Reversemode

Index Introduction PhysicsFiction state_monitor state_physics state_physics #2 — A key part state_physics #3 — The attack What about the target? Conclusions Introduction This past friday Juan Andres Guerrero-Saade and Vitaly Kamluk published an extraordinary piece of research, which uncovered a 20 years old sophisticated malware, plausibly attributed to state actors. What is outstanding about this implant is, as the authors mention, that "fast16.sys selectively targets high-precision calculation software, patching code in memory to tamper with results." That's insane…and very real. I'll try to contribute to the public understanding of Fast16 by digging into the function that targets the physics simulations. At this point, there is little left to add about Stuxnet, but it is important to use it as a temporal reference, because Fast16 was allegedly active years before the malware that changed everything. Around 2...

A Swiss E-Voting Mystery: USB Glitch or Sabotage? Imagine that you're a member of an electoral board, and the cryptographic materials required to decrypt votes, coming from an e-voting system, are stored on a USB key that happens to fail. But wait...because another USB key fails, and then another one...That's precisely what happened in the Swiss canton of Basel, now under a criminal investigation for possible electoral fraud. A glitch, or something else? Let's try to untangle an interesting incident involving cryptography, politics, e-voting, and USB keys. Index Swiss Post E-Voting System The Basel Incident USB keys: a prominent attack vector. What did these 3 USB keys contain? A plausible scenario Once-in-a-lifetime Glitch or Sabotage? Conclusions Summary The reason I'm writing about this incident is because in recent years I've spent a significant amount of time studying and trying to break the Swiss Post e-voting system, which was u...

TL;DR This post describes the conditions and technical details that enable Adversary-in-The-Middle (AiTM) attacks against Signal when Censorship Circumvention is enabled. However, despite the ability to decrypt TLS traffic between the target and the Signal backend, the end-to-end encryption (E2EE) scheme implemented by Signal prevents attackers from accessing user content such as conversations, audios, attachments, etc., which remains securely encrypted. In simple terms, enabling Censorship Circumvention does not affect the E2EE layer. The resources required to exploit these issues are limited to nation-states. Unless you’re either a high-value individual (or part of their inner circle) for a nation-state/state-sponsored actors, or a citizen/journalist/activist in an authoritarian country that is closely aligned with others possessing, let’s say, certain expertise, you’re realistically nowhere near being a potential target. Censorship circumvention may not be perfect, but it is vi...