close-circle
Close
0%
0%

Making and Breaking Hardware HackChat

We're going to be talking with bunnie about hacking electronics and manufacturing in Shenzhen!

calendar
Friday, February 10, 2017 09:00 am PST - 09:30 am PST
location
Hack Chat
Similar projects worth following

A Hardware Hack Chat with Bunnie Huang

Bunnie Huang is a legend. He’s not just a hardware hacker: he’s a hardware creator, author, and one of the most outspoken folks sharing knowledge and experience from the world of electronics design and manufacturing.

Back in February, Hackaday.io had the honor of hosting a hack chat with Bunnie, where the Hackaday.io community could ask him whatever questions they wanted. We thought the result was interesting enough to bring the conversation outside of the chat window. We’ve cleaned it up a bit (and rearranged replies to account for inevitable chat question/response asynchronicity), but the following is a short summary of the event:

Introspection Engine and Playing the Monitor

Bunnie’s latest projects include Love to Code and NeTV2, but the one that has garnered the most attention is Introspection Engine, a device he’s working on in collaboration with Edward Snowden. Its goal is to help dissidents in high-risk situations know if their communications are being monitored.

Bunnie: Introspection is based on a K22F kinetis CPU and an ICE40 FPGA. The idea is to create a solution which is resistant against state-level adversaries to report if a phone is being monitored. The system reports to its own UI. That's pretty fundamental. The idea is you don't trust or respect third party user interfaces and you really want to be able to validate the entire path from signal to UI.
So, the basic architecture is to find points in the phone which are absolutely, at a physics level, essential for transmitting radio data. Then, we monitor that. If those become active and for some reason we're told they are not supposed to be active, then we know we're probably compromised. So, we have our own separate processor to implement a UI on a separate screen.

At first, just knowing that you’re being monitored doesn’t sound very useful, but it’s important to keep in mind the greater context that information gives you. The more information you have, the better equipped you are to make good decisions about what to do next.:

Bunnie: The idea is that you can know definitively *if* you are being monitored. From that point, you can make the decision to reveal whether or not you know you are being monitored. Consider the fact that if you are being monitored. It's a strategic advantage to be aware of the monitoring and "play the monitor."

Gonkai Engineering Culture

Being a hardware developer, Bunnie has immersed himself in the Chinese hardware ecosystem. In 2013, Bunnie coined the term “gongkai” to describe the ecosystem that has evolved around the open-but-not-quite-open-source sharing of hardware designs (confidential or otherwise) that happens regularly in China. This loose attitude toward sharing IP and documentation has lead to a thriving ecosystem of constantly evolving hardware that’s much cheaper than anything you can buy in the West. Of course that begs the question: Can the West adopt that culture?

Bunnie: I feel that honestly, most likely it will not. The reason I think gongkai won't make it to the West isn't because of physics or language. The major reason is that the Western IP fundamentals were drafted in an era where the Internet did not exist.

For example, when you refer to a cat meme, you don't ask who owns the copyright to the image of the cat. You just feel somehow empowered to "steal" the image originally took and imbued with a copyright by US law and to remix it with a clever subtitle.

In the Gongkai system, we go beyond cat memes to e.g. hardware memes, people feel empowered to remix hardware ideas in the same way that people might remix a cat meme but without attribution to the original photographer of the cat meme.

In the West, we tend to embrace the idea of “open” design through the ethos of Open Hardware and Open Source. You can use open schematics from...

Read more »

Bunnie03-01.png

Event Poster

Portable Network Graphics (PNG) - 432.06 kB - 02/07/2017 at 04:23

eye
Preview
download-circle
Download

  • (edited) transcript of Making and Breaking Hardware

    Sophi Kravitz02/10/2017 at 17:44 1 comment

    bunnie says:43 minutes ago

    it's..a friday night here.

