Lutetium-
Transcript for Breaking Security #HackChat
04/07/2017 at 19:06 • 1 commentQuestions: https://docs.google.com/spreadsheets/d/1HWo4lNc9ek27Gpr2SmprT9_8UK3AbMXCZG8qlhHPlf4/edit#gid=0
Hi friends, I'm Samy Kamkar. I've been fascinated by and fortunate to be learning about technology since I was young. Around 16, dropped out of high school as I was spending most of my time playing Counter Strike and writing open source cheats once I learned a little bit of programming and that you could actually manipulate memory, sniff packets, draw over applications, etc. Learned you could actually make a career out of programming and started contracting remotely (so that people wouldn't know I was young), and kept exploring different OS's, languages, software and protocols, Fell in love with hacking and reverse engineering, until it bit me when I was 19 -- released a worm onto myspace that ultimately caused anyone who viewed my profile to add me as a friend and append "samy is my hero" to their profile, along with replicating the code to their profile...within a day, one million friends were added, myspace had to shutdown, and I got a visit from the US Secret Service. After 6 months, ultimately had a deal with the government that I couldn't touch a computer, the internet, or myspace for 3 years -- actually a really interesting experience for me and glad I had it! but not go to jail :) Thus I started building attack tools and reverse engineering my own devices that I owned, and continued to release open source projects. Got super interested in privacy and the secrets that our computers, phones, etc held from us. At some point started running across hackaday projects...was so amazed by what people were creating! Tried to learn hardware by reading an electronics book and failed miserably. Just could not deal with scores of pages about resistors and capacitors, I just had no idea how to apply it...until one day someone handed me an Arduino. From there, dove in and learned you could just write software on it, which made it so accessible and easy for me (as I wrote software), and then making the jump to desiging my own hardware, firmware, etc was much easier (and I even kind of know what capacitors and resistors are good for now :) And here we are today...that's the short version! If you're interested in seeing some of my projects (both hardware and software), I have some of my more favorite projects up at my homepage, https://samy.pl So happy to dig into questions and also ask/ammend anything in the chat if you'd like!
Jørgen Kragh Jakobsen Any day job?
samy kamkar I've started a security related startup with some friends recently. I cofounded a VoIP company when I was 17 (fonality.com) and grew that for about 6 years, then didn't really have any real dayjob since then, instead I mostly worked on my own projects, released them as open source, and have been really fortunate to have people reach out to me afterwards about my projects to either license some of my work/resesarch or do short consulting projects, while still allowing me to spend a lot of time learning new things
I am cautious about opening your homepage at work, will it add my linkedin automatically
billybob ;)
samy kamkar I found the more I did on my own on things I was really excited about, and shared for free, somehow the more well paying projects would come my way and became a bit cyclical
@billybob it's safe, I promise :)
samy kamkar So I'll grab some questions from the doc
samy kamkar @madaerodog asks What is your favorite/best tool that you never leave home without in your line of work (other than laptop)?
samy kamkar In my bag I keep a Saleae logic analyzer, arduino nano, teensy, and a handful of other small and portable tools...but I think those might top it. I have a pocket multimeter in there as well which can be useful.
madaerodogKwel, have some of those as well, i'll add the rest to my list of to buy :D
samy kamkar The important things to me are to be able to inspect and create, so a computer, microcontroller, and logic analyzer (with analog) is pretty powerful for me
samy kamkar @billybob asks Do you prefer to have a series of tools, or do you buy cheap, burnable devices?
samy kamkar I like what's best for the job...I was super fortunate when I was younger and living with my mom as she was still going to university, and there were people at the university library that would let me use the computers and Internet (early 90s), and just started having that available and learning HTML got me really started, so using whatever is availalbe is most important
For the projects I release, I try to use inexpensive tools because when I was younger, I didn't have access to much besides a computer, and it's important to me to demonstrate you can do a lot with a littleI'm lucky now that I can afford to buy nice equipment, and I do to improve my analysis and development, but once I've completed a project I usually bring things down to more accessible hardware/software so that more people can join in, do the same things, and hopefully build better things than I have
I don't know of many series of tools though...@billybob, do you have an example in particular?
samy kamkar @Alex Peron asks How do you pick the projects you work on. Serendipity or do you have a process?
samy kamkar The answer is yes.
madaerodog :)
I meant do yu use little $20 android phones, and toss them after doing something potentially grey, or did you have a much more expensive static platform you use for dev.
