DocScrutinizer05 changed the topic of #qi-hardware to: Copyleft hardware - http://qi-hardware.com | hardware hackers join here to discuss Ben NanoNote, atben / atusb 802.15.4 wireless, and other community driven hw projects | public logging at http://en.qi-hardware.com/irclogs and http://irclog.whitequark.org/qi-hardware
pcercuei has quit [Ping timeout: 240 seconds]
<wpwrak> ah, gimp doesn't know how to open stl. how lame :)
dos1 has quit [Ping timeout: 272 seconds]
unclouded has quit [Read error: No route to host]
unclouded has joined #qi-hardware
FDCX has quit [Remote host closed the connection]
viric has quit [Ping timeout: 240 seconds]
jekhor has joined #qi-hardware
lekernel has joined #qi-hardware
wolfspraul has joined #qi-hardware
kilae has joined #qi-hardware
wolfspraul has quit [Read error: Operation timed out]
wolfspraul has joined #qi-hardware
rz2k has joined #qi-hardware
dos1 has joined #qi-hardware
jekhor has quit [Ping timeout: 240 seconds]
<wpwrak> DocScrutinizer05: btw, if you have a bunch of zeners/varistors/etc. for ESD and they're getting in the way, would you consider placing them on the other side of the PCB (with vias, very short traces) ... 1) no problem, 2) idiocy, 3) acceptable ?
<DocScrutinizer05> hmm, please elaborate! sounds interesting
<DocScrutinizer05> aaah sorry
* DocScrutinizer05 needs more coffe evidently
<wpwrak> it's for USB. i have too much stuff crawling between connector and MCU and not a lot of room to increase that space. so i
<DocScrutinizer05> yeah, already got it sorted
<DocScrutinizer05> good question
<DocScrutinizer05> from my guts feeling those guts say "no way"
<wpwrak> 'm thinking of moving some stuff to the other side of the PCB. the ESD critters would be first. [...]
<DocScrutinizer05> ESD as close to the "port" as possible
<wpwrak> hmm. i was afraid you'd say that :(
<DocScrutinizer05> so you can move ESD *and* port to the other side
<wpwrak> naw, port is too tall
<DocScrutinizer05> well, probably if you do in-pad vias or almost at least, and place the ESD-prot <1mm away from where the via appears on the other side, and keep the via area clear of all other traces on all layers (5mm radius), then... you may get away with it, I'd say
<wpwrak> i don't have 5 mm clearance anywhere
<DocScrutinizer05> you know, so that ESD component is <1mm away from port, and all sensitive traces >5mm away from "hot trace"
<DocScrutinizer05> generally all trace between port and ESD is "hot"
<wpwrak> right now, they're quite contained.
<DocScrutinizer05> NB my very uneducated guess
<DocScrutinizer05> you always need to keep clearance between hot and any other signal trace >2* the clearance/"sparkgap" between hot and GND/VDD
<wpwrak> well, if it comes to that, i guess one would have to coat the area
<DocScrutinizer05> more than 2 times, if nasty things like vias are involved
<wpwrak> middle image, the USB B connector is on top, right of the battery
<wpwrak> the four components immediately below it are my ESD critters
<wpwrak> not that the D+/D- pair already needs a via anway since there's no other way to get to ground
<DocScrutinizer05> ugh, the gnd of the data tranzorbs is via
<DocScrutinizer05> yeah, what you said
<DocScrutinizer05> this won't fly
<DocScrutinizer05> consider finding a plug with integrated ESd
<wpwrak> i don't think that even exists :)
<wpwrak> actually, it's not USB B but USB AB. also still need some more coffee to start :)
<DocScrutinizer05> I'd also spend more copper on left side grounf path
<DocScrutinizer05> looks like a nice inductivity
<DocScrutinizer05> almost as bad as a via
<wpwrak> yeah, the traces are a bit thin. but that's optimization left for later
<wpwrak> heh ;-)
<DocScrutinizer05> path to chip is nice and wide, path to general ground tiny
<DocScrutinizer05> sure way to kill the chip
dandon_ has joined #qi-hardware
<DocScrutinizer05> how about placing the vias under the port?
