HARDW ARE Hacking IOI Federico Lucifredi disclaimer while the - - PowerPoint PPT Presentation
HARDW ARE Hacking IOI Federico Lucifredi disclaimer while the following w as conscientiousl y resear ched and verified , neither the or ganizers nor the a uthor will accept any liability if y ou render y our device inoperable as a
Federico Lucifredi
Federico Lucifredi MMX
while the following w as conscientiousl y resear ched and verified, neither the or ganizers nor the a uthor will accept any liability if y
inoperable as a resul t of these instr uctions. Proceed a t y
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMIX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
SiRF star III e/LP microcontroller ARM7TDMI core @ 50 MHz 1 Mb SRAM, 4 Mb flash Serial (UART), USB
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
1 ms precision - but in the module Plug in. Look at first serial USB:
Federico Lucifredi MMX
NMEA 0183 default on receiver Serial at 4800,N,8,1, None GPS::NMEA on CPAN
Federico Lucifredi MMX
{zypper|yum|apt} install gpsd Serial at 4800,N,8,1, None Start with device in NMEA mode Daemon understands NMEA, others Daemon speaks JSON
Federico Lucifredi MMX
Federico Lucifredi MMX
JSON (RFC 4627) on TCP 2947 Sample Commands: TPV: time-position-velocity report SKY: satellite constellation data DEVICE/S: receiver(s) data POLL: grab current receiver state ...
Federico Lucifredi MMX
trying it out:
Federico Lucifredi MMX
where goes our precious time data? latency, delay, jitter all across pipe want to minimize steps not timestamped
Federico Lucifredi MMX
NTP (RFC 1305, 2030 et al) server “strata” complex: algorithms to mitigate network delay jitter steps of adjustment ...
Federico Lucifredi MMX
turns out GPSd speaks NTPd! they chat over shared memory
Federico Lucifredi MMX
GPS signal not in your data center! Need to bring antenna to signal
Federico Lucifredi MMX
Federico Lucifredi MMX
1.2 GHz ARM core (Kirkwood) 16+16 KB L1 cache, 256 L2 KB 512 MB DDR2/400MHz RAM 512 MB NAND Flash (bootable) 128 b eFuse JTAG, SDIO, USB, Ethernet
Federico Lucifredi MMX
Federico Lucifredi MMX
(civilian) GPS limited to 3.4 x 10E-7 sec Time from GPS fixes: 10E-1 to 10E-3 sec Time from GPS fixes+PPS-pulses10E-4 sec In-hardware timestamping 10E-6
Federico Lucifredi MMX
Your very own stratum-1 server “Atomic” clock driven
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
Lava Lamp (light occlusion) Gain-maxed, lens-covered CCD Low-significance temperature digits Charge developed on a capacitor Thermal noise across a semiconductor Atmospheric noise High-sample of lightbeam on a hourglass Radioactive decay events
Federico Lucifredi MMX
Tube filled with low-pressure inert gas Detects ionizing radiation thru it minimum dead time Natural background radiation
Federico Lucifredi MMX
Federico Lucifredi MMX
Federico Lucifredi MMX
AVR Atmega 328
Federico Lucifredi MMX
wait for values time between events if (sample1 to sample2) < (sample2 to sample 3) out 0 else out 1
Federico Lucifredi MMX
Federico Lucifredi MMX
Slightly biased - unclear why Dead time Von Neumann paper Slow, but tireless pipe randomness to those idle VMs Exploits
Federico Lucifredi MMX
Federico Lucifredi MMX
Playing with hardware is fun! It is not hard - you have seen it A lot more HOWTOs out there The time barrier has been lifted Go Play!
Federico Lucifredi MMX
Haveged Lavarand Ferguson, Schneier Practical Cryptography, Ch.9 ;login:, August 2009 (Van Drunen) ;login: October 2008 (Knowles) Sparkfun’s blog (Weiss)
Federico Lucifredi MMX
contact e-mail:flucifredi@acm.or g twitter: federico_II
Federico Lucifredi MMX
(c) 2010 Federico Lucifredi (CC)A ttribution-Noncommer cial- No Deriv a tive Works 3.0