@uranther@hackers.town I’ve been looking to the last 5 years conferences videos of CCC and I couldn’t find yet the one I was talking to you about implementing a persistent hidden channel transmitter in a laptop’s CHIPSET (Northdridge) holding the ethernet controller, by hacking the CHIPSET’s embedded software. This POC / Demo was used to implement a hidden keylogger, but transmitting UUID tag could have been done instead... I’ll find it if it has not been deleted.

Follow

@uranther@hackers.town Here it is :

media.ccc.de/v/30C3_-_5380_-_e

This kind of hardware backdoor is a perfect base to build an "Active fingerprinting tracker".

Be sure all biggest agencies are playing this game.

Instead of using the malware to send keystrokes, you can send those UUID's / Integrated circuits serial numbers and you're done.

He's exploiting a known IP hidden channel, but many other could be used at raw IP level, or in higher protocol layers normalized by W3C.

Tor is a diversion.

@stman @uranther Looking back, it was unbelievable to see how huge the storm caused by Intel's "processor serial number" in Pentium 3 was, that even forced Intel to withdrew it. Meanwhile, nobody has ever said anything about the serial numbers of hard drives, GPUs, motherboards, RAM modules, Ethernet MAC address, etc, etc, etc. Pretty illogical, isn't it?

@niconiconi @uranther@hackers.town Yep. They withdraw it officially. I’m sure undocumented ones exist. About all subsystems perpherals serial numbers : My article CIA forced me to unpublished focussed mainly on that. There are at least 30 unerasable / unmaskable / unchangeable serial numbers in a standard PC motherboard IC’s and subsystems. Mac address is the only one that is garanteed to be editable because stored in an EEPROM or Flash in most ethernet controllers. That’s no

@niconiconi @uranther@hackers.town no surprise it was the only one realky advertized by our beloved nazi technological prophets. It has clearly been used as a diversion to mask all the others in our systems.

Then, there are other kind of « indirect » serial numbers : Processors speed, systems speed. All systems integrated circuits never run at the same speed. It one can measure precisely the effective speed of a CPU, it becomes a unique fingerprint.

Same for most subsystems then...

@stman @uranther
> one can measure precisely the [X], it becomes a unique fingerprint.

It remind me of those security papers from the early days of Tor, on how measuring the thermal drift of crystal oscillators via visible server time could potentially be used to fingerprint an onion service, or even deduce the approximate timezone or latitude.

If the academic community could go this far, no wonder, there must have been lots of more unpublished techniques discovered by the NSA in the past 10 years...

@niconiconi @uranther@hackers.town Many of these fingerprints can only be fighted by re-engineering completely all the technical architectures of computers and microprocessors. For many other reasons, I am convinced most of currebt architectures in digital systems are obsolete. In this field, progress has only be done by always adding many new features and layers, but the core architectures never really changed : A microprocessor and a microprocessor based system are still highly

@niconiconi @uranther@hackers.town centralized concepts and designs. CPU - CENTRAL processing unit - stands for itself. In terms of security model, it inherits from these core centralized concepts, generating other ridiculously centralized and outdated concepts like PMMU/MMU, which is realky a good example : A single zero day exploited into a kernel (Meaning some code running in priviledged mode in a microprocessor) leading to arbitrary code execution in the same mode and the whole

@niconiconi @uranther@hackers.town security model is down : The attacker can modify PMMU/ MMU registers, modify PMMU/MMU pages trees, and your whole system is definitely persistently compromized.

This is why cyber-security now-a-day really makes me laugh : It is the highest degree of stupidity and masochism, were most folks just refuse to see that most issues come from those outdated core architectures. But still, sale folks continue to add new layers, new stuff, rising complexity,

@niconiconi @uranther@hackers.town and in the end bringing more new holes in the system leading to further more cybersecurity issues. It’s a self maintaining sado-masochist chain reaction, and it’s really like folks were completely brainwashed refusing to see that just by reengineer core architectures from scratch, avoiding those outdated centralized concepts, and enforcing kiss design approaches, most of the issues can be solved.

More than ever, those ugly nazi « religious »

@niconiconi @uranther@hackers.town manipulation technics that all our war mongers nazi military love to exploit are more than ever present. The new young generations of engineers and hackers are completely manipulated by those « religious » propagand and mind formatting technics to a point that is hard to believe :

• Day 1, god created the X86 CPU concept and computers based on its image.
• Day 2, god created centralized telecommunication networks and TCP/IP

@niconiconi @uranther@hackers.town
• Day 3, god creates the kernel concept (centralized, again), inherited by the 2 first concepts also fully centralized.

Most folks never think to te-enginnee those 3 basic outdated centralized concepts from which all the shit we use today, these thousands layers all competing between each other in complexity, inherited, like a disastrous nazi rooted fractal in terms of cyber-power model.

Only true crypto-anarchists purge their creative and

@niconiconi @uranther@hackers.town independent minds from all those artificial boundaries and design and say « hey, we are going to re-think day 1, 2 and 3 » with mind blowing new approaches and concepts. We shall not loose time fixing outdated centralized (nazi) concepts and architectures that forged the whole overall nazi technology stack as we suffer from it today.

And the best way to reinvent everything is according to me to master the unique relationship that do exist between

@niconiconi @uranther@hackers.town architectural choices, in any known technological layers, and the corresponding kind of cyber-power is creates.

It is also a matter of blowing all those artificial boundaries that we all refer stupidely to : Hardware, Software, Os, Protocols, etc... alk these boundaries just don’t exist, only in our mind indeed, and their daily usage is a fucking self manipulation preventing folks from thinking that all the shit we endure today, all this

@niconiconi @uranther@hackers.town ineluctable rising fascism and nazism is the only fucking deterministic consequence of what those « nazi digital religion makers » who formatted our minds with fascist centralized concepts of day 1, 2 and 3 detailed earlier with the same force as with capitalism and consumerism.

Wanna save the world from nazism and fascism, and also capitalism ?

Free your mind, and fucking start thinking reengineering day 1, 2, 3’s concepts with new disruptive

@niconiconi @uranther@hackers.town This is to me from far the best definition of crypto-anarchism.

There will be no change and no revolution until we master this way of designing a new cyberspace architecture, with all the architectures of the underlying stuff supporting it.

« Architecture is Law » !

@niconiconi @uranther@hackers.town decentralized concepts, getting rid of all known boundaries and layers concepts as we know them, in all fields.

There has never been any boundary between hardware, software, protocols : everything is architecture, state machines.

But this time, let’s rethink everything with mastered kiss and cyber-power model driven approaches, and anticipate and watch the deterministic effect of all new things that will be developing upon those new initial core architectures.

@niconiconi @uranther@hackers.town Even any display monitor (VGA, DVI/HDMI) transfers a serial number to the GPU, reporting it to the APCI and the OS, it’s the VESA standard... Serial numbers are everywhere in digital systems. So do indirect Fingerprints too.

@niconiconi @uranther@hackers.town I remember seeing, while working on the NSA observer project with a few hackers, a slide in a Snowden leaked document, were I could see a dump of a table of an internal database of NSA, and I saw a column called « serial number ». Nobody paid attention to this. After all it was just a small text of two words in one slide of the hundred thousands revealed by snowden. It’s when I saw that that I decided to study seriously active fingerprinting technic

@niconiconi @stman @uranther I am so glad I am not the only one to remember the PIII serial thing. Never forget. Lol

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!