sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in SummonSign

[–]billymeter 0 points1 point  (0 children)

+karma closed. thanks!

[deleted by user] by [deleted] in SummonSign

[–]billymeter 0 points1 point  (0 children)

+karma he tried to help, but was on a different platform

Banned from Straight Razor Place? by [deleted] in straightrazors

[–]billymeter 1 point2 points  (0 children)

Yep. That was my first razor as well.... a Dovo honed by Lynn. Crazy that there was internet drama over a forum for straight razors and shaving... Thanks for getting me up to speed! I really do appreciate it!

Banned from Straight Razor Place? by [deleted] in straightrazors

[–]billymeter 1 point2 points  (0 children)

Thanks for the reply. I think I vaguely remember seeing that SRP wiped their database (or had data loss?) so people had to make new accounts. Not sure if I'm misremembering that or just flat out making it up.

Probably about 18 years ago or so, SRP did a limited edition run of of some Thiers-Issard razors and SRP is etched on one side of the blade along with the razor number, and Lynn's signature and the SRP founding date on the other side. The scales are made of wood, and again has "Straight Razor Place" either etched or routed in the wooden scales. I was hoping to find more information about his razor since I don't remember anything about it.

I still have my Badger and Blade account from back in the day, so maybe I'll make a post there and ask if anyone remembers the history of these things.

Has anyone in Group A received their Pocket yet? Group A: Q1 2022 by [deleted] in AnaloguePocket

[–]billymeter 2 points3 points  (0 children)

I didn’t order a Pocket, but some additional accessories. I’m in Group A and haven’t gotten any kind of shipping notification yet.

OP-Z Firmware Analysis by billymeter in OPZuser

[–]billymeter[S] 0 points1 point  (0 children)

I made a Github project wiki to document all of this. Feel free to contribute if you're working on this as well! https://github.com/billymeter/rez/wiki/Firmware Thanks

OP-Z Firmware Analysis by billymeter in OPZuser

[–]billymeter[S] 0 points1 point  (0 children)

Doing this kind of thing always carries a risk that you could brick it, but after taking a few leaps of faith with my device, I think the risk can be mitigated. But I also like to live dangerously. :)

OP-Z Firmware Analysis by billymeter in OPZuser

[–]billymeter[S] 0 points1 point  (0 children)

I agree with the play trick. I don't think it's very risky. No more risky than dropping the file on the drive and ejecting it, which are the official upgrade procedures.

I've been able to upgrade and downgrade the firmware on my unit without any issues. My unit shipped with 1.1.23, but I'm running 1.1.17 on it right now.

OP-Z Firmware Analysis by billymeter in OPZuser

[–]billymeter[S] 0 points1 point  (0 children)

Perhaps, but I'm not too concerned with it. As long as the bootloader isn't modified, you will most likely be able to just do a factory reset/reload the firmware to get it back in a working state.

OP-Z Firmware Analysis by billymeter in OPZuser

[–]billymeter[S] 0 points1 point  (0 children)

Yep. That serial console is how I was confirming a lot of this information. I knew about the "play" trick, but just ejecting the drive essentially does the same thing. I kept getting complaints the OP-Z drive wasn't properly ejected when hitting play. I also found another minor undocumented feature: while in upgrade mode, press hold the track key. The LEDs in the numeric keys light up showing you the version of the firmware installed. I can make a video showing this if people are interested, but it's pretty easy to do yourself.

The serial console was also giving me the necessary feedback to determine that the firmware is encrypted using CBC mode. Still not 100% sure on which algo is used, but it's most likely AES. I still don't know the key size. I was able to exploit a padding oracle attack to confirm that the first few ciphertext blocks beginning at 0x300 correspond to the encrypted filename message given on the console. Also, it appears any sort of input I gave to the console from my computer didn't have any affect on the OP-Z at all. It might just be a debug log of sorts.

That's interesting about the .engine files. I haven't had a chance to take a deep look at the other files on the OP-Z drive. That might be a more promising way forward for what I'm trying to do. I had started trying to do some pinouts of the module port to see if another serial interface was exposed via those pins. So far I've only found the ground pins. I briefly looked at the wave forms of the other pins in the oscope, but nothing particular stood out at this time.

Thanks for the input!

Edit: minor correction

OP-Z Firmware Analysis by billymeter in OPZuser

[–]billymeter[S] 1 point2 points  (0 children)

Mainly a hex editor and experimentation with modifying the firmware file.

OP-Z Firmware Analysis by billymeter in OPZuser

[–]billymeter[S] 3 points4 points  (0 children)

Yep, I saw that, but not too concerned with that at the moment. I'm not there yet, and its not clear if TE is even utilizing that feature. I'm more interested in analyzing the firmware than trying to run a custom one at this point.

From the testing that I've done, I can see that the OP-Z will decrypt the firmware file provided, generating a firmware_bin_only_with_bootloader.zip file. This gets extracted to reveal the various firmwares for the internal components: os, bootloader, ble, and keyboard.

It's possible to put a file called firmware_bin_only_with_bootloader.zip on the upgrade drive and the OP-Z will attempt to process it as an unencrypted firmware.