It sounds like it's a little of both.
Ahh @billybob yeah, a bit of both. I have some "throwaway" hardware and also my home lab
billybob ;)
Michael Welling @samy kamkar I saw you are following the pocketbone repository on github. You want a board?
samy kamkar For @Alex Peron's question, I have a laundry list of projects I want to work on. Sometimes I work on them, sometimes I lose motivation, I hit walls constantly and often feel stuck and lose motivation. Then in the middle of the night I'll have an idea on something, work on it for a few days straight, and that will be my next project. Other times, I'll work on something on and off for months and finally after completing all of the major hurdles, have a project done
samy kamkar To be clear, I'll be working on one thing, and have an idea for some other thing entirely and try to bust that out when I have that "flow"...such a beautiful thing. Wish I could just get into that state more often. I'm always trying to figure out what causes it...
samy kamkar @Michael Welling Cool, would be cool to check out!
Another question, not sure who from, Do you have a day job or do you make money off of Youtube?
Good on you for not taking drugs. Lots of people turning to Adderall and Modafinil to force "flow"
@zacchaeus liang I have a secret...you don't have to know a *thing* about hardware to work on hardware projects. Arduino, Teensy, Raspberry Pi, you can work on all of those with JUST software. There are embedded platforms you can exclusively code on with Python and Java
@zacchaeus liang I personally can't stand "learning" unless I feel I can IMMEDIATELY use it and make something that puts a smile on my face or someone else's
Otherwise that info is in one ear and out the other
I agree - stay cross platform - Learn the full stack - not all in one go - but bit by bit
zacchaeus liang are we going to go to a place that we just take hardware off the shelf and not requrire design ? is it only for the niche applications
samy kamkar @zacchaeus liang There are a ton of things like that today. Give me an example of something you want to make?zacchaeus liang a freaking car
Michael Welling baby steps
i just feel so detached from the physical work with my degree yeah i know
same situation with me. i am from hardware background but i just don't know how to actually program uCs in embedded C. All i do is use libraries, edit, cut and paste. i also want to learn the gory details of how uCs work. how data flows...u know linkers and loaders and stuff so that i understand where exactly i can hack around, but i don't know how to learn. Can you recommend me some good resources that you have come across that explains internal details of the world of embedded programming, uCs etc.
@zacchaeus liang Great, now go build a car. It's hard, so use existing projects. It will take a long time, so start smaller. Here is a car you can build today: https://blog.miguelgrinberg.com/post/building-an-arduino-robot-part-i-hardware-component
not the whole thing but the hardware such as can
zacchaeus liang interfacing
@samy kamkar i ahve a similar situation. i am from hardware background and i am quite good at it but i just don't know how to actually program uCs in embedded C. All i do is use libraries, edit, cut and paste. i also want to learn the gory details of how uCs work. how data flows...u know linkers and loaders and stuff so that i understand where exactly i can hack around, but i don't know how to learn. Can you recommend me some good resources that you have come across that explains internal details of the world of embedded programming, uCs etc
That is a small, arduino based car with obstacle avoidance (sound familiar?) -- a car, just scaled down. It lets you touch the hardware, the code, and the mechanical portions. Then you can start updating the code to do what you want...then you can update it to use CAN if you want using a Teensy between components
@zacchaeus liang I suggest you start with that project or one similar and keep me updated on how it's going, then once you do it, make it better
@zacchaeus liang This might be of interest to you. (I have the parts sitting around ready for assembly and I'm looking forward to getting it up and running). https://github.com/Gutenshit/CANBadger
@Shantam Raj I learned from copying and pasting too! Then I started modifying stuff...then I started reading the docs about the stuff I was modifying. What uC(s) are you using in particular?
