#463 – An Interview with Trammell Hudson

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | RSS

Welcome Trammell Hudson!

This episode is sponsored by Rohde and Schwarz. Check out AskAnEngineer.us for more info about their value line test equipment.

• Trammell likes to gets things to the Proof of Concept stage, and then “hand off the keys to the repo”
• Matthew Garrett quote, (paraphrased) “I don’t think I’m very good with computers, I’m just bad at knowing when to give up”
• Taking good notes is a big part of Trammell’s process, which resulted in the site linked above.
• Magic lantern firmware
• Started from CHDK firmware, which is GPL
• Starts with looking at the updates that the vendors ship, then getting code execution
• Toggling the firmware out on an LED
• Disassembler tools:
  • Hopper
  • Ida
  • Ghidra
• He’s currently playing with Ikea smart bulbs and dimmers
• Gave a talk at Hack in the Box about “time of check, time of use”
• Project called Linuxboot, replaces x86 firmware with linux software
• Trammell’s newest project is the SpiSpy
• Logs all the flash memory accesses
• Tool was built to speed up firmware dev that revealed security hole
• Built with the ECP5
• Gave a talk about SpiSpy at CCCamp
• Hard to emulate the real time flash, since you have to serve up a response in 1 clock cycle
• DRAM is too slow, so it’s necessary to start the row/column reads before they have all of the bits
• Retrocomputing
  • PDP11
  • Mac SE
• Former guest of TAH Fabienne did the ROM dump scarves
• Archive.org documents old file formats
• Teensy4
• Scanlime had a tiny85 act like an RFID
• Trammell replicated and extended this work
• RFID doesn’t transmit back from the passive device side, it just shorts the coils together
• PSK31
• 13 hz of bandwidth
• SpiSpy project had a bus contention problem, scope saved the day
• Vector stuff
• Used dual DAC to drive the XY
• Former guest Todd Bailey also did vector work on the VEC9
• CRTs don’t move instantaneously
• Vector generation needs to model the magnetic drivers
• Added tunable parameters to the screen driver code.
• Later CRTs had color
• Had a write up in POC | GTFO
• Worked on Robots with others at NYC Resistor
• Puma Robot Arms were reverse engineered and turned into shuffleboard robots
• Using a scope for the quadrature decoding
• Trammell is a full time Security Researcher
• Thunderstrike was a vulnerability that allowed code insertion via the thunderbolt cable on the mac.
• Linuxboot replace proprietary boot software in servers and other hardware with linux
• Independent bios vendor
• Bulk of the code comes from intel
• Unix wars of 80s and 90s
• OEMs do “not invented here”
• Gave a talk about it at 34c3
• Build your own custom firmware for the lamps
• Check out all of Trammell’s projects on trmm.net
• Find Trammell as @qrs on Twitter or Mastadon

The image is a capture from a 1 kilopixel Cyclops sensor that Trammell re-projected through an oscilloscope (link)