The Radioactive Source Missing In Australian Desert Has Been Found

Nuclear material is relatively safe when used, stored, and managed properly. This generally applies to a broad range of situations, from nuclear medicine to nuclear power generation. Some may argue it’s impossible to use nuclear weapons safely. In any case, stringent rules exist to manage nuclear material for good reason.

Sometimes, though, things go wrong, mistakes are made, and that nuclear material ends up going AWOL. That’s the situation that faced authorities in Australia, as they scoured over a thousand kilometers of desert highway for a tiny missing radioactive source with the potential to cause serious harm. Thankfully, authorities were able to track it down.

Continue reading “The Radioactive Source Missing In Australian Desert Has Been Found”

A modchip described in the article - a small PCB with an epoxy blob on it, soldered to the Cisco switch PCB using four thin wires

Counterfeit Cisco Hardware Bypasses Security Checks With Modchips

Some pictures recently surfaced on social media, showing a small PCB tapped into four points on Cisco-branded boards. What is this about? A NSA backdoor so data can be exfiltrated to some third party? Well, that’s theoretically possible, but it’s actually used for bypassing hardware authenticity checks in Cisco hardware being cloned — a sizable industry. Of course, “can’t believe it’s not Cisco” hardware is only valuable insofar that it’s able to run the Cisco software, and that’s where the bodge boards play a major role.

An unidentified IC on the a different counterfeit Cisco board, with markings soldered offA 2020 report by F-Secure details an investigation, comparing three switches marked as Cisco 2960X – one known genuine and two known counterfeits. The counterfeits had the aforementioned implants either soldered to the bottom of the PCB or added to the board as a separate component, and the paper goes into why they’re important for successful counterfeiting.

Apparently, these chips emulate or bypass an I2C EEPROM containing part of the code executed during the boot sequence, and Cisco depends on this EEPROM’s contents for authenticity verification. Cisco software reads the EEPROM twice — once for verification, and once again for actually running it. The microcontroller included on the mod board can return a genuine binary with a valid signature on the first read, and a binary with hardware checks patched out for subsequent reads.

The paper will tell you about way more than this — it’s thorough yet captivating. As you’d expect, it devotes quite a bit of time to comparing genuine and counterfeit boards, showing that the cloning process is pretty to-the-T, save for some part substitutions. For instance, check out the PDF page 12 to see how via locations are exactly copied between PCBs in a bizarre way, or the Cisco file format and authenticity check analysis closer to the end of the report. All in all, the 38 pages of the document make for a fun foray into what makes Cisco authentication mechanisms tick, and what helps clone hardware makers bypass them.

Are such chips ever used for adding backdoors and data exfiltration? There’s no evidence of that, as much as that’s not to be excluded — bypassing anti-cloning protections would make other hijinks more viable no doubt, that said, only hardware authentication bypass measures were found so far. This mechanism also breaks during software updates, and absolutely, leaves some to be desired when it comes to its stated functionality. That said, such fun insights can help us, say, enforce right-to-repair, enable hardware reuse, and thwart many predatory business practices in areas where laws fail us.

DIY Adjustable Wrench? Nuts!

What do you do if you want a tiny little adjustable wrench? If you’re [my mechanics] you build your own. Where do you get the stock metal? Well, he started with an M20 nut. A few milling operations, a torch, some pliers, and work with a vice resulted in a nice metal blank just the right size to make each part of the wrench, including a new nut for the adjustment.

Want to do this yourself? If you do, we hope you have a well-equipped machine shop. You should also be comfortable working with red-hot metal.  Overall, it is an amazing piece of work, and you can watch the whole process in the video below.

Honestly, precision metalworking is a little out of our comfort zone. Like the recent wood bending we’ve seen, we always think, “Yeah, I could so do that!” Then we realize that we really couldn’t. But still fun to watch and maybe a few ideas we might be able to apply next time we have to bend a little metal.

The wrench is a scale model of a larger one, and it looks great. We would have liked to see it in use with a tiny nut, but we imagine it would work just fine. If you get excited about making things from a single piece of metal, may we suggest a nutcracker?

Continue reading “DIY Adjustable Wrench? Nuts!”