#birthday
It's my birthday today, I turn 24 xD.. Not that that is interesting but, I thought of making a progress post about the HDD Bootkit I was planning to make.
To recap!
Awhile ago I wrote about a hdd bootkit I was gonna make. and I Will copy and paste it BUT!
FIRST I will actually post real progress, I have now got to Project "1", which is to unscrew hard disks cover, identify the cpu n stuff, get schematics, wire stuff, debug, and load hello world on it. simply put that's "project 1".
Project 2, is to "take project 1's hello world" and turn it into a 'hdd firmwre bootkit'.
Hello!
I wrote a post some weeks ago, about this project - me making a bootkit for a firmware of a HDD, and/or a SSD's controller cards.
Many of you most likely wonder what's taking so long to even make a update on it?
And the truth is, I just had to get a special set of 'screwdrivers' (I think, many will laugh now but this is actually the first step, to open up any disk's 'case' to be able to see what CPU and all that is) you have to, (I had to at least) use a "TorxScrewDriver" or something along those paths.
So, Now I got it and I will begin the first step, namely the
"Pre-Research part". What's that? I call it that cuz, now I have to open them up, see what CPU and stuff they are using, note all of this down.
Then it's part 2, namely the "Research" Part. What is done here? For me, it's googling about resources, writing a report on what it's uses, and what schematic(s) (if any) is available.
Then, part 3 is the "Debugging" part. Here, as the name suggests, is to try to debug it using the report from Part 2.
Part 4 is the final step in the POC(Proof Of Concept) project. This is to take step 3 and make a software, and load it and run it. This will simply be a hello world project to begin with. To just, using the hardware of the Disk itself, write out, in debug print outs, "Hello World".
And this is the "project number one", Project 2.. Will the post I wrote about
When I say "I will post the progress" or something along those lines, I will post it on my GitHub.
I will, of course, NOT post the reversed firmware or stuff like that, cuz.. that would'nt be any good for obvious reasons. Instead I will just show what I can achieve, like at least one but probably more than the below:
backdoor the firmware (persistence)
make hidden sectors (possibly using encryption and or obfuscation with some steganography)
kleptography(detect CRYPTO operations to gather the priv keys and store it either a) in the chip(like the firmware), b)in the hidden sector or c) in another way, possibly transmitting it to elsewhere)
Run Linux on it. Yes. The Linux Kernel if possible.
I will try some stuff I believe will be the first things one tries before, breaking the HDD/SSD open and try for JTAG, cuz, what about if there's no jtag? Or, "better" (worse) if there may be jtag but it's obfuscated? I mean there's no real good thing for companies to label "here we got jtag! so you can hook it up to a machine if you want to debug it!" no no, quietness is what it is. Heh. (By the way that's the same with datasheets, it's not something just 'given out') <- At least.. Not with my experience.
JTAG (of course)
Serial (even if some of these might not achieve anything we want, we should just begin small)
See some pinouts
other known "ports"
datasheets
schematics
This will not only be "a project" on its own, it's a major part (the first part, actually) for something much bigger.
Alright! have a great day people! Wishes from Sweden!
Forget the xz/liblzma backdoor in Linux distros, there's a confirmed backdoor in D-Link Network Attached Storage (NAS) products. Username is messagebus with an empty password. Tracked as CVE-2024-3273 (7.3 high, disclosed 26 March 2024), D-Link refuses to patch it because "All D-Link Network Attached storage has been End of Life and of Service Life for many years [and] the resources associated with these products have ceased their development and are no longer supported" 🔗 https://www.bleepingcomputer.com/news/security/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account/
A week or so later, one good thing about the #xz#backdoor is how it all pretty much played out on Mastodon and in the #fediverse. The discussion wasn't on #x or #twitter, not #facebook or #stackedoverflow or whatever. Analysis and investigation and discussion happened here on #mastodon. Even #wired magazine gave credit.
Three years ago, #FDroid had a similar kind of attempt as the #xz#backdoor. A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a #SQLinjection#vuln. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now
An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts: