Lab notes on decapping ICs with sulfuric acid

Recently, I've been working on setting up my lab for decapping ICs for the purpose of reverse engineering and future invasive attacks. Here are some notes from my initial round of using sulfuric acid to perform the decap.

DISCLAIMER: I am not trained as a chemist. This experiment is ...

more ...


TPM2-sealed LUKS encryption keys

Introduction

Recently, I upgraded my NAS machine and decided I wanted to set up full disk encryption with the disk encryption key sealed inside a TPM. This setup is very similar to Microsoft's BitLocker disk encryption. Just to make it more difficult for myself, I decided to use a ...

more ...

My First Rust Program - Dynamic DNS Updater

I recently needed a dynamic DNS updater client. Being rather unsatisfied with the existing ones, I decided to write my own in Rust. This is the first actual Rust program I have written. If you attempt to use this on your own machine, do be aware that it has very ...

more ...


Yet Another Let's Encrypt ACME Client

A while ago, I wrote (but forgot to document) Yet Another ACME client in Python. You can see the code for this client here.

ACME is a protocol invented by the Let's Encrypt project for automatically requesting TLS certificates from a certificate authority. Other website describe both the protocol ...

more ...

The failure of "one post a day"

As is obvious from the lack of posts, I have more-or-less given up on the idea of writing one blog post per day. Often, I don't accomplish enough work to write a detailed, thorough blog post. Instead of cluttering this blog with short snippets, I have decided to move ...

more ...

Catch-up post for the last week

Unfortunately, I have failed to write a blog post on any day for the entirety of last week. This is a catch-up post to show off what I have not done. I spent the 4th and 5th out with friends. Before that, I:

  • did a number of uninteresting sysadmin-type tasks ...
more ...

Jenkins proxied behind nginx with TLS client certificates

I just finished reinstalling Jenkins on my server. The reason for reinstalling Jenkins is to move it inside an LXC container. Hopefully, this will result in a reduced attack surface as well as making it easier to keep track of the global state needed to build my projects.

I use ...

more ...