Flash LibreBoot to Lenovo X200

2017-06-20 John Leave a comment

I did this write up like a year or so ago, but I want to post it up here in case it disappears; though, I think that’s a long shot. I don’t have the very original write up I did and I’m too lazy to dig through github to get my original, so I need to give some credit to the others that edited the page as I didn’t do literally everything you’ll read.

Also I’d like to tip my hat to the LibreBoot folks, they’re doing great work!

Requirements:

An x86, x86_64, or arm7l (for changing the libreboot.rom image mac address)
Raspberry Pi and peripherals
Relevant SOIC clip
6 female – female jumpers
Internet connection
Screw drivers

Follow the ThinkPad X200: Initial installation guide to disassemble the laptop, and access the BIOS rom chip.

Note: x86# refers to commands to be run on the x86 computer, and pi# refers to commands to be run on the pi. A good practice is to make a work directory to keep your libreboot stuff inside.

x86# mkdir ~/work

If you’re running Raspian, you can do sudo raspi-config, enable SPI under Advanced and then spidev will be enabled. Simple, eh?

Download Libreboot from their releases page. For your safety, verify the GPG signature as well.

x86# gpg --keyserver prefered.keyserver.org --recv-keys 0x656F212E

x86# for signature in $(ls *.sig); do gpg --verify $signature; done

Install dependencies:

pi# sudo apt-get update && sudo apt-get install libftdi1 libftdi-dev libusb-dev libpci-dev subversion libusb-1.0-0-dev pciutils, zlib, libusb, build-essential

Download and build flashrom.

pi# svn co svn://flashrom.org/flashrom/trunk ~/flashrom

pi# cd ~/flashrom

pi# make

pi# sudo make install

On your x86 box change the libreboot.rom mac address

x86# cd ~/work/libreboot_bin/

Change the mac address on the libreboot images to match yours.

x86# ./ich9macchange XX:XX:XX:XX:XX:XX

Move the libreboot.rom image over to your pi

x86# scp ~/work/libreboot_bin/<path_to_your_bin> pi@your.pi.address:~/flashrom/libreboot.rom

Shutdown your pi, write down your rom chip model, and wire up the clip

pi# sudo shutdown now -hP

Chip model name

Pinout. You may want to download the image so you can zoom in on the text.

Pin #	SPI Pin Name	Raspberry Pi Pin #
1	not used	not used
2	3.3V	1
3	not used	not used
4	not used	not used
5	not used	not used
6	not used	not used
7	CS#	24
8	S0/SIO1	21
9	not used	not used
10	GND	25
11	not used	not used
12	not used	not used
13	not used	not used
14	not used	not used
15	S1/SIO0	19
16	SCLK	23

Note: The raspberry pi 3.3V rail should be sufficient to power the chip during flashing, so no external power supply should be required; however, at the time of writing that has only been tested and confirmed for one chip, the MX25L6405D.

Macronix Spec sheet so you can adjust your pinout for 8 pin 4Mb chips as necessary

At this point connect your SOIC clip to the rom chip before powering on your PI.

Power on your Pi, and run the following. Ensure you swap out “your_chip_name” with the proper name/model of your chip. Check that it can be read successfully. If you cannot read the chip and receive an error similar to “no EEPROM Detected” or “0x0 Chip detected” then you may want to try powering off your PI, and switching the two pins which are connected to the IO ports. I.E. Connect pins (clip)8 to (pi)19 and pins (clip)15 to (pi)21

pi# cd ~/flashrom

pi# ./flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=512 --chip <your_chip_name> -r romread1.rom

pi# ./flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=512 --chip <your_chip_name> -r romread2.rom

pi# ./flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=512 --chip <your_chip_name> -r romread3.rom

pi# sha512sum romread*.rom

If they are identical sha512 hashes then you can generally assume that it’s safe to flash your rom.

pi# ./flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=512 --chip <your_chip_name> -w libreboot.rom

It may fail a couple times, but keep at it and when you get the message Verifying flash... Verified or Warning: Chip content is identical to the requested image then you’re done.