Daren Schwenke He probably means odb-ii, aka canbus: https://hackaday.com/tag/can-bus/
@samy kamkar i started with Arduino. but now i work with ARM based SoCs like CC2650, MSP432, Teensy 3.2.
Tavish Naruka hi @samy kamkar !! probably a loaded question, so feel free to pass, but how do you keep being motivated?
samy kamkar @Shantam Raj Okay, choose one that you want to learn the ins and outs of. Which one?
Hi Samy, I don't really worry about the legal side of things at the moment - should I?
I often implement 'closed' standards like HDMI or DisplayPort based on documents from the web and then publish my projects with a second thought.
With my current project, when does receiving and decoding GPS signals turn from "discovering and publishing how things work" to "ITAR violations" - I've had two different people send me links to the ITAR rules so far.
IKYANAL, but do you have such worries?
samy kamkar @Shantam Raj Whenever I want to learn something now, I first read any docs around it. Just doing that will actually make you more competent than most people who work with it every day. I always find crazy little nuggets of information in the docs that otherwise aren't shared or spoken about, and usually they're mentioned subtly
@Mike "Hamster" Field : http://www.space.commerce.gov/itar-controls-on-gps-gnss-receivers-updated/ As an example.
Shantam Raj @samy kamkar Yes and No. I do through the datasheet and TI has extensive documentation but it gets too difficult and i end up using their example codes and editing them. I would like to be able to "create something new from scratch", like the engineers at TI did when they developed a software environment around their uC.
The Ti people 'just ' waped the info from data sheet into library code
@Shantam Raj *generally speaking* if you want to start creating at X level, you want to learn about the level just below tthat, to know what you are integrating with...
Your mite be abable do somethign that serves you needs bedther the Ti general library
samy kamkar @Shantam Raj Regarding the code build process, I would first do a basic tutorial on C -- if you can write a little C code, then I would actually forget about learning it all and first produce a mental link between the hardware and the code -- so I would specifically learn to use gcc so you can compile something into assembly (gcc -S -o test.asm test.c), then read test.asm to see the assembly. Now, go into the architecture datasheet to understand what the assembly is doing, as it's just performing much simpler hardware operations. I think that will help make the link concrete
So... I'm familiar with the ITAR rules around GPS, because I had to learn a bit about them for a long ago job.
@Mike "Hamster" Field Tough question! I would reach out to the EFF before releasing anything that you think might cause problems for you. https://www.eff.org/
And there's another wrinkle -- most GPS receivers behave strangely under high acceleration/vibration. The issue is the front end SAW filters losing their mind. You can buy high-dynamic GPS receivers that fix this problem, but those are ITAR restricted.
what do you guys find the best way to commute with other builders / engineers? best events to go to? makerfaire?
Shantam Raj @samy kamkar that is exactly what i was looking for ...... a link b/w software and hardware and how to understand them......are there any more resorces around that "area" that you think would help in building up my basic fundamentals that would then complement everything i do.
@samy kamkar if you could have had a tutorial/explanation of any aspect of hardware/firmware tech before diving head first into all of this...any idea what it would be like?
@Tavish Naruka Good question. I'm usually not :) I spend a lot of time trying to figure out where my bursts of motivation come from (I journal all food I eat, any drugs I use like caffeine/alcohol/etc, when I work out, whether I got sun or not). I'd say another important thing I've learned is that a lot of the things I feel proud of didn't come from motivation but from discipline.
I only just now added this to the doc but "There are a number of manufacturers that keep their datasheets behind paywalls or NDAs which is frustrating. Has anyone created a "sci-hub for datasheets"?"
I don't buy parts from manufacturers that don't publish their datasheets. :)
Matt Lipschutz I've seen plenty behind login requirements, and plenty required NDAs, but paywalls?
Well, as in you have to buy stuff to access
In very large quantities
samy kamkar @Tavish Naruka I've also started using a free, open source app called Habitica that turns your life into an RPG, essentially gamifying your todos, your daily things, goals, etc. It's super fun and seems to be the only reason I floss every night! I would also say I have external triggers...I am motivated by the people around me, or want to do things that they would enjoy, so immersing yourself with other people is when I also find some motivation, and even more so if I can work with others on a project as I now feel I wouldn't want to let them down
I think some of tyhe Nordic datasheets might've been paywalled once upon a time, but they discontinued that a while back.
