issue 94

issue 94

We learnt this week that the next Linux version (5.18) will add two important compilation warnings to avoid potential security problems: -Warray-bounds and -Wzero-length-bounds. It’s a multi years effort, so it’s important to celebrate.
Congratulations to the persons involved in these changes!

Thank you to Joseph Chiu for the header’s picture.

Happy reading!

Articles

Oxide on My Wrist: Hubris on PineTime was the best worst idea
For most of us (me included) Hubris is still a mysterious operating system targeting microcontrollers. However it has few characteristics very interesting that might make you curious. Cliff, who works on Hubris, describes them in On Hubris And Humility. Two of them that are the most interesting from my point of view: First, drivers are outside the kernel and run in unprivileged mode. Second, Everything is defined at build time, the tasks that could run but as well, the hardware resources available to them!

Assessing the Value of Coding Standards: An Empirical Study
An controversial study that tries to highlight the potential negative impacts to follow MISRA C rules too strictly. The study focus on empirical evidences which I believe, it is the main reason why it is interesting to read.

Understanding Side Channel Attack Basics
A very nice introduction article on SCAs that walks us though a simple example to help us to understand the concept.

Voiding the warranty on a 1993 Minitel 2 to run arbitrary firmware
I believe you have to be over 30 to know what is the Minitel. In one sentence, it is the World Wide Web before the World Wide Web through a unique custom terminal. Graphics were (very) limited, but the hardware was capable of more than what the network could deliver. A good article to discover this big chunk of the past.

Pulling Bits From ROM Silicon Die Images: Unknown Architecture
If the World of integrated circuit reverse engineering is calling you but you don’t know how too jump in, this article can help yoo to dare. Ryan Cornateanu went through all the first stages and he describes them precisely in this article.

Unwinding a Stack by Hand with Frame Pointers and ORC
A great article that makes us discover the details of the historic Linux stack unwinder that are the frame pointers and of ORC (Oops Replay Capability) the new system introduced in version 4.14.

Porting the Slint UI Toolkit to a Microcontroller with 264K RAM
That’s definitely one of the most impressive achievement I have read this year so far. It’s very interesting to discover how Slint team managed to make a UI of this quality run on a such tiny target.

Tools

Depthcharge
So let’s say you are about to release or you already released a platform booting with U-Boot and you want to run some analysis to find exploits or weaknesses? In these circumstances Depthcharge is the right tool to start with. Check out this video to see what one can do with it Sinking U-Boots with Depthcharge: Effective Exploitation of Boot-Time Security Debt

bcal - Byte CALculator
bcal is a very handy cli tool for those who love to work in a terminal and have to manipulate bits, bytes and addresses.

Misc

Running CP/M on the Raspberry Pi Pico microcontroller
A special misc for the fans of the CP/M operating system and/or of the Z80 microprocessor.