<cr1901> Also, completely OT, but did anyone else know this? https://twitter.com/cr1901/status/1027336614333349893 Seems like it's not as obscure as I thought
<sorear> i'd heard of it
noobineer has quit [Ping timeout: 256 seconds]
<awygle> i had heard it before but i heard it again like two days ago
* awygle has zero defcon-based regrets
* cr1901 wants to try a Gros Michel banana...
<qu1j0t3> lol, i had the same impulse
<shapr> cr1901: I knew about the bananas, and expect it to happen again
<cr1901> That's the point of the linked article too... that it probably _will_ happen again (though since it was written they created a disease-resistant Cavendish)
<cr1901> From what I can tell, Gros Michel are the "tasty" bananas and Cavendish are "not as tasty". But we don't have much of a choice since the former aren't mass produced
<cr1901> (Still can buy them of course. Just not easy :P)
<cr1901> In any case, that's 3 ppl who knew about banana history in this room about FPGAs. I guess I was just out of the loop...
<sorear> i just have a lot of irrelevant information in general
<cr1901> qu1j0t3: Is pineapple on pizza really okay? Is it REALLY?
* cr1901 is okay w/ it
<qu1j0t3> cr1901: ...I think so!
<shapr> cr1901: https://xkcd.com/1053/
<sorear> yes, that too
<shapr> cr1901: my approach to life is that everyone knows at least one thing I want to know, probably many things. So I like finding out what things I can learn from them.
<shapr> though I'd argue the banana thing is "monocultures are bad"
<shapr> same way the irish potato famine happened
<awygle> If Gros Michel bananas taste like banana flavoring then the world has suffered a terrible loss
<awygle> Banana flavoring tastes way better than bananas
<rqou> esden_cloud, G33KatWork: ping again?
<sorear> the political causes of the famine are more interesting than the botanical causes
<awygle> always
<qu1j0t3> awygle | Banana flavoring tastes way better than bananas // If I wanted to understand how offended some people are by pineapple on pizza, I could refer to this
futarisIRCcloud has joined ##openfpga
<awygle> hahaha
<awygle> bananas are mealy and tasteless cmv
<cr1901> >Banana flavoring tastes way better than bananas
<cr1901> This is quite quotable
<awygle> feel free
<qu1j0t3> awygle: interesting. i wonder if this is like the cilantro thing
<qu1j0t3> cr1901: yeah i thought about different ways of tweeting it, but none really grabbed me
<qu1j0t3> tbh none were not sad
Bike_ has joined ##openfpga
Bike has quit [Ping timeout: 268 seconds]
Bike_ is now known as Bike
* awygle feels very judged
futarisIRCcloud has quit [Quit: Connection closed for inactivity]
<qu1j0t3> :)
<qu1j0t3> but maybe it is like the cilantro thing. i've just never heard of differing banana experiences.
rohitksingh_work has joined ##openfpga
rohitksingh_work has quit [Client Quit]
noobineer has joined ##openfpga
digshadow has quit [Ping timeout: 240 seconds]
azonenberg_work has quit [Ping timeout: 265 seconds]
azonenberg_work has joined ##openfpga
Bike has quit [Quit: Lost terminal]
s1dev has joined ##openfpga
noobineer has quit [Ping timeout: 248 seconds]
Miyu has joined ##openfpga
Miyu has quit [Ping timeout: 268 seconds]
rohitksingh has joined ##openfpga
rohitksingh has quit [Client Quit]
digshadow has joined ##openfpga
Hamilton has joined ##openfpga
<pie_> misc politics post since there are people relatively nearby https://twitter.com/bentarnoff/status/1027580996613558273
<pie_> "The tech worker mobilization underway at Amazon threatens these deals, and threatens to make Bezos less rich. So if the Bezos-owned @washingtonpost insists on continuing to run op-eds attacking those workers, the least it could do is acknowledge its conflict of interest."
