01:29.01 | *** join/#maemo-ssu jon_y_ (~enforcer@2001:e68:4075:a933:e01f:8e6d:cdca:d0e5) |
02:06.15 | ente | hi |
02:06.38 | ente | I got a n9 from a friend and I'm not sure if this is the right channel to ask questions but there is no interface for xmpp |
02:06.53 | ente | for some reason his xmpp account still showed up until I manually deleted it via qdbus |
02:07.25 | ente | now I'd like to add my own but I find qdbus rather cumbersome to use and the fact that there is no ui for managing xmpp accounts but the accounts show up baffles me a bit |
02:07.33 | ente | any hints? |
02:08.53 | ente | also I saw that for n900 people are working on keeping system libraries updated |
02:09.16 | ente | but I didn't find any similar efforts for n9 - can someone point me in the right direction here? I don't want to keep running ages old openssl and glibc |
03:33.45 | *** join/#maemo-ssu DocScrutinizer05 (~saturn@openmoko/engineers/joerg) |
05:17.19 | *** join/#maemo-ssu ruskie (ruskie@sourcemage/mage/ruskie) |
06:24.08 | *** join/#maemo-ssu amiconn (~amiconn@rockbox/developer/amiconn) |
08:13.25 | *** join/#maemo-ssu futpib (~futpib@176.214.18.173) |
09:29.44 | *** join/#maemo-ssu Pali (~pali@Maemo/community/contributor/Pali) |
10:58.55 | *** join/#maemo-ssu hashcore (~hashcore@unaffiliated/hashcore) |
12:14.53 | drathir | ente: the n9 if not wrong have diff os than n900... |
12:17.20 | drathir | ente: also probably better removing from app where was added not by hand... also with hand made changes probably better reflash... even not mind reflash is first thing done at any new device gathered... |
12:24.37 | ente | drathir: the person I got it from is a good friend and I don't have any flash images - would have to download some mysterious files from the internet where I can't verify whether or not they're legit |
12:27.21 | drathir | ~flasher |
12:27.21 | infobot | i heard flasher is at http://www.jedge.com/n810/flasher/maemo_flasher-3.5_2.5.2.2.tar.gz (also .exe!), or http://www.chakra-project.org/ccr/packages.php?ID=5027 or generally http://www.google.com/search?q=maemo_flasher-3.5_2.5.2.2.tar.gz. HARMattan(N9): https://aur.archlinux.org/packages/fl/flasher-harmattan/flasher-harmattan.tar.gz, or -- list of filenames/md5sums: http://pastebin.com/sYKdNJSH, or http://galif.eu/nokia/ |
12:27.41 | drathir | ente: look at hartman one... |
12:28.02 | drathir | ente: even is a good person...' |
12:28.44 | drathir | ~flashing |
12:28.44 | infobot | i heard maemo-flashing is http://wiki.maemo.org/Updating_the_tablet_firmware, or - on linux PC - download&extract http://maemo.cloud-7.de/maemo5/patches_n_tools/maemo-my-private-workdir.tgz, cd into it, do sudo ./flash-it-all.sh |
12:30.56 | drathir | ente: n900 is more like linux world... there things not behave like in m$ world come from nothin behind the back w/o user knowledge... |
12:31.17 | ente | and the n9 isn't? |
13:24.57 | *** join/#maemo-ssu hashcore (~hashcore@unaffiliated/hashcore) |
13:38.44 | drathir | ente: n9 for me is more like symbian/android like.. |
13:39.40 | ente | it's still based on qt/linux/debian way more than android |
13:39.43 | ente | dunno |
13:39.51 | ente | never had a n9 :) |
14:44.04 | *** join/#maemo-ssu M4rtinK2 (~M4rtinK@77.48.149.46) |
16:18.01 | drathir | ente: but they have strange packaging.... |
16:18.18 | ente | like how? |
16:18.36 | ente | I'm kinda stuck with this device now ^^ |
17:46.12 | *** join/#maemo-ssu LauRoman (~LauRoman@86.127.32.170) |
18:09.03 | *** join/#maemo-ssu futpib (~futpib@176.214.18.173) |
18:30.13 | *** join/#maemo-ssu M4rtinK (~M4rtinK@77.48.149.46) |
19:05.47 | *** join/#maemo-ssu NIN101 (~core@mail2.quitesimple.org) |
22:07.36 | *** join/#maemo-ssu delphi (ns-team@devbin/founder/trx) |
23:18.21 | DocScrutinizer05 | ~aegis |
23:18.21 | infobot | http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or http://en.wikipedia.org/wiki/Trusted_Computing#Criticism, or http://en.qi-hardware.com/w/images/1/10/ME_382_LockedUpTechnology2.gif |
23:19.54 | DocScrutinizer05 | http://maemo.cloud-7.de/Aegis-kills-device.jpg |
23:21.26 | DocScrutinizer05 | Nokia successfully entangled N9 OS with their own servers, and since those are down, you basically can forget about N9 |
23:23.06 | DocScrutinizer05 | ente: ^ |
23:23.50 | kerio | now |
23:23.56 | kerio | can you get a reimbursement from nokia? |
23:24.07 | DocScrutinizer05 | actually I'm not sure if Nokia servers for N9 are down but I'd be surprised to learn they're not |
23:24.08 | kerio | surely the N9 is not fit for purpose anymore |
23:24.17 | ente | they are |
23:24.23 | ente | there are package mirrors though |
23:25.56 | DocScrutinizer05 | the question is if you could install anything from them, since prolly even hacking /etc/hosts to have $nokiaserver point to the IP of the new mirror would already cause aegis to nuke your system since you touched a "system file" |
23:27.11 | DocScrutinizer05 | there's a so called "open mode" but that kills some functions in OS, irrecoverably. One of them being change of device lockcode iirc |