    ActualDragon says:43 minutes ago

    lucky, its only lunch here

    wintr says:43 minutes ago

    Good Good Good... in vino veritas

    bunnie says:43 minutes ago

    i'll do my best though. :)

    ActualDragon says:42 minutes ago

    :( i dont get out till 3

    42 minutes ago

    So everyone: we have a sheet for questions https://docs.google.com/spreadsheets/d/1lrHxsJzsLqtb-RJTTZnslHQQQnGf-CzjSHutv-VJWME/edit#gid=0

    turbinenreiter says:42 minutes ago

    I didn't knew we can come drunk! Unfair!

    42 minutes ago

    you don't have to use it, but it's one way to keep track

    bunnie says:41 minutes ago

    right....I pregamed. https://twitter.com/bunniestudios/status/830044903379914752

    Radomir Dopieralski says:41 minutes ago

    I came prepared!

    41 minutes ago

    Bunnie, want to start things off by telling us something about what you're working on?

    41 minutes ago

    (I think we all know who you are)

    bunnie says:41 minutes ago

    sure....i've got a few projects i'1m working on....

    ActualDragon says:40 minutes ago

    this is about making and breaking hardware right

    40 minutes ago

    yes

    ActualDragon says:40 minutes ago

    oh good

    39 minutes ago

    @bunnie did we lose you?

    Arsenijs says:38 minutes ago

    Can Novena handle HackChat?

    38 minutes ago

    ;)

    turbinenreiter says:38 minutes ago

    passed out drunk on keyboard. best hackchat ever.

    bunnie says:38 minutes ago

    1) LTC -- love to code -- a project to help get more young people into computer science2) introspection engine -- a project to help dissidents in high risk situations know if they are being spied upon3) netv2 -- a project which i can't talk too much about because it's an subject of an active lawsuit4) some other stuff i'm short circutiing because apparently i'm not repsonding fast enough :)

    bunnie says:38 minutes ago

    +1 turbinenreiter

    bunnie says:37 minutes ago

    yah sorry took a while to respond to that question

    37 minutes ago

    tell us abt introspection engine

    bunnie says:37 minutes ago

    ask me something i dunno direct and punchy

    turbinenreiter says:35 minutes ago

    Why is it easier to hack into a Smartphones and reroute it's traffic to your own baseband than get governments to just be like cool?

    bunnie says:35 minutes ago

    sure. introspection is based on a K22F kinetis CPU and an ICE40 FPGA. The idea is to create a solution which is resistant against state-level adversaries to report if a phone is being monitored.

    34 minutes ago

    who does it report to?

    bunnie says:34 minutes ago

    the system reports to its own UI

    bunnie says:34 minutes ago

    that's pretty fundamental

    AKA says:34 minutes ago

    so, if it says it's being monitored...what do I do then?

    ActualDragon says:34 minutes ago

    would making and breaking hardware be like "i have this radioshack simon from the 60s. is it too old to take apart? should i tempt it? is it worth anything?" something like that?

    bunnie says:33 minutes ago

    the idea is you don't trust or respect third party user interfaces and you really want to be able to validate the entire path from signal to UI

    ActualDragon says:33 minutes ago

    oh, sorry man

    bunnie says:33 minutes ago

    AKA: the idea is that you can know definetively *if* you are being monitored

    bunnie says:32 minutes ago

    from that point, you can make the decision to reveal whether or not you know you are being monitored. consider the fact that if you are being monitored it's a strategic advantage to be aware of the monitoring and "play the monitor"

    wintr says:32 minutes ago

    It's not paranoia if you're hacking the people that are really following you.

    AKA says:31 minutes ago

    ok, i understand. but doesn't that increase the risk of a false negative? like, if the device _is_ compromised, or compromised upstream, it may dangerously lull you into complacency?

    Bhavesh Kakwani says:31 minutes ago

    @bunnie That's really cool

    j0z0r pwn4tr0n says:31 minutes ago

    What kind of assurances do you have that a state-level actor isn't just reporting back to the UI that "All is well"? You know, like...

    Read more »

View event log

Enjoy this event?

Share

Discussions

Bhavesh Kakwani wrote 02/06/2017 at 14:46 point

It's amazing that you got bunnie to come in for a hackchat! Very excited!

  Are you sure? yes | no

Interested in attending?

Become a member to follow this event or host your own