HackerTrans
TopNewTrendsCommentsPastAskShowJobs

oddlama

no profile record

Submissions

Bypassing disk encryption on systems with automatic TPM2 unlock

oddlama.org
1 points·by oddlama·पिछला वर्ष·0 comments

comments

oddlama
·पिछला वर्ष·discuss
I've written something like this for NixOS a while back [1], which generates infrastructure diagrams directly from the source of truth (albeit not as pretty as isoflow). I'm sure this could be applied to other declarative tech stacks aswell!

[1]: https://github.com/oddlama/nix-topology
oddlama
·पिछला वर्ष·discuss
This is great if you only have a single disk, but if you have multiple encrypted disks that are unlocked in the initrd this way, then if you can gain control flow by faking data on the last decrypted disk you can still gain access to all the previously unlocked partitions.

Of course you cannot unseal the secret from the TPM anymore.
oddlama
·3 वर्ष पहले·discuss
I can think of plenty real world usecases. Take for example a network interface that can send or receive predefined packet structs.

Imagine each packet requires a size header. When you want to send multiple packets at once, you now want to optimize that and only write a single initial header to the interface, preceding the data.

With variadic generics, you can enable a syntax like `interface.write_packets(packet1, packet2, packet3, /* ... */);` which writes the packets in the desired optimized way. It can internally construct a serializable data tuple from the variadic generics and add the correct header only to the beginning.

Without variadic generics a similar syntax is only possible with macros, which means that it cannot be implemented as a reusable trait.

> It would seem to me, you're just skipping the part where you give your tuple a name, but is that even a good idea to do?

Sometimes you explicitly don't want to require naming the tuple for flexibility, like in the example above.
oddlama
·3 वर्ष पहले·discuss
And additionally I would't want anyone on my network path to be able to read what data I exchange - even if it is a static site.
oddlama
·3 वर्ष पहले·discuss
Not parent, but I'm doing the same thing and I have had 5 leaks out of (currently) 387 accounts over the past 4 years (which is when I started doing this).

Oh and none of the involved entities ever acknowledged the leaks. I'd also be highly interested in the rates other people encounter.
oddlama
·4 वर्ष पहले·discuss
I haven't looked at the project but would assume that several people generated their wallets by using this tool. The attackers were thus able to generate keys for existing wallets by simply bruteforcing the measly 31 bits that were used in the tool's random initialization.
oddlama
·4 वर्ष पहले·discuss
Just a battery would be the simplest option. Just measure time until empty.

If you want higher time resolution, there are several fully integrated hall effect current measurement ICs out there, like for example the ACS723.

If you need even better accuracy or resolution and you can spare 100 bucks, just buy one of the Nordic Power Profiler Kits.
oddlama
·4 वर्ष पहले·discuss
Nothing here requires uploading the image to some form of cloud service. Do the recognition locally - maybe on a phone connected via Bluetooth. Never have any information leave the device and you will have significantly less privacy concerns.
oddlama
·4 वर्ष पहले·discuss
If anyone wants to learn about GPS from the ground up, there's an excellent website with interactive explanations by Bartosz Ciechanowski that I can wholeheartedly recommend [1].

His blog also covers other topics in a similar style - it's a real treasure trove.

[1] https://ciechanow.ski/gps/
oddlama
·4 वर्ष पहले·discuss
I for example just wouldn't like anyone to be able to see what data I exchange with any server, be it small profile blog or a login page.
oddlama
·4 वर्ष पहले·discuss
Ome of the best I came across, regarding both readability and content:

https://ciechanow.ski/
oddlama
·4 वर्ष पहले·discuss
esc esc esc :qa!<cr> (8 strokes)

This is the shortest I can think of right now, 3 esc to exit Ctrl-v, Ctrl-r and insert mode, then :qa! to quit even if there are splits or modified background buffers.

If ^C is considered one keystroke I'd replace all esc by ^C to prevent vim from hanging forever in the following starting situation: 999999999asometext^R^V<exit sequence>

With esc it would try to insert a lot of text after the last esc, which will make vim unresponsive for days at least.

Not sure if you want to count this one: alt+sysrq+k (1 stroke or 3 strokes depending on how you count)
oddlama
·4 वर्ष पहले·discuss
Yes, and it's quite comfortable. If you don't want to use external media, many boards also come with a builtin UEFI shell which is quite powerful. From there you can simply execute the kernel with the desired cmdline. (like ./vmlinuz root=...)