23:28.21 | bencoh | people still use it so I guess they found a way |
23:28.31 | bencoh | kinda |
23:32.29 | DocScrutinizer05 | well yes, it sort of still works, but you can't update anymore, and I guess you can't even enable developer mode if you haven't already downloaded the files while Nokia's servers still worked |
23:33.55 | DocScrutinizer05 | you can't downgrade the OS either, so my N9 one-click-falser is useless for most of you even when I share it |
23:34.08 | DocScrutinizer05 | flasher* |
23:35.24 | DocScrutinizer05 | you prolly can't restore your own backups either since they depend on dowbnloading the packages from nokia servers |
23:36.25 | DocScrutinizer05 | actually I dunno if backup/restore ever got implemented on N9, I recall there were issues with aegis even while Nokia was alive still |
23:37.15 | kerio | DocScrutinizer05: btw, what do you make of the apple-fbi thing? |
23:37.37 | DocScrutinizer05 | big noise about nothing |
23:38.13 | DocScrutinizer05 | FBI is so lame, pathetic losers |
23:38.24 | kerio | i wonder how that would've gone with a neo900 |
23:38.40 | kerio | "decrypt this phone" "we don't even have a crosscompiler set up dude" |
23:38.48 | DocScrutinizer05 | yep |
23:39.10 | kerio | still, that secure enclave thing is pretty cool |
23:39.28 | kerio | it can be replicated openly, right |
23:39.38 | kerio | specs wouldn't help an attacker |
23:39.49 | DocScrutinizer05 | err our modem fencing? yes |
23:40.17 | kerio | no, the hard-as-balls TPM |
23:40.23 | DocScrutinizer05 | the option to secure the bootloader? as well |
23:40.44 | DocScrutinizer05 | we don't have any TPM on Neo900 |
23:40.56 | kerio | perhaps on the neo900 s plus |
23:41.10 | DocScrutinizer05 | the device itself is a "TPM" |
23:42.26 | DocScrutinizer05 | there's no other way than brute force soldering to access the device when user has locked it down |
23:42.46 | DocScrutinizer05 | and even then you're lost when user installed a cryptfs |
23:43.06 | kerio | cold ram etc etc |
23:43.29 | kerio | as a bonus, when the NSA manages to desolder the ram without breaking anything, you can ask them to install a bigger ram module! :D |
23:43.33 | DocScrutinizer05 | doesn't work since you can't mess with the bootloader |
23:44.23 | kerio | even then, wouldn't it be almost trivial to have the bootloader zero out the ram as the first thing that happens? |
23:44.34 | kerio | so that you MUST desolder it to access the contents? |
23:44.41 | DocScrutinizer05 | sure, but why? |
23:45.01 | DocScrutinizer05 | when you desolder RAM it loses all its content |
23:45.13 | kerio | because of the heat? |
23:45.22 | DocScrutinizer05 | because RAM is volatile |
23:45.33 | kerio | so? keep it powered as you desolder it |
23:45.35 | kerio | ez |
23:45.43 | DocScrutinizer05 | it needs power and even constant refresh to keep info |
23:46.16 | kerio | honestly if the NSA can't even desolder a ram while keeping it working, what good are they? |
23:46.34 | DocScrutinizer05 | not THAT good anyway :-P |
23:47.43 | kerio | trained special agents cutting a hole in your ceiling, dropping down, and desoldering your phone while hanging above the ground |
23:47.58 | DocScrutinizer05 | krhrhrhr |
23:48.17 | kerio | hold on i thought you could literally just freeze the ram |
23:48.23 | kerio | and it would keep the content for like 10 minutes |
23:48.41 | kerio | ...how do you desolder it while keeping it frozen? ¬.¬ |
23:48.55 | DocScrutinizer05 | good question :-) |
23:49.22 | kerio | meh i bet you could just use a very tiny dremel cutter |
23:50.10 | DocScrutinizer05 | hmmm that *might* work but even then you don't have any of the CPU registers |
23:50.23 | kerio | freeze the cpu! :D |
23:51.07 | DocScrutinizer05 | well, I'm pretty sure NSA has not the faintest chance to unlock a decently locked Neo900 |
23:51.32 | kerio | yeah, because it doesn't exist ._. |
23:51.32 | DocScrutinizer05 | except brite force decryption |
23:51.54 | kerio | yeah but strong crypto is sloooooooooooow |
23:52.17 | DocScrutinizer05 | yes, particularly the brute force decryption |
23:52.26 | kerio | yeah but |
23:54.38 | DocScrutinizer05 | you actually just need strong encryption to store a hash table with decryption keys unique for each sector |
23:54.53 | DocScrutinizer05 | those can be weak then |
23:56.14 | DocScrutinizer05 | also can be symmetric |
23:56.48 | kerio | "can be symmetric" what |
23:56.55 | kerio | how do you think crypto actually works |
23:57.13 | DocScrutinizer05 | the commonly known crypto is assymetric |
23:57.22 | kerio | no, you do asymmetric auth and asymmetric key exchange |
23:57.30 | kerio | the key exchange is to exchange a key for symmetric crypto |
23:57.40 | DocScrutinizer05 | yes, and only for the symmetric key |
23:58.09 | kerio | once you get a shared secret, you use it to fire up a chacha20 stream or two |
23:58.20 | kerio | or AES if you're into that kind of stuff |
23:58.23 | DocScrutinizer05 | whatever |
23:58.50 | kerio | i don't think that chacha20 is suited to do disk encryption tho |
23:59.05 | kerio | and non accelerated AES is sloooooooooooooooooooooow |