deleted by creator

deleted by creator

It’s mostly a nothing burger. You basically need to have code already running on the chips. It’s less of a backdoor and more of just an undocumented function. That may sound scary but it’s rather common in production chips. In some ways it’s a good thing, it means there are now more possibilities for messing with the chip and doing fun stuff with it.

Blue marble is essentially an open source Google Earth desktop application. Idk if it’s exactly what you want but it’s not terrible.

OsmAnd is the same thing for Android and iOS and it’s absolutely wonderful.

That’s still an absurd amount given the context

The keep out databases are mostly nonsense, it’s a big point of contention in the community. If you live near a random hospital helipad or municipal airport and try to fly in your backyard below the tree canopies with a drone with less mass than a bird you are still blocked.

As you’ve probably seen you can buy semi dumb security cameras from Armcrest/Loryta/Empiretech/whatever that’ll run off of a barrel jack and/or Ethernet cable. Most of them have the option to insert an SD card and they’ll event log to that, at which point just don’t plug in the Ethernet cable except to manually pull recordings.

One other thing to think about is maybe consider “Frigate NVR” running on a pi or something and connected to cameras on it’s own wifi or Ethernet network that’s isolated from the Internet and your LAN. It’ll make local access easier because as with just about anything security related you’ll want to periodically check to make sure it’s actually working. You should be able to setup the pi to serve as the WiFi access point for all this.

To add to this, a lot of what keeps us safe is the friction of bureaucracy. Authoritarians cannot micromanage every decision you make or round up every person they want because those actions take time and resources that aren’t infinite. But you can reduce the time and resources required if you make identification more convenient and therefore enforcement more targeted. Maybe now they can justify making you present ID every time you pay cash at Starbucks, buy a backpack, get on a bus, use a bike share, watch hot snuff porn, you name it.

They’re the data carrying lines, if you cut them it’ll still charge, but no USB data can use the port.

Nothing is perfect. Your goal is to make attacks expensive as shit. Like ideally requiring dozens of hours of electron microscope time to pull off.

You can do a lot to that end though.

Use a mostly read only OS if you can, if you’re enterprising, a custom yocto build with most of the rootfs read only, otherwise a statically defined system like nix that can be readily deleted and rebuilt in minutes. There are configs out there for deleting root on every bootup and having the system automatically repopulate the filesystem. Enable secure boot if you can, it’s frankly your best line of defense. Any of these options are sufficiently weird that designing exploits for them would be a suffer fest.

Forget nail polish, fill screw holes with RTV and if you’re enterprising, the USB ports. At that point you can still get into the system but it’ll be obvious that someone scraped the shit out. You can simply swap the ports for fresh ones with a solder job if needed. If you don’t need this, use epoxy, get some all over the case seam. For the charging port, if it’s USB C PD, I’d need to reread the spec but you should be able to cut D-/D+ and the SS lines with an exacto blade right next to the connector and still be able to charge, just don’t hit the VCC, GND, and CC lines.

Finally, make a kwikset key trap and use it as either a lockbox lock for your stuff or the lock to your house. Kwikset should lull people into a false sense of insecurity but if they try to pick it they’ll suddenly be in a situation where they either need to go overt or somehow replace your lock before you get back. Keep things weird, your goal is to get an adversary, even one with infinite resources, to make ridiculous mistakes.

GNU radio: hard mode enabled.

Western manufacturing tends to be much more automation heavy. Chinese manufactures don’t bother with buying a $100k machine that can make a car part when they can just hire 10 guys at $10k/yr to make that same part with a $50 drill press and some hand files.

It’s not that it all strictly balances out, but if we actually gave a shit we could potentially be cost competitive for a lot of price brackets, especially given the costs to move whole ass cars across the Pacific.

Bear in mind these sub $10k Chinese EVs are not something US consumers would really be interested in buying, they are basically tiny car shaped golf carts with extremely minimalist feature sets. Think ‘no audio system at’ all type interiors.

Or not subsidize oil and gas to the tune of ~$20 billion/yr and corn at $2.2 billion/yr and redirect that towards EVs.

Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).

At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.

RF analysis is kinda difficult, you’d need to take the car out into the middle of nowhere and have access to fairly good equipment. A tinySA would maybe work if you’re very patient but data transmissions are generally very bursty so it may be difficult to nail down where it’s coming from in a sane amount of time.

One option would be to try to figure out if there are any FCC filings for your car. All filings will have pictures of whatever module is being used and what antenna systems it uses which may give you a good idea of where it is and what it looks like. There should be an FCC ID mentioned somewhere at the beginning or end of the cars manual. Googling that should bring up some stuff.

Fuck HDMI. The committee makes doing custom hardware near impossible unless you’re a mega corp

https://github.com/nivekuil/rip This is what you’re looking for

The lower layers all already at least moderately well encrypted, what they’re doing here is trying to pull the unencrypted device ID necessary to establish a connection. It’s not really what you’re sending (though traffic frequency analysis may be included) and more about just figuring out where a particular phone is so they can physically track the user.

There might be a few layers to this one. Drones are becoming a central part of strategic production and the US doesn’t really have many competitive companies manufacturing small ones at volume.

They need to force the domestic market to build up local expertise and manufacturing capacity in the event that small drones are the direction warfare ends up going more broadly.

The us defense apparatus is still on the fence about this given that their volume of use in Ukraine could be more of an aberration due to the respective industrial bases and static nature of the war. That said the numbers are insane enough that they warrant some action just in case.

Yeah, I’d agree with that.

The point I was making was for people who thought this was cellphone cameras and that it would somehow work even if the camera wasn’t actively running.

As far as war driving with an sdr you’d probably occasionally find something interesting, but the vast majority would be cameras just pointed back out at the street. I think you’d mostly see stuff where if you wanted to spy it would make more sense to hide your own camera because it’s already public.

All that said, I would lose my shit if Hollywood did something believable for once and used this for a heist movie.