Simos18_SBOOT VS hn-search

I did find an older VW "emergency start" product that claims to only work with Bosch MED17 and MED9, and I suspect it's using a memory-access primitive (either UDS or CCP) to release the immobilizer.

It's trivial to disable an immobilizer in software by re-flashing the ECU, yes, but modern ECUs have two strong protections against this:

* Cryptographic signature checking against update/re-flash payloads (I've done extensive research on these on VW Continental ECUs - https://github.com/bri3d/VW_Flash )

and an even better and more obvious protection:

* The ECU application software won't descend into the re-flash software (Customer Bootloader) unless the immobilizer is free (a valid key is present).

This is a lot of what helps to reduce surface area from an "emergency start" style attack to an AKL attack - now that the Customer Bootloader won't start without the Immobilizer being unlocked, an attacker needs to remove the control unit to flash it with a Supplier Bootloader exploit ( https://github.com/bri3d/simos18_sboot ) or physical access (BDM/JTAG).

SIMOS18 SBOOT: https://github.com/bri3d/simos18_sboot Illustrates common security vulnerabilities in modern control units (inadequate RNG entropy, reset exploits). Illustrates common "SBOOT recovery mode break-in" / "TSW Mode" concept that many control units have.

That's pretty cool! I wonder how properly they were really signed - there are _so many_ mistakes even in systems that at least don't use an example key off the Internet.

The most common ones I know of are:

* Out-of-bounds write issues allowing "signature was validated" flags to be overwritten in Flash memory, like https://github.com/jglim/UnsignedFlash

* State machine mistakes, like https://github.com/bri3d/VW_Flash/blob/master/docs/docs.md - allowing Flash to be written again after it was already written, without an erase first.

* Filesystem parsing mistakes, like those in a number of VW AG head units: https://github.com/jilleb/mib2-toolbox/issues/122

* The use of RSA with E=3 and inadequate padding validation, like https://words.filippo.io/bleichenbacher-06-signature-forgery... .

* Failure to understand the system boundaries, like in the second part of https://github.com/bri3d/simos18_sboot where "secret" data can be recovered by halting the system during a checksum process.

* Hardware fault injection issues, as used in https://fahrplan.events.ccc.de/congress/2015/Fahrplan/system... .

Fundamentally this is of course, a very hard problem, since in the "protect against firmware modification" case, the attacker has physical access. But, compared to the state of the art in mobile devices and game consoles, automotive stuff is still way behind.

My writeups and JG Lim's cover three of the common mistakes in modern modules (supplier backdoor bugs in Simos supplier bootloader, state machine issues in Simos VW bootloader, and block buffer validity confusion / bounds check issues in Mercedes instrument cluster).

I have glossed over all of the actual data details here for brevity. For details including exact messages (and code!), please visit https://github.com/bri3d/Simos18_SBOOT

- Ads with Psychological tricks

Truly good websites have around 2 facts per 10 word sentence, and get instantly to the chase. Also: good websites give you the names of all their competitors/alternative websites before showing their own stuff, and give you further reading.

Right now the world of technology is supposedly more innovative than ever, but somehow Wikipedia (https://www.wikipedia.org/) and Search Hackernews (https://hn.algolia.com/) beat billion dollar search engines.

Articles written decades ago are still unsurpassed in terms of quality and ease of understanding, but the best modern websites can do is textbook explanations. It is time society graduates from boilerplate buzzword textbook culture.

Now the gems of the internet are slowly being buried beneath mountains of trash.

If something sounds boilerplate it isn't good enough.

Don't bother saying something that has been said before, and better.

>for more detail: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

Oh, I see. We actually discussed Pound about four years ago - just a little back and forth about the ABC of Reading: https://news.ycombinator.com/item?id=24196681

>What's your explanation of why Pound went Fascist?

I'm not sure I particularly have one; I haven't read any of his longer political or cultural (i.e. non-literary) works. I just think it's silly to correlate an approach to translation that you dislike with fascism. Especially as I'm not sure it even makes sense on its own terms: I can only read your comment as 'lazy translator? Figures that he would be a fascist', but if I imagine the type of translation a fascist would approve of, the approach I picture is fastidious, fussy, concerned with fidelity to the point of stickler-ishness. (Isn't that from where we get 'grammar nazi'?)

And oh, well, since you ask I'll take a shy at it: my vague sense is that he became fascist because saw a society in decline due to it becoming more and more a sham society: opulence without virtue, power without vigour, money no longer tied to actually existing goods. (Of course, all of this shades easily into antisemitism.) He saw fascism as the answer; It's easier to see in retrospect that it wasn't.

"multiplayer notepad" goes back 15 years at least - https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu... notepad&sort=byDate&type=comment

it was used back with a popular website which opened a text document and anyone viewing could type, but I can't remember the name. That became a thing in Google Docs, Microsoft Office, Floobits, and lots of self-hosted and cloned sites.

If you see a post that ought to have been moderated but hasn't been, the likeliest explanation is that we didn't see it. You can help by flagging it or emailing us at [email protected].

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

Ok, but please don't post unsubstantive comments to Hacker News.

I understand the reason for repeating these sentiments—it's the same reason why they get upvoted to the top of threads*—but repetition of this kind is what we're most trying to avoid here.

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...

https://news.ycombinator.com/newsguidelines.html

* I've marked this one off topic now.

I was looking for it in the guidelines. There are a couple of conventions for postings. Consider a bit of prior examples: [https://hn.algolia.com/?q=show+hn]

yeah there are only three stories coming up from the site search

https://hn.algolia.com/?q=postgres+clustering

only one is semanthically correct, the other pick up the wrong version of clustering (i.e. k-means instead of multi master writes)

but yeah if one doesn't test the hard cases, how does one know it preserves semantics :D

Like dismissing the work of Feyerabend or Wittgenstein without seemingly having read either:

https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=tr...

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...