<pie_> awygle, eww banana flavoring tastes way worse than bananas
s1dev has quit [Ping timeout: 260 seconds]
mumptai has joined ##openfpga
Hamilton has quit [Remote host closed the connection]
Hamilton has joined ##openfpga
Hamilton has quit [Client Quit]
msgctl is now known as loonquawl
loonquawl is now known as msgctl
Miyu has joined ##openfpga
noobineer has joined ##openfpga
noobineer has quit [Ping timeout: 255 seconds]
X-Scale has quit [Ping timeout: 240 seconds]
ym has joined ##openfpga
X-Scale has joined ##openfpga
flaviusb has joined ##openfpga
ondrej3 has quit [Ping timeout: 240 seconds]
ondrej3 has joined ##openfpga
carl0s has joined ##openfpga
ondrej3 has quit [Quit: Leaving]
carl0s has left ##openfpga [##openfpga]
argh_ has left ##openfpga ["Leaving"]
grantsmith has joined ##openfpga
wpwrak has quit [Ping timeout: 240 seconds]
wpwrak has joined ##openfpga
azonenberg_work has quit [Ping timeout: 260 seconds]
azonenberg_work has joined ##openfpga
<awygle> pie_: sorry your taste buds are atrophed :(
<awygle> *atrophied
<rqou> azonenberg_work: how do i convince $WORK that hashtag badgelife has a positive value for the company? :P :P :P
<rqou> presumably i need something about blinky "cybers"? :P :P :P
<qu1j0t3> it's OT, but i bet there are wildly varying kinds of banana flavour/essence too awygle pie_
<awygle> yeah probably. i'm specifically thinking of banana runts, or to a lesser extent laffy taffy
<azonenberg_work> lol
<pie_> idk ive only noticed one type of banana flavor so fa
<pie_> far
<pie_> rebrand ##openbananaflavor
<azonenberg_work> rqou: um, no idea
<rqou> does ioactive not have hashtag badgelife?
<rqou> they apparently have a big party though
<awygle> huh, is ioa a Big Deal?
* awygle always assumed they were just some local outfit
<rqou> i don't really get how the business side of the "infosec industry" works
<awygle> as an outsider, infosec is increasingly weird to me
<rqou> I'm an insider now and it's still weird
<pie_> wait rqou is now in infosec?
<pie_> didnt know rqou got a jerb
<pie_> dammit rqou why are you being a functional human being :p
<jn__> rqou: i thought it's step 1: do something impressive (blackhat talks, stunt hacking, etc.), step 2: get hired for whatever boring and unrelated infosec job the client needs to get done
<pie_> lol, stunt hacking
<rqou> i basically did that, except the things i did weren't quite that impressive
<rqou> also, i bet azonenberg_work's favorite banana flavoring is isoamyl acetate :P
<rqou> (unless he doesn't actually do this step of respirator fit testing)
<azonenberg_work> awygle: IOA normally throws a massive party at defcon - they skipped it last year for some reason (new marketing guy didnt get brought up in time or something)
<azonenberg_work> basically they rent out the entire pool at bally's
<azonenberg_work> all of the cabanas, the pool itself, the bars, everything
<azonenberg_work> hire some live entertainment and bartenders
<pie_> oh so IOA does that
<azonenberg_work> i can imagine it's quite expensive but apparently it pays for itself pretty quickly
<rqou> how?
<azonenberg_work> Get prospective clients drunk and happy then hand them a business card? lol
<azonenberg_work> idk
<awygle> simply the capital (or credit float) implied by such a thing implies a much larger Deal Size than i'd been thinking
<azonenberg_work> But apparently the sales guys think its worth it
<azonenberg_work> awygle: We're a global company - not a big one but still
<balrog> I like the REcon parties (still bummed that I missed out this year!)
<azonenberg_work> we have both corporate and engineering offices in seattle, then a mostly-sales office in london (some technical folks there)
<azonenberg_work> a second hardware lab in madrid
<azonenberg_work> a new office opening up in... dubai i think
<rqou> wut
<azonenberg_work> a bunch of remote folks in buenos aires but no office there yet afaik
<awygle> you know how you meet surgeons who became surgeons because they have some sort of deep seated need to open people up? this is how i increasingly feel about most security professionals
<awygle> maybe it's just the reporting but i never hear anything about people taking steps to improve security, just people hackin' stuff
<azonenberg_work> awygle: Yeah its the reporting
<jn__> the offensive side is definitely louder
<azonenberg_work> The reality is a lot less sexy and a lot more paperwork :p
<awygle> paperwork is software for humans cmv
<azonenberg_work> Every bug i put in a report needs to be accompanied by risk assessment, recommendations for patching, etc
<rqou> heh that's better than us
<awygle> yeah but even that is like, not what i mean. it's still fundamentally "find bug, fix bug", right?
