519: The Password Is All Zeros

Mark Omo and James Rowley spoke with us about safecracking, security, and the ethics of doing a bad job.

Mark and James gave an excellent talk on the development of their safecracking tools at DEF CON 33: Cash, Drugs, and Guns: Why Your Safes Aren't Safe. It included a section of interaction involving the lock maker's lawyers bullying them and how the Electronic Frontier Foundation (EFF) has a Coders' Rights Project to support security research.

As mentioned in the show, the US Cyber Trust Mark baseline has a very straightforward checklist; NISTIR 8259 is the overall standard, NISTIR 8259A is the technical checklist, NISTIR 8259B is the non-technical (process/maintenance) checklist. Roughly the process is NISTIR 8259 -> Plan/Guidance; NISTIR 8259A -> Build; NISTIR 8259B -> Support.

We discussed ETSI EN 303 645 V3.1.3 (2024-09) Cyber Security for Consumer Internet of Things: Baseline Requirement and the EU's CRA: Cyber Resilience Act which requires manufacturers to implement security by design, have security by default, provide free security updates, and protect confidentiality. See more here: How to prepare for the Cyber Resilience Act (CRA): A guide for manufacturers.

We didn't mention Ghidra in the show specifically, but it is a tool for reverse engineering software: given a binary image, what was the code?

Some of the safecracking was helped by the lock maker using the same processor in the PS4 which has many people looking to crack it. See fail0verflow :: PS4 Aux Hax 1: Intro & Aeolia for an introduction.

Mark and James have presented multiple times at Hardwear.io, a series of conferences and webinars about security (not wearables). Some related highlights:

2024: Breaking Into Chips By Reading The Datasheet is about the exploit developed for the older lock version on the safes discussed in the show.
USA 2025: Extracting Protected Flash With STM32-TraceRip is about STM32 exploits.

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Tilaa Premium

Jaksot(569)

506: How Do I Fit a Whale Into an Apartment Building?

Dmitry Grinberg joined us to talk about running Linux on small microprocessors (physically small and/or 4-bit). Dmitry does this by emulating a MIPS processor. Boot times vary between minutes and days...

25 Heinä 20251h 2min

505: Potato in a Number Field

We spoke with Peter Griffin about Jumperless Breadboards, no-install GUI development, Excel, and puppies. Jumperless Breadboard at CrowdSupply Colab GUI for Jumperless Breadboard Website GUI for ...

10 Heinä 20251h 18min

504: The Robot Was Expecting It

It's another episode with Elecia and Chris. This week they discuss people that have influenced their lives and careers, thinking about past career choices and regrets therein, identities, the Embedded...

27 Kesä 20251h 6min

503: The Tiniest Laptops

Emily Lovell spoke with us about teaching how to contribute to open source, including her own experience creating the LilyTiny as a Master's student and researching the impact as a PhD student. The L...

13 Kesä 20251h 3min

502: Chat, J'ai Peté!

Chris and Elecia talk about Murderbot, LLMs (AI), bikes, control algorithms, and fancy math. The website with the ecology jobs is wildlabs.net from 501: inside the Armpit of Giraffe with Meredith Pa...

3 Kesä 20251h 8min

501: Inside the Armpit of a Giraffe

We spoke with ecologist Dr. Meredith Palmer and embedded engineer Akiba about lions, terror, and technology. Akiba works for FreakLabs.org on global conservation projects. We talked about their Boomb...

15 Touko 20251h 20min

500: Nerding Out About the Ducks

Komathi Sundaram spoke with us about her enthusiasm for tests and test automation. We talked about the different joys of testing vs. development, setting up CI servers, and different kinds of tests in...

2 Touko 20251h 7min

499: This Is Your Problem

We spoke with Janet Hansen about the world of professional costumery (with electronics) and becoming an artist. Janet's business is Enlighted where you can find custom illuminated clothing as well as ...

17 Huhti 202550min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa

Aloita 14 päivän kokeilu

Premium

13,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa
Yksi lisäkäyttäjä

Kokeile 14 päivää maksutta

Suosittua kategoriassa Tiede

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi

Lue lisää