r1cebank's code & 🍗 & ✈️

Earlier we talked about trying to hardening the USB Armory, but given all the information I have found online, I need to figure out some custom way of generating the image so the secure environment can be easily reproduced. Custom Kernel + initramfs (for pre-boot LUKS unlock) Seperate /boot partition (unencrypted but signed to unlock the rootfs) Makefile to create multi-partition images Makefile to create LUKS images Signed bootloader with the image Step 1. InitramfsThis is the...

When I was in high school and starting to know about the danger of password being stolen, I started to change my password every 6 month. It got really crazy as I started to get more and more online accounts. During that time I have no list of all the online accounts and I often forget one of the account and I ended up forgot which pass password that account is using. The I realized using the same password for everything is not a good idea, also there are asshole websites that only allow you...

Since last time I wrote about the USB Armory II, I have spent a considerable amount of time working on the device. I have to say it is a very capable device, able to support many tools that I want to run on it. But working with USB Armory with Secure Boot turned on, I have found some issues that is not documented in the wiki. ProblemThe secure boot process will only protect the initial boot process, validating the kernel, but its still easy to modify the filesystem and inject files in to the...

While browsing Crowd Supply I found a very interesting device called USB Armory. Its a tiny security minded computer in the form factor of a tiny USB stick. The hardware specs is not very amazing but compared with similar device like Raspberry Pi Zero, its not that bad. Hardware SoC: NXP i.MX6ULZ ARM® Cortex™-A7 900 MHz RAM: 512 MB DDR3 Storage: internal 16 GB eMMC + external microSD Bluetooth module: u-blox ANNA-B112 BLE USB-C ports: DRP (Dual Role Power) receptacle + UFP (Upstream Facing...

It’s been a while since I have posted my findings about the Sega Nu machine. I was lucky enough to get another arcade machine for around 10,000 yen. My goal with this new machine is to carefully backup everything and then carefully make sure that I am able to get the recovery key for the bitlocker drives so I can do anything with it later on. If you haven’t read the part 1 yet, back up, back up, back up your drives! Before I was able to get the new machine shipped to Canada, I created a...

Is been couple month since I started working on the Sega Nu, this is the first arcade unit I have worked on. Working on the system has totally changed my understanding of how those system works. Before start working on the Nu, my experience with it is very limited. I started to have interest on this system after I learnt this is the system used for my favorite arcade game: Hatsune Miku: Project Diva Arcade Future Tone. I always wanted to own one of the cabinet and make it work offline in my...

I’ve been building a self-contained server from an Intel Nuc, recently I decided to move my dropbox to self-hosted Seafile solution. One of the problem is, I did not encrypt the external storage when I did the system setup. When googled about encrypting existing partitions, I came up with a solution. Make sure you back up all of your data Shrink the partition using resize2fs (make sure calculate the new block size and leave around 32M) Run cryptsetup reencrypt --encrypt /dev/sdXY...

Recently I realized that the personal service server I built literally has every port accessible over LAN. I used docker-compose to build all the services I ran on the server and made sure ufw is enabled and only allow port 22 and port 443/80. During a test with a reboot lock down script,  I realized that even I disable all the ports from ufw, these ports are still accessible. After googling, I realized it has something to do with docker’s own iptables rule somehow will take precedent...

2020 is an interesting year, although I have made plans to attend Magical Mirai and Miku EXPO, due to the pandemic all of them has been cancelled. The work from home has became a new norm nowdays, and all the travel restrictions has made impossible for anyone to meetup with each other. Achievements Able to finish writing the gameboy emulator Lost weight to sub-80 kg Finished reading 4 books in the yearly plan Made good financial decision on stocks Obtained an PDFT keychip Passed JLPT...

I’ve been writing my gameboy emulator in rust and I had a lot of issues getting this startup screen to display properly, later I’ve realized it was achieved using the clever pallet swapping in runtime. For pokemon red, the start screen flashing start is made possible by changing palette during runtime. 12345let palette_num = if sprite.use_palette_1 { self.op1 } else { self.op0 ...