hakstuff

We are excited to announce the CFP for the next tmp.0ut Volume 5!

tmpout.sh/blog/vol5-cf...

it is very hard to prioritize when everything is cool (hacking on random devices is so fun!!!) but at the same time, none of it *really* matters (its all extracirricular and just for fun/to learn, nothing work related)

me if I don't lock in (the photo is of yoshiro tagashi's famously messy room)

The thing I struggle with most is knowing when to walk away from a security project. Everything new is fun, and everything I'm doing is boring! But also, the things I've forgotten about are fun to revisit. The ADHDer's lament...

🗣️ FUMO SPOTTED 🗣️

DEF CON's first-ever rave: Expect to hear hardcore, happy hardcore, breakcore, speedcore, hardstyle. Bring your phat pants, kandi bracelets, and nine inch nails (on finger) to this once in a lifetime rave.

Cyberdelia Rave at DEFCON was by far the highlight of my Saturday night - amazing event!!!

TIL Red Bull rewards security researchers with trays of Red Bull for reporting vulnerabilities in their website/apps

This is 100% the issue with paying people for interactions on Twitter. It just becomes a testing ground to see what pays the most, regardless of how it impacts users lol. What a trash social media experience it has become, very unfortunate.

I feel like you have to take your eyes off the road for 10x longer to do that little quick-time event where you hover your finger in the air trying to snipe some tiny button on the screen.

By comparison, BMW's iDrive knob and Mercedes' "COMMAND" were such a nice compromise. More tactile controls!

LETS GOOOO. This stopped me from looking into the current Volkswagen Golf R - I feel like any enthusiast platform using a heavily touch-based systems for a majority of the car's controls is just a recipe for disaster.

A screenshot of the opening paragraphs of my blog post. Text: Recently, I’ve been obsessed with hacking on embedded QNX systems - inspired by my own car’s head unit! As part of this, I’ve been looking to dump the device’s firmware for future static analysis. On other car head units, I’ve achieved this by simply plugging in a USB drive - mount it, dd over a disk images, and huzzah! You’re done! But this time, this system doesn’t have any USB ports… But it does have an ethernet interface!

I wrote up a little blog post on the whole matter - the tl;dr is that you can pipe bytes over SSH, netcat, telnet, etc. using cat, dd, or anything else to dump the raw block device! Not a very hard technique, but a useful one to keep in your back pocket

www.hakstuff.net/blog/embedde...

BMW HU NBT Bench Setup

While hacking on my car's head unit, I ran into the weird issue of needing to extract the device's firmware over SSH.

But there's a golden rule: If you can run a command and see any form of output, that means you can dump the firmware! The rest is just making it less of a pain..

I straddle Twitter and Bluesky and each information environment is frankly incomplete. But, miraculously, both is worse.

It's crazy to me that there are zero bsky search results for can-utils, and only one for candump 👀🚙 I guess automotive people haven't made the jump yet...

A photo showing the full lab bench setup - a laptop connected to a bus pirate 6, which provides a UART interface to the head unit's TI Jacinto processor.

My next plan is to dump the full firmware of this unit so I have a copy for static analysis. Unfortunately its huge, and the device doesn't have any USB ports right now!

I could modify the packet filter configuration to unblock SSH and transfer it via SCP, but I don't want to modify the system yet

A Bus Pirate 6 hooked up to an automotive head unit's UART debugging interface

A close-up of the Bus Pirate's UART pins connected to my edge connector adapter board

Got root on my head unit using the edge connector adapter board I made! The Bus Pirate 6 is pretty slick, even if I'm just using it as a basic UART interface/bridge here haha

A small rectangular green PCB featuring a 40-pin header.

The backside of the small rectangular green PCB, showing a 40-pin 1mm-pitch edge connector socket that is wired to the 40-pin header on the other side of the board.

Just received prototype assembly photos from PCBWay for the debug edge connector breakout board I made! Really excited to receive them soon 😄

This is making me understand why V8 muscle car people complain about EVs not having any exhaust noise -- sure, I could have 10x the computing power in a device 1/10th the size, and yes it's better in every way, but something about computing on that fucking huge cube is just so much cooler...

A woman in professional attire working at a desktop computer, sitting next to a massive floor-standing NEC Express 5800 server.

I NEED to be computing on a big ass cube

NEC Experess 5800/Endurance

like, bro: the NEC Express 5800/Endurance is basically just four rack-mounted tower servers!! You can even see that they're each sat in little pull-out drawers. What a cool design

NEC Express5800 Server Family

A newer NEC Express5800/180Ha server, released in August 1999

An NEC Express 5800 / Endurance server, which essentially featured four rack-mounted tower servers!

If anyone ever wants a free pentest or research project done, just donate me one of these huge 90's NEC servers. They are so ridiculously rare, I've never even seen one for sale...

oh, and one less fun side to all of this: apparently the high speed edge connector socket i chose is subject to export restrictions, so it can't be mailed to China. not sure exactly why (it's just a socket!) so now i'm investigating and looking into alternative parts I could use

Currently working on getting the first batch of them made so that I can give 'em a whirl! It was my first time ever using KiCad, so I'm hoping for the best, haha. If they work great, I'll likely throw the KiCad files on my GitHub, and maybe sell a few boards? 😮 We'll see!

A photo of the corner of an automotive head unit with all of the casing taken off. The device is comprised of two connected PCBs, each featuring a small PCIe-style edge connector at the corner of the board, allowing for the attachment of a debugger.

I'm currently playing with a head unit that uses a generic 1mm-pitch edge connector as a debug breakout, and I'd love to connect to it! I didn't want to solder directly to it, so I've been digging for a 1mm-pitch PCIe-style breakout board. Couldn't find one, so I made one!

A green PCB with a 40-pin connector on it. Text on the PCB says "40-Pin Edge Connector Breakout" and "HAK STUFF", and features a large anime-style illustration.

The backside of the green PCB. It features the text "Made by HAKSTUFF", "1mm Pitch Edge Connector", and "v1.0". It has exposed pads where an SMD-mount edge connector would go, but the edge connector isn't shown - I couldn't get the 3D model imported in KiCad, lol.

I couldn't find what I needed online, so I made it! 40-pin 1mm-pitch edge connector (PCIe x4 size, ish) broken out to a standard 40-pin 2.54mm-pitch header, that way you can easily attach UART/JTAG adapters, debuggers, etc.

Bus Pirate 6 + Programming Cable, and two Bus Pirate stickers!

Bus Pirate finally arrived! I'm excited to play with it, I've been itching to throw it at my current project

hardware-level talk tuah

Bro you just coded cringe! You are going to lose control of instruction pointer!

I've never had a paper published before, but I've always admired published researchers. It would be cool to look into, but- at what point is professional research paper-worthy..? I feel like it's such a gray area when it comes to cybersecurity...

syscall(); if ((false) || (true)) { syscall(); }

ghidra is so good at syscalls