02:17 <blex> what is known of the process by which /dev/hwrng gathers entropy

02:17 <blex> some sources claim it is a thermal noise source while others claim it uses avalanche noise

02:17 <blex> not much seems to be known about it

05:12 <bonda_000> blex: never heard of avalance noise

05:18 <bonda_000> thermal kTC noise yeah

05:18 <bonda_000> in image sensors, it is treated as some DC offset

05:19 <bonda_000> when shutter functions, the thermal noise produced by the switching in the sensor, is eliminated by the CDS (Correlated double sampling) technique

05:20 <bonda_000> there is two clocks 90 degrees out of phase, the subtraction is done on the capacitor in the opamp circuit

05:21 <bonda_000> if you go the analog way

05:21 <bonda_000> so it is not like AC noise in my imagination

05:22 <tarel2> Where do you find the specs of the raspberry Pi 400 say? If you really wanted to get into writing code for it?

07:37 <blex> bonda_000: is that how the raspberry pi generator works?

14:16 <bonda_000> blex: it's hard to tell their docs omit a lot of high level data, not even worth mentioning low level stuff

14:17 <bonda_000> I gave up trying to ask tech companies provide normally written instruction (datasheet), so I just wait till they end up on the ransomware dump and get the full document as it should be free

14:18 <bonda_000> or worse:)

14:18 <bonda_000> go and get it myself

14:20 <bonda_000> Saying, I sell you a "laundry machine" but to obtain full instruction you need to go extra lengths, is ransomware by itself

14:21 <bonda_000> because bcm2835 datasheet is just a big joke if you ever tried reading it

14:22 <bonda_000> it was written like in the smoking circle during the smoke break

14:23 <bonda_000> a fifth grader would be more punctual I believe

14:24 <blex> bonda_000: so how do we find out what makes the bcm rng work

14:24 <blex> it could be anything

14:24 <blex> could aes cipher running over zeros

14:28 <bonda_000> you get a @corporatedomain.com email

14:28 <bonda_000> message them, sign NDA, they give you full instruction

14:29 <bonda_000> thats the only way I think, because if you try to reverse engineer it, look up the comment in the top, you are violating the law

14:29 <bonda_000> combining "this" and any kind of "that" of Broadcom is prohibited

14:31 <bonda_000> I guess you just take it as granted like the camera block, its a black box that works

14:36 <bonda_000> its a very shitty asic, that has no CLK_IN which does not allow it to be used in many applications

14:37 <bonda_000> no CLK_IN - not able to synchronize it with another master device

14:37 <bonda_000> I guess the new one, has that, 2040 or whatever

14:38 <clever> bonda_000: from what the rpi engineers have said on the forums, there isnt really any proper documentation for half of these SoC's

14:38 <clever> its just email history and asking other engineers

14:38 <clever> so the problem is both investing time into collecting that all into one place, and running it by lawyers to know what it good to release

14:39 <bonda_000> for example SMI, is mentioned, but has no chapter in the datasheet, the instruction is literally ascii art in one of the .h files

14:40 <clever> i talked to the guy who wrote that linux driver

14:40 <clever> all he got was the register definition and a rough description

14:40 <clever> he had to brute-force it to get the rest

14:41 <clever> i think he made that ascii-art after figuring it out

14:41 <jn> the best decision in the history of Raspberry Pi was to do a project without Broadcom for once

14:41 <clever> yeah, with the rp2040, they arent bound by broadcom anymore

14:41 <clever> but the RP1 shows that they can still keep secrets

14:42 <clever> large chunks of the RP1 arent documented well, and thats entire rpi designed

14:47 <bonda_000> some other cool thing that I found

14:48 <bonda_000> https://github.com/newhouseb/onebitbt

14:48 <bonda_000> they use a gighertz differntial transceiver as 1 bit ADC

14:49 <bonda_000> which works for certain rf modulations like PSK

14:49 <bonda_000> the phase shifted, frequency shifted all supposedly works with this one

14:52 <bonda_000> because all you really need is to measure when it crosses zero

14:53 <bonda_000> as the data is encoded in the frequencies(FSK), or phase shifts(PSK) not the amplitude

17:16 <blex> it's not asking for much knowing how the /dev/hwrng produces random numbers or what principle it uses to make them