<azonenberg_work> On the more research-y side there are efforts to close off entire classes of bugs
<rqou> $WORK has actually made architectural changes as a result of red team activities
<azonenberg_work> We try to get involved with ongoing clients early in the design cycle
<azonenberg_work> i've sat down with software leads and architects to go over designs before they're implemented
<awygle> the only time i hear about actually making the industry better is in the context of rust (basically), which is much closer to what i mean but still isn't the systematic industry-wide process improvement i'd really prefer to see
<azonenberg_work> And try to eliminate poor/dangerous architectural choices before the bugs even exist
<rqou> e.g. $WORK killed Jenkins (*cough* *cough* Homebrew)
<awygle> is jenkins bad now?
<rqou> it's too easy to misconfigure insecurely
* awygle , as is all too common lately, suddenly returns to full consciousness and realizes he's picking fights for no good reason
<awygle> sorry, ignore my frustration in this inappropriate venue lol
<rqou> let's just say that the recent Homebrew vuln is like 95% identical to several internal red team exercises
<daveshah> My only experience with infosec was getting a free rucksack from Netcraft in the UK
<daveshah> It's served me a good three years now
<daveshah> Was for getting a certain grade in A-level (=high school) computing
<azonenberg_work> Sooo i'm working on a design that needs a one-hot comparator
<azonenberg_work> Basically one bit A<X and one A>X
<azonenberg_work> Wondering if a greenpak is overkill
<azonenberg_work> So far i dont see other logic that needs to get shoved in there
<rqou> how's the analog performance?
<azonenberg_work> I dont need that much
<azonenberg_work> i'm actually now wondering if i could eliminate the comparator entirely
<azonenberg_work> since i have an ADC monitoring the same rail
<azonenberg_work> i might be able to do the comparison host side since it doesnt have to be fast at all
<azonenberg_work> i'm basically checking of an external VCCIO is above or below 3.3V
<azonenberg_work> if*
<azonenberg_work> And i was gonna have an i2c io expander there for other reasons
<azonenberg_work> So i could maybe just use that
<pie_> awygle, talk to qu1j0t3 lmao
<pie_> about process
<pie_> whitequark, context for your latest tweet? xD
<qu1j0t3> it has been rather burning up the twitterz
<qu1j0t3> and the ircz
<whitequark> people like the cso at facebook and chief seceng at chrome are acting like children whose favorite movie was insulted by that boy from over the street
s1dev has joined ##openfpga
* whitequark glares at the tweet
<whitequark> im wondering if one of them is going to whine in replies eventually or not
<whitequark> happened before
<pie_> whitequark, sorry i meat the ctos/whatever
s1dev has quit [Client Quit]
<pie_> ah and then you clear that up two lines later
<qu1j0t3> well this is basically the definition of ``butthurt'' so
<qu1j0t3> whitequark: Well I can read your tweet two ways -- in fact the first way i interpreted was, the threads it brought out in my feeds bringing a lot more detailed evidence to back up the xkcd
<qu1j0t3> whitequark: I wasn't sure if you were side-eyeing those ... mostly the butthurt theme has not been in my feeds ... yet
<pie_> is it bad that i immediately thought butthurt without any context at all (except having seen the xkcd)
<q3k> god
<q3k> this makes me sond fucking angry
<jn__> oooverflow… what happened to LegitBS?
<q3k> the organizing teams rotate every so often
<jn__> i see
<gruetzkopf> not the usual congress "gigabit on every port" scheme?
<q3k> no, this is defcon
<q3k> you want proper network infrastructure, live streaming of talks, and competent organizers? choose another conference.
<pie_> muricaaaa? :p
<pie_> alternatively, orga is hard?
<q3k> orga is hard, but they had... 25 years to figure this out?
