Security

"While minimal kernels cannot prevent every vulnerability, reducing attack surface by removing unnecessary kernel features, drivers, and services can proactively mitigate many classes of security issues and reduce exploitability." For a long time, Linux optimization work was seen mostly as a performance exercise. Faster boot times. Smaller images. Lower RAM usage. Better cache behavior. But over the years, something interesting became increasingly obvious: Optimization and security are often deeply related. ...

Why This Post Exists I wanted to learn practical voltage fault injection on low-cost MCUs like WCH CH32V003 and Puya PY32. What is Voltage Glitching? Voltage glitching is a form of hardware fault injection where very short disturbances are introduced into a device's power supply. These disturbances can cause the CPU to skip instructions, misread memory, or bypass security checks. Researchers commonly use voltage glitching to study the robustness of microcontrollers and secure boot implementations. ...

What This Article Covers This article presents a practical journey to add Linux support for the HOPERF CMT2300A Sub-GHz RF transceiver - starting from extracting register configuration tables out of vendor firmware, to building and testing a Linux driver on real hardware. You'll learn: How TP-Link's driver situation motivated this effort How firmware was extracted and analyzed How to build and load the custom driver on Raspberry Pi How to verify real on-air packet RX This is aimed at embedded Linux developers, reverse engineers, and RF hackers. It is not a beginner Linux kernel tutorial nor a full CMT2300A datasheet walkthrough; the focus is on practical bring-up and reproducibility. ...

Recently, I was stuck trying to understand how Firebase gRPC calls worked and how I could generate, modify, and replay them. Trapping and modifying existing gRPC traffic was not working well. Finally, I took a step back and spent some time learning how to build and debug simple Firebase applications. This approach helped me tremendously, and I was able to make further progress with my original task quickly. Solution You may find the following code sample useful when reversing/debugging Firebase applications. ...

Here is a quick script to verify that the certificate chain is valid and will work. % cat verify-cert-key.sh #!/usr/bin/env bash certFile="${1}" keyFile="${2}" caFile="${3}" certPubKey="$(openssl x509 -noout -pubkey -in "${certFile}")" keyPubKey="$(openssl pkey -pubout -in "${keyFile}")" if [[ "${certPubKey}" == "${keyPubKey}" ]] then echo "PASS: key and cert match" else echo "FAIL: key and cert DO NOT match" fi openssl verify -CAfile "${3}" "${1}"

Aim Finding 'Heartbleed' class of bugs with taint analysis. Background reading: https://heartbleed.com/ Motivation While Coverity is now able to detect this bug, we wanted to evaluate the state of open-source security tooling in 2024. Have we been able to reduce the cost of finding such bugs after all these years? The Idea Can we find an execution path from the tainted data in the n2s function to sensitive functions? Since n2s typically operates on network received bytes, it can serve as a taint source. ...