Other uses

Ofcourse, restoring access to servers which had their clandestine entry methods removed isn't the only useful way my reverse engineering efforts can be used for. It can also be used for defensive purposes.

For example, you could make an un-clonable hard disk: the hard disk would act normal if the access pattern for the sectors was somewhat random, like a normal OS would access a filesystem. If the disk was accessed only sequentially, like a disk cloning utility would do, the hard disk could mangle the data, making the clone different from the original.

The disk controller is also interesting as a generic controller board. You have three fairly capable CPU cores, with a pretty big amount of RAM connected to it. There's also an uart, for the serial port, and at least two SPI interfaces; one to the flash rom and one to the spindle controllers. You can load the code for the processor by updating an external flash chip, or even by using the serial port in the bootloader. To demonstrate the power of the chip, I ported a fairly ubiquitous bit of software to my HD. The demo is a proof-of-concept only, the serial port is the only peripherial that works, and no userspace is available yet. Nevertheless, I am still a bit proud to say I have installed Linux on my hard disk. On top, a standard command line (the HD is mounted under /mnt), on the bottom the output of my work on the serial port of the hard disk:

A bit more explanation about what happens here: the kernel and init are both packed in pieces with the size of exactly one sector, with a magic string and order number prepended. By reading the file from the disk, it will end up in the cache of the disk. The write of the magic string 'HD, lnx!' finally triggers the modified firmware to search the cache for all the sectors, re-assemble the kernel image and boots it. The kernel is built for a MMU-less CPU (the disk controller doesn't have one) and only has a driver for the serial port. A MMU-less kernel unfortunately needs a specially formatted bit of userspace too. I couldn't get this to compile, so the kernel finally panics because it can't find an init it can execute.

« Prev 7 Next »

© 2006-2022 Sprite_tm - Contact