When you’re a nation state, secure communications are key to protecting your sovereignty and keeping your best laid plans under wraps. For the USA, this requirement led to the development of a series of secure telephony networks over the years. John McMaster found himself interested in investigating the workings of the STU-III secure telephone, and set out to replicate the secure keys used with this system.
[John] had a particular affinity for the STU-III for its method of encrypting phone calls. A physical device known as a Crypto Ignition Key had to be inserted into the telephone, and turned with a satisfying clunk to enable encryption. This physical key contains digital encryption keys that, in combination with those in the telephone, are used to encrypt the call. The tactile interface gives very clear feedback to the user about securing the communication channel. Wishing to learn more, John began to research the system further and attempted to source some hardware to tinker with.
As John explains in his Hackaday Superconference talk embeded below, he was able to source a civilian-model STU-III handset but the keys proved difficult to find. As carriers of encryption keys, it’s likely that most were destroyed as per security protocol when reaching their expiry date. However, after laying his hands on a broken key, he was able to create a CAD model and produce a mechanically compatible prototype that would fit in the slot and turn correctly.
Due to the rarity of keys, destructive reverse engineering wasn’t practical, so other methods were used. Thanks to the use of the STU-III in military contexts, the keys have a National Stock Number that pointed towards parallel EEPROMs from AMD. Armed with the datasheet and X-rays of encryption keys from the Crypto Museum, it was possible to figure out a rough pinout for the key. With this information in hand, a circuit board was produced and combined with an EEPROM and a 3D print to produce a key that could replicate the functionality of the original.
Like most projects, it didn’t work first time. The printed key had issues with the quality of the teeth and flushing of the support material, which was solved by simply removing them entirely and relying on the circuit board to index to the relevant pins. Testing was performed using a PKS-703 key reader, which itself was an incredibly rare piece of hardware. In combination with a logic analyzer, it revealed that a couple of the write pins were lined up backwards. Once this was fixed, the key worked and could be programmed with a set of encryption keys. Once inserted into the STU-III and turned, the telephone sprung to life!
Despite this success, there’s still a long way to go before John can start making secured phone calls with the STU-III. Only having one phone, he’s limited to how much he can do — ideally, a pair is needed in order to experiment further. He is also trying to make it easier for others to tinker with this hardware which involves the development of a circuit board to allow keys to be read and reprogrammed with a standard EEPROM writer. He’s also begun reverse engineering of the STU-III’s internals. As a bit of fun, John went as far as to reproduce some promotional swag from the project that spawned the STU-III, showing off his Future Secure Voice System mug and T-shirt.
Reverse engineering national security devices certainly comes with its own unique set of challenges, but John has proven he’s more than up to the task. We look forward to seeing the crypto community hack deeper into this hardware, and can’t wait to see hackers making calls over the venerable STU-III!
In the early 1950s, the only thing scarier than the threat of nuclear war was the annual return of polio — an easily-spread, incurable disease that causes nerve damage, paralysis, and sometimes death. At the first sign of an outbreak, public hot spots like theaters and swimming pools would close up immediately.
One of the worst polio epidemics in the United States struck in 1952, a few years into the postwar baby boom. Polio is more likely to infect children than adults, so the race to create a vaccine reached a fever pitch.
Most researchers were looking into live-virus vaccines, which had worked nicely for smallpox and rabies and become the standard approach. But Jonas Salk, a medical researcher and budding virologist, was keen on the idea of safer, killed-virus vaccines. He believed the same principle would work for polio, and he was right. Within a few years of developing his vaccine, the number of polio cases in the United States dropped from ~29,000 in 1955 to less than 6,000 in 1957. By 1979, polio had been eradicated in the US.
Jonas Salk is one of science’s folk heroes. The polio vaccine was actually his sophomore effort — he and Thomas Francis developed the first influenza vaccine in the 1940s. And he didn’t stop with polio, either. Toward the end of his life, Salk was working on an AIDS vaccine.
A Doctor in the House
Jonas Salk was born in 1914 and raised in New York City. He was the oldest son of Russian-Jewish immigrants who didn’t have much money or education, but wanted the best for their children.
