
From China, With Love - conductor
http://devttys0.com/2013/10/from-china-with-love/
======
pasbesoin
As a perhaps unnecessary (for HN) reminder: This is a primary reason that
"anti-circumvention" legislation, that "outlaws" e.g. decompiling and/or
reverse engineering (1) machine code in proprietary devices (in this case, for
research purposes), needs to be permanently put down.

Without examination, existing circumstances repeatedly demonstrate that we
more than a bit likely to be subjected to hidden weaknesses and exploitations
we are uninformed about and have not agreed to.

\----

(1) decompilation/reversing, as in the referenced, recent D-Link case, or
perhaps even simple extraction of a compressed fileset

~~~
throwawaykf
The DMCA Anti-circumvention clause explicitly makes an exception for "security
testing" and "encryption research", amongst others. Search for those terms on
this page:

[http://www.law.cornell.edu/uscode/text/17/1201](http://www.law.cornell.edu/uscode/text/17/1201)

I am no law scholar, but I get the impression that, in general, reverse
engineering and research are exempt from most forms of IP protection (which is
what the DMCA is).

~~~
Dylan16807
Except that as far as I know you can't share most of what you learned with
anyone else.

~~~
throwawaykf
As far as the text of the DMCA goes, the only restrictions on sharing what you
learned are if that sharing could facilitate copyright infringement rather
than advance knowledge or security. I can see how that could be a bit hazy in
some cases, but certainly should not apply to cases like this one.

------
olalonde
Strangely, the whole GoAhead code including the backdoor seems to be on
Github:
[https://github.com/socoola/yhrouter/blob/master/user/goahead...](https://github.com/socoola/yhrouter/blob/master/user/goahead/src/goahead.c#L969)

~~~
justincormack
I filed an issue, see what happens. Unclear if this code is a legit copy...

------
adjwilli
This was interesting but the title "From China, With Love" seems descriptively
weak and unnecessarily confrontational, as if somehow the Chinese government
were to blame for one router manufacturers backdoor.

~~~
tptacek
* Chinese intervention and even ownership of its local industries is a well-known phenomenon. You can't on the one hand believe that NSA --- err, Clyde Frog --- is strongarming US Internet companies into complying with court orders while at the same time seriously suggesting that