<pie_> you said they rotate though
<q3k> not to mention that other, younger cons do it much better
<q3k> right, but if you can't handle _network infrastructure_ then maybe, just maybe, you shouldn't be running A&S CTFs
<q3k> *A&D
<pie_> i have no basis on which to know though, ive neer done a lot of network infra myself
<pie_> fair enough i guess
<q3k> this is like basic 101 knowledge of networks
<pie_> maybe you have to attack to get more bandwidth :p
<q3k> no, DoS of infra can result in multi-year bans according to the organizers' rules
<q3k> s,DoS of infra,DoS and attack of infra,
<pie_> technically youd be upgrading it
<pie_> i was joking though
<azonenberg_work> q3k: 10/half for rate limiting?
<azonenberg_work> loooool
<q3k> i know right?
<azonenberg_work> that is how RPI did rate limiting in their freshman dorms
<q3k> the level of incompetence is absurd
<azonenberg_work> Because they were using EOL'd cisco WS-C2924-EN or some very similar SKU
<azonenberg_work> that didn't support QoS or anything fun, and only had 10/100 ports
<gruetzkopf> 10FD pls
<gruetzkopf> (10G, obviously)
<azonenberg_work> lol
<azonenberg_work> Hey at least it's not IPoAC
<azonenberg_work> running that indoors in a convention center seems like it would make a huge mess
<q3k> i'm not even there and i still can't stop being upset over this
<q3k> i literally had better connectivity over vpn via the great firewall from mainland china
<azonenberg_work> I had LTE problems up the wazoo a few days ago
<azonenberg_work> with a 3-4 bar signal
<azonenberg_work> extreme downstream congestion i think, given how nice upgrade worked
<azonenberg_work> upload*
<azonenberg_work> side note, slower than 72% of the country? does that mean a quarter of the population has dialup??
<gruetzkopf> i'm behind TMO LTE too, atm (TMO DE though)
<azonenberg_work> I'm using TMO LTE as my primary connection since the new house isnt finished
<gruetzkopf> nice 20/20, 30G for 30€
<azonenberg_work> there is a cable modem sitting in the basement
<gruetzkopf> no public telco wiring at all in this building
<azonenberg_work> But there's no router or cable plant or wifi attached :p
<azonenberg_work> Just a stack of cable tray and boxes of cat5 on the floor
<azonenberg_work> and lots of empty 3/4" conduit
<gruetzkopf> i've installed a lot of AC in the last week
<gruetzkopf> ~100kBTU/hr
<azonenberg_work> So, looking for some comments on this io protection design https://i.imgur.com/BmpvFMO.png
<sorear> TMO LTE has a weird quota system that sends me to a “buy more data” page…but it’s broken and I can’t
<azonenberg_work> TXD0 is the internal side (despite the current netname, it's bidirectional)
<gruetzkopf> (and of course weather cools down the moment you've finished brazing the last connection)
<azonenberg_work> then IO0 is the world-facing side
<azonenberg_work> Let me zoom out a bit
<azonenberg_work> you cant see the whole hting
<azonenberg_work> Here we go
<azonenberg_work> So, on the internal side we have an ESD clamp diode that can handle short spikes but not sustained overcurrent
<azonenberg_work> Then we split the signal into AC and DC paths
<azonenberg_work> AC path is C16, passes AC signals basically untouched but blocks low frequencies
<azonenberg_work> The idea here is that a DC overvoltage will be blocked rather than melting the clamp diodes
<gruetzkopf> the internal clamping diodes?
<azonenberg_work> D1
<azonenberg_work> Those are for ESD suppression
<gruetzkopf> ah, specialised usb clamping things
<azonenberg_work> its a high speed USB3 clamp diode (this is not usb but i'm using the chip for low capacitance)
<azonenberg_work> Then on the DC path D2/D3 are Schottky clamp diodes to ensure the DC component of the signal doesn't go out of range (ground to VCCO)
<azonenberg_work> L1
<azonenberg_work> and L2 are to block the high speed signal from seeing the parasitic C of the diodes, which will be substnatial
<azonenberg_work> They'll probably be ferrites of some sort? TBD
<gruetzkopf> looks plausible
<azonenberg_work> then R16 is to limit current through the DC path to protect the diodes during sustained overvoltage
<gruetzkopf> what's gonna run over it?
