resholve
VW_Flash
resholve | VW_Flash | |
---|---|---|
11 | 11 | |
210 | 279 | |
- | - | |
8.0 | 4.7 | |
12 days ago | 3 months ago | |
Python | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
resholve
-
What is the Flakes version of "reproducible interpreted scripts"?
I'm also not 100% on whether it answers the question, but I imagine you're thinking of https://github.com/abathur/resholve (doc in nixpkgs: https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md)
-
modular bash profile scripting with shellswain
I intend to eventually find some time to figure out how feasible it would be to use https://github.com/abathur/resholve or wrapper techniques to bolt basalt (and perhaps other bash PMs) on to the nix ecosystem and nix-package some of your libraries.
-
Is there a good way to programmatically determine how many inputs some function can support?
(I'd love to have this ability for https://github.com/abathur/resholve to reliably identify arguments to one command that are also external commands/programs that it will in turn exec. I can't imagine trying to start it until/unless I have any bright ideas about how that executable spec and a parser for it would work.)
-
Could someone give me an example how I would have multiple "commands" in default.nix?
In https://github.com/abathur/resholve/blob/master/default.nix and https://github.com/abathur/resholve/blob/master/shell.nix you can see one approach to extending that line of thought to the default.nix itself.
-
Building the Future of the Command Line
Completions have in general been of interest, though the shell-specific completions I've looked at so far were all too dynamic.
I'd forgotten all about Fig since I saw your launch post here last year, so thanks for reminder. (I don't think I had quite started to work on parsing specific external commands, yet. Was still focused on just identifying the likely presence of exec in the executables.)
Are you familiar with the parse code? Are you handling painful stuff like combined short flags with a trailing option? (If I ferreted out some of the more painful cases I've had to wrangle, I am curious if you'd have a gut sense of whether your approach handles it. Would you mind if I reach out? I am working on this for https://github.com/abathur/resholve)
-
Devbox: Instant, easy, and predictable shells and containers
@dloreto @robrich A little aside from the announcement, but since it seems like you both work on this I wanted to surface something that came up down in a subthread:
I'm curious if you attempted to support macOS by doing this with Nix's dockerTools and cross-compiling (there may be better sources, but it's at least hinted at in https://nix.dev/tutorials/building-and-running-docker-images...)? If so, I'm wondering where that failed or bogged down?
---
Background: I build a tool (https://github.com/abathur/resholve) for ~packaging Bash/Shell (i.e., for demanding all dependencies be present). The tool's technically agnostic, but I built it specifically to fix Shell packaging in Nix.
I think it could benefit a lot of other Shell projects, since one of Shell's big tribulations is dealing with heterogenous environments, but most Shell projects wouldn't see much reason to endure the pain of adopting Nix if they still had to support the heterogenous environments.
Much like you're doing here, I've entertained figuring out how to build a Nix-based packaging flow that can generate deployable standalone bundles or containers. It'd be a heavy way to bundle Shell, but I imagine some projects would take the tradeoff for predictability and reduced support load. But since it would need to take place within a Nix build, I'd need to cross-compile for it to work on macOS. Hoping you know if it's a dead-end or not :)
-
Ask HN: Why aren't code diagram generating tools more common?
For a concrete example, I've been developing a tool (https://github.com/abathur/resholve) that can ~build/link Bash/Shell scripts--i.e., rewrite them with external executables converted to absolute paths. (This helps ensure dependencies are known, declared, present, and don't have to be on the global PATH for the script to execute cleanly.)
There's a devilish sub-problem, which is that any given executable can potentially exec arbitrary arguments. For now I handle this with a very crude automated binary/executable analysis that needs to be augmented by human source analysis. Deep multi-language source analysis wouldn't be very scalable, but I suspect fairly-standardized structural annotations could improve the results in a scalable way.
I have to imagine there are other applications of the same information.
-
I wrote an article about creating unit-tests and mocks for POSIX shells
I'm not 100% sure if you see the minimal PATH dependencies as a problem or not--so this may or may not help--but I develop https://github.com/abathur/resholve to make it easier to package Shell in Nix/nixpkgs by rewriting invocations of external dependencies in Shell scripts to absolute paths--and shunit2 is one of the Nix packages that I've updated to use resholve.
