profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/jynik/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Jon Szymaniak jynik Security, embedded systems, and punk rock

nccgroup/depthcharge 99

A U-Boot hacking toolkit for security researchers and tinkerers

jynik/ready-set-yocto 24

A short, unofficial guide on getting started with Yocto using a Raspberry Pi

nccgroup/yocto-whitepaper-examples 13

Example code included in the "Improving Your Embedded Linux Security Posture with Yocto" whitepaper

jynik/OOKiedokie 4

A tool for transmitting and receiving OOK-modulated data with SDRs

jynik/skullsup 3

A Malevolent LED Notifier for the Internet of Terrors

jynik/AddressSync 2

Ghidra Module: Allows external program to select current address via UDP message sent to port 1080

jynik/reid 1

Full text searches over your EndNote library

jynik/aemulari 0

Console-based debugger for bare metal ARM, built atop of Unicorn

jynik/conda 0

OS-agnostic, system-level binary package manager and ecosystem

push eventjynik/depthcharge

Jon Szymaniak

commit sha 76b7adfc6bf84027a4234b99237aeb442b9f7101

Begin 0.2.1-dev series

view details

Jon Szymaniak

commit sha b33300144eaf46d6d2de15c893a7947310d96a10

python: Make setup.py version check regex a superset of PEP440 reqt [PEP440] requires that versions be in the form: [N!]N(.N)*[{a|b|rc}N][.postN][.devN] Local version identifiers are also supported: <public version identifier>[+<local version label>] My use of dashes violates this. However, I'd prefer that the setup.py still work in light of such mistakes. The updated regex supports ".", "-", and "+". The match for both .postN.devN together is also included. Ensuring strict compliance to the versioning that will be enforced by PyPi is something should be enforced via unit tests or CI. Opened issue #73 to track this. [PEP440]: https://www.python.org/dev/peps/pep-0440/#public-version-identifiers

view details

Jon Szymaniak

commit sha a159bae2a3129e3e12b54ddd1ccde37ea634ca3e

depthcharge: Bump version to 0.3.0.dev0 The upcoming fixes for #23 and #24 require API additions that necessitate a minor version increment.

view details

Jon Szymaniak

commit sha a2c0054fc5912e5fe74e85438cf2231c5682802c

depthcharge: Provide register_payload() API function

view details

Jon Szymaniak

commit sha c79e69d8b077d5b07e2b0ef9fe252a68b6f31905

depthcharge: Attempt to flush caches after payload deployment Closes #24.

view details

Jon Szymaniak

commit sha 40368f4c36aff360625374d7f28c9d4f4646c6c9

arm: Fix data abort parsing error when in Thumb mode The Mode entry in the Flags line may include a " (T)" suffix when in Thumb mode. The extra space was causing a split(' ') to provide more than the two expected fields. Treat everything after a field (delimited by " ") as part of the value. Closes #79.

view details

Youssef Saade

commit sha 83ab3f8db0219ac964505471ac4ca2f8ecfc9093

doc: Fixes possible typos in introduction.rst

view details

Jon Szymaniak

commit sha 5043d03157a1f2156c588c9036e942c81bf07032

doc: Additional rewording around "command handler tables"

view details

Jon Szymaniak

commit sha 1545fee80062c29d41b45c6691587f0196b933fc

doc: Fixed reference to AUTOBOOT functionality

view details

Jon Szymaniak

commit sha 22e30c0d4d2a7c74216d655a15ec59c81a0b6bc4

doc: Update HABv4 link, typo fix NXP had a 404 on the publily accessible app note, and now has a redirect that requires a login. Added a link to the U-Boot HABv4 introduction, as well as a link to the official AN4581 for those wishing to navigate to it.

view details

Jon Szymaniak

commit sha 42d78588808766a107118eae1d6cd7e510d1c3af

doc: Update links to U-Boot source repo Update links to reflect that gitlab.denx.de has been moved to source.denx.de. Still linking to 2020.01 for the time being; will update links to newer releases on the basis of what some popular BSPs target.

