Sunday, 2018-04-08

*** tpb has joined #tomu00:00
Kitlithrqou, oh neat, you got around to rust on the tomu it before I did.01:48
Kitlithonly comment is that you seem to be missing a way to setup a toboot header?01:49
rqouKitlith: toboot header? idk anything about that, i'm still running the an0042 bootloader03:24
rqou*) i want it to always enter the bootloader and "dev mode" doesn't seem to be coded yet and i'm too lazy/busy to go add it03:37
rqou*) apparently you need to use SWD to load it?03:37
rqouand that requires a jig and a whole bunch of hardware stuff03:38
*** lathiat has quit IRC05:02
*** lathiat has joined #tomu05:10
*** matt_c has quit IRC07:53
*** matt_c has joined #tomu07:53
kyaputenm2049r[m] well we could at least "lock" flash, so in theory, even with physical access, you can't access the keys (I think in practice you may be able to get over it, but it's still harder than upload&grab)08:45
*** lathiat has quit IRC10:22
*** lathiat has joined #tomu10:22
m2049r[m]kyaputen: what would the attacker actually DO with the keys? this may be a silly question, but the keys are for unlocking stuff - and since they have the unlocking device itself, there is no obvious reason for me in getting the keys out - unless to copy the device and pretend nothing happened to the victim. is that the attack vector?16:03
kyaputenm2049r[m] yeah I agree with you. It's mainly they steal/borrow the device, then are able to extract the key without your knowledge16:12
kyaputenIt's not a very usual attack vector but could happen in some scenarios (i.e. you go to a hacking conference)16:12
m2049r[m]lol - thanks for clearing this up for me :)16:12
m2049r[m](or more likely - airport "security")16:14
kyaputenhaha yes exactly16:37
Kitlithrqou, at least with toboot api v2 it seems to be the case that it goes into the bootloader by default unless the application sets the AUTOBOOT flag in the toboot header.17:01
*** NoGodDamnIdea has joined #tomu20:14
*** NoGodDamnIdea has quit IRC22:49

Generated by 2.13.1 by Marius Gedminas - find it at!