CameronDev @ CameronDev @programming.dev

Posts

4

Comments

1,183

Joined

2 yr. ago

Brb, gonna paint a kangaroo

That's for the motherboard replacement, not the bootloader unlock.

They've already unlocked and bricked their device, so they need a new motherboard.

The claims are well into the "I found a unicorn" territory, I'm tipping its either "If you misconfigure this, its unsafe", or its a real vuln, and its significantly harder to exploit that they are claiming.

Not all Linux's have SSH enabled, especially out of the box.

They have some other posts about IPv6 parsing (also not universal), but that doesnt sound like an "easy" RCE.

For free? Probably not.

Wireguard has been audited by some University groups, maybe contact one of them:

• https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2021-3.pdf
• https://courses.csail.mit.edu/6.857/2018/project/He-Xu-Xu-WireGuard.pdf

Doesn't even startup on my box, but doesn't crash the kernel or system either, just regular application crash

There really is 2 NSA's, with conflicting goals. Keep Americans secure, and collect everyone elses data. Its a difficult line to walk. The first half does produce really good advice and tools, but is undermined by the second halfs image.

I fortunately never learnt Ida due to cost, so I have no idea what is missing, but ghidra was a godsend for CTFs. Suddenly reversing challenges were accessible and easy.

https://code.nsa.gov/# - Lots of useful stuff here.

Kernel shouldn't crash, and anything running in memory will be okayish, but it definitely will get less and less stable. It won't be possible to start new processes.

I have a Linux install on a USB SSD with a flakey connection, if I bumped the cord the root would unmount. It was fairly resilient, but graphics would slowly start disappearing. I'm fairly sure I could cleanly reboot as long as I had a terminal open, but its been a while, so maybe I'm misremembering.

Still, the overall system becomes pretty useless, so i guess its fair to call it a crash

touch 😏

There are rust libraries to send signals, might be better to use those rather than calling bash. eg. https://docs.rs/nix/latest/nix/sys/signal/index.html

I'm guessing if input was "", then it would sigkill all processes? Less confident, but some functions behave slightly differently in an interactive console vs a non interactive, maybe ps has a different format when used non interactively?

 rust

    
Aside, you want three backticks and a newline to get code formatting :)


  

Ah, that definitely would feel like a crash. Sent kill signal to cgroup accidentally? Or just iterate over all processes and signal them all?

OPs example was task management, which doesn't require kernel modules.

Doesn't explain OPs task management example. And won't crash the kernel, just make things unresponsive

That won't crash your kernel, and I was more curious about the OPs example. Task management is basically reading some files, and sending signals, it should be near impossible to crash the system.

If the mother lives, she wasn't truely in danger, doctors go straight to prison. If the mother dies, she was in danger and they failed to act, doctors go straight to prison.

Should work swimmingly.

How are you crashing your system?! Crashing program sure, but the entire system?

Ghidra. Boom, here is 90% of ida pro. Enjoy.

The malware argument is a bit weak, if your router is vulnerable to something it'll likely be found and pwnd in a matter of minutes, so turning it off a night won't really save you. And once a patch is released, it'll be reverse engineered in a few hours/days, so ideally you want patches as soon as they are released.

Using your own device is usually a good idea anyway, telco stuff is usually pretty mediocre. And as soon as your device is slightly custom, it becomes a less valuable target.

Yeah, we'll get into that right after we solve SQL injection vulnerabilities. Don't rush us.

We missed this: https://lemmy.world/post/19803056