<wpwrak> how about vias and coating the traces until after the vias and the "hoy" side of ESD on top, too ?
dandon has quit [Ping timeout: 240 seconds]
dandon_ is now known as dandon
<DocScrutinizer05> now I got it! :-)
<wpwrak> there's no room there and it's keep-out anyway
<wpwrak> s/hoy/hot/
<DocScrutinizer05> you go with vias to other side *only*. there you place ESD on the traces and go back to component side with another set of vias
<DocScrutinizer05> the 'primary' vias need to be *under* the port, I.E. above the pads of the port
<wpwrak> ah no, i was thinking of branching. otherwise it gets even more crowded
<wpwrak> what you're describing is a through-hole micro usb connector. that's yet another thing that doesn't exist ;-)
<DocScrutinizer05> the aread under the port pads needs a GND trace
<DocScrutinizer05> s/under/below
<qi-bot> DocScrutinizer05 meant: "the aread below the port pads needs a GND trace"
<DocScrutinizer05> ok, you place the primary vias where now your 'primary' ESD pads are
<DocScrutinizer05> you get a contiguous GND trace from right side mech post of port across all 'secondary' ESD pads to left mech post of port, as "lighting catcher"
<DocScrutinizer05> you come back with the signals to the upper side by vias wherever you see fit
<DocScrutinizer05> since you don't need the "huge" pads for the tranzorbs you can move that vias a tad closer to the port and you don't need the 'secondary' pads of tranzorbs so you gain some more space to place the secondary vias somewhere there
<wpwrak> hmm, tricky. it does sound nice, though.
<wpwrak> i'm surprised that there don't seem to be chips with TVS arrays suitable for USB
<wpwrak> there are tons which are simple arrays or that have GND, sometimes both rails, in the middle
<wpwrak> all topologies that are rather useless for USB
<wpwrak> it's also surprising how many even use a "barrier" topology. most have the contacts all around the package, so you're guaranteed to have "hot" and "cold" traces next to each other.
<wpwrak> thinking of it, doesn't solder stop pretty much prevent this kind of arcing ?
<wpwrak> solder mask i mean
pcercuei has joined #qi-hardware
<DocScrutinizer05> not really
<DocScrutinizer05> solder stop isn't a great high voltage isolator
<DocScrutinizer05> I'm not even sure if it counts as isolator at all, technically
wolfspraul has quit [Ping timeout: 245 seconds]
wolfspraul has joined #qi-hardware
rz2k has quit [Read error: Connection reset by peer]
<whitequark> DocScrutinizer05: is it a conductor then? :D
<DocScrutinizer05> I guess it's electrically inert
<DocScrutinizer05> isolating for low voltages, mostly by keeping a certain mechanical distance aka "air"gap
<wpwrak> so it's basically "solid air" ?
<DocScrutinizer05> I'm quite sure it's not really a warranted sealing, electrically. IOW it may have microscopic cracks or holes
<DocScrutinizer05> wpwrak: exactly
<DocScrutinizer05> unless product specs say otherwise
rz2k has joined #qi-hardware
rz2k has quit [Ping timeout: 240 seconds]
<wpwrak> the ground on the TVS side is a little flimsy. there would be a little more copper in the real circuit.
<DocScrutinizer05> probably almost perfect
<wpwrak> kewl :) thanks !
<wpwrak> it's indeed only marginally larger (on the USB side) than what i presently have
<DocScrutinizer05> ideally signal travels *through* the ESD component pad, not a T-split between signal path and ESD path
<wpwrak> mmh, there's the problem with narrow spacing of the inner contacts again
<wpwrak> i.e., it would have to "fan out" a lot
<DocScrutinizer05> and i'd spend some more vias for the GND side of the transzorbs
<DocScrutinizer05> at least one via per component
<DocScrutinizer05> ideally more
<wpwrak> RF hardening ;-)
<DocScrutinizer05> similar, yep
<DocScrutinizer05> ESd and RF share many properties
<DocScrutinizer05> basically ESD is an extremely powerful and sharp RF burst
<DocScrutinizer05> "funken" - you see?
