Frequently asked questions... and a bit more

Wow, it’s been quite a long time since I have written in that blog! It also seems that I received many questions but I never received the notifications. I’m sorry for that. This seems to be related to some automatic changes on the settings. Problem should now be fixed.

Considering that I now have to answer a bunch of questions (received either by email or through this blog) and that many of them are overlapping in some way, I decided to do a sort of FAQ post instead of replying individually.

If you asked me a question and you don’t find an answer in this post, don’t be shy and ask again, either through the dedicated section on this blog or by email.

Is this blog dead/abandoned?

Short answer: no it’s not otherwise you wouldn’t be reading this :)

I have many ongoing projects but I haven’t made significant progress to publish something about them yet.

Then, why is it so quiet?

Well, I’ve been pretty busy during the last two years and this blog is only about the projects I do on my spare time. I got a new job, I moved to another country and I have to learn a new language in order to be able to talk to people outside of the office. All of these things take quite some time.

I tried to use your project XXX without success, can you help me? I found a bug in your project XXX, can you fix it?

The rule of thumb here is simple: if the project is living in my Bitbucket or in my Github account, then, please, use their corresponding section to open a bug. It really makes my life easier and I really do my best to keep those opensource projects up-to-date and fix bugs as fast as I can.

This is particularly true for scapy-radio, DPAPIck and bladerf-sdrsharp projects. And of course you can submit feature requests the exact same way.

I can’t make YateBTS work with a BladeRF, can you help me?

First, I am not affiliated to those projects in any way. I’m nothing more than a regular user here. Those two projects are evolving pretty quickly and it can be a bit tricky to find matching versions that are working together. As I’m not maintaining a working setup, the best way to get help would be to report the issues your are facing to the users forums of each project.

I asked you a question and got no answer, why?

Sometimes, people are asking me questions through this blog but I consider the answer being too sensitive to be shared publicly. But if you asked the question anonymously, you’re not allowing me to reply to you personally.

Conversely, if you’re putting personal information in the question (e.g. an email address), I won’t be able to answer the question in the blog. I simply can’t edit the question you sent. I can either answer it privately (if it hasn’t been posted anonymously) or answer publicly on the blog.

What kind of hardware/software are you using?

That’s actually a question I’ve been asked not only on this blog but even by persons I happened to meet. The answer would take quite some space though, so I will keep it for a next post on this blog (I will update the FAQ with a link once the post is ready). That being said, I try to pay attention to list the tools (both software and hardware) that I used for a given post.

Could you help me re-implementing DPAPIck in C++?

This project took me quite some time and implementing it in Python as well as opensourcing it under GPLv3 was not a reckless choice. I’m always happy to receive feedback, bugs or feature requests because that means that people are using it. I’m even happier when I receive pull requests!

But considering that my spare time is a limited resource, I can’t afford spending time supporting a fork when I’m already having hard time to add support for modern versions of Windows or to add new probes or new features (and trust me, I have a lot of ideas to implement here and make DPAPIck more powerful and easier to use). Big kudos to Francesco Picasso who has been the only one so far to contribute to the code base and to Gentilkiwi who always share his findings regarding DPAPI with me so that I can quickly implement them.

Do you accept consultancy requests?

Sorry but I already have a full-time job and a salary and I’m not considering working 24/7 without sleeping. There are only very few corner cases where I might consider contribution to external projects. But your project as to meet quite a lot of criteria…

Will there be a follow-up article on Vingcard?

I don’t think so. I think I’ve published enough details about it to make people aware that their system should not be considered as secure and that there are better ones on the market.

Raising awareness and messing with a business model of a company are two different things and I’m not keen at all on doing the second one. So there is no way I would disclose anything about Vingcard proprietary algorithm and allow people to counterfeit their cards.

Could you write an article about XXX?

If I found the subject interesting enough and if I have enough knowledge on that topic, I probably will indeed. So far I publish about projects (or parts of the projects) I’ve been working on. But I can also take into account external ideas provided it doesn’t require many weeks of work on my side and that I found the idea interesting and ethical.

I tried to recover a NAND flash the same way you did without any luck, why?

There’s one thing I forgot to mention when I wrote the article: Flash Translation Layer (FTL in short). The NAND I dumped in my article was using UbiFS which happens to be a simple and “flash friendly” filesystem. This is unfortunately not always the case and the out-of band data of the NAND that I stripped away of the dump is usually used to construct an FTL. To keep it simple, part of this data will be used to tell in which order the flash pages should be put in order to get a valid dump. UbiFS has been designed to incorporate this information in the filesystem itself and this is why I could strip the OOB area. Also, there is not one unique way to write the FTL to the OOB area. Therefore one must first analyze the FTL before trying to mount the flash and recover data.

Could you advise some books to read?

Unfortunately, I’ve learned most of the stuff I am publishing on my blog as a hobbyist. My bookshelves actually don’t have books related to electronics and I think that nowadays, it’s easier to find good materials on the Internet rather than finding a good book in a library, especially when it comes to computer science and/or electronics.

One advice I could give though is that I always found it useful to learn and understand how an electronic engineer would design something in order to better know where to look in order to analyze it. It could seem silly or obvious but if you want to be able to understand how a cake is made by looking at it and tasting it, then you should start by learning how to cook.