Salk has said in interviews that he was not interested in science as a child — he was “merely interested in things human”. The NYC polio epidemic of 1916 would have likely given Jonas an eyeful of humanity in the form of afflicted classmates with crutches and leg braces.
Jonas was a curious kid who read everything he could get his hands on. He had dreams of becoming a lawyer, but his mother wanted a doctor in the house. When Jonas was 13, he entered Townsend Harris High School, a public school for gifted students. Two years later at age 15, Jonas entered City College of New York (CCNY), where he would earn a Bachelor of Science in Chemistry. A fifteen-year-old college freshman at this competitive college was not particularly noteworthy, because many of the students there had skipped more than one grade.
After CCNY, Salk went to study medicine at NYU. It was here that he decided that although he liked medicine, he didn’t want to practice it. Salk was more interested in research. He believed he was meant to help humankind rather than treat the individual.
The Flu Fighters
For thousands of years, people believed influenza, or the flu, was caused by bacteria. The influenza virus was first discovered in the early 1930s, around the time Salk entered med school. In his senior year, he had a chance to spend time in a lab that was researching influenza, and he jumped on it. Salk believed that the virus strains could be effectively destroyed and still immunize, and he was eager to test this theory. As it turns out, he was right.
Salk did postgraduate work in virology, and spent some elective time in the laboratory of his mentor, Thomas Francis. It was here that he and Francis developed the first influenza vaccine by incubating a strain of the virus in a chicken embryo, then rendering it inactive.
Salk started his residency in Francis’ lab at Mount Sinai Hospital. Within a few years, he was eager to study infectious diseases in his own lab. He wouldn’t have to wait long. A man named Harry Weaver contacted him about researching polio. Weaver was director of research at the National Foundation for Infantile Paralysis, and was in a position to offer Salk his own lab and researchers. Soon, Salk started to get grants, which he used to build up his virology laboratory.
In 1947, Salk began working on a polio vaccine. First he had to sort out all 125 known strains of the virus. As he did, he noticed they all fell into one of three basic types. A successful vaccine would have to cover all three groups to give full protection from polio. Having figured this out, his next problem was making enough vaccine to experiment with. Luckily, in 1948, a group of scientists discovered that the polio virus would multiply just fine on scraps of non-nerve tissue from human embryos, meaning that a full-blown organism like a chicken embryo was not necessary. Thanks to this discovery, Salk could iterate much more quickly.
At the same time, another researcher named Albert Sabin was working on a live-virus vaccine to be taken orally. Sabin believed that only a live, weakened virus could make the human body produce antibodies, and believed that Salk was wasting his time trying to make an effective vaccine with dead strains.
The Polio Pioneers
In July 1952, Salk was ready to try out his killed-virus vaccine. His first patients were children who had already contracted polio and recovered. After vaccination, they all showed an increase in antibodies.
Then he tried the vaccine on himself, his wife, and his own children. When everyone in his family showed increased antibodies and no signs of illness, Salk knew it was time to share it with the world.
In 1953, Salk reported his results to the American Medical Association, and a massive trial was conducted the following year. One million children, known as the polio pioneers, were injected with Salk’s vaccine, and the results were incredible, with 60-70% prevention. The US wasted no time rolling out mass inoculations for children.
Unfortunately, there was an incident at one of the labs producing the vaccine. Some of the lots contained a live virus, and this mistake generated 40,000 new polio cases from the 120,000 poorly-controlled vaccines. The labs adopted higher standards and resumed production, but the incident would have a lasting impact on the pharmaceutical world. The news must have been bittersweet for Albert Sabin, who was still working on his live-virus version. Sabin completed human trials of his oral vaccine in 1957, and it was approved in 1962.
Could You Patent the Sun?
Once his vaccine was proven effective, Salk instantly shot to rock star status, much to his dismay. All the attention took time and energy away from his research, and he regretted losing his privacy and anonymity, especially where his research was concerned. Salk received a load of honors for his vaccine, including four honorary degrees and Presidential Medal of Freedom.