<azonenberg_work> and R15 is a series terminator for the output
<gruetzkopf> $diff-sig?
<azonenberg_work> Arbitrary single ended digital IO from 1.2 to 5V VCCO levels and up to 500 Mbps data rates
<azonenberg_work> test equipment
<azonenberg_work> This is the newest iteration of the STARSHIPRAIDER I/O cell
<azonenberg_work> The goal is to survive a DC short to +/- 12V
<azonenberg_work> without exceeding absolute max of any component in the system
<azonenberg_work> Doing that while also being able to do 1.8V at several hundred Mbps is HARD :p
<gruetzkopf> heh, guess who has to accept shorts to mains :(
<azonenberg_work> I mostly work on low voltage stuff
<azonenberg_work> The goal here is that you can probe any two points on a typical wallwart-powered gizmo
<azonenberg_work> and it won't die
X-Scale has quit [Ping timeout: 248 seconds]
<azonenberg_work> gruetzkopf: https://i.imgur.com/906qyGR.png and this is the output buffer circuitry
<azonenberg_work> Two separate level shifters, one for 1.2 - 3.3V and one for 3.3-5V ranges
<azonenberg_work> then SPDT analog switches to mux between them, and a second level of switches to support tristating the output
<azonenberg_work> Then on the input side, it's just a comparator with a DAC to set the threshold
<gruetzkopf> hard treshold?
<gruetzkopf> *yakshave* programmable schmitt trigger behaviour
<azonenberg_work> Yeah for the moment its a hard threshold with a resistor-programmed hysteresis
<azonenberg_work> i'll set it to something sane like 25 mV or so
<gruetzkopf> usually good enough
<azonenberg_work> The VCCO is generated by a power opamp tracking a DAC reference
<gruetzkopf> what's your target for sink/source current?
<azonenberg_work> The DAC voltage is controlled by the host FPGA over I2C and can either be set to an arbitrary voltage of your choice, or to a runtime-selectable fraction of an external reference voltage monitored by an ADC
<azonenberg_work> The low voltage driver has 12 mA output and the high voltage driver has 24 mA output
<azonenberg_work> Both drop slightly at the low end of their range
digshadow has quit [Ping timeout: 240 seconds]
<azonenberg_work> oh also, the VCCO power rail will have a shunt resistor on it
<azonenberg_work> to monitor actual voltage and current
<gruetzkopf> all 1-gate 74*VC*145?
<azonenberg_work> Yes, i havent found anything better
<azonenberg_work> (So if you have a dead short to ground or something, it will be able to shut down VCCO and tristate all outputs)
<gruetzkopf> this sounds reasonable
<azonenberg_work> This is a prototype 2 channel system
<azonenberg_work> The full version will be 8 channels on a card
<azonenberg_work> 4 cards on the host system
<azonenberg_work> with separate vcci/vcco levels
<gruetzkopf> there's yakshaving to be had for a +++ version
<azonenberg_work> Thats why the io cards are socketed :)
<gruetzkopf> (per pin current measurement and stuff like that)
<gruetzkopf> for a particularly annoying legacy application i had to build stuff like that (even including programmable current limit per IO)
<azonenberg_work> oh fuuun
<azonenberg_work> yeah this is already going to be $$$
<azonenberg_work> i dont want to make it worse without a good reason
<azonenberg_work> my focus for the moment is on talking to every plausible single ended digital logic standard you might encounter in commodity embedded hardware, with the exception of SSTL for DRAM
<gruetzkopf> fair enough
<azonenberg_work> And being immune to damage if you probe anything in the +/- 12V range
<azonenberg_work> with the exception of high energy RF like a SMPS inductor output or something
<azonenberg_work> That will go right through the AC path and probably blow out the protection diode
<pie_> AC is scary :<
<pie_> well. moar inductors i guess
<pie_> (nevermind i have no idea what im talking about)
<gruetzkopf> whats projected BOM cost like right now?
