PASTOR LAPHROAIG ANNOUNCES THE PUBLICATION OF WHAT WILL TORMENT THE ACOLYTES OF THE CHURCH OF ROBOTRON! NO MAN SHALL BE SPARED AND THE INQUISITION WILL BEGIN PROMPTLY!
For the last few years, Pastor Manul Laphroaig and friends have been publishing the International Journal of PoC || GTFO. This is a collection of papers and exploits, submitted to the Tract Association of PoC || GTFO, each of which demonstrates an interesting exploit, technique, or software toy in the field of electronics. Imagine, if 2600 or Dr. Dobb’s Journal were a professional academic publication. Add some whiskey and you have PoC || GTFO.
This is something we’ve been waiting a while for. The International Journal of PoC || GTFO is now a real
book bible published by No Starch Press. What’s the buy-in for this indulgence? $30 USD, or a bit less if you just want the Ebook version. The draw of the dead tree version of PoC includes a leatherette cover, gilt edges, and the ability to fit inside bible covers available through other fine retailers. There are no rumors of a children’s version with vegetable-based characters.
PoC || GTFO, in reality, is an almost tri-annual journal of reverse engineering, computer science, and other random electronic computational wizardry, with papers (the Proof of Concept) by Dan Kaminsky, Colin O’Flynn, Joe FitzPatrick, Micah Elisabeth Scott, Joe Grand, and other heroes of the hacker world. What does PoC || GTFO present itself as? Applied electrons in a religious tract publication. The tongue is planted firmly in the cheek here, and it’s awesome.
What Does Pastor Laphroaig Speak Of?
Need an example of what is presented in the International Journal of PoC || GTFO? The fourth edition (PDF) is a good benchmark containing everything from advanced reverse engineering techniques to basic chemistry.
In the 4th edition of PoC includes an Introduction to Reflux Decapsulation and Chip Photography by Travis Goodspeed. This is how you begin to reverse engineer microelectronics simply by looking at them, and the entire setup is reasonably attainable to anyone with a lab that has good ventilation and knows how to cruise eBay looking for a metallugrical microscope.
The process of reflux decapsulation is relatively simple, but does require a few dangerous chemicals. You’ll need some nitric and sulfuric acid of course, but the only other equipment needed is a test tube, ring stand, a cheap SMD hot air station, an ultrasonic cleaner, and of course a bit of microscopy equipment.
Can it be this easy to decapsulate and photograph microelectronics? Yes, but you need to bring a bit to the table. You need to know to add the acid to the water, you’ll need to keep a careful eye on your reflux, and you’ll probably have a lot of fun stitching photos of a chip into a single image. It can be done, though, and Travis gives you the Proof of Concept. We would have something to say to him if he didn’t.
Also in the fourth publication from the Tract Association of PoC || GTFO and Friends is an exploit for Tamagotchis from the world’s leading expert in Tamagotchi firmware, Natalie Silvanovich. Natalie’s work in the fourth edition is a continuation of her exploits discussed in the second edition, itself somewhat of a recap of her talk at 29C3.
Natalie has made a name for herself by exploiting the modern Tamagotchi. A lot has changed in the world of Tamagotchi since 1999, and the newer models have IR, RFID, yet are still built around a 6502 core. 6502s are very popular in toys.
The paper presented in the fourth edition is a Proof of Concept to dump Tamagotchi Firmware via power glitching. The 6502 is a strange beast, and by glitching the input power for a very specific period of time the registers would corrupt (setting the program counter to zero), but the SRAM would remain. Using an Arduino to glitch the power, Natalie was able to dump the complete firmware of a Tamagotchi 54 bytes at a time. If you’ve ever wanted to learn about power glitching NOP sleads, or the horrors of a Tamagotchi screaming, this is a must-read.
Each and every paper in the International Journal of PoC || GTFO is a masterpiece of engineering. These are truly the most capable reverse engineers on the planet, presented in what is effectively a weird cyberpunk zine imbued with vernacular that includes the phrase ‘Nantucket Sleighride’. The journal itself is a work of art, and I cannot recommend it more. If you see Pastor Laphroaig, tell him to save a dead tree version of the next edition for me.
The Ones and Zeros Version
Before the publication of the dead tree PoC || GTFO the only way to obtain a physical edition was by finding Pastor Manul Laphroaig (the actual identity of Laphroaig seems to be an open secret, but we’re rolling with this for comedic effect) at a hacker or security con. Copies have been distributed at DerbyCon, ShmooCon, and at ToorCon or camp.
Alternatively, PoC || GTFO are available online from any one of a number of people who have dedicated a bit of server space to hosting a few hundred Megabytes of PDFs. In fact, distributing PoC from your own server is encouraged. ‘Bitrot will burn libraries with merciless indignity that even Pets Dot Com didn’t deserve. Please mirror — don’t merely link! — all copies of PoC || GTFO far and wide.’ You can find all editions of PoC at alchemistowl.org, hosted by Great Scott Gadgets, and other fine web servers.
While grabbing a dead tree copy of PoC that Pastor Laphroaig printed at a Kinkos satisfies everyone’s need for weird technical zines and religious tract publications, there’s a reason to play with the PDFs: most of the editions of PoC are polyglot files. PoC volume 4 is a TrueCrypt volume. Volume 7 is a PDF, a Zip file, a BPG (Better Portable Graphics) and an HTML file all in one. This may be the limits of digital media, accomplished by hex editing and steganogrification.
But it is undeniable that printing PoC in a bible form-factor fits the publication perfectly. This is a zine you’ll want sitting on your coffee table in perpetuity.
So, Should You Actually Buy This?
As I said before, this is a strange book to review. All of the content is already available online, and even though No Starch Press is phenomenal with their offerings of free Ebooks (PDF, epub, and .mobi) with every print version, the PDF version available from No Starch does not contain a freaking operating system steganogrified into the PDF. The publisher’s official PDF version is only 17 Megabytes; the official 0x15 issue alone is nearly 50 Megabytes.
However, this is a physical manifestation of what is quickly becoming one of the great hardware, hacker, and reverse engineer publications of all time. PoC || GTFO deserves a place in engineering literature; it may already be an equal to 2600 the publication, even if it pales to 2600 the organization and culture.
So, should you buy the good word of Pastor Laphroaig? Sure, if you like dead trees. At least one couple has already been married using PoC || GTFO as a bible. It looks great on a shelf, and if you read PoC || GTFO on public transportation, people stay away from you.