In an interview with Edward R. Murrow, he was asked who owned the patent on the vaccine. Salk famously replied, “Well, the people, I would say. There is no patent. Could you patent the sun?”
Though it’s easy to believe that Salk had completely altruistic intentions and never thought to patent it himself, it has since been discovered that the National Foundation for Infantile Paralysis’ lawyers had inquired about it at some point, and were told that the vaccine wasn’t novel enough to warrant a patent. Some would argue that the public had paid for it already through programs like the March of Dimes.
Giving Back: The Salk Institute
Salk was never in it for the money, and he never forgot where he came from. In 1963, he established the Salk Institute for Biological Studies in La Jolla, CA to provide a research space for scientists working toward the elimination of diseases like multiple sclerosis and cancer. The Salk Institute was the kind of place he could only dream of as a student.
Salk died of heart failure in 1995. Toward the end of his life, he had been working on vaccines for cancer, multiple sclerosis, and AIDS.
Jonas Salk had a huge impact on virology, on the United States, and on the longevity of thousands of baby boomers. The world could certainly use more scientists who follow his philosophy of helping humankind as a whole.
Wired takes a long look at the rapid progress in oral health in the 20th century from this:
In 1899, the British Army was recruiting troops to fight in the Boer War and recruiters were appalled at the health of the men who were turning up. They were stunted, malnourished and had appalling teeth. “It became a national scandal,” Bairsto says. “No one was cleaning their teeth. Many couldn’t chew their food.”
to Philips selling a $270 electronic toothbrush (pictured above). Are electronic toothbrushes any better than a mundane brush? Put away your skepticism, Wired says:
All that said, the Cochrane reviews are pretty clear. They looked at plaque buildup and gingivitis (gum disease), finding that electric toothbrushes were, on average, more effective than manual ones. The effects were real. An average 11 per cent reduction in the degree of plaque buildup, in the short term, and a 21 per cent over three months term; a six per cent or 11 per cent reduction in gingivitis, depending on how you measure it.
Refreshing news! But there's still cause to be skeptical:
The question is where to go next. Apps that track behaviour and sensors that check you’ve brushed every tooth are already in place; how much more high-tech can toothbrushes get? How much more advantage can be squeezed from them?
One possibility is raising the stakes. There have been hints that periodontal disease is linked to wider health problems – sufferers are more susceptible to stroke, to heart attacks, to blocked arteries, to high blood pressure, and to cancer. Bircan mentions that they’re tracking users over long periods “to see the impact not just on their oral health but on their lives”
Read more about the arms race in electronic brushes at Wired.
Today I have a tale of mystery, of horror, and of hope. The allure of a newer kernel and packages was too much to resist, so I found myself upgrading to Fedora 30. All the packages had downloaded, all that was left was to let DNF reboot the machine and install all the new packages. I started the process and meandered off to find a cup of coffee: black, and darker than the stain this line of work leaves on the soul. After enough time had elapsed, I returned, expecting the warming light of a newly upgraded desktop. Instead, all that greeted me was the harsh darkness of a grub command line. Something was amiss, and it was bad.
(An aside to the reader, I had this experience on two different machines, stemming from two different root problems. One was a wayward setting, and the other an unusual permissions problem.)
How does the fledgling Linux sysadmin recover from such a problem? The grub command line is an inscrutable mystery to the uninitiated, but once you understand the basics, it’s not terribly difficult to boot your system and try to restore the normal boot process. This depends on what has broken, of course. If the disk containing your root partition has crashed, then sorry, this article won’t help.
In order to get a system booting, what exactly needs to happen? How does booting Linux work, even? Two components need to be loaded into memory: the kernel, and the initramfs. Once these two elements are loaded into memory, grub performs a jump into the kernel code, which takes over and finishes the machine’s boot. There is one more important detail that we care about — the kernel needs to know where to find the root partition. This is typically part of the kernel parameters, specified on the kernel boot line.
When working with an unfamiliar shell, the help command is a good starting point. grub runs in a very limited environment, and running the help command scrolls most of the text off the screen. There is an environment variable that helps out here, enabling output paging:set pager=1.