-
On Env Shebangs
I came here to say this, too :)
But, of course, it still isn't a silver bullet...
1. You still have to have a sane PATH. A fair amount of the Nix install-related issues that get opened are PATH problems, and you can also run into problems with PATH in cron/launchd.
2. You still have to know what the script depends on. This can get tricky beyond small scripts you wrote yourself. (I write a tool for ~linking/resolving external dependencies in Shell scripts, https://github.com/abathur/resholve. As I've been working on converting some of nixpkgs' existing Shell packages to use it, I almost always find dependencies the initial packager missed.)
-
Runtime dependencies for a bash script
Check out resholve. https://github.com/abathur/resholve
VW_Flash
-
Can Injection: keyless car theft
I did find an older VW "emergency start" product that claims to only work with Bosch MED17 and MED9, and I suspect it's using a memory-access primitive (either UDS or CCP) to release the immobilizer.
It's trivial to disable an immobilizer in software by re-flashing the ECU, yes, but modern ECUs have two strong protections against this:
* Cryptographic signature checking against update/re-flash payloads (I've done extensive research on these on VW Continental ECUs - https://github.com/bri3d/VW_Flash )
and an even better and more obvious protection:
* The ECU application software won't descend into the re-flash software (Customer Bootloader) unless the immobilizer is free (a valid key is present).
This is a lot of what helps to reduce surface area from an "emergency start" style attack to an AKL attack - now that the Customer Bootloader won't start without the Immobilizer being unlocked, an attacker needs to remove the control unit to flash it with a Supplier Bootloader exploit ( https://github.com/bri3d/simos18_sboot ) or physical access (BDM/JTAG).
-
Ask HN: What Are You Working on This Year?
This year I don't anticipate having much free time, so I'm trying to engage more contributors in side projects,
* Automotive ECU tooling, https://github.com/bri3d/VW_Flash
* DJI FPV forward/reverse/all sorts engineering, https://github.com/fpv-wtf
I've been working a lot with various folks using Discord and contributions are gradually shifting from me towards others, which has been great to see. As the old adage goes, teaching a project is truly the final form of knowing one - much harder than hacking alone, but ultimately more fulfilling.
When I started my automotive ECU journey my goal was to demystify the "tuning" scene for a broader software engineering community, and I think I've generally been successful at this.
-
Ask HN: What not-profit-seeking project are you tinkering with this week?
This week, as most weeks, I split my time outside of the day job and my other hobbies and obligations between Discord collaboration, Ghidra, and VSCode:
https://github.com/bri3d/VW_Flash - Flashing tools for select control modules in VW MQB and now PQ35 platform cars. This week I'm working on old stuff: a simpler exploit chain for older Simos ECUs, as well as tweaks to expand support to older DSG control units used in PQ35 platform vehicles.
https://github.com/fpv-wtf/msp-osd - I pushed a rearchitect of this on-screen-display overlay system for DJI FPV Goggles last week that seems to have sorted out a lot of issues - I switched from just passing through the OSD drawing messages from the Flight Controller to a system where the video transmitter maintains the OSD character buffer and sends a compressed representation of the screen state. This makes the system much more robust to packet loss in situations where the Flight Controller sends delta updates rather than frame-at-a-time.
I only really started publishing Open Source projects a year or two ago, and while they're pretty much my worst code by any objective measure, I've met some great people and really enjoy working on these. It's fun making things that achieve a goal without so much pressure of deadlines, stakeholders, and competing priorities.
-
ECU resources
VW_Flash: https://github.com/bri3d/VW_Flash/blob/master/docs/docs.md . Modern UDS control unit flashing: Preconditions RemoteRoutine, Programming Session, SA2 Seed/Key, Workshop Identifier, RequestDownload, TransferData, ExitTransfer, Checksum RemoteRoutine, rinse and repeat. Pretty much the same for any UDS control unit. Other manufacturers have some little tweaks to the Preconditions and Workshop Identifier, but conceptually this is how UDS flashing works overall. Also contains examples of modern control unit encryption (rolling cipher for Temic DQ250, crappy XOR for Simos8, AES for Simos12 and up and DQ381) and checksums (mostly CRC based, some header-defined, some not). Crash course in SBOOT/CBOOT/ASW/CAL layout of modern control units.