Shut down your pi, put your box back together, and install a libre OS for great good!

Cryptography, InfoSec, Law, OpSec, Privacy, Security

Super Sweet Security Supplementals

2016-11-24 John Leave a comment

This is a list of talks which I think are pretty great as supplemental study materials for anyone interested in learning a bit of the art and science behind keeping their computers and online presence a bit more secure. I selected these specifically to supplement crypto party workshops and talks, but each one stands on its own merit. With the exception of the first video, I listed them in alphabetical order as I feel they’re all pretty vital, and I can’t really pick and choose a fair ordering method.

Many of these videos use examples of people who did not use proper OpSec, Infosec, tools, etc. You may question why we should use these as materials to learn from. This is a fair question to pose. We certainly should study the right way to do things or else we will have nothing to model our security posture on, but that does not mean that we should not study those who failed so that we may learn from their lessons. I feel that the following riddle best explains my thoughts on this method. The answer to it is at the foot of this post.

Following the bombing of a major German city durring WWII the bomber crews were being debriefed by their Colonel. The Colonel asks the crews “From what direction did the luftwaffe attack?” Immediately and unanimously the entirety of the crews responded “From above and behind.” The Colonel wrote down the information and handed it to a courier ordering him to deliver it to the outgoing bomber crews immediately stating “This information could save their lives.” As the courier was about to exit the door the flight chief grabbed him by the arm and told him “belay that order, that information could cost the outgoing flight crews their lives.”

What was it that the flight chief was aware of that the colonel was not?

All of these can be found on youtube, but I also mirror them on my site for posterity here. I don’t hold any copyright on these videos, and have accredited them to their presenters and organizations as best I can. If you’ve got any comments or ideas of other videos to add to this list then please let me know. I’d love to hear from you!

The 1st presentation titled “OPSEC – Because Jail is for wuftpd” is from the Hack in the Box conference and is presented by The Grugq. This talk is about OPSEC (Operational Security). It is my personal favorite of this list, and if someone can find the time to watch only a single video from this list then this is the one I’d point them to. I’d be remiss to not link to The Grugq’s blog; it is the third link below.
https://www.youtu.be/9XaYdCdwiWU
https://exclusionzone.org/files/Videos/Crypto_Party/HITB2012-OPSEC-Because_Jail_is_for_wuftpd.mp4
https://grugq.github.io/

The 2nd presentation titled “TOR – Hidden Services and Deanonymisation” is from 31C3 (31st Chaos Communications Conference) presented by Dr. Gareth Owen. It is a bit more technical, but, in my opinion, is pretty vital to people who might want to use T.O.R. for sensitive things.
https://youtu.be/oZdeRmlj8Gw
https://exclusionzone.org/files/Videos/Crypto_Party/31C3-Tor-Hidden_Services_and_Deanonymisation.mp4

The 3rd video titled “Encryption and Security Agencies” is from the Computerphile youtube channel, and the speaker is Richard Mortier.
https://youtu.be/sWeVOXpTOhk
https://exclusionzone.org/files/Videos/Crypto_Party/Computerphile-Encryption_and_Seucrity_Agencies.mp4

The 4th video titled “Public Key Cryptography” is from the Computerphile youtube channel, and is presented by Robert Miles. It is a brief overview of how services like gpg work.
https://youtu.be/GSIDS_lvRv4
https://exclusionzone.org/files/Videos/Crypto_Party/Computerphile-Public_Key_Cryptography.mp4

The 5th video titled “Security of Data on Disk” is from the Computerphile youtube channel, and is presented by Professor Derek McAuley. This video explains a bit of how data is stored on solid state and magnetic disk mediums and can (or cannot) be securely deleted.
https://youtu.be/4SSSMi4X_mA
https://exclusionzone.org/files/Videos/Crypto_Party/Computerphile-Security_of_Data_on_Disk.mp4

The 6th presentation titled “Search and Seizure Explained – They Took My Laptop” was presented at Defcon 17 by Tyler Pitchford. It deals with some legal issues surrounding computers, encryption, privacy, and the like.
https://youtu.be/ibQGWXfWc7c
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON17-Search_and_Seizure_Explained-They_Took_My_Laptop.mp4