17:16 <blex> i am really surprised this is kept secret

17:17 <blex> no one trusts a black box

17:32 <clever> blex: and neither does linux, it only uses that to scramble the prng more, and the prng does the real rng generation

18:30 <bonda_000> I dont have the decompile anymore, it was probably the videocore module

18:33 <bonda_000> it was actually a horrible accident, on my side, some askUbuntu command has ruined grub on my debian build and I just wiped the disk

18:34 <bonda_000> don't run anything grub-related unless you know exactly what you are doing, it will render your system BSOD

18:34 <bonda_000> so the videocore patch to ghidra is gone

18:37 <bonda_000> clever: are you into hacking at all?

18:40 <tarel2> What up clever?

18:41 <bonda_000> clever: I have a nmap of 1000 open ports of some machine that runs something like Veritas or Kubes virtualization-like stuff https://pastebin.com/UK1adQn6

18:42 <bonda_000> windows services but also X11 desktop

18:44 <bonda_000> but thats `nmap -Pn -sT`, `nmap -Pn -sV` on each of these tells me they are all filtered, so it won't talk at all about each particular service

18:48 <tarel2> Do they actually ever released the specs on something like the pi 4

21:42 <bonda_000> blex: https://github.com/NationalSecurityAgency/ghidra/pull/1147 this is what I used

21:43 <bonda_000> this is with the VideoCore IV patch and there was an unstripped .elf which

21:43 <bonda_000> clever: should know that is for decompiling

21:44 <bonda_000> and this has functions named so you could at least see if there is rng on VC side

21:45 <bonda_000> a lot of my stuff burned unfortunately

21:46 <bonda_000> there was a specific download from raspberrypi start.elf that had everything nicely broken down

21:48 <bonda_000> that start.elf includes the low level VC firmware

22:05 <clever> bonda_000: i highly doubt the rng is implemented in software, that doesnt make much sense to do

22:05 <bonda_000> well at least if thats on VPU side then it will go through mmio request, strings may have clues

22:06 <bonda_000> clever: do you still have the link, the unstripped elf?

22:07 <clever> yeah

22:07 <bonda_000> idk maybe its an ARM thing need to look it up if ARM supports hardware rng

22:07 <bonda_000> clever: can you please share

22:07 <clever> -rw-r--r-- 1 clever users 3.7M Sep 24 2020 start-4f63c3bdd4d9ca4f308e683fe7e70501b4ac3232-unstripped.elf

22:07 <clever> bonda_000: thats the git hash

22:08 <bonda_000> clever: thank you

22:15 <bonda_000> blex: https://android.googlesource.com/kernel/bcm/+/android-4.4w_r6/arch/arm/mach-hawaii/

22:15 <bonda_000> Hawaii, Rhea and one other architecture had the same BCM chip that Raspberry Pi uses

22:15 <bonda_000> so these drivers also apply to Raspberry Pi

22:20 <bonda_000> Arm True Random Number Generator (TRNG) configuration parameters specify the settings of the internal ring-oscillator lengths, and the output sampling rate. The parameters are device-specific. Each silicon process has different noise and jitter characteristics. The specific SoC layout affects these characteristics. Therefore, the TRNG behavior must be characterized on the actual silicon of the device to determine the most

22:20 <bonda_000> suitable parameters. Characterizing in this way ensures that the TRNG output has maximal entropy.Characterization must be performed during the initial post-silicon testing of the device, or whenever substantial changes are made. For example, after changes to process or respins.

22:20 <bonda_000> Note

22:20 <bonda_000> Usually, the physical process used for collecting entropy is an inverter timing jitter that is collected from a dedicated on-chip free-running ring oscillator.

22:21 <bonda_000> if they are signed with ARM, that's what they most likely have

22:22 <bonda_000> https://developer.arm.com/documentation/100685/0000/Overview-of-Arm-True-Random-Number-Generator--TRNG-?lang=en

22:32 <bonda_000> https://github.com/raspberrypi/firmware/commit/4f63c3bdd4d9ca4f308e683fe7e70501b4ac3232

22:37 <bonda_000> so it is as good as time() based rng

22:38 <bonda_000> basically checks at what condition is an inverter output whenever you ask for a random number, something like that