|
About
TODO
Blog
RSS
Old blog
Projects
Gallery
Notes
Wed, 07 Mar 2007
RFID passport was cloned without even opening a package.
Details
shows that new USA passport can be cloned without major problems - key, which
encrypts data in the RFID chip can be easily guessed by other factors without even looking inside
the package containing passport.
If it is so easy, then how easy is russian transport card protection ever? I
cracked some bits in Moscow railway transport tickets code couple of years ago
(and I know for sure that it was cracked fully by other people) until it was extended
(about two times), but I still in doubt about moscow transport card, which
encodes information about entering moscow subway transport and moscow
railway transport in a single card (visa like type (forget actual name, mifare
supports that kind of reading via some devices as far as I recall), which can be read
by freely sold readers), likely there is no protection at all...
I recall this again now - that is what I consider the real hack. If I will
find some (free) money, I will buy a reader/writer and try to check how
things are kept secret. Likely it is not...
/devel/other :: Link / Comments (0)
Linux.conf.au has released presentations.
I've just noticed, that you can download
most of the LCA2007
presentation (in form of slides though).
You can also get video and audio records.
Let's see the people...
/devel/other :: Link / Comments (0)
First release of the eventfs.
Eventfs -
pseudo FS which allows to bind file descriptors to events.
One can bind signal and other events (currently only signals are supported) and poll them using epoll().
It is heavily based on ideas from kevent
project.
I've sent to linux-kernel@ and hackers who participated in
kevent discussion.
Let's see where this will end up.
/devel/eventfs :: Link / Comments (0)
Eventfs.
This is a prototype of the pseudo filesystem created
to bind different events and epoll().
I will implement only signal biding (and maybe POSIX timers binding),
that's all - if there will be no feedback like with kevent, this will
be dropped from the start - I will better continue implementation of the
scalable socket lookup.
Basic idea is to provide set of syscalls, which will get object id (like signal number) and
private data pointer and private kernel interface (used for example by POSIX timers),
which will end up allocating new file structure and descriptor with
appropriate ->poll() callback, which can be used by epoll().
So far it looks like I've found a race in Linux signal handling,
which can lead to the lost signals setup.
Consider following code in do_sigaction() (called from
signal() for example):
int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact)
{
struct k_sigaction *k;
sigset_t mask;
if (!valid_signal(sig) || sig < 1 || (act && sig_kernel_only(sig)))
return -EINVAL;
k = ¤t->sighand->action[sig-1];
spin_lock_irq(¤t->sighand->siglock);
...
*k = *act;
...
spin_lock_irq(¤t->sighand->siglock);
return 0;
}
If signal() or sigaction() is called from signal handler just before
spin_lock_irq(), it will not take any effect, since the same action will be overwritten
in a process after handler is completed. Man page says that both signal() and sigaction()
are signal safe functions.
/devel/eventfs :: Link / Comments (0)
|