<wpwrak> hehe :)
<DocScrutinizer05> ever heard of andy G. again?
<wpwrak> naw, he just disappeared
<wpwrak> so this would be the "ideal" design then ... http://downloads.qi-hardware.com/people/werner/tmp/esd-moat-and-bridge2.png
<wpwrak> in the end, it may actually be a little shorter than the first one, since i also have to add D+/D- series resistors, which can fit between the vias in this case
<wpwrak> the freescale documentation is a little annoying in that regard. all the principal documentation doesn't mention them. you only find them in a "peripheral quick reference", which is really the design guide
rz2k has joined #qi-hardware
<wpwrak> DocScrutinizer05: if you want to please the tin foil hat crowd, you may want to add a low-pass filter on all the audio channels: https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_398.html#c2146651
<wpwrak> (that's about the "badBIOS", a supposed malware that communicates beween affected system via high audio frequencies, thus bypassing any network protection)
xiangfu has quit [Remote host closed the connection]
<DocScrutinizer05> pretty
<DocScrutinizer05> lol, forget badBIOS, a terribly poor hoax
<wpwrak> is it "officially" a hoax ? because what i heard about it sounds entirely plausible
<DocScrutinizer05> once systems are infected, they don't need to talk to *each other* anymore. And before a system gets infected, no sound in this universe will infect it
<DocScrutinizer05> and you definitely will notice any nonsense like ultrasonic communication between devices
<wpwrak> the scenario seems to be a bit different. don't think "infected regular pc" but "infected 'isolated' system". especially with an "air gap"
<wpwrak> this guy claims to have tried such an audio channel and it was unnoticeable: https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_398.html#c2143513
<DocScrutinizer05> (layout) just still too few vias on GND side of tranzorbs - unless the whole reverse side is GNDplane and has more vias elsewhere
<wpwrak> even at 1 kbps, which seems crazily fast
<DocScrutinizer05> I just don't buy that
<wpwrak> (vias) i simplified :) it's not part of the real circuit, just a drawing
<wpwrak> for the "air gap", the scenario would be like this: you have some separate vector to infect the systems, e.g., via a USB stick or such.
<wpwrak> once you have two infected systems in the same room, one the isolated system and the other the network-connected system, they can establish communication. the network-connected system then acts as a relay.
<ysionneau> DocScrutinizer05: FTR the guy never said infection spreads over the air via HF
<ysionneau> he just said that *once* infected, there is network communication going over the air
<wpwrak> there are obviously a lot of assumptions in such an attack. but then, just look at what went into stuxnet ...
<ysionneau> if you assume a company paying a 10 medium experience guys team for 1 year, a lot can be done :)
<wpwrak> i.e., the attacker may have detailed knowledge of how you operate. they may even know the room where the target systems are.
<DocScrutinizer05> what's the mic in both such airgap machines? I hope nobody would consider using laptops for that?
<wpwrak> laptops, smartphones, ...
<DocScrutinizer05> o.O
<DocScrutinizer05> uh?
<wpwrak> laptops make it easier because they have a well-defined configuration
<DocScrutinizer05> c'mon, an airgap setup is a high security scenario. No troll would ever think of using a laptop in the highsec isolated LAN
<wpwrak> i.e., if you can identify the laptop type you also know the microphone/speaker/etc. characteristics
<wpwrak> hah. if you knew ... ;-)
<dos1> remember "internet ceszus"?
<dos1> census*
<DocScrutinizer05> no, it felt too silly
<wpwrak> "I just saw an IT boss charging his smartphone from the USB of an air-gapped computer."
<dos1> there was nice quote
<DocScrutinizer05> ooh the census
<wpwrak> dos1: you mean the morris worm ? ;-)
<dos1> "As a rule of thumb, if you believe that "nobody would connect that to the Internet, really nobody", there are at least 1000 people who did."
<dos1> apply the same to laptops on separated networks :)
<dos1> wpwrak: nope, that recent one
<DocScrutinizer05> well, theoretically feasible, but highly unlikely to fly, and not exactly a "mass market" attack. Tailored to fit one well defined scenario it might work
<DocScrutinizer05> and what? this stuff is supposed to infect all sorts of PC via a hacked USB memstick that magically injects stuff to the bios?