view details

Jon Szymaniak

commit sha 8e9865be7532e9bb999ce0374d67f81e75a6eb5a

doc: Update blog posts & talks

view details

Jon Szymaniak

commit sha f556612ade6e24e61df53f4dec921681a6372fec

uboot/board: Support multiple DRAM banks and add bdinfo_str() Previously, devices with multiple DRAM banks would result in board info dictionary keys being overwritten. These are now handled by maintaining a nested dram_bank dictionary. Functionality from depthcharge-print has been moved to uboot.board.bdinfo_str() in order to provide support for dict-to-string conversions. Co-authored-by: Youssef Saade <youssef.saade2@gmail.com> Co-authored-by: Jon Szymaniak <jon.szymaniak.foss@gmail.com>

view details

Jon Szymaniak

commit sha 5759af3b04fadb632f85a5764f46784dfe954554

depthcharge-print: Use functionality moved to bdinfo_str()

view details

Jon Szymaniak

commit sha 0c338deddaf1d045c3c1ee0a56a8b12662fbab72

python: Add depthcharge.uboot.board unit tests

view details

Jon Szymaniak

commit sha 136617f0ba9661b3616d2b73006c10945fea04f8

arch: Move common "Code: " line parsing to base class This will be used as-is in AARCH64 code as well.

view details

Jon Szymaniak

commit sha ecdd28254f1a9312d226eb06c65ca0aefc54c062

depthcharge: Add preliminary AARCH64 architecture definition

view details

Jon Szymaniak

commit sha d1cba3192825afdc9b5e03d8d9fc18202e89fefe

arch: Export depthcharge.arch.AARCH64

view details

Jon Szymaniak

commit sha 9a04c3ce9889bcc026ff09e0febfd86800796c7d

depthcharge/console: kwarg & env var control of timeout and intrachar delay Some devices are slow to respond or will even allow their hardware UART FIFOs to fill, resulting in dropped input. Added DEPTHCHARGE_CONSOLE_TIMEOUT environment variable to allow Console timeout behavior to be overridden externally. Added 'intrachar' and DEPTHCHARGE_CONSOLE_INTRACHAR to allow intra-character delays to be added. A zero delay will incur only the non-negligible overhead of calling write()+flush() on a per character basis.

view details

Jon Szymaniak

commit sha 39f3663b06872d4254e8872946df5ae34923e36b

doc: Document "Console Quirks" - Timeout & Intracharacter Delay

view details

push time in 2 months

created tagnccgroup/depthcharge

tag0.3.0

A U-Boot hacking toolkit for security researchers and tinkerers

created time in 2 months

release nccgroup/depthcharge

0.3.0

released time in 2 months

issue closednccgroup/depthcharge

Add AArch64 Support

Add AArch64 support to python/depthcharge/arch.py and validate on a common 64-bit ARM platform (e.g. Raspberry Pi 3, Model B).

closed time in 2 months

jynik

issue closednccgroup/depthcharge

Documentation: 404 URL in introduction.rst

Affected Document(s)

introduction.rst

Description of Issue

The following link in line 87 of the introduction.rst document is returning a 404 Page not found. .. _NXP's HABv4: https://www.nxp.com/docs/en/application-note/AN4581.pdf

closed time in 2 months

youssefms

push eventnccgroup/depthcharge

Jon Szymaniak

commit sha 76b7adfc6bf84027a4234b99237aeb442b9f7101

Begin 0.2.1-dev series

view details

Jon Szymaniak

commit sha b33300144eaf46d6d2de15c893a7947310d96a10

python: Make setup.py version check regex a superset of PEP440 reqt [PEP440] requires that versions be in the form: [N!]N(.N)*[{a|b|rc}N][.postN][.devN] Local version identifiers are also supported: <public version identifier>[+<local version label>] My use of dashes violates this. However, I'd prefer that the setup.py still work in light of such mistakes. The updated regex supports ".", "-", and "+". The match for both .postN.devN together is also included. Ensuring strict compliance to the versioning that will be enforced by PyPi is something should be enforced via unit tests or CI. Opened issue #73 to track this. [PEP440]: https://www.python.org/dev/peps/pep-0440/#public-version-identifiers

view details

Jon Szymaniak

commit sha a159bae2a3129e3e12b54ddd1ccde37ea634ca3e

depthcharge: Bump version to 0.3.0.dev0 The upcoming fixes for #23 and #24 require API additions that necessitate a minor version increment.

view details

Jon Szymaniak

commit sha a2c0054fc5912e5fe74e85438cf2231c5682802c

depthcharge: Provide register_payload() API function

view details

Jon Szymaniak

commit sha c79e69d8b077d5b07e2b0ef9fe252a68b6f31905

depthcharge: Attempt to flush caches after payload deployment Closes #24.

