Our keyboards are tracking us
7 comments
I run de-googled Android systems, and use FUTO keyboard on every single one. Supports swiping and voice recognition models.
Could you please recommend some?
Can you use simple keyboard?
https://github.com/rkkr/simple-keyboard
It's not smart at all, but it's also not smart at all.
https://github.com/rkkr/simple-keyboard
It's not smart at all, but it's also not smart at all.
Keyboards were always dangerous.
Very first 1981 IBM PC 5150 had special diagnostic backdoor routine hidden in POST code:
https://minuszerodegrees.net/5150/post/5150%20-%20POST%20-%2...
IF REQUESTED, LOAD DIAG. CODE "Take the clock pin in the motherboard's keyboard DIN connector LOW for 40 ms. (Done by the KBD_RESET subroutine.) If the attached device responds with the byte of 65h, the attached device is a special IBM device that supplies diagnostic/test code to the 5150 via the keyboard port. If 65h received, load in the diagnostic/test code (255 bytes) via the keyboard port, then execute the code."
Not that dangerous as it was only active for a split second during boot. But it gave peopple ideas. Zenith Data Systems implemented something similar in its ZBIOS, except meant to be active _at all times_ when computer runs :o
seg000:7B03 in https://github.com/raszpl/Zenith_ZBIOS/blob/main/Zenith%20Z-... :
Very first 1981 IBM PC 5150 had special diagnostic backdoor routine hidden in POST code:
https://minuszerodegrees.net/5150/post/5150%20-%20POST%20-%2...
IF REQUESTED, LOAD DIAG. CODE "Take the clock pin in the motherboard's keyboard DIN connector LOW for 40 ms. (Done by the KBD_RESET subroutine.) If the attached device responds with the byte of 65h, the attached device is a special IBM device that supplies diagnostic/test code to the 5150 via the keyboard port. If 65h received, load in the diagnostic/test code (255 bytes) via the keyboard port, then execute the code."
Not that dangerous as it was only active for a split second during boot. But it gave peopple ideas. Zenith Data Systems implemented something similar in its ZBIOS, except meant to be active _at all times_ when computer runs :o
seg000:7B03 in https://github.com/raszpl/Zenith_ZBIOS/blob/main/Zenith%20Z-... :
seg000:7B03 Backdoor_loader proc near ; CODE XREF: Keyboard_Process_Modifiers+30↑p
cli
mov ah, IO_Port_64h_KBC_CMD_60_WRITE_CONFIG
call Keyboard_KBC_command
call Keyboard_KBC_wait_input_ready
mov al, 5 ; magic Keyboard command to initialize backdoor code upload
out IO_Port_60h_KBD_Command, al
call Keyboard_Read_Synchronous
mov cl, al
call Keyboard_Read_Synchronous
mov ch, al
mov ax, 0
mov es, ax
mov di, offset 500h ; payload lands at 500h
backdoor_load_loop:
call Keyboard_Read_Synchronous
stosb
loop backdoor_load_loop
jmp far ptr 0:500h ; executing our payload
Backdoor_loader endp
triggered by pressing [T while holding Ctrl: check_Backdoor_init_key: ; CODE XREF: Keyboard_Process_Modifiers+E↑j
cmp ch, 1Bh ; Set-1 scancode [ (Left Bracket) key
jnz short check_Backdoor_trigger_key
or byte ptr cs:0CEh, 1
jmp error_exit
check_Backdoor_trigger_key:
cmp ch, 14h ; Set-1 scancode T key
jnz short clear_backdoor_gate
test byte ptr cs:0CEh, 1
jz short clear_backdoor_gate
call Backdoor_loader
Good news for Zenith customers from 1989 someone with more sense disabled this in final bios, but dead code is still there :)These are the kinds of comments i keep coming back to hn for.
Thanks for this piece of history.
Thanks for this piece of history.
What I thinking now is to modify the apk file firstly to stop getting updates and permanently cutting off gboards connection from internet. Is it a easy task to do? Suggest me if there any discontented Gboard version. Also please share thoughts about keyboard tracking.