@samy kamkar that is exactly what i was looking for ...... a link b/w software and hardware and how to understand them......are there any more resorces around that "area" that you think would help in building up my basic fundamentals that would then complement everything i do?
@samy kamkar that is exactly what i was looking for ...... a link b/w software and hardware and how to understand them......are there any more resorces around that "area" that you think would help in building up my basic fundamentals that would then complement everything i do ?
mjbraun Qualcomm are heavy on NDAs and now that they own NXP there's worry they'll restrict all the NXP stuff as well
samy kamkar @Anthony Makerfaire in SF was awesome, only have gone once. Defcon is fun for me. I try to go to local meetups (Hackaday events!) and a local makerspace, Crashspace, alng with engineering/tech/nerd meetups from meetup.com
thanks :) that was helpful
Matt Lipschutz @samy kamkar Habitica looks cool, thanks!
Matt Lipschutz (I'm def. in need of motivation)
@Matt Lipschutz Have you done hardware before? Software? Other engineering areas?
@samy kamkar Thanks! I'll try this!
I totally forgot about Habitica! Thanks for the reminder1
@Shantam Raj I don't know of any particular links. I would google as that's how I've learned a lot over the years
I've got a degree in EE, grew up at a manufacturing/systems automation shop near Boston, love evrything from ASIC design to hacking big trucks
Matt Lipschutz @Shantam Raj you actually might want to check out some of the MITx courses on digital logic
if you want to understand what's going on "under the hood"
Anthony @Matt Lipschutz EE represent :D
@Matt Lipschutz nice! I just wish someone told me that I could use my existing expertise (software) to get started quickly. For years I was afraid of starting in hardware because I thought it required a lot more effort to get going, and reading an EE book did not help with that
I used to hang out at HackManhattan a lot, and i've heard that same sentiment many times.
@Matt Lipschutz thanks for the tip.
Shantam Raj @samy kamkar thanks a lot!!.
Matt Lipschutz If you want to approach from the software side, as Samy mentioned, look at something like Arduino, and work backwards- compile a simple "blink" program in C++/processing, and then go and LOOK at the actual ASM created- then grab a data sheet, and start matching operands and memory locations with GPIO
@samy kamkar Have u worked with FPGAs ?
it's just layers upon layers of abstraction, peel them one by one
Matt Lipschutz You'll see that moving a bit into a location is making a pin *do* something.
@Shantam Raj Just a little with the CoolRunner II CPLD
Salvador Mendoza Hey Samy! are you having any workshops coming up?
Jørgen Kragh Jakobsen Please remember - you will not learn to the level of a 10year expiernced ee in one year it takes 10 years
Best way to get into the Boston / SF hardware scene? I've been finding it a bit challenging to get responses from companies, even as an EE with a few years of experience. Thanks!
Hey @Salvador Mendoza, good to see you!! I'm doing a talk in Chicago at THOTCON and Australia at AUSCert but spread thin on a few different projects. Hopefully will have a new project out in the coming months
hey @samy kamkar , is there time to answer just a couple more?
@samy kamkar Huge fan of your work, been following you for a while. i have a question regarding people's attitudes to your security research. (EE here, with electronics background) when im diving into a particular problem and ask for advice on a particular system or concept and get asked what Im working on, I often get cold shouldered or weird looks when I mention the applications. aside from a few like-minded people that are very open to even theoretical discussion of these systems, it seems that hardware security, or discussing insecurity in systems is taboo
Hey @Sophi Kravitz, yup, around another 10 mins or so
have you encountered this during your projects and any insights into this?
@samy kamkar How do you avoid falling to deep into the documentation's rabit hole? Did it happen to you to lookup one thing, and 4 hours later to discover you reading something almost unrelated?
@Anthony Do you have example projects you can show people? What about releasing stuff open source/hardware? I find that opens so many doors by showing things I've done publicly (even more so if people are using the projects!)