view details

Jon Szymaniak

commit sha 40368f4c36aff360625374d7f28c9d4f4646c6c9

arm: Fix data abort parsing error when in Thumb mode The Mode entry in the Flags line may include a " (T)" suffix when in Thumb mode. The extra space was causing a split(' ') to provide more than the two expected fields. Treat everything after a field (delimited by " ") as part of the value. Closes #79.

view details

Youssef Saade

commit sha 83ab3f8db0219ac964505471ac4ca2f8ecfc9093

doc: Fixes possible typos in introduction.rst

view details

Jon Szymaniak

commit sha 5043d03157a1f2156c588c9036e942c81bf07032

doc: Additional rewording around "command handler tables"

view details

Jon Szymaniak

commit sha 1545fee80062c29d41b45c6691587f0196b933fc

doc: Fixed reference to AUTOBOOT functionality

view details

Jon Szymaniak

commit sha 22e30c0d4d2a7c74216d655a15ec59c81a0b6bc4

doc: Update HABv4 link, typo fix NXP had a 404 on the publily accessible app note, and now has a redirect that requires a login. Added a link to the U-Boot HABv4 introduction, as well as a link to the official AN4581 for those wishing to navigate to it.

view details

Jon Szymaniak

commit sha 42d78588808766a107118eae1d6cd7e510d1c3af

doc: Update links to U-Boot source repo Update links to reflect that gitlab.denx.de has been moved to source.denx.de. Still linking to 2020.01 for the time being; will update links to newer releases on the basis of what some popular BSPs target.

view details

Jon Szymaniak

commit sha 8e9865be7532e9bb999ce0374d67f81e75a6eb5a

doc: Update blog posts & talks

view details

Jon Szymaniak

commit sha f556612ade6e24e61df53f4dec921681a6372fec

uboot/board: Support multiple DRAM banks and add bdinfo_str() Previously, devices with multiple DRAM banks would result in board info dictionary keys being overwritten. These are now handled by maintaining a nested dram_bank dictionary. Functionality from depthcharge-print has been moved to uboot.board.bdinfo_str() in order to provide support for dict-to-string conversions. Co-authored-by: Youssef Saade <youssef.saade2@gmail.com> Co-authored-by: Jon Szymaniak <jon.szymaniak.foss@gmail.com>

view details

Jon Szymaniak

commit sha 5759af3b04fadb632f85a5764f46784dfe954554

depthcharge-print: Use functionality moved to bdinfo_str()

view details

Jon Szymaniak

commit sha 0c338deddaf1d045c3c1ee0a56a8b12662fbab72

python: Add depthcharge.uboot.board unit tests

view details

Jon Szymaniak

commit sha 136617f0ba9661b3616d2b73006c10945fea04f8

arch: Move common "Code: " line parsing to base class This will be used as-is in AARCH64 code as well.

view details

Jon Szymaniak

commit sha ecdd28254f1a9312d226eb06c65ca0aefc54c062

depthcharge: Add preliminary AARCH64 architecture definition

view details

Jon Szymaniak

commit sha d1cba3192825afdc9b5e03d8d9fc18202e89fefe

arch: Export depthcharge.arch.AARCH64

view details

Jon Szymaniak

commit sha 9a04c3ce9889bcc026ff09e0febfd86800796c7d

depthcharge/console: kwarg & env var control of timeout and intrachar delay Some devices are slow to respond or will even allow their hardware UART FIFOs to fill, resulting in dropped input. Added DEPTHCHARGE_CONSOLE_TIMEOUT environment variable to allow Console timeout behavior to be overridden externally. Added 'intrachar' and DEPTHCHARGE_CONSOLE_INTRACHAR to allow intra-character delays to be added. A zero delay will incur only the non-negligible overhead of calling write()+flush() on a per character basis.

view details

Jon Szymaniak

commit sha 39f3663b06872d4254e8872946df5ae34923e36b

doc: Document "Console Quirks" - Timeout & Intracharacter Delay

view details

push time in 2 months

issue closednccgroup/depthcharge

Run-time payload registration

Currently, only built-in payloads can be used with Depthcharge.execute_payload. Need to provide a way to register custom user payloads at runtime.

closed time in 2 months

ncc-iz

issue closednccgroup/depthcharge

Depthcharge `deploy_payload` should flush icache

Currently, icache is not being cleaned. As a result, when recompiling the payload and redeploying, erratic behavior is observed (e.g. payload randomly crashing or returning error code). In order to work around this, icache could be disabled with U-Boot command icache off when available; ideally Depthcharge should clean dcache followed by flushing icache whenever deploying payloads.

