This article series documents a journey of modifying and improving a 3D printer. Part four is about a hardware mod that allows the use of a modern hotend in the old GuiderII printer once combined with the Klipper firmware, and why I made that modification.| invd blog
This article series documents a journey of modifying and improving a 3D printer. In part three, I’ll describe my approach for re-using the original Flashforge GuiderII extruder flex cable and extruder mount, and why this may or may not be a good strategy.| invd blog
This article series documents a journey of modifying and improving a 3D printer.| invd blog
This article series documents a journey of modifying and improving a 3D printer.| invd blog
While auditing internal infrastructure for Radically Open Security, I discovered a weakness in the devise-two-factor Time-based One-time Password (TOTP) library. With the help of Chris MacNaughton, we confirmed the vulnerability and informed the upstream vendor of the library. This article has some details about the vulnerability and disclosure.| invd blog
In late July and August 2023, a team of fellow researchers and I rushed to understand, write up and publish a serious cryptocurrency wallet creation issue in the Libbitcoin Explorer bx software tool that left victims exposed to remote & automated wide-scale theft of funds. The coordinated theft of assets that happened on 2023-07-12, during which bx user’s funds were targeted among with other weak wallet types, amounted to millions of dollars in damages across hundreds of victims and various...| invd blog
Heiko Schäfer discovered a new security issue in the Yubico yubihsm_pkcs11.so driver library, which we disclosed together to Yubico. The YubiHSM PKCS#11 client-side library is designed to interact with Yubico HSM2 hardware security modules. Due to flaws in the memory handling, the library code accidentally returns 8192 bytes of previously used process memory under some circumstances. This impacts the memory confidentiality of the calling program for some usages.| invd blog
The article describes a new vulnerability in the KeepKey hardware wallet. Vulnerable code in the Ethereum transaction handling can leak memory from attacker-controlled address locations onto the display when processing a crafted EthereumSignTx message. An attacker with physical access to an unlocked KeepKey device can extract the BIP39 seed or other confidential device secrets via this flaw without tampering with the device hardware or leaving permanent traces.| invd blog
I have discovered two new security issues in the Yubico libykpiv client-side code which were introduced as a regression in the 2.3.0 release. Flaws in the memory handling of the auth handshake procedure with a PIV smartcard could lead to memory corruption, denial of service or other unexpected behavior under some conditions. The practical security impact on tested production binaries appears to be limited.| invd blog
The article describes several vulnerabilities in the KeepKey hardware wallet. Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.| invd blog
I have recently discovered a serious vulnerability in the KeepKey hardware wallet. Through a stack buffer overflow, remote or local attackers can execute code on the device and perform actions such as stealing the wallet keys from within a malicious website. The vulnerability was introduced with firmware v7.0.3 and patched with v7.1.0 after my disclosure.| invd blog
I have recently discovered the serious CVE-2021-31616 vulnerability in the KeepKey hardware wallet. This is part I of a small article series that describes some of the technical journey of how I got code execution on the device.| invd blog
I discovered during the analysis of the CVE-2021-31616 vulnerability that the stack canary logic in the KeepKey firmware was broken and could be bypassed to perform practical stack smashing attacks. Further investigation revealed that the incorrect stack protection assembler code is produced through a bug in certain GCC 9 and GCC 10 compiler versions for ARM, where it has been present for about a year. This problem has the potential to affect a wide range of ARM based embedded systems.| invd blog