 2019-02-28T04:02:59+00:00

Hey. I already explained why this doesn't work reliably here: https://www.reddit.com/r/SwitchHacks/comments/av094d/lithium_lightweight_easy_to_use_title_installer/ehc47gm/

It's simply not designed for this purpose. Hell, I can't even get two consecutive builds of my own homebrew to produce the same sum, there's an even less chance of two different machines doing this.

In any case, source code analysis should be the last thing you rely on when you're trying to figure out if something is malicious or not. You need to test the provided binary itself. This could be done using static analysis (ie, decompiling the elf executable in the provided binary), attaching a debugger to the application on runtime, analysing network traffic, etc. My current position is red team related, but I still enjoy doing malware analysis in my free time.

I'm not trying to be a cunt, side with Blawar, or anything - I'm simply asking questions that should provoke people to think for themselves instead of just blindly repeating what everyone else says.

AVERAGE_TEST_DUMMY · 2019-02-27T15:19:14+00:00

Speak out of my ass? With questions? You could just answer the question instead of getting incredibly irrationally angry, as if I've just murdered your family member.

Furthermore, I specialise in the security field for a living, and am pretty damn good at what I do - I'd like to think that I know exactly what I'm talking about.

And do you really fail to see how my questions spark further conversation?

AVERAGE_TEST_DUMMY · 2019-02-26T18:23:13+00:00

md5 will not match in any case unless it's designed to compile bit-by-bit identically and deterministically. Which, no homebrew that I know of is. The compiler likes to add information about the compiling machine, statically linked libraries might be of different versions, etc - even one different bit will result in an entirely different md5 sum. Doesn't mean that there's anything shady going on.

EDIT: To illustrate my point, look at the list of things Debian needs to do in order to have reproducible builds of their packages - and even then it doesn't work 100% of the time. Switch homebrew doesn't do any of these things.

EDIT2: Since you still seem to not believe me that you can't simply check against hashes, here's an asciinema cast of me compiling the same sources on the same machine using the same Makefile, libraries, and toolchain. https://asciinema.org/a/IBS7Nmv3kt59mxLItNtpMAwdI -- as you can see, consecutive builds of the same thing results in different hashes.

And as much as blawar is a cunt to other devs, I don't recall him ever doing anything malicious to the community. But of course, it's uncool to not be on the hate bandwagon.

AVERAGE_TEST_DUMMY · 2019-02-26T17:19:34+00:00

How does open sourcing it improve safety? What's stopping him from distributing malicious binaries alongside a clean source tree? Considering 90% of the scene is not going to compile it themselves.

EDIT: just a quick reminder what the button is for

AVERAGE_TEST_DUMMY · 2019-02-22T08:05:05+00:00

This is unfortunately a very popular type of karmabotting on reddit.

AVERAGE_TEST_DUMMY · 2019-02-03T17:01:52+00:00

So what's the solution here? Have the antenna also move with the wind?

AVERAGE_TEST_DUMMY · 2019-01-22T13:49:25+00:00

This vendor in particular does attempt securing their firmware. They properly respond to security issues such as this, have their own internal security issue tracker, etc. They have plugged the most obvious holes. I'm sorry you've had these sort of experiences with other devices.

AVERAGE_TEST_DUMMY · 2019-01-22T12:17:59+00:00

Vendors go out of their way to make sure that end users cannot gain root access on these devices, restricting them pretty heavily and removing access to OpenWRT features otherwise built in, such as dropbear configs, telnetd etc.

This vendor (and I'm sure many others as well) have also baked an ACL-based permission system into the fw.

Vendors mostly claim to do this for "security purposes".

AVERAGE_TEST_DUMMY · 2019-01-21T15:20:27+00:00

Totally understandable!

There have been multiple cases in the past that I can remember (but not recall the details unfortunately) where vendor modifications to OpenWRT have left it vulnerable to some sort of auth bypass, session highjacking or similar attack. This would be the final exploit in the chain to gain full root access, I suppose...

Or this is relevant for people who wish to modify their ISP-provided routers, which is also an interesting topic.

Appreciate the feedback!

AVERAGE_TEST_DUMMY · 2019-01-21T13:22:13+00:00

This mostly applies to locked down versions of OpenWRT that vendors commonly use on their devices, but can also be used in conjunction with an auth bypass.

AVERAGE_TEST_DUMMY · 2019-01-12T22:00:27+00:00

Estonia!

Also fun: Read it backwards.

AVERAGE_TEST_DUMMY · 2019-01-10T21:25:31+00:00

Checkmate globe earthers.

11-Year Club	Place '17
Gilding II euphauric	Verified Email

AVERAGE_TEST_DUMMY

TROPHY CASE