See https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/caches-and-self-modifying-code

closed time in 2 months

ncc-iz

issue closednccgroup/depthcharge

DataAbort parse failure

The "Mode" entry in an ARM data abort dump will contain an additional (T) entry if the device is in Thumb mode.

This triggers an unexpected failure because the assignment expects a name, value pair, but split(' ') is looking to provide three fields in this case.

closed time in 2 months

jynik

PR merged nccgroup/depthcharge

Depthcharge 0.3.0 ("Danny Nadelko")
+1028 -400

0 comment

57 changed files

jynik

pr closed time in 2 months

PR opened nccgroup/depthcharge

Depthcharge 0.3.0 ("Danny Nadelko")
+1028 -400

0 comment

57 changed files

pr created time in 2 months

push eventnccgroup/depthcharge

Jon Szymaniak

commit sha 4204da2c834b61704b04bcb95a0f693b60e151db

doc: Remove GoRegisterReader entry

view details

Jon Szymaniak

commit sha a24046e001fb7cc18e73581eec36a2f759f82447

python: Fixes for dist packaging The packaging of sdist now apparently fails because our .Depthcharge.readme hack resulted in this file not being present when everything is copied to /tmp during this process. Renamed file to Depthcharge.readme and added it to MANIFEST.in, alongwith the tests to be included in the sdist.

view details

Jon Szymaniak

commit sha 6faf4e2ff62a76b9521ef1c5d1cf49e56102403f

Depthcharge 0.3.0 Release ("Danny Nadelko")

view details

push time in 2 months

PR merged nccgroup/depthcharge

Prepare Depthcharge 0.3.0 release
+40 -11

0 comment

7 changed files

jynik

pr closed time in 2 months

PR opened nccgroup/depthcharge

Prepare Depthcharge 0.3.0 release
+40 -11

0 comment

7 changed files

pr created time in 2 months

push eventjynik/depthcharge

Jon Szymaniak

commit sha f6b137bae49225be7e55d115b35cb260c2bd84fe

python: Fixes for dist packaging The packaging of sdist now apparently fails because our .Depthcharge.readme hack resulted in this file not being present when everything is copied to /tmp during this process. Renamed file to Depthcharge.readme and added it to MANIFEST.in, alongwith the tests to be included in the sdist.

view details

Jon Szymaniak

commit sha 53e5fb4c9c011b7d3dc84b8b95336a758610584a

Depthcharge 0.3.0 Release ("Danny Nadelko")

view details

push time in 2 months

push eventjynik/depthcharge

Jon Szymaniak

commit sha 939fe1b33c63a2349dfc7dabd6f3d3c81b07bff7

doc: Remove GoRegisterReader entry

view details

Jon Szymaniak

commit sha 9331c9935229bef9eba54009ffa5df63838492c1

Depthcharge 0.3.0 Release ("Danny Nadelko")

view details

push time in 2 months

push eventjynik/depthcharge

Jon Szymaniak

commit sha 3d7f4db642197ba3132427f700f863cf9a0b71ba

Depthcharge 0.3.0 Release ("Danny Nadelko")

view details

push time in 2 months

push eventjynik/depthcharge

Jon Szymaniak

commit sha 733bc06d6f115d3b4cb6f1ef6ed19e97f110df82

python: Use relocaddr for JT addr mask check, warn but don't error out This address mask check is just intended to provided early warning if our function pointer deductions are incorrect, which will lead to a crash. Erroring out is a bit excessive, so this has just been reduced to a warning. We'll either hit an error at the crash, or the address mask check itself was just wrong. ;) We'll try to use U-Boot's post relocation address as the basis for our check, followed by the gd address if the former somehow isn't present. On many devices, using either here seems to suffice. However, I found that on an AARCH64 AMLogic device using a fork from 2015, the gd was at 0xd3e2.... whereas the relocaddr was 0xd7e3...., which was more representative of the jump table entries @ 0xd7e9....

