this is kind of dumb isn't it lol

"All the benefits of self-hosting. Done for you."

Cringe, techbro "reverse engineering" 

Not only the talk was cringe/stupid enough, the chat was also edgy as hell.

If you're doing research on secure enclaves, you should know that:

1) If you're expecting to exploit and flex with your findings, don't. You'll be found out easily.

2) Disclosures on this research is always risky, always try to co-operate with vendors. If they don't, find a better place to release your disclosure (like *con or *c3).

3) Anything can happen, you're taking big risks.

Show thread

Cringe, techbro "reverse engineering" 

So @ao linked me a Twitch stream where a guy is explaining how he managed to brick his istanbulkart*

Not only he skimmed the ISO 7816 SELECT procdeure, what he did was just replaying the card commands came from the MIFARE SAM server, which the card renews the MAC some time later.

His intent was also maiclious which is VERY illegal.

* Istanbul's transport card, uses DesFire EV1 and also counted as electronic money handler by the national banking regulator

@ao 's challenge is accepted. So I played Megalovania on a router.

RouterBoard plays Megalovania:

byobu hell 

local idiot nests 3 byobu sessions

> gets a hotel key
> it is MIFARE Classic
>> oh no
> reads it with phone
> card uses default keys
>> fucking what
> clones card, it works

Secure your cards. Please.

İlteriş Eroğlu's choices:


The original server operated by the Mastodon gGmbH non-profit