Matt Lipschutzoh c'mon that's my favorite way to waste time:P
Foalyy @Shantam Raj I was wondering the same thing about 2 years ago (how to go deeper than Arduino, coming originally from a software background), so I decided to choose a microcontroller and go over all the datasheet to build a (more or less) complete library for this mcu from scratch. It took me some time but it was a great experience, I learned step by step how the memory is mapped, how peripherals are accessed through registers, how interrupts work, how GCC and ld compile everything to a single HEX file... Now I'm currently writing documentation for it and I will release evernthing open-source, hopefully it can help people like "me two years ago" (and like you apparently :) ). I'll post this project on hackaday.io when it's a bit more complete (hopefully soon).samy kamkar says:1:10 PM
@RoGeorge Happens every time. As long as you're learning someting new (and NOT just rereading something to feel good that you know the material), then I think the learned information will pay off in the long runTeodora Szasz says:1:10 PM
@samy kamkar I want to build a peer-to-peer encrypted videocall system (any suggestions on the (secure) hardware I can use?)
@samy kamkar I've been pushing a lot of content to my personal project site, salvagedcircuitry.com and have been using reddit to attract some attention. I have produced a lot of CAD for free, available through grabcad and my website as well
@Foalyy That is great news !!. Can't wait for you to finish it asap. Let me know if you need any help. Eagerly waiting for your project.
@themartinm Thanks! People often misconstrue things but if I care what they think, I may give them an example of why this is beneficial. For example, I was working on stuff to break into cars. I also know for a fact criminal organizations are already using tools to break into cars -- someone might be concerned that I'm working on that, but I would ask them, do they have a car? Do they know that others are already breaking into cars like theirs? Do they want to know how to stop it? The only way to know how is to know how to do it in the first place.
@samy kamkar are you aware of any security guidelines/resources related to embedded stuff specifically? Or anyone working on one? (if so, would love to contribute somehow) Stuff like guides on OWASP wiki
of course. security through obscurity is never the answer. only by bringing these problems into the light can they be fixed. it just seems that there is a LOT of talent and knowledge locked up int the older generation of engineers/designers that aren't very eager to share knowledge under the best circumstances, but are even more hostile when you mention why and what you're doing. Thanks!
samy kamkar @Teodora Szasz Awesome! Depends, what are your requirements regarding security on the hardware side? I'd ensure you're using well known standards like WebRTC over DTLS or SRTP, and on the hardware if you're trying to keep secrets protected like a private key, I'd investigate TPMs -- depends on the level of security you need
samy kamkar @Tavish Naruka Good question, I haven't found any OWASP-like resource for hardware. Hackaday is probably the best collection of stuff I've found for things like that, and following experts in the area like Joe Fitzpatrick and Joe Grand
Neil Cherry security through obscurity means you'll find it on wikileaks in a short time ;-)
@Shantam Raj thanks for your interest! well, keep in mind that this is very "in progress" so there are a lot of "[TODO]" and missing pages, but if you want to take a look at what is already available, you can go there : https://libtungsten.io. The git is not available yet but the direct download link should work if you want to take a look at the code, hopefully it's well commented enough (some modules are also already covered in the web documentation).
samy kamkar @themartinm I would say stop depending on other people for information -- I know nobody owes me any information and I'm happy to learn on my own, and when I do, I learn a lot...nothing wrong from learning from others but I can understand people's concerns around this area so I try to do a lot myself
samy kamkar Okay, I have to run all!
Sophi Kravitz thanks Samy!
o/ thanks
Teodora Szasz Thnk you, @samy kamkar . This is really helpful. I will investigate more about your solution.
Matt Lipschutz Thanks Samy!
Anthony Thanks Samy!
Sophi Kravitz come back anytime :)
Salvador Mendoza Thanks Samy! for your time and work!
Thanks so much for having me!! Keep me updated on your projects all, I'm on twitter @SamyKamkar and on here!
Thanks
RoGeorge Thank you! :o
Jørgen Kragh Jakobsen Thanks near Flow for 1.5h :-)
Foalyy Thanks Samy
Breaking Security Hack Chat
Join us in a discussion with Samy Kamkar about reverse engineering, security, and all things hardware.