view details

push time in 2 months

push eventnccgroup/depthcharge

Jon Szymaniak

commit sha 733bc06d6f115d3b4cb6f1ef6ed19e97f110df82

python: Use relocaddr for JT addr mask check, warn but don't error out This address mask check is just intended to provided early warning if our function pointer deductions are incorrect, which will lead to a crash. Erroring out is a bit excessive, so this has just been reduced to a warning. We'll either hit an error at the crash, or the address mask check itself was just wrong. ;) We'll try to use U-Boot's post relocation address as the basis for our check, followed by the gd address if the former somehow isn't present. On many devices, using either here seems to suffice. However, I found that on an AARCH64 AMLogic device using a fork from 2015, the gd was at 0xd3e2.... whereas the relocaddr was 0xd7e3...., which was more representative of the jump table entries @ 0xd7e9....

view details

push time in 2 months

PR merged nccgroup/depthcharge

python: Use relocaddr for JT addr mask check, warn but don't error out

This address mask check is just intended to provided early warning if our function pointer deductions are incorrect, which will lead to a crash. Erroring out is a bit excessive, so this has just been reduced to a warning. We'll either hit an error at the crash, or the address mask check itself was just wrong. ;)

We'll try to use U-Boot's post relocation address as the basis for our check, followed by the gd address if the former somehow isn't present. On many devices, using either here seems to suffice. However, I found that on an AARCH64 AMLogic device using a fork from 2015, the gd was at 0xd3e2.... whereas the relocaddr was 0xd7e3...., which was more representative of the jump table entries @ 0xd7e9....

+14 -10

0 comment

1 changed file

jynik

pr closed time in 2 months

create barnchjynik/depthcharge

branch : defcon_demos

created branch time in 2 months

push eventjynik/u-boot

Jon Szymaniak

commit sha 861920b40eac7da807ff342175cb13d1992ca47d

actually null out the console

view details

push time in 2 months

push eventjynik/u-boot

Jon Szymaniak

commit sha 85859ebdf19509e6ecf9993cdf0564485b22078b

Second batch of demo-hackery

view details

push time in 2 months

push eventjynik/u-boot

Jon Szymaniak

commit sha 7b13d720728deaba3155ab2a526b3afd2347d897

cmd: Set loadsize env variable upon nand load

view details

Jon Szymaniak

commit sha 40624d80bc3a8aeb242c1db19836d5c0f0fbbf77

Bunch of hacks to make this mimic a vuln I've once seen...

view details

push time in 2 months

startedstruct/isoalloc

started time in 2 months

startedFiloSottile/yubikey-agent

started time in 2 months

create barnchjynik/u-boot

branch : demolab_demo

created branch time in 2 months

PR opened nccgroup/depthcharge

python: Use relocaddr for JT addr mask check, warn but don't error out

This address mask check is just intended to provided early warning if our function pointer deductions are incorrect, which will lead to a crash. Erroring out is a bit excessive, so this has just been reduced to a warning. We'll either hit an error at the crash, or the address mask check itself was just wrong. ;)

We'll try to use U-Boot's post relocation address as the basis for our check, followed by the gd address if the former somehow isn't present. On many devices, using either here seems to suffice. However, I found that on an AARCH64 AMLogic device using a fork from 2015, the gd was at 0xd3e2.... whereas the relocaddr was 0xd7e3...., which was more representative of the jump table entries @ 0xd7e9....

+14 -10

0 comment

1 changed file

pr created time in 2 months

push eventjynik/depthcharge

Jon Szymaniak

commit sha 5dface7684dca4e7a3f84570fcc4d7eee320d91b

python: Use relocaddr for JT addr mask check, warn but don't error out This address mask check is just intended to provided early warning if our function pointer deductions are incorrect, which will lead to a crash. Erroring out is a bit excessive, so this has just been reduced to a warning. We'll either hit an error at the crash, or the address mask check itself was just wrong. ;) We'll try to use U-Boot's post relocation address as the basis for our check, followed by the gd address if the former somehow isn't present. On many devices, using either here seems to suffice. However, I found that on an AARCH64 AMLogic device using a fork from 2015, the gd was at 0xd3e2.... whereas the relocaddr was 0xd7e3...., which was more representative of the jump table entries @ 0xd7e9....

view details

push time in 2 months

push eventjynik/depthcharge

Jon Szymaniak

commit sha 76b0e7aa75e6a8eb8df5918a2f4a0e92d5353e4d

python: Use relocaddr for JT addr mask check, warn but don't error out

view details

push time in 2 months