Finding What You’re Looking For
ls is your friend. Don’t know which drive is which? ls to the rescue. grub uses a unique nomenclature for accessing partitions. You might see entries like (HD0,0) or (hd0,msdos1). A modern grub will even let you list the files and folders contained in that partition using a command like ls (hd0,msdos1)/.
We want to start by figuring out which partition stores the kernel and initrd files. Those files might be in a boot folder, or just in one of the partitions. The kernel is generally named vmlinuz-kernel_version.architecture so for example: vmlinuz-5.3.7-200.fc30.x86_64. The initrd we need will match the kernel’s version. Something like initramfs-5.3.7-200.fc30.x86_64.img.
The last needed bit of information, the root filesystem location, can be a bit trickier to find. While searching through partitions, you may find one with a root filesystem layout, containing boot, bin, etc, home, etc. You can likely figure out what the kernel will call the partition based on the name in grub. hd0 is probably sda, hd1 is probably sdb. The second half of grub's name tells you which partition it is, so (hd0,msdos1)is likely sda1.
Putting It Together
To actually boot, we issue three commands in grub. The first command sets the kernel image and any kernel boot options. The one required option is setting the root location:linux (hd0,msdos1)/boot/vmlinuz-4.19.0-6-amd64 root=/dev/sda1
Next we set the initrd option:initrd (hd0,msdos1)/boot/initrd.img-4.19.0-6-amd64
Once those options are set, we can tell grub to try to boot the kernel. It a simple command:boot
Assuming we set the right options, and the system isn’t otherwise terribly broken, that should boot your machine back into normalcy. Time to troubleshoot what caused grub to go off the rails to begin with. That however, is for another time.
Since we’re here, there are a few other tricks worth knowing about grub and booting. The most useful is probably single user mode, which is enabled by adding a “1” to the boot options. linux (hd0,msdos1)/boot/vmlinuz-4.19.0-6-amd64 root=/dev/sda1 1
On some distributions, this even bypasses the need to know a root password, which is useful if you find yourself locked out of a system. Many modern systems still require logging in as root to proceed. Still, single-user mode is helpful for troubleshooting other boot and system problems.
One more trick to have up your sleeve is the ability to blacklist a driver. Adding blacklist amdgpu, for example, would prevent the amdgpu driver from loading at all, regardless of the hardware present. If a buggy or misconfigured driver is causing a crash during boot, blacklisting it will likely let you successfully boot.
Hopefully this is enough to give you the edge next time you’re debugging a Linux boot problem, and adds a couple tools to your repertoire. Happy hacking.
Many of us think of FPGAs as some new cutting edge technology, but the fact of the matter is that they’ve been around for quite some time. They’ve just traditionally been used in hardware that’s too expensive for us lowly hackers. A case in point is the Cisco HWIC-3G-CDMA WAN card. A decade ago these would have been part of a router valued in the tens of thousands of dollars, but today they can be had for less than $10 USD on eBay. At that price, [Tom Verbeure] thought it would be worth finding out if they could be repurposed as generic FPGA experimentation devices.
So as not to keep you in suspense, the short answer is a resounding yes. In the end, all [Tom] had to do was figure out what voltages the HWIC-3G-CDMA was expecting on the edge connector, and solder a 2×5 connector onto the helpfully labeled JTAG header. Once powered up and connected to the computer, Intel’s Quartus Programmer software immediately picked up the board’s Cyclone II EP2C35F484C8 chip. The blinking LEDs seen in the video after the break serve as proof that these bargain bin gadgets are ripe for hacking.
Unfortunately, there’s a catch. After studying the rest of the components on the board, [Tom] eventually came to the conclusion that the HWIC-3G-CDMA has no means of actually storing the FPGA’s bitstream. Presumably it was provided by the router itself during startup. If you just want to keep the board tethered to your computer for experimenting, that’s not really a big deal. But if you want to use it in some kind of project, you’ll need to include a microcontroller capable of pushing the roughly 1 MB bitstream into the FPGA to kick things off.