<azonenberg_work> gruetzkopf: Not cheap? :p
<azonenberg_work> i'm targeting about $1K for a finished unit all told, i forget if that included PCB or not
<azonenberg_work> The host board will have a large 7-series FPGA, 10GbE SFP+, 1GbE copper interface, 4GB of DDR3, and four io card connectors
<azonenberg_work> I'm at $24.24 (lol) right now for the prototype io card but i havent finished picking parts
<azonenberg_work> that's for 2 channels
<azonenberg_work> Level shifters, the dual comparator, analog switches, then the common stuff (VCCO DACs, Vref ADC, overcurrent protection, etc)
<azonenberg_work> But not the qstrips
<azonenberg_work> or the PCB
<azonenberg_work> That goes up to $44.66 after adding the qstrips... those things are not cheap
X-Scale has joined ##openfpga
<rqou> heeey azonenberg_work, can I interest you in some pic32 reverse engineering?
<azonenberg_work> what about it?
<rqou> this year's defcon badge uses one
<rqou> a pic32mm
<azonenberg_work> oh shiny
<rqou> i have a flash dump but can't seem to get it to disassemble properly
<rqou> and the memory map doesn't make sense to me
<azonenberg_work> You have a full dump? Send me a link
<azonenberg_work> And which PIC?
<rqou> pic32mm0256gpm048
<azonenberg_work> So where's the dump?
<azonenberg_work> And how did you generate it?
<rqou> please wait :P
<rqou> and no readback protection
<azonenberg_work> Yeah but i mean, using a pickit? or what tool
<azonenberg_work> i.e. how confident are you the dump is accurate
<rqou> yeah PICKit3
<azonenberg_work> and complete
<rqou> idk i used a PICKit3 with the mplab production tool
<azonenberg_work> ok that should give a good result
<azonenberg_work> Did you try disassembling as micromips?
<rqou> not an option in my version of ida
<azonenberg_work> you select mips-little-endian then go to processor options
<azonenberg_work> Looks like a text adventure game?
<rqou> yup
<q3k> ah yes, the good old problem that anything disassembled as mips looks like valid assembly
<gruetzkopf> i only have macromips :P
<rqou> so does this boot in mips16 mode or mips32m
<rqou> ?
<q3k> i can't get it to disassemble nicely under micromips in ida7
<rqou> azonenberg_work: no otr sorry
<q3k> at least nothing at 1d000000 that looks like code
<q3k> either micromips or full mips
<rqou> yeah, that's what I'm seeing
<azonenberg_work> it's micrompis and makes sense
Miyu has quit [Ping timeout: 240 seconds]
<q3k> azonenberg_work: i must be doing something wrong then https://paste.q3k.org/paste/OerV1NhZ#NgrCmWjPFGjvU+dk2eKOvaF59n3wcAe8QGNrVub1ozE
<azonenberg_work> You have to alt-G to select the segment register
<azonenberg_work> for mips16 mode
<azonenberg_work> otherwise it defaults to x32
<q3k> i did
<azonenberg_work> the microaptiv cpu i think doesnt even support full mips32 encoding
<q3k> huh how quaint
<azonenberg_work> its like the tiny cortex-M's that are thumb only
<q3k> oh, it works at this addresss
<q3k> yeah
<q3k> didn't even bother looking up the memory layout of this thing
<rqou> how did you find this address lol?
<rqou> what does the reset vector look like?
<rqou> where in the manual do i find this?
<azonenberg_work> All MIPS CPUs boot at 0xbfc00000 virtual
<azonenberg_work> Which maps to physical address 0x1fc00000 in most pic32s
<rqou> wait micromips != mips16?
<azonenberg_work> Correct
<azonenberg_work> They're different 16-bit encodings
<rqou> so my ida doesn't work
<azonenberg_work> you have to specify it in CPU options when you first open things
<rqou> does this work in ida 6.6?
<q3k> no, micromips landed in 6.7
<q3k> iirc
<azonenberg_work> Also, hmmm
<azonenberg_work> This gets fun because the hex file is physically addressed
<azonenberg_work> and there are non-relocatable jumps in the code that are virtually addressed
<q3k> yeah, you'll have to create 'shadow' segments
<q3k> ida sucks for this
<pie_> im getting progressively closer to starting to work on starting to work on pieDA PRO
<pie_> watch this space
<azonenberg_work> Or i could just patch the hex file to be virtual
<q3k> pie_: everybody does at some point
<q3k> pie_: too much effort
<q3k> implementing a solid disassembler is a ton of boring work :/
<balrog> azonenberg_work, rqou have you seen this? https://github.com/blacksphere/blackmagic/wiki
<pie_> yeah i know ive been trying to figure out ways to avoid that lmao
<rqou> yes of course
<pie_> s/i know/that seems to be the case but i dont really know much about this and it seems hard to find good overviews of/
<rqou> ok, my less-illegal ida 7.1 works
<rqou> except for the virtual address thing
<rqou> azonenberg_work: how does that work?