The 7th presentation titled “Anonymous and Ourselves” was presented at Defcon 19 by Aaron Barr, Joshua Corman, and Jericoh. This is a panel discussion, among other things, what the anonymous organization is, and in what ways that kind of model might or might not be useful.
https://youtu.be/8NI21Zoqlu4
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON19-Anonymous_and_Ourselves.mp4

The 8th presentation titled “Crypto and the Cops – The Law of Key Disclosure and Forced Decryption” was presented at Defcon 20 by Marcia Hofmann. The title offers plenty of description here, and Marcia does an excellent job describing what kind of crap the “authorities” might try to pull on you.
https://youtu.be/Jt7D4AIfqlQ
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON20-Crypto_and_the_Cops-The_Law_of_Key_Disclosure_and_Forced_Decryption.mp4

The 9th presentation titled “Forensic Fails – Shift + Delete Wont Help you Here” was presented at Defcon 21 by Eric Robi and Michael Perklin. In this presentation they talk about how you would want to and not want to destroy data on a disk as well as some things you should account for and know if you are considering storage or data destruction.
https://youtu.be/NG9Cg_vBKOg
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON21-Forensic_Fails-Shift_+_Delete_Wont_Help_you_Here.mkv

The 10th presentation titled “Dont Fuck It Up” was presented at Defcon 22 by Zoz. This talk is pretty dank tbh fam. Zoz talks about how to not fuck it up where (it == OpSec) | (it == InfoSec).
https://youtu.be/J1q4Ir2J8P8
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON22-Dont_Fuck_It_Up.mkv

The 11th presentation titled “Dropping Docs on Darknets – How People Got Caught” was presented at Defcon 22 by Adrian Crenshaw a.k.a. Iron Geek. In this video Adrian talks about T.O.R., Bitcoin, and how some people got themselves caught while giving some pointers on how to not do that.
https://youtu.be/eQ2OZKitRwc
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON22-Dropping_Docs_on_Darknets-How_People_Got_Caught.mp4

The 12th presentation titled “Crypto and State of the Law” was presented at Defcon 24 by Nate Cardozo. It talks about the history of encryption legislation and how the U.S.A. government attempts to legislate on and control encryption technologies as of July(ish) 2016.
https://youtu.be/YN_qVqgRlx4
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON24-Crypto_and_State_of_the_Law.mp4

The 13th presentation titled “How to Overthrow a Government” was presented at Defcon 24 by Chris Rock. It might give you some tips on how you might implement some tools and tactics to work against a tyranical state.
https://youtu.be/m1lhGqNCZlA
https://exclusionzone.org/files/Videos/Crypto_Party/DEFCON24-How_to_Overthrow_a_Government.webm

The 14th presentation titled “Destroying Evidence Before its Evidence” was presented at ShmooCon 2012 by Hanni Fakhoury. It deals with legalities around destruction of data. Hint, the scorched earth data retention policy is the best data retention policy. 😉
https://youtu.be/lqBVAcxpwio
https://exclusionzone.org/files/Videos/Crypto_Party/Shmoocon2012-Destroying_Evidence_Before_its_Evidence.mp4

The final videos I’ll wrap this post up with is this youtube playlist. They’re pretty great.
https://www.youtube.com/playlist?list=PLC7A095EDCE81B09B

The answer to the riddle above is: The flight chief was aware that since all of the men stated that they were attacked from above and behind the most fatal attacks might have come from a different direction, and the outgoing crews, equipped with incomplete information, would possibly fall to the same fate as the men that were shot down and did not return.

Happy Hacking!

WubaLubaDubDub

Hello, World!

2016-11-24 John Leave a comment

Welcome to the site
Something about a season
This is now haiku

This is the site’s rebirth. HTML was light and fast, but a pain to update. There might or might not be an influx of content generation and curation following.

Exclusion Zone Security

Flash LibreBoot to Lenovo X200

Super Sweet Security Supplementals

Hello, World!

Doing the things