cr1901_modern has joined ##openfpga
<
cr1901_modern>
Okay, that's the
_second_ room I accidentally exited out of today as my left-CTRL died
<
prpplague>
cr1901_modern: pretty sure we kicked you out of the room, but ok, believe you accidentally did it...
* prpplague
trolls cr1901_modern
<
cr1901_modern>
I can't remember what happens in my client if I'm kicked
<
cr1901_modern>
and well no one in here has ops to test :P
<
jn__>
join ##getkicked to find out :P
pie_ has quit [Remote host closed the connection]
<
openfpga-bot>
jtaghal/master 0310d43 Andrew Zonenberg: Initial ARM Flash/Patch/Breakpoint unit support
<
openfpga-bot>
jtaghal-apps/master b5674bd Andrew Zonenberg: Added Cortex-M FPB support to CLI
<
openfpga-bot>
jtaghal-cmake/master 62ad9aa Andrew Zonenberg: Updated to latest submodules
pie_ has joined ##openfpga
<
azonenberg_work>
jtaghal now has FPB support
<
azonenberg_work>
tested on a nonsecured stm32f411e discovery, the patch in question adds a ~2 second halt in the middle of the LED chaser demo
<
rqou>
does the proposed exploit work?
unixb0y has quit [Ping timeout: 240 seconds]
<
azonenberg_work>
confirmed persistent across soft resets with security disabled
<
azonenberg_work>
Not tested in secure mode yet
<
azonenberg_work>
That will probably have to wait till tomorrow given that it's 1830 and i'm still at work :p
unixb0y has joined ##openfpga
m_t has quit [Quit: Leaving]
<
azonenberg_work>
rqou: hmmm
<
azonenberg_work>
so with the 411 in secure mode
<
azonenberg_work>
it looks like even reading the idcode register from a MEM-AP triggers lockdown
<
rqou>
so you can't access FPB?
<
azonenberg_work>
oh, i can access it
<
azonenberg_work>
but the chip wont boot anymore
<
azonenberg_work>
until a POR
<
azonenberg_work>
Which clears everything
<
azonenberg_work>
i can access all the SFRs, RAM, etc
<
rqou>
so FPB is behind the MEM-AP?
<
azonenberg_work>
Yes, there's only one MEM-AP
<
azonenberg_work>
in the f411
<
azonenberg_work>
touching the MEM-AP in any way triggers lockdown
<
azonenberg_work>
you might be able to glitch it out of that state
<
azonenberg_work>
but it doesn't trivially work
<
azonenberg_work>
i even added a "quiet" probe mode that did a lot less stuff
<
azonenberg_work>
in hopes of not triggering
<
azonenberg_work>
Reading the mem-ap idcode is enough
<
sorear>
i thought the point here was that you poke the fpb in non-secure mode, disconnect everything, then warm reset to put the chip in secure mode
<
azonenberg_work>
yes
<
azonenberg_work>
but in stm32, a warm reset doesn't escape from the lockdown mode
<
azonenberg_work>
as soon as you touch anything jtag related it panics and wont ever execute out of flash until you por
<
sorear>
why would it enter lockdown if you did all the poking in non-secure
<
azonenberg_work>
Hmmm
<
azonenberg_work>
you're thinking toggling boot pins?
<
azonenberg_work>
Let me try that
<
rqou>
yeah i was about to suggest that
<
sorear>
that's what they did on the ps4, change the boot pins while power applied then warm reset
<
azonenberg_work>
No go
<
azonenberg_work>
as soon as it enters bootloader mode it seems to lock down too
<
azonenberg_work>
let me double check
<
sorear>
what event is triggering lockdown here?
<
rqou>
enter bootloader, toggle pins, and then assert reset?
<
azonenberg_work>
rqou: as soon as the bootloader has been entered
<
azonenberg_work>
warm resets don't result in a boot-from-flash
<
azonenberg_work>
it just hangs
<
rqou>
they actually thought about it
<
azonenberg_work>
let me try boot from sram
<
azonenberg_work>
then going to flash
<
azonenberg_work>
yeah it locks down after a sram boot too
GenTooMan has quit [Quit: Leaving]
genii has quit [Remote host closed the connection]
azonenberg_work has quit [Ping timeout: 256 seconds]
ayjay_t has quit [Read error: Connection reset by peer]
ayjay_t has joined ##openfpga
rohitksingh_work has joined ##openfpga
wpwrak has joined ##openfpga
digshadow has quit [Quit: Leaving.]
ironsteel_ has joined ##openfpga
gruetzkopf has quit [Remote host closed the connection]
gruetzkopf has joined ##openfpga
ironsteel__ has quit [Ping timeout: 248 seconds]
Mimoja has quit [Ping timeout: 248 seconds]
Mimoja has joined ##openfpga
msgctl has quit [Ping timeout: 248 seconds]
msgctl has joined ##openfpga
Miyu has joined ##openfpga
Miyu has quit [Ping timeout: 264 seconds]
soylentyellow_ has joined ##openfpga
soylentyellow__ has quit [Ping timeout: 240 seconds]
kmehall has quit [Quit: No Ping reply in 180 seconds.]
