We are "patient" zero, so we hardened ourselves!

Jan 17, 2024 - 6 minute read - Research

How to access websites hostile toward Tor through Tor

By Anonymous How to access websites hostile toward Tor through Tor Tor is an effective tool that allows us to access network services anonymously. Unfortunately, certain network services, often websites, have hostility towards Tor and employ various methods to block TCP connections originating from Tor exit nodes. However, they usually accept TCP connections that do not originate from Tor exits. Therefore, to access these Tor-hostile websites, one approach is to route the traffic through a proxy server after exiting the Tor network.

Sep 7, 2023 - 5 minute read - Research

Boot Unguarded: x86 Trust Anchor Downfalls to The Leaked OEM Internal Tools and Signing Keys

By HardcoreMatrix The HardcoreMatrix team specializes in firmware and infrastructure security, supply chain security, and threat modeling. We vividly illustrate the severe consequences that underlying threats pose to enterprise and personal information security. One “Leak” can rule them all! In March 2023, Micro-Star International (MSI) suffered a significant attack orchestrated by the Money Message ransomware group. Unfortunately, this is not just another random leak. The aftermath revealed a leak of internal data, including highly sensitive information such as the BootGuard private key.

Feb 10, 2021 - 17 minute read - Research

Cheap PCB story

Assuming that you’re a hardware hacker with full passionate about to making the new product and you dont want to build your own factory by tweaking around the soldering workbench or PnP psychopunk machine. It’s likely you’re end up somewhere( Asia: Shenzhen/Hongkong/Vietnam/etc, EU: Estonia/Germany/Sweden/etc, Americas: New Jersey/Mexico City/etc) to fit your need due to the trend of regional supply chain. You may encounter some problems no matter how the supply chain was formed.

May 14, 2020 - 11 minute read - Research

OpenTitan RTL synthesis with Yosys using sv2v and RTL-to-GDS generated by OpenROAD

OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. Yosys is a free/libre and open source framework for RTL synthesis tools. It currently has extensive Verilog-2005 support and provides a basic set of synthesis algorithms for various application domains. OpenTitan is a systemverilog project, but currently yosys only supports a small subset of systemverilog. So we need sv2v to convert the source code to verilog.

Feb 20, 2019 - 3 minute read - Research

Demo for exploiting use-after-free in dedicated cache

Exploit use-after-free bugs in dedicated cache This is just a demonstration. HOWTO free the target object spray and eat all available memory, take high memory usage, hope to have the freed object poisoned trigger the use-after-free NOTICE For each cache, the Slab allocator keeps three doubly-linked lists of slabs: full slabs: all objects of a slab are used (i.e. allocated) free slabs: all objects of a slab are free (i.e. the slab is empty) partial slabs: some objects of the slab are used and other are free We may need to make the target object in free slabs

Aug 16, 2018 - 7 minute read - Research

Nightmares( Meltdown/Spectre/L1TF) never goes away

by Shawn C[ a.k.a “citypw”] Meltdown/Spectre Google project zero’s write-up explains how the vulnerablities( meltdown, spectre v1/v2) work. More info about v3a and v4, check Google project zero’s bug tracker and INTEL-SA-00115. Vulnerablity Affect Kernel mitigation Compiler support v3 Meltdown( rogue data cache load (CVE-2017-5754)) < IceLake( 2018/2019) KPTI/ PAX_UDEREF N/A Spectre v1( bounds check bypass (CVE-2017-5753)) < IceLake( 2018/2019) Code hardening N/A Spectre v1.1 ( Bounds check bypass on stores( CVE-2018-3693)) < IceLake( 2018/2019) ?