I was always fascinated by people who can pull things like this off. Had a similar feeling reading about how the CarThing was cracked a couple of days ago. How do you get started with something like this? Is it just having a ton of knowledge about hardware / lower-level OSes?
You can learn things top-down or bottoms-up. I can read & understand most reverse engineering posts like this because I have a strong "bottoms-up" foundation with an EE degree and worked with microcontrollers. But when I read posts by hobbyist mechanical engineers about some 3D printed piston that uses ball bearings I have to approach it in a top-down "recreate what they did and go deep any time I'm lost" manner.
(Nintendo really ought to have known better, but I suppose the security of their alarm clock product isn't exactly a top priority - and given the hardware choice it was mostly out of their control anyway)
I was always fascinated by people who can pull things like this off. Had a similar feeling reading about how the CarThing was cracked a couple of days ago. How do you get started with something like this? Is it just having a ton of knowledge about hardware / lower-level OSes?
> How do you get started with something like this?
passion is an important part of it, i think almost every obstacle can be eventually overcome if you have the reason to do so
personally if i owned a CarThing, enjoyed using it, and knew it was going to be EOL'd, i would try my best to keep it from becoming e-waste
documenting it makes it even better, since then everyone can share in your passion
You can learn things top-down or bottoms-up. I can read & understand most reverse engineering posts like this because I have a strong "bottoms-up" foundation with an EE degree and worked with microcontrollers. But when I read posts by hobbyist mechanical engineers about some 3D printed piston that uses ball bearings I have to approach it in a top-down "recreate what they did and go deep any time I'm lost" manner.
> Is it just having a ton of knowledge about hardware / lower-level OSes?
Pretty much, yes. And knowing about common exploit strategies (the crypto engine partial overwrite for example is a classic one).
The process is always the same:
You start by reproducing exactly what other folks did. Once you've done that a bunch of times, you unlock 2 skills:
* The ability to handle simple situations that do not require deviating too much from what you've seen in the past
* The ability to learn new techniques simply by reading about them, allowing you to learn much faster
Apply those 2 skills for a couple years (which is not hard at all if you are genuinely attracted to this area) and you are an expert.
What is marvelous is that you don't need to know about those steps, you just follow them naturally when you are passionate about something.
Accumulated trial and error including that which is transferred from others
Oh neat. That key extraction technique is very fun. Has anyone seen this this before in another major project?
Yes, the general flaw/technique is alarmingly common.
psvita: https://www.lolhax.org/2019/01/02/extracting-keys-f00d-crumb...
ps4: https://twitter.com/flat_z/status/1472243592815169546
nintendo switch (tegra X1): https://switchbrew.org/wiki/Switch_System_Flaws (see "Security Engine keyslots vulnerable to partial overwrite attack")
(Nintendo really ought to have known better, but I suppose the security of their alarm clock product isn't exactly a top priority - and given the hardware choice it was mostly out of their control anyway)
It is indeed a really cool key extraction method. The code is also written in such a straightforward way that it is easy to grasp what's going on.
Now I have to find some encrypted files to play with :D
Related: [Cramming Solitaire onto a] Nintendo E-Reader card : https://news.ycombinator.com/item?id=42010136 (5 days ago, 127 points)
that lack of circular OLED screen is such a dumb missed opportunity...
Have they been sued by Nintendo yet?
Can it play Doom?
Old news by now, but yea.
https://www.theverge.com/2024/11/3/24286842/nintendo-alarmo-...
Yes.
https://github.com/GaryOderNichts/alarmo_doom
It seems like it was designed to play Doom!
I really think I need to get a Flipper Zero. Imagine how useful it would be in a post apocalyptic scenario.