Bike has joined ##openfpga
<azonenberg_work> mipsel-linux-gnu-objcopy -I ihex -O elf32-little defcon-26-human-orig.hex defcon-26-human-orig.elf
<azonenberg_work> now i think if i hex-edit the elf headers i should be good
<rqou> azonenberg_work: bonus points if you can find the "anti-crossflash" logic
<azonenberg_work> Gimme a bit
<kc8apf> rqou: are you getting badge hacking help?
<rqou> not too much since apparently i don't have any friends
<azonenberg_work> now this is weird, e_phoff in the calculated elf is zero
<rqou> but my goals are: cheat and make my LEDs all green; cheat and pretend to be all the badge types when paired
<q3k> azonenberg_work: i think it's typical for objcopy to create programheader-less elfs?
<azonenberg_work> Yeah i've just never seen those before
<azonenberg_work> i'm used to ignoring sections and mmapping the phdrs :p
<azonenberg_work> Anyway, elf patched
<azonenberg_work> now to re-ida and see how it works
<azonenberg_work> oh i have to set e_entry too
<kc8apf> I didn't bring tools to extract the friend
<rqou> wait kc8apf are you here?
<kc8apf> Yup
<rqou> want to swing by? I'm currently in the ramen place near Bally's
<rqou> in the cluster of small shops
indy has quit [Quit: ZNC - http://znc.sourceforge.net]
<kc8apf> I just got back over to Cesar's. Going to check out HHV and voting machine
<rqou> also, power budgeting for badges is apparently pretty hard
<kc8apf> Cash rationing seems to be challenging
<rqou> random idea for badges: i want to make a "malicious" sympetrum (dragonfly) badge that can force neighboring badges into patterns you control
<rqou> i wonder how not anused borgel would be? :P
indy has joined ##openfpga
<azonenberg_work> So the thing that makes more fun reversing mips
<azonenberg_work> is the kseg/kuseg plus caching fun
<azonenberg_work> so the same phys addr is mapped in like 3 places :p
<rqou> yeah, that's the part that I know nothing about
<azonenberg_work> So phys addr 0x 1FC* is mapped to virtual 0x9FC* and 0xBFC*
<azonenberg_work> q3k: how do you this?
<q3k> azonenberg_work: i didn't actually do anything related to remapping
<azonenberg_work> Right now i have everything mapped to kseg0
<q3k> azonenberg_work: opened the file in ida, remembered I didn't like reversing mips, closed ida
<azonenberg_work> and both kseg1 and kuseg are unusable
<azonenberg_work> lol
<q3k> i would honestly just rebuild the ihex manually in python
<q3k> instead of dicking about with elf
<q3k> or just move the sections around in ida itself
<azonenberg_work> i'm talking in ida
<azonenberg_work> if i want to make two segments backed by the same memory
<q3k> you can't lol
<azonenberg_work> and, ideally, with annotations etc kept in sync
<azonenberg_work> Welp
<azonenberg_work> So i guess the next best would be to manually copy the memory
<q3k> yes
<azonenberg_work> i have real work to do right now though
<azonenberg_work> So savin this for later :p
<rqou> azonenberg_work: not going to make reversing this your "didn't get to go to defcon" compensating? :P
<azonenberg_work> Nope
<azonenberg_work> I have a starshipraider to build
<rqou> do you even have cow-orkers right now? didn't they all go to defcon?
<rqou> also, not a goddamn house?
<azonenberg_work> $work is paying me to do starshipraider
<azonenberg_work> not construction
<q3k> azonenberg_work: that's pretty cool.
