https://rfcorner.in/tags/security/Recent content in Security on Dhiru's NotebookHugo -- 0.156.0en-usTue, 23 Dec 2025 00:00:00 +0000https://rfcorner.in/posts/supporting-cmt2300a-on-linux/Tue, 23 Dec 2025 00:00:00 +0000https://rfcorner.in/posts/supporting-cmt2300a-on-linux/<h2 id="what-this-article-covers">What This Article Covers</h2> <p>This article presents a practical journey to add Linux support for the HOPERF CMT2300A Sub-GHz RF transceiver - starting from extracting register configuration tables out of vendor firmware, to building and testing a Linux driver on real hardware.</p> <p>You'll learn:</p> <ul> <li>How TP-Link's driver situation motivated this effort</li> <li>How firmware was extracted and analyzed</li> <li>How to build and load the custom driver on Raspberry Pi</li> <li>How to verify real on-air packet RX</li> </ul> <p>This is aimed at embedded Linux developers, reverse engineers, and RF hackers. It is <em>not</em> a beginner Linux kernel tutorial nor a full CMT2300A datasheet walkthrough - focus is on practical bring-up and reproducibility.</p>https://rfcorner.in/posts/debugging-grpc-traffic-with-mitmproxy/Wed, 16 Apr 2025 00:00:00 +0000https://rfcorner.in/posts/debugging-grpc-traffic-with-mitmproxy/<p>Recently, I was stuck in figuring out how the Firebase gRPC calls worked and how I could generate, modify, and replay them. Trapping and modifying the existing gRPC traffic was not working too well. Finally, I took a step back and spent some time on learning how to build and debug simple Firebase applications. This approach helped me tremendously and I was able to make further progress with my original task in almost no time.</p>https://rfcorner.in/posts/verifying-certificate-chain/Mon, 14 Apr 2025 00:00:00 +0000https://rfcorner.in/posts/verifying-certificate-chain/<p>Here is a quick script to verify that the certificate chain is valid and will work.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">% cat verify-cert-key.sh </span></span><span class="line"><span class="cl"><span class="c1">#!/usr/bin/env bash</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nv">certFile</span><span class="o">=</span><span class="s2">&#34;</span><span class="si">${</span><span class="nv">1</span><span class="si">}</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="nv">keyFile</span><span class="o">=</span><span class="s2">&#34;</span><span class="si">${</span><span class="nv">2</span><span class="si">}</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="nv">caFile</span><span class="o">=</span><span class="s2">&#34;</span><span class="si">${</span><span class="nv">3</span><span class="si">}</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="nv">certPubKey</span><span class="o">=</span><span class="s2">&#34;</span><span class="k">$(</span>openssl x509 -noout -pubkey -in <span class="s2">&#34;</span><span class="si">${</span><span class="nv">certFile</span><span class="si">}</span><span class="s2">&#34;</span><span class="k">)</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="nv">keyPubKey</span><span class="o">=</span><span class="s2">&#34;</span><span class="k">$(</span>openssl pkey -pubout -in <span class="s2">&#34;</span><span class="si">${</span><span class="nv">keyFile</span><span class="si">}</span><span class="s2">&#34;</span><span class="k">)</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[[</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">certPubKey</span><span class="si">}</span><span class="s2">&#34;</span> <span class="o">==</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">keyPubKey</span><span class="si">}</span><span class="s2">&#34;</span> <span class="o">]]</span> </span></span><span class="line"><span class="cl"><span class="k">then</span> </span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">&#34;PASS: key and cert match&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">else</span> </span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">&#34;FAIL: key and cert DO NOT match&#34;</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">openssl verify -CAfile <span class="s2">&#34;</span><span class="si">${</span><span class="nv">3</span><span class="si">}</span><span class="s2">&#34;</span> <span class="s2">&#34;</span><span class="si">${</span><span class="nv">1</span><span class="si">}</span><span class="s2">&#34;</span> </span></span></code></pre></div>https://rfcorner.in/posts/taintanalysis/Fri, 01 Nov 2024 00:00:00 +0000https://rfcorner.in/posts/taintanalysis/<h2 id="aim">Aim</h2> <p>Finding 'Heartbleed' class of bugs with taint analysis.</p> <p>Background reading: <a href="https://heartbleed.com/">https://heartbleed.com/</a></p> <h2 id="motivation">Motivation</h2> <p>While <code>Coverity</code> is now able to detect this bug, we wanted to evaluate the state of open-source security tooling in 2024.</p> <p>Have we been able to reduce the cost of finding such bugs after all these years?</p> <h2 id="the-idea">The Idea</h2> <p>Can we find an <code>execution path</code> from the tainted data in the <code>n2s</code> function to sensitive functions?</p> <p>Since <code>n2s</code> typically operates on network received bytes, it can serve as a taint source.</p>