hakstuff

If you want to check out the post, it's available here! I'm also trying something new this time, I dumped all of the diagrams/text/info/etc. in a repo on my GitHub, just to make the raw data a little more accessible. hakstuff.net/blog/teardown-…

New blog post complete! I finally finished my teardown of the Rivian AXM 1.0 module :D Here's the header image I made for it

办公室冷知识：如果你打开 Excel 并按住Ctrl+右箭头，然后再按Ctrl+下箭头，你会来到单元格XFD1048576 如果在这个格子里输入一个”.”，然后按Ctrl+A并将所有单元格填满黑色，你就可以在公司的打印机上打印34,000,000页黑色页面并且被解雇

We do a little labeling!! Rivian AXM teardown coming soon :D I just need to compile all of the data from raw notes into a blog post now.

@lauriewired Lain Iwakura Pop Up Parade New L Size Figure(TM) is all I see....

Got a new (rare) toy in the mail to play with. Can you guess what I’m using it for? (don’t ask me how I got it)

I'd love to research more into mapping this kind of information when vulnerability hunting. You could use it to correlate which development teams worked on certain features, or perhaps use it to inform what binaries may be more sloppily built than others. Would be fun to try!

As you can see from these distribution graphs, like 80%+ of the development was done between 9am and 5pm, with a huge percentage of the building completed in 2016! The few late/early or 2020+ builds could point to emergency patches, bug fixes. alt dev teams, etc.!

Fun new binary analysis technique! I dumped the build time from all of the binaries on a BMW infotainment unit and graphed both the date and time they were built. Gives some fun insight into the working schedule of the dev teams, and points out weird outlier binaries!

The Rivian AXM and XMM PCBs both use a conformal coating. I've been able to get okay-ish photos of most components using a flash light, but these daughter boards (VLM & VPM) were unreadable. Found the hot air + knife method to remove the coating online, and it worked great!

Goodbye, evil conformal coating! Hot air station @ 175C + a small knife/scraper, now I can finally take pictures of these ICs and identify them 🫡 They were blurry reflective blobs before!

@vxunderground point 6 kinda reads like "were gonna stop drug testing cyber hires, and were gonna give kids pirated CEH training PDFs so they get l33t fast"

Today United States Donald J. Trump released the "Cyber Strategy for America" document. It was highlighted by FBI Director Kash Patel. Let's take a look at it together. I'll translate it from fancy political speak into nerd speak. Intro: >america is cool and badass >were strong af fr >our hackers are schizo af >we could be strongerer >need corpos to work with us fr >were fuckin shit up so nerds cant hide >america 250 years old soon >computers are important Section Two: >we made the internet >we are the best in internet stuff >mean nerds fuck shit up on the internet >mean nerds pissing us off >"im trump and im not a bitch about cyber" >mean nerds targeting important shit online >this is a new era of cyberspace >lots of money online Section Three: >mean nerds pissing us off fr >if we cant internet you, well physically hurt you >he actually wrote that LOL >other countries have shitty AI >we have the best AI >were gonna work with unis and companies for AI >wont let people be censored online >something about people censoring americans >mean nerds will get sanctioned >mean nerds will be memed >mean nerds will get beat up (maybe) >america remove more regulations on AI >regulations slow us down >gotta go fast af boi fr >cybersecurity so important fr Donald J. Trump Pillars of Action: 1. Shape Adversary Behavior >mean nerds attacking americans and companies >theyre innocent ppl tho >nsa and cia given thumbs up to hack back extra >we raising aggression 2. Promote Common Sense Regulation >reduce cybersecurity regulation >checklists are for losers >regulation make companies less agile >companies and gov need to be fast af 3. Modernize and Secure Federal Government Networks >government computers are lame >will make them better >use best practices >use "post-quantum cryptography" >use "zero-trust architecture" >use "cloud transition" >will improve stuff to hunt down nerds we dont like >will use AI for cybersecurity 4. Secure Critical Infrastructure >critical infra support important >energy grid important af to defend >banks important af to defend >hospitals important af to defend >water plants important af to defend >telecoms important af to defend >datacenters important af to defend >must defend everything important af >stop using technology made by countries we dont like 5. Sustain Superiority in Critical and Emerging Technologies >america will make more tech stuff >we gonna protect what we make fr >cryptocurrency must be secured and stuff >we need quantum stuff >ai mega important tho >we need more ai for hacking and for defense >people we dont like hack dumb and shitty ai 6. Build Talent and Capacity >we need more nerds >nerds are unironically super important >need to invest in nerds >remove "roadblocks" for nerds (???) across industry >will invest in more nerd stuff for nerds to learn

Today I desoldered the Micron UFS flash from one of the IDC23H units I have, hoping to get an initial firmware dump for analysis. Unfortunately, the cheapo JMS901-based reader I bought isn't able to properly recognize Micron memory, it seems 🥲 So close, yet so far!

Someone told me you where trying to put an ESP32 in something and not tell me.... So I made a site that grabs all new FCC filings everyday, looks for an internal photos document within the filing, screen grabs any of those photos, parses them through a CV algo, and finds ESP32

I've discovered a method to boot any desired rootfs from USB or SATA using the TP-Link CentralHub Tapo H500. By shorting the signal lines of the built-in eMMC to ground to disrupt the boot sequence and gain access to the U-Boot shell, you can then edit the boot arguments (cmdline) to boot from a USB or SATA partition. For now, I've successfully logged into a Debian armv7. See further: scrapbox.io/rwxr-xr-x/Tapo…

I realized today that I never finished my teardown of the Rivian R1S AXM! I have all of the photos taken and ready to go, I just need to finish writing up the blog post. I'm going to take a short break from the IDC23 work tonight to finish that up 🫡

@GregKara6 @hacker_ Do you have a writeup for that? I'd love to read more about it

claude helped me crack a vehicle ECU not cracked by anyone else in the world for the last decade. i hooked it up to a glitch device with python scripting capability and left it alone, it literally glitched the chip, got passed the security chip, NOPed out the instruction to skip it on subsequent boots. Insane.

CLAUDEEEE. My outlook on the future has dramatically shifted overnight. Wow.

New tech dropped: Alibaba's image search feature is insanely good for finding niche automotive connectors! I was able to find the MGU/IDC main harness connector for $1.50 USD/ea, with an alleged MOQ of only 1 unit... (though I'm unsure if they'll honor that lol)

@pirrup Ooh, I'd love to learn more! 👀

@hakstuff I can give you more info on this 😉

Was able to get a nice clean candump from K-CAN4 on the BCP - 500k baud non-FD CAN. Next will be hooking up the infotainment unit to the bus and monitoring traffic, then isolating what CAN messages wake up the unit!