#birthday
It's my birthday today, I turn 24 xD.. Not that that is interesting but, I thought of making a progress post about the HDD Bootkit I was planning to make.
To recap!
Awhile ago I wrote about a hdd bootkit I was gonna make. and I Will copy and paste it BUT!
FIRST I will actually post real progress, I have now got to Project "1", which is to unscrew hard disks cover, identify the cpu n stuff, get schematics, wire stuff, debug, and load hello world on it. simply put that's "project 1".
Project 2, is to "take project 1's hello world" and turn it into a 'hdd firmwre bootkit'.
Hello!
I wrote a post some weeks ago, about this project - me making a bootkit for a firmware of a HDD, and/or a SSD's controller cards.
Many of you most likely wonder what's taking so long to even make a update on it?
And the truth is, I just had to get a special set of 'screwdrivers' (I think, many will laugh now but this is actually the first step, to open up any disk's 'case' to be able to see what CPU and all that is) you have to, (I had to at least) use a "TorxScrewDriver" or something along those paths.
So, Now I got it and I will begin the first step, namely the
"Pre-Research part". What's that? I call it that cuz, now I have to open them up, see what CPU and stuff they are using, note all of this down.
Then it's part 2, namely the "Research" Part. What is done here? For me, it's googling about resources, writing a report on what it's uses, and what schematic(s) (if any) is available.
Then, part 3 is the "Debugging" part. Here, as the name suggests, is to try to debug it using the report from Part 2.
Part 4 is the final step in the POC(Proof Of Concept) project. This is to take step 3 and make a software, and load it and run it. This will simply be a hello world project to begin with. To just, using the hardware of the Disk itself, write out, in debug print outs, "Hello World".
And this is the "project number one", Project 2.. Will the post I wrote about
When I say "I will post the progress" or something along those lines, I will post it on my GitHub.
I will, of course, NOT post the reversed firmware or stuff like that, cuz.. that would'nt be any good for obvious reasons. Instead I will just show what I can achieve, like at least one but probably more than the below:
backdoor the firmware (persistence)
make hidden sectors (possibly using encryption and or obfuscation with some steganography)
kleptography(detect CRYPTO operations to gather the priv keys and store it either a) in the chip(like the firmware), b)in the hidden sector or c) in another way, possibly transmitting it to elsewhere)
Run Linux on it. Yes. The Linux Kernel if possible.
I will try some stuff I believe will be the first things one tries before, breaking the HDD/SSD open and try for JTAG, cuz, what about if there's no jtag? Or, "better" (worse) if there may be jtag but it's obfuscated? I mean there's no real good thing for companies to label "here we got jtag! so you can hook it up to a machine if you want to debug it!" no no, quietness is what it is. Heh. (By the way that's the same with datasheets, it's not something just 'given out') <- At least.. Not with my experience.
JTAG (of course)
Serial (even if some of these might not achieve anything we want, we should just begin small)
See some pinouts
other known "ports"
datasheets
schematics
This will not only be "a project" on its own, it's a major part (the first part, actually) for something much bigger.
Alright! have a great day people! Wishes from Sweden!