We are "patient" zero, so we hardened ourselves!

Sep 7, 2023 - 5 minute read - Research

Boot Unguarded: x86 Trust Anchor Downfalls to The Leaked OEM Internal Tools and Signing Keys

By HardcoreMatrix The HardcoreMatrix team specializes in firmware and infrastructure security, supply chain security, and threat modeling. We vividly illustrate the severe consequences that underlying threats pose to enterprise and personal information security. One “Leak” can rule them all! In March 2023, Micro-Star International (MSI) suffered a significant attack orchestrated by the Money Message ransomware group. Unfortunately, this is not just another random leak. The aftermath revealed a leak of internal data, including highly sensitive information such as the BootGuard private key.

Feb 10, 2021 - 17 minute read - Research

Cheap PCB story

Assuming that you’re a hardware hacker with full passionate about to making the new product and you dont want to build your own factory by tweaking around the soldering workbench or PnP psychopunk machine. It’s likely you’re end up somewhere( Asia: Shenzhen/Hongkong/Vietnam/etc, EU: Estonia/Germany/Sweden/etc, Americas: New Jersey/Mexico City/etc) to fit your need due to the trend of regional supply chain. You may encounter some problems no matter how the supply chain was formed.

May 14, 2020 - 11 minute read - Research

OpenTitan RTL synthesis with Yosys using sv2v and RTL-to-GDS generated by OpenROAD

OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. Yosys is a free/libre and open source framework for RTL synthesis tools. It currently has extensive Verilog-2005 support and provides a basic set of synthesis algorithms for various application domains. OpenTitan is a systemverilog project, but currently yosys only supports a small subset of systemverilog. So we need sv2v to convert the source code to verilog.

Feb 20, 2019 - 3 minute read - Research

Demo for exploiting use-after-free in dedicated cache

Exploit use-after-free bugs in dedicated cache This is just a demonstration. HOWTO free the target object spray and eat all available memory, take high memory usage, hope to have the freed object poisoned trigger the use-after-free NOTICE For each cache, the Slab allocator keeps three doubly-linked lists of slabs: full slabs: all objects of a slab are used (i.e. allocated) free slabs: all objects of a slab are free (i.

Aug 16, 2018 - 7 minute read - Research

Nightmares( Meltdown/Spectre/L1TF) never goes away

by Shawn C[ a.k.a “citypw”] Meltdown/Spectre Google project zero’s write-up explains how the vulnerablities( meltdown, spectre v1/v2) work. More info about v3a and v4, check Google project zero’s bug tracker and INTEL-SA-00115. Vulnerablity Affect Kernel mitigation Compiler support v3 Meltdown( rogue data cache load (CVE-2017-5754)) < IceLake( 2018/2019) KPTI/ PAX_UDEREF N/A Spectre v1( bounds check bypass (CVE-2017-5753)) < IceLake( 2018/2019) Code hardening N/A Spectre v1.

Jul 4, 2018 - 9 minute read - Story

Hunting Shadows in the Era of Covert Warfare: The Counterstrike Against Demons from the "Ring -3" World for Firmware Freedom

For we wrestle not against flesh and blood, but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places. — Ephesians 6:12 Original art design - The Fellowship of Libre firmware: Hunting the Shadow 最初の章:預言者の到来 Since the birth of the technology deity, the free software/firmware/hardware community has faced numerous adversaries, and Intel ME (Management Engine) stands as one of the most clandestine enemies.