I am having trouble making it through all of the steps for this lab.
I got some commands together that let me read and write to/from the ssd and I believe I can halt/resume individual cores, but I don’t seem to be getting the results suggested by the subsequent steps.
Under “Correlating Behavior”, it seems to suggest that I should see behavior suggesting certain responsibilities for each core.
The behavior that I’m seeing is that any combination of halted core(s) completely stops all read & write progress. Depending on what exactly I try, resuming a core will sometimes continue the transfer, and sometimes I will get an I/O timeout and the /dev/ device disappears until I reconnect the SSD.
Has anyone else experienced this and/or have any suggestions for what I might be doing wrong?
Halting any core should halt the SSD from functioning properly - and if it stays halted long enough, the SATA controller/OS/etc will eventually notice and get mixed up.
First, make sure that you can halt any single core, see that it does in fact pause the disk operation, and resume it. Again - you don’t want to halt for too long, so it might be necessary to script, or at least que up your commands in each tool. For example:
halt one core (via openocd or gdb)
start a timed disk read (‘time’ and 'dd` a single block - or even just a byte)
delay a short amount of time (but longer than the disk read should take)
resume the core
you should see the dd command takes longer than without halting the core.
Repeat this with each core to make sure you have some predictable behavior.
The next step is to figure out the relationship between the cores. You’ll want to extend your sequence a little bit:
halt one core (via openocd or gdb)
start a timed disk read (‘time’ and 'dd` a single block - or even just a byte)
delay a short amount of time (but longer than the disk read should take)
halt another core
resume the original core
delay a short amount of time
resume the additional core
By repeating this process, you should be able to determine a sequence to the processing that happens on the cores. You can also explore if there’s a difference between reads, writes, or even just disk information queries.
The information you gather isn’t going to tell you anything for certain, but it will give you a good hint about how the software is architected - something that would assist in deeper analysis if you go that direction.
Don’t forget that both case studies are intentionally very open ended. Depending on the context and scope, you might have been ‘done’ the moment you got JTAG - or you might only be ‘done’ when you’ve made a malicious modification to the drive’s firmware. Personally, i draw the line at reversing code - because it’s not my personal strength, though i know others love it (and teach it better than I could)
I understand that these steps are not always in scope, but this is an area that interests me a lot – what to do once I get access to something. So I’m trying to get to the point where I have an idea of whats happening.
I spent some more time working with this and still don’t feel like I’m getting a better understanding of what’s going on.
Here’s what I’ve tried:
timed dd read from the ssd (long enough to feel like I’m getting a consistent time, currently 5MiB)
halt corex, start read, wait 1s start corex
I repeat this for all cores multiple times
the resulting time is always 1s + a few ms longer than the base time
halt corex, start read, wait 1s, halt corey, start corex, wait 1s, starty
repeat for all combinations of cores
resulting time is always 2s + a few ms longer than the base time
halt all cores, start corex, start read, wait 1s, start corey, halt corex, wait 1s, start corez, halt corey, wait 1s, start all cores
repeat for all combinations of cores
resulting time is always 3s + a few ms longer than the base time (more than tests 2 & 3)
Tried doing some other combinations of things too. I still can’t seem to find a sequence of processing or relationship between the cores.
Your directions say to use transfers of 1 block or byte, but doing that I can’t differentiate the run-to-run variance between anything I’m doing. Same with doing shorter between steps.
I feel like I’m looking at the wrong thing or something, but don’t seem to be getting anywhere with my current approaches.