<azonenberg_work> For this week at least
<azonenberg_work> no billable work this week b/c everyone is at defcon except me and like one other
<azonenberg_work> so we're doing research :p
<rqou> whee, somebody here is running a "follow the ball under the cups" scam here
<rqou> i thought only Eastern Europeans did this
<q3k> i need to find more customers to bill for odd hw projects.
<azonenberg_work> rqou: lol that scam is as old as scams
<azonenberg_work> also i just have to pick out component values for a few passives
<azonenberg_work> and i'm good to start layout on the v0.2 io card
<kc8apf> One of the voting machines has an xc2 on it. Seems to be just an LED controller.
<kc8apf> These board designs are trash
<q3k> pix?
<rqou> hmm, some of us just might happen to have a tool to disassemble those bitstreams
<q3k> rqou: do you have an icebox_vlog like tool?
<rqou> these pedestrian routing setups are trash
<rqou> q3k: not quite, but yes
<rqou> q3k: i apparently suck at coding soni couldn't properly generate verilog
<rqou> *so i
<rqou> so it instead generates a (structural) yosys json netlist
<q3k> that's more than enough
<azonenberg_work> But you can write_verilog from that right?
<q3k> yep, you should
<azonenberg_work> kc8apf: did you pull the bitfile?
<rqou> you then run this through some undocumented yosys steps and then you can write_verilog
<q3k> although it's not gonna have nice metadata like icebox_vlog outputs
<q3k> (in comments
<q3k> )
<kc8apf> azonenberg_work: nope. I didn't bring any hardware.
<kc8apf> I'll get a pic in a few minutes. Left when the camera crew showed up
<q3k> ... camera crew at a hacking con?
<azonenberg_work> q3k: yeah the voting machine village tends to get media attention
<azonenberg_work> they're generally good about letting people disappear if they dont want to be filmed
<q3k> bleh
<q3k> only 4 months left until congress
<rqou> oh yeah some day we need to drag azonenberg_work to ccc
<azonenberg_work> next year
<azonenberg_work> i'm like 35 hours negative on PTO right now
<azonenberg_work> :p
<florolf> there's also a cccamp next year :p
<q3k> yes!
<florolf> azonenberg_work: i've been reading ipc 7525 and they recommend against aperture reduction when doing lead-free reflow (and overpasting fine-pitch bga in that case)
<florolf> what's your take on that?
<azonenberg_work> florolf: I generally do 1:1 aperture sizes these days
<azonenberg_work> have not found it necessary to over-paste
<azonenberg_work> the only thing i do reduction on is large QFN thermal pads
<azonenberg_work> where i break it up into a grid
<florolf> yeah, that's the only case where they recommend any kind of significant reduction
<kc8apf> Looks jtag header goes to it. LEDs are not stuffed. Wonder why the xc2 still is
<rqou> kc8apf: where are you right now? I'm right outside voting machine village
<kc8apf> Inside
<kc8apf> Right side
<rqou> ok look for the Chinese kid with a dragonfly badge
<pie_> rqou, its "asian"
digshadow has joined ##openfpga
cr1901_modern1 has joined ##openfpga
cr1901_modern has quit [Ping timeout: 248 seconds]
<q3k> azonenberg_work, rqou: btw, try tunning the badge code via retdec https://retdec.com/idaplugin/
<azonenberg_work> kc8apf: wooow that is an old board
<azonenberg_work> it has a tqfp44 and a PLCC44 footprint for dual sourcing
<kc8apf> Yup
<kc8apf> Uses a marvel xscale as well
<q3k> that layout is absolute ass, too
<q3k> i mean it's not _horrible_
<q3k> just really low on the fucks given scale
<azonenberg_work> lol
<azonenberg_work> sounds about right
<azonenberg_work> rqou: and maybe in another 1-2 defcons i can bring a starshipraider
<azonenberg_work> and have all the test gear i need :D
<kc8apf> have a handy snippet for xc2 and openocd?
<q3k> azonenberg_work: or maybe have it at CCC instead :3
<azonenberg_work> q3k: or that
<q3k> tbh smh fuck defcon
<kc8apf> it finds a 0x06e5e093
<kc8apf> so, it _seems_ to be valid
<kc8apf> just need a way to read out the config
<q3k> hmm
<azonenberg_work> Yeah defcon is a bit annoying
<azonenberg_work> Not a fan