<DocScrutinizer05> hardly? or maybe I got that detail wrong
<DocScrutinizer05> sorry have to run or my GF will kill me
joelmo has joined #qi-hardware
joelmo has left #qi-hardware [#qi-hardware]
jekhor has joined #qi-hardware
kilae has quit [Quit: ChatZilla 0.9.90.1 [Firefox 24.0/20130910160258]]
jekhor has quit [Ping timeout: 246 seconds]
lekernel has quit [Ping timeout: 248 seconds]
<mth> I think it's strange that he claims it infects the BIOS but didn't make a BIOS dump yet to confirm that
<mth> same with the audio communication, he could put a scope on the speaker pins or get equipment that records ultrasound
<mth> if I thought something infected my machines I'd have done that already and I'm not even a security researcher
<ysionneau> security guy who does mostly software would not have a scope I guess
<ysionneau> and scope than can record HF can be expensive
<ysionneau> that*
<ysionneau> hum, in fact no it's not expensive
<ysionneau> but still you need the scope :)
<mth> I don't own a scope either, but if something that extraordinary was happening I would buy one or get a friend over
<ysionneau> indeed
<ysionneau> that's weird
<ysionneau> I asked him on twitter about if he had recorded those HF somehow
<ysionneau> or just visualized them with a scope
<ysionneau> I got no asnwer
<ysionneau> answer*
lekernel has joined #qi-hardware
<mth> also it blocking firmware flashing guides; as long as you still have an uninfected machine that's not a problem
<mth> you only have to sacrifice one USB stick to transfer the files
<mth> plus if this thing is real, lots of people will want to have a look at an infected stick, so it's not even a loss
<cde> fear, uncertainty and doubt
<cde> I guess many more people will go to his conference now ;)
cde has quit [Quit: Lost terminal]
<wpwrak> well, there are numerous possible explanations also in case it's not true
<wpwrak> one would be that he could simply be mistaken. some of the security guys are surprisingly uninformed when it comes to low-level tech. don't know if he may be in that category. the somewhat odd discovery story would point in that direction.
<wpwrak> and yes, it could just be a hoax. or a marketing trick to get people to go to his conference. in the latter case, maybe he plans to reveal something else, something he couldn't talk about before the conference. (e.g., because he'd get a gag order in that case - such things have happened before)
<wpwrak> of course, why would he need people to be physically present in that case ?
<larsc> or just paranoia setting in
<wpwrak> then, it could be that he doesn't have any proof but wants as many people as possible to look for it. e.g., because he imagines such an attack would be possible. or maybe he has some partial evidence. or maybe somebody told him such a thing exists.
<wpwrak> maybe he's also an NSA agent and is just trying to confuse the security community :)
<wpwrak> i'd attach a fair amount of credibility to what Clive Robinson writes. he made a number of rather candid posts on schneier's blog. and he basically seems to confirm it's possible and that similar things have already been done.
<wpwrak> of course, even if it exists, this doesn't mean that the badbios guy found the real thing.
<wpwrak> i guess we'll have to wait until his conference :)
<wpwrak> of course, he may commit suicide before that. depends a bit on either who he's up against, or how far he wants to take the hoax :)
<larsc> you mena andy kaufmann style?
<wpwrak> interesting story :)
<wpwrak> kinda downsized elvis
Luke-Jr has quit [Quit: Konversation terminated!]
Luke-Jr has joined #qi-hardware
rz2k has quit []
viric has joined #qi-hardware
wej has quit [Ping timeout: 264 seconds]
wej has joined #qi-hardware
mth has quit [Read error: Operation timed out]
mth has joined #qi-hardware
wolfspraul has quit [Quit: leaving]
lekernel has quit [Quit: Leaving]
larsc has quit [Ping timeout: 240 seconds]
larsc has joined #qi-hardware
viric has quit [Ping timeout: 240 seconds]
viric has joined #qi-hardware