-
Hyundai car software update private keys came from easily Googleable sample code
That's pretty cool! I wonder how properly they were really signed - there are _so many_ mistakes even in systems that at least don't use an example key off the Internet.
The most common ones I know of are:
* Out-of-bounds write issues allowing "signature was validated" flags to be overwritten in Flash memory, like https://github.com/jglim/UnsignedFlash
* State machine mistakes, like https://github.com/bri3d/VW_Flash/blob/master/docs/docs.md - allowing Flash to be written again after it was already written, without an erase first.
* Filesystem parsing mistakes, like those in a number of VW AG head units: https://github.com/jilleb/mib2-toolbox/issues/122
* The use of RSA with E=3 and inadequate padding validation, like https://words.filippo.io/bleichenbacher-06-signature-forgery... .
* Failure to understand the system boundaries, like in the second part of https://github.com/bri3d/simos18_sboot where "secret" data can be recovered by halting the system during a checksum process.
* Hardware fault injection issues, as used in https://fahrplan.events.ccc.de/congress/2015/Fahrplan/system... .
Fundamentally this is of course, a very hard problem, since in the "protect against firmware modification" case, the attacker has physical access. But, compared to the state of the art in mobile devices and game consoles, automotive stuff is still way behind.
-
Hacking a VW Golf Power Steering ECU
Here is link number 1 - Previous text "My"
No, this EPS control module is remarkably primitive even by late 2000s standards and several generations behind today's state of the art.
More modern control modules with a bit more resource available to them will use AES as the symmetric encryption (although there are also fixed-key XOR schemes and custom stuff used like this: https://github.com/bri3d/VW_Flash/blob/master/lib/decryptdsg... ).
The keys and even IV are usually fixed across a "model line" of ECUs, so once a decrypted flash memory can be extracted, this isn't much of a protection measure, but it's a lot better than XOR.
Then, in more modern control units, flash areas are also usually protected by both a checksum (usually some CRC permutation, although cute tweaks and random nonsense are common here too) and some form of digital signature.
-
Ask HN: What you up to? (Who doesn't want to be hired?)
I have been reverse engineering automotive ECUs for a while now - https://github.com/bri3d/VW_Flash . It's a nice change from my day job in enterprise engineering management, and I've met some fun people and taught several folks a lot of new concepts, which is always extremely rewarding.
My latest project has been reverse engineering the data-flash encryption in Simos18 ECUs. After some work, it oddly appears the encryption algorithm used is Mifare Hitag2. I'm hoping to be able to re-encrypt NVRAM channels soon, although the overall data flash "filesystem" / channel-system layout needs some more work before I am ready to release my findings.
- Exploit Chains in the Simos18 Engine Control Unit
-
Are expensive OBD2 scanners different in hardware or only in software from cheaper ones?
3) For highly specialized applications, additional hardware is necessary. For example, on modern ECUs, often read/write access via diagnostic protocol is secured via encryption and signature validation, so to flash custom firmware requires a bypass of these measures. Sometimes this bypass can be via a vulnerability in the diagnostic protocol requiring no additional hardware, like on VW Simos18 , but other times the bypass requires manipulating the control unit beyond what the diagnostic port allows - custom serial protocol, specific sequences of GPIO manipulation, or PWM signals applied to specific pins.
What are some alternatives?
datashare - A self-hosted search engine for documents.
mib2-toolbox - The ultimate MIB2-HIGH toolbox.
mpack - MPack - A C encoder/decoder for the MessagePack serialization format / msgpack.org[C]
ScrapMechanicSeedTool - A tool that allows you to modify the seed of scrap mechanic save files.
egglog0 - Datalog + Egg = Good
esp32-isotp-ble-bridge - ESP32-IDF based BLE<->ISO-TP bridge targeting Macchina A0 hardware
devbox - Instant, easy, and predictable development environments
VWsFriend - VW WeConnect visualization and control
py_regular_expressions - Learn Python Regular Expressions step by step from beginner to advanced levels
ntfy - Send push notifications to your phone or desktop using PUT/POST
swift-sh - Easily script with third-party Swift dependencies.
Open-Assistant - OpenAssistant is a chat-based assistant that understands tasks, can interact with third-party systems, and retrieve information dynamically to do so.