<div dir="ltr"><br><div class="gmail_quote"><br><br>Howdy Josh,<br>
<br>
I'm too damned busy these days to join any new projects, but I'm happy<br>
to provide some pointers. Please forward this to the list if you<br>
think that'd be handy, and also tell them that I'm happy to contribute<br>
free Facedancer PCBs toward their effort.<br>
<br>
My solo disk work is available as the video of my talk from 29C3 and<br>
as a short article in Poc||GTFO 00:02, which can be found by googling<br>
for pocorgtfo00.pdf. The first covers active disk antiforensics with<br>
a Facedancer board, and the second with an iPod running Rockbox.<br>
Sadly, I never got around to finishing my blog post from 29C3, so<br>
suffering through that long video is necessary. (I'm a sinner, I<br>
know!)<br>
<br>
I also did some work on replacement firmware for a Seagate drive with<br>
Jonas Zaddach and a few other fine folks. We were making a remotely<br>
accessible backdoor, but the exact same principles can be used to<br>
patch the antiforensics tricks that I mentioned at 29C3 and in<br>
PoC||GTFO into a real disk.<br>
<a href="https://archive.org/details/Acsac13Zaddach" target="_blank">https://archive.org/details/Acsac13Zaddach</a><br>
<br>
There's not much value in doing an FPGA, as fast microcontrollers with<br>
excellent USB controllers are cheap and plentiful. I still think that<br>
the best way to do it is with antiforensics destroying the information<br>
on detecting tampering, but an excellent and well verified crypto<br>
implementation in a smart card chip might remove the danger of<br>
accidentally triggering a disk's self destruct.<br>
<br>
It will also be worth looking at Bunnie's talk from 30C3, where he<br>
reverse engineered an SD card's controller chip. Patching a perfectly<br>
vanilla, hello-kitty-branded card is definitely the best way to do<br>
this in the field, and his lecture provides a damned good resource for<br>
that.<br>
<br>
<br>
Drinks in Philly the next time I make it to Samland?<br>
<br>
Cheers from München,<br>
--Travis<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Mon, Jan 13, 2014 at 12:06 PM, Joshua Marpet<br>
<<a href="mailto:joshua.marpet@guardedrisk.com">joshua.marpet@guardedrisk.com</a>> wrote:<br>
> The Metzdowd cryptography mailing list was making noises about epoxying<br>
> chips on a USB stick, and i coughed and mentioned you. They asked.<br>
><br>
> " I Googled him and saw his recent blog<br>
> posts. He seems like quite a brilliant hardware hacker.<br>
><br>
> I'd be interested in his thoughts on an open-source usb stick for<br>
> crypto. Would he go totally open, making everything probable, or<br>
> would he encase it in epoxy? Is there value in making the<br>
> microcontroller an open-source synthesized core in an FPGA, or can we<br>
> trust an Atmel microcontroller? Do we really have to have an external<br>
> ppwer supply, because that wont fit in my pocket? Is this whole idea<br>
> a waste of time, or is it doable in a useful way?"<br>
><br>
> If you want to get involved, these are some serious crypto people, but<br>
> mostly people without funding. Lots of academics, Silent circle people are<br>
> on there, just figured I'd mention it.<br>
><br>
> J<br>
> --<br>
><br>
> Joshua A. Marpet<br>
><br>
> Managing Principal<br>
><br>
> GuardedRisk<br>
><br>
><br>
><br>
> Before the Breach and After The Incident!<br>
><br>
><br>
> 1-855-23G-RISK <a href="tel:%28855-234-7475" value="+18552347475">(855-234-7475</a>)<br>
><br>
><br>
> Cell: <a href="tel:%28908%29%20916-7764" value="+19089167764">(908) 916-7764</a><br>
><br>
> <a href="mailto:Joshua.Marpet@guardedrisk.com">Joshua.Marpet@guardedrisk.com</a><br>
><br>
> <a href="http://www.GuardedRisk.com" target="_blank">http://www.GuardedRisk.com</a><br>
><br>
><br>
><br>
><br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
.us <a href="tel:%2B1.267.401.2597" value="+12674012597">+1.267.401.2597</a><br>
.de <a href="tel:%2B49.152.23.90.76.92" value="+4915223907692">+49.152.23.90.76.92</a><br>
</font></span></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><p style="margin:0px"><b><span style="font-size:10pt;font-family:'MS Reference Sans Serif',sans-serif"><font color="#000000">Joshua A. Marpet</font></span></b></p>
<p style="margin:0px"><font face="MS Reference Sans Serif, sans-serif" color="#000000">Managing Principal</font></p><p style="margin:0px"><font face="MS Reference Sans Serif, sans-serif" color="#000000"><b>GuardedRisk</b></font></p>
<p style="margin:0px;color:rgb(80,0,80)"><span style="font-size:5pt;font-family:'MS Reference Sans Serif',sans-serif;color:navy"><u></u> </span></p><p style="margin:0px"><font color="#ff0000"><span style="font-family:'MS Reference Sans Serif',sans-serif"><font><b><i>Before the Breach </i></b></font></span><b style="font-size:small;font-family:'MS Reference Sans Serif',sans-serif"><i>and </i></b><b style="font-size:small;font-family:'MS Reference Sans Serif',sans-serif"><i>After The Incident!</i></b></font></p>
<p style="margin:0px;color:rgb(80,0,80)"><span style="font-family:'MS Reference Sans Serif',sans-serif;color:navy"><font><b><i><br></i></b></font></span></p><p style="margin:0px"><span style="color:rgb(0,0,0);font-size:10pt;font-family:'MS Reference Sans Serif',sans-serif">1-855-23</span><span style="font-size:10pt;font-family:'MS Reference Sans Serif',sans-serif"><font color="#ff0000">G-RISK</font></span><span style="color:rgb(0,0,0);font-size:10pt;font-family:'MS Reference Sans Serif',sans-serif"> (855-234-7475)</span></p>
<p style="margin:0px"><span style="font-size:10pt;font-family:'MS Reference Sans Serif',sans-serif"><font color="#000000"><br></font></span></p><p style="margin:0px"><span style="font-size:10pt;font-family:'MS Reference Sans Serif',sans-serif"><font color="#000000">Cell: (908) 916-7764 </font></span></p>
<p style="margin:0px;color:rgb(80,0,80)"><a href="mailto:Joshua.Marpet@guardedrisk.com" target="_blank">Joshua.Marpet@guardedrisk.com</a></p><p style="margin:0px;color:rgb(80,0,80)"><a href="http://www.GuardedRisk.com" target="_blank">http://www.GuardedRisk.com</a></p>
<p style="margin:0px;color:rgb(80,0,80)"><span style="font-size:9pt;color:rgb(31,73,125)"><u></u> <u></u></span></p><p style="margin:0px;color:rgb(80,0,80);text-align:justify"><br></p></div>
</div>