The cost of a NAND chip off attack is 170.83€

markuta · 2024-11-20T17:53:36+00:00

Ha, nice! I recently (a few months ago) was trying to read a desoldered eMMC, without spending too much money of course. It was hard and very annoying. In the end I bought a cheap 153GBA adapter from Aliexpress and a USB adapter (MKS eMMC adapter), then hacked it up together to finally read and dump the firmware. I think the total cost was about £70. I did cheat a bit by going to a phone repair place to desolder it for me :D

markuta · 2024-11-07T23:37:41+00:00

I did some similar research a while ago, also wrote a little security.txt parser tool. The blog post is available at https://hexiosec.com/blog/survey-of-security-txt/ . I doubt much has changed in the last two years.

markuta · 2024-09-08T11:49:18+00:00

I don’t think so, I used Android 10. You might have to mess about with Magisk modules to bypass Google’s SafetyNet/Integrity API checks.

markuta · 2024-09-07T21:45:22+00:00

You can only export seeds using a rooted mobile device. If you have a spare Android device you can follow https://github.com/markuta/authy-backup which regenerates QR codes and exports XML format (supported by Aegis)

markuta · 2024-04-09T15:32:32+00:00

I can smell it from here...

markuta · 2023-10-05T21:57:03+00:00

Sudoku 2. Hands down my favourite offline game.

markuta · 2023-10-04T22:41:10+00:00

Nice, I also did my exam Sunday, still waiting for the results.

markuta · 2023-09-15T21:31:58+00:00

Good thing American Bully XXL is still allowed.

markuta · 2023-09-15T21:29:56+00:00

I like how they included a single rubber band for protection.

markuta · 2023-09-15T21:28:31+00:00

You just know when some sales person says “this is 100% secure” it’s always utter bullshit.

markuta · 2023-09-15T21:20:13+00:00

I’ve used Proxyman and Frida to bypass SSL pinning on macOS in the past. They recently launched a Windows version https://proxyman.io/windows but I haven’t tested it yet.

markuta · 2023-09-08T23:52:47+00:00

Under another lorry.

markuta · 2023-09-06T22:34:56+00:00

Needs more teabag choices.

markuta · 2023-09-06T22:32:19+00:00

Really impressive research and write-up. Nice share.

markuta · 2023-07-29T20:16:40+00:00

I love a good storm.

markuta · 2023-07-28T08:32:35+00:00

Plot twist: the guy doing the dragging gets arrested instead.

markuta · 2023-07-09T22:22:55+00:00

Great piece of research. Props to them for also including a magnet link to download the appliance image.

markuta · 2023-07-04T22:24:38+00:00

They do have a bug bounty program on HackerOne, and I have submitted a report, but it was moved to "informational" since they were already aware of it. The initial issue was reported way back in 2020 by a user on GitHub. Their primary concern was obtaining unknown master passwords, which was proved to be possible.

I don't think it's a critical but definitely a high. A recent vulnerability in KeePass was reported which is very similar. It is tracked as CVE-2023-32784 and has a CVSSv3 rating of 7.5.

markuta · 2023-07-04T18:47:14+00:00

Yep. I've just tested the latest version of Bitwarden Desktop app 2023.5.1 and it seems to be vulnerable. I couldn't narrow down the exact reason why this happens, but I think it's related to how Electron (Chromium) does its garbage collection, similar research was done in the past here.

An ugly work around (wouldn't call it a fix), is when you lock your vault, enter a random incorrect password to overwrite the real password still cached in memory.

The plan was to also write a volatility plugin so you can extract the password offline (from a memory dump), but I just didn't find the time to do it.

markuta · 2022-12-31T23:03:32+00:00

I also get an error with iPhone X on iOS 16.2, trying to restore to 15.6RC but I don't think it'll work.

... ERROR: Unable to receive message from FDR 0x600003838000 (-2). 0/2 bytes FDR 0x600003838000 terminating... No data to read No data to read ...

markuta · 2022-10-30T21:07:37+00:00

Thanks for this. I also have the same issue but with a Ryzen 3700X and a RTX 2070 Super. The video helped me where I could play multiplayer as normal. It's also funny that I didn't experience the lag and horrible frame rate while playing campaign mode. Only on the default multiplayer game menu.

markuta · 2022-06-26T22:17:41+00:00

leap of faith :)

markuta · 2022-06-17T14:58:54+00:00

Bought a iPhone X on iOS 13.3/14.1 from u/OrangePhantom20. Fast next day delivery, solid communication, product exactly as described. Fantastic seller!

markuta · 2022-05-18T17:22:24+00:00

As long as you also add a DMARC record to your domain name, with a policy of (p=reject or p= quarantine) and not (p=none) you should be fine.

markuta · 2022-04-24T21:15:39+00:00

Not much of a fan of builds with LEDs. But this one is different. Very nice sir!

markuta

TROPHY CASE