[Cryptography] trojans in the firmware
grarpamp
grarpamp at gmail.com
Fri Feb 20 02:50:06 PST 2015
On Thu, Feb 19, 2015 at 7:35 PM, Mirimir <mirimir at riseup.net> wrote:
>>> https://www.virtualbox.org/manual/ch09.html#rawdisk
>
> VirtualBox in Linux doesn't require root rights. I just checked htop on
> the host, and all VM processes are running as user. And visudo shows
> nothing about VirtualBox.
It may be setuid and switching users, or kernel module
or helper program or something, otherwise vbox
docs about pointing at /dev/sdx are bogus because
the raw devices aren't available to non root users.
I didn't read vbox docs closely.
> How would I test that? I suppose that I could setup a VM to boot from an
> HDD, and then see if I can flash the HDD's firmware. But I'm not the
> NSA, and so only success would be probative. But hey, I'll take a shot.
http://www.t13.org/documents/UploadedDocuments/docs2008/d1699r6a-ata8-acs.pdf
With whatever windows tools you find. Probably sdparm hdparm on linux.
camcontrol's cmd capabilities and cam(4) debug options on freebsd.
I wouldn't try to flash or fuzz a drive you can't afford to brick.
More information about the cypherpunks
mailing list