kmehall has joined ##openfpga
kmehall has quit [Remote host closed the connection]
kmehall has joined ##openfpga
digshadow has joined ##openfpga
soylentyellow__ has joined ##openfpga
soylentyellow_ has quit [Ping timeout: 268 seconds]
unixb0y has quit [Read error: Connection reset by peer]
azonenberg_work has joined ##openfpga
<
openfpga-bot>
jtaghal/master 05a75b0 Andrew Zonenberg: Added "quiet" arg for less intrusive autodetection probes
<
azonenberg_work>
rqou: that was my attempt to not trigger the stm32 lockdown
<
azonenberg_work>
didnt work, but might be useful for other reasons
<
azonenberg_work>
having an argument to say "do less invasive probes"
<
rqou>
can your framework pull of the fraunhofer attack yet?
<
zkms>
which is the fraunhofer attack?
<
azonenberg_work>
i forget what was required to do it
<
azonenberg_work>
i have the paper open in another window
<
rqou>
there's a timing race window if you spam access to the MEM-AP
<
rqou>
azonenberg_work: btw how's "crammed in a tiny hotel" life? :P :P
scrts has quit [Ping timeout: 256 seconds]
scrts has joined ##openfpga
scrts has quit [Ping timeout: 245 seconds]
scrts has joined ##openfpga
scrts has quit [Ping timeout: 260 seconds]
scrts has joined ##openfpga
scrts has quit [Ping timeout: 256 seconds]
ondrej2 has quit [Quit: Leaving]
scrts has joined ##openfpga
ondrej2 has joined ##openfpga
m_t has joined ##openfpga
rohitksingh_wor1 has joined ##openfpga
rohitksingh_work has quit [Ping timeout: 268 seconds]
Bike_ has joined ##openfpga
rohitksingh_wor1 has quit [Read error: Connection reset by peer]
rohitksingh_work has joined ##openfpga
rohitksingh_work has quit [Read error: Connection reset by peer]
soylentyellow_ has joined ##openfpga
soylentyellow__ has quit [Ping timeout: 260 seconds]
rohitksingh has joined ##openfpga
genii has joined ##openfpga
rohitksingh has quit [Quit: Leaving.]
mumptai has joined ##openfpga
key2 has joined ##openfpga
rohitksingh has joined ##openfpga
X-Scale has quit [Ping timeout: 244 seconds]
[X-Scale] has joined ##openfpga
rohitksingh has quit [Read error: Connection reset by peer]
rohitksingh has joined ##openfpga
indy has quit [Remote host closed the connection]
indy has joined ##openfpga
rohitksingh has quit [Read error: Connection reset by peer]
rohitksingh has joined ##openfpga
rohitksingh has quit [Read error: Connection reset by peer]
pie_ has quit [Ping timeout: 260 seconds]
rohitksingh has joined ##openfpga
pie_ has joined ##openfpga
_whitelogger has joined ##openfpga
pie_ has quit [Ping timeout: 248 seconds]
pie_ has joined ##openfpga
rohitksingh has quit [Quit: Leaving.]
soylentyellow__ has joined ##openfpga
soylentyellow_ has quit [Ping timeout: 260 seconds]
rohitksingh has joined ##openfpga
[X-Scale] has quit [Ping timeout: 256 seconds]
rohitksingh has quit [Client Quit]
pie_ has quit [Ping timeout: 245 seconds]
X-Scale has joined ##openfpga
massi has quit [Remote host closed the connection]
<
azonenberg_work>
rqou: annoying :p we're really only using it to sleep and spending most of our time at the new place
azonenberg_work has quit [Ping timeout: 256 seconds]
azonenberg_work has joined ##openfpga
rohitksingh has joined ##openfpga
m_t has quit [Quit: Leaving]
Miyu has joined ##openfpga
digshadow has quit [Ping timeout: 265 seconds]
digshadow has joined ##openfpga
digshadow has quit [Client Quit]
digshadow has joined ##openfpga
ironsteel_ has quit [Quit: Leaving]
pie_ has joined ##openfpga
<
rqou>
today in "red team is teh fail": somebody named a partition in macos with a single space character
<
rqou>
that was confusing
mumptai has quit [Quit: Verlassend]
<
azonenberg_work>
lol
Bike_ has quit [Ping timeout: 252 seconds]
digshadow has quit [Ping timeout: 240 seconds]
X-Scale has quit [Ping timeout: 240 seconds]
GenTooMan has joined ##openfpga
digshadow has joined ##openfpga
X-Scale has joined ##openfpga
digshadow has quit [Ping timeout: 248 seconds]
Miyu has quit [Ping timeout: 240 seconds]
digshadow has joined ##openfpga
pie_ has quit [Ping timeout: 264 seconds]
pie_ has joined ##openfpga
clifford has quit [Ping timeout: 240 seconds]
clifford has joined ##openfpga