WingNews logo WingNews GitHub [2]

oherrala's comments

oherrala | 2 years ago | on: Escaping from isolated networks using Broadcast DNS

Greetings from SensorFu and thanks for a good question! Sending DNS query via broadcast is a hack to escape from isolated environments and it takes advantage of operating system IP-stack's shortcomings. Since this is probably not conforming to any specifications anything could happen.

I'd say return channel might work and it depends on the device used to exfiltrate out. In case of proper DNS server like Active Directory mentioned in the article it's likely that it could work. But we have not yet done testing.

We have also seen devices that are not DNS servers and still just forward broadcast packets from one network interface to another. In such case the return channel might not be possible.

oherrala | 2 years ago | on: Eliminating radio interference from Apple charger

> The author's minimal effort

The minimal effort included hours of studying electrical engineering and radio technology at university including all the math and physics needed. Studying for amateur radio license. And after founding this issue delving deep into radio interference literature and datasheets of various components. Then setting up a test environment to replicate the issue and do tests trying to eliminate the interference. After a success write a blog post describing the solution in short and hopefully interesting way.

oherrala | 2 years ago | on: Eliminating radio interference from Apple charger

The issue was confirmed with two separate MagSafe chargers and three or four separate AC/DC chargers. The lab test in the post was done using laboratory DC power supply powering a DC to USB converter.

Also if the interference didn't come from the disc side of charger then the issue wouldn't be resolved with ferrite bead on that end. If the issue was on the USB connector side then the bead should be placed there.

oherrala | 2 years ago | on: Eliminating radio interference from Apple charger

You can be using a device and it might not harm you personally, but it could harm anyone around you using these frequencies. This includes airplanes and ground control, and boats. Your device's interference could cause problems or even life threatening dangerous situations. That's why it's illegal in many countries to cause too much radio interference (there's always some).

oherrala | 6 years ago | on: My application ran away and called home from Redmond

The software in question (called Beacon) is designed to call home. The binary has built-in cryptographic keys and it sends traffic encrypted. The receiving end, called Home, receives these packets, decrypts it and verifies the sender and after that gives an alert.

The exe must have been running to be able to generate the proper encrypted payload and send it to right place. In this case ports 20 and 1025 over TCP.

Disclaimer: I am one of the people who wrote the software.

oherrala | 7 years ago | on: Why OpenBSD Rocks

No, OpenBSD randomizes symbols on kernel and some libraries (for example libc). This randomization is done on boot.

From https://www.openbsd.org/innovations.html:

> Library order randomization: In rc(8), re-link libc.so, libcrypto, and ld.so on startup, placing the objects in a random order. Theo de Raadt and Robert Peichaer, May 2016, enabled by default since OpenBSD 6.0 and 6.2.

and

> Kernel relinking at boot: the .o files of the kernel are relinked in random order from a link-kit, before every reboot. This provides substantial interior randomization in the kernel's text and data segments for layout and relative branches/calls. Basically a unique address space for each kernel boot, similar to the userland fork+exec model described above but for the kernel. Theo de Raadt, June 2017.

page 1