undefined | Better HN

0 pointsqingcharles24d ago0 comments

That's awesome. I had two of these devices I'm trying to break into. One has the ROM chip exposed, but I think it is cooked. The device doesn't boot because I think the previous owner used the wrong PSU, but I was hoping I could at least extract the code. The newer updated version of the device has an SoC with embedded ROM and almost all the access points on the PCB removed. I'm loathe, like you, to tamper too badly with a working thing that I myself might release the magic smoke from.

It's also scary where this is going. LLMs are getting fantastic at breaking into things. I sometimes have to dance around the topic with them because they start to get suspicious I'm trying to hack something that doesn't belong to me, which is not the case.

I had some ebooks I bought last year which I managed to pull down the encrypted PDFs for from the web site where you could read them. Claude looked at the PDF and all the data I could find (user ID etc) and it came up with "147 different ideas for a decryption algorithm" which it went through in turn until it found a combination of using parts of the userID value and parts of other data concatenated together which produced the key. Something I would never have figured out. Then recently the company changed the algo for their newer books so Claude took another look and determined they were modifying the binary data of the PDFs to make them non-standard, so it patched them back first.

0 comments

ssl-324d ago

Wrong PSU? Sometimes, there's single-use reverse polarity protection on devices. It's a reverse-biased diode near the input which normally doesn't conduct at all, but which conducts very well when the input polarity is reversed and basically shorts the input. This burns a fuse and turns it off forever until someone tends to it. (Sometimes, that fuse is nothing more than a sacrificial PCB trace.)

And yeah, the bots do get spooked about some things. ChatGPT refused to help with my goal with this DSP; it quickly built a wall around the idea that I could move around some but couldn't bypass.

With codex, I took a different approach that began with having it explore an unnamed local (RFC 1918) IP address with nmap -- without any stated intent. It found the vulnerable sshd version on its own pretty quickly, and accepted that the only way to test it with this black box device is to actually test it.

I suppose I could have discovered that myself with nmap, netcat, and Google, but this was a lot easier. The ease scares me a bit, but this time it's helping me so I guess that's fine...right? (Right?)

Previous to codex, years ago now, I've used ChatGPT to assist with opening an encrypted zip file that contained the as-built documentation for the new, ~million dollar pile of hardware we had in the next room. I have no idea what corpo nonsense required that documentation to be encrypted, or why the manufacturer insisted on only giving me the key in the form of a stupid riddle.

My tolerance for games like that is very limited. Rather than call them up and tell them exactly what I thought about that game, the bot got it sorted with some cut-and-paste operations and automated grinding without much effort on my part. It didn't take long at all and I didn't end up calling anyone an asshole, so that worked well for me. :)

j / k navigate · click thread line to collapse

0 comments

ssl-324d ago

And yeah, the bots do get spooked about some things. ChatGPT refused to help with my goal with this DSP; it quickly built a wall around the idea that I could move around some but couldn't bypass.

j / k navigate · click thread line to collapse