İlteriş Eroğlu @linuxgemini@mastodon.social

https://blog.linuxgemini.space/empty-future

Yes I explicitly repeated 2 on 3

Not only the talk was cringe/stupid enough, the chat was also edgy as hell.

If you're doing research on secure enclaves, you should know that:

1) If you're expecting to exploit and flex with your findings, don't. You'll be found out easily.

2) Disclosures on this research is always risky, always try to co-operate with vendors. If they don't, find a better place to release your disclosure (like *con or *c3).

3) Anything can happen, you're taking big risks.

So @ao linked me a Twitch stream where a guy is explaining how he managed to brick his istanbulkart*

Not only he skimmed the ISO 7816 SELECT procdeure, what he did was just replaying the card commands came from the MIFARE SAM server, which the card renews the MAC some time later.

His intent was also maiclious which is VERY illegal.

* Istanbul's transport card, uses DesFire EV1 and also counted as electronic money handler by the national banking regulator

So @BraixenIRL and I decided to make a SINE WAVE SAND DROP