[Cryptography] trojans in the firmware

grarpamp grarpamp at gmail.com
Fri Feb 20 02:50:06 PST 2015

On Thu, Feb 19, 2015 at 7:35 PM, Mirimir <mirimir at riseup.net> wrote:
>>> https://www.virtualbox.org/manual/ch09.html#rawdisk
> VirtualBox in Linux doesn't require root rights. I just checked htop on
> the host, and all VM processes are running as user. And visudo shows
> nothing about VirtualBox.

It may be setuid and switching users, or kernel module
or helper program or something, otherwise vbox
docs about pointing at /dev/sdx are bogus because
the raw devices aren't available to non root users.
I didn't read vbox docs closely.

> How would I test that? I suppose that I could setup a VM to boot from an
> HDD, and then see if I can flash the HDD's firmware. But I'm not the
> NSA, and so only success would be probative. But hey, I'll take a shot.

With whatever windows tools you find. Probably sdparm hdparm on linux.
camcontrol's cmd capabilities and cam(4) debug options on freebsd.
I wouldn't try to flash or fuzz a drive you can't afford to brick.

More information about the cypherpunks mailing list