Cringe, techbro "reverse engineering" 

Not only the talk was cringe/stupid enough, the chat was also edgy as hell.

If you're doing research on secure enclaves, you should know that:

1) If you're expecting to exploit and flex with your findings, don't. You'll be found out easily.

2) Disclosures on this research is always risky, always try to co-operate with vendors. If they don't, find a better place to release your disclosure (like *con or *c3).

3) Anything can happen, you're taking big risks.

Show thread

Cringe, techbro "reverse engineering" 

So @ao linked me a Twitch stream where a guy is explaining how he managed to brick his istanbulkart*

Not only he skimmed the ISO 7816 SELECT procdeure, what he did was just replaying the card commands came from the MIFARE SAM server, which the card renews the MAC some time later.

His intent was also maiclious which is VERY illegal.

* Istanbul's transport card, uses DesFire EV1 and also counted as electronic money handler by the national banking regulator

Mastodon secret easteregg 

If you press ↑↑↓↓←→←→B A, nothing happens

@ao 's challenge is accepted. So I played Megalovania on a router.

RouterBoard plays Megalovania:
youtube.com/watch?v=nJIaCyGuTn

byobu hell 

local idiot nests 3 byobu sessions

> gets a hotel key
> it is MIFARE Classic
>> oh no
> reads it with phone
> card uses default keys
>> fucking what
> clones card, it works

Secure your cards. Please.

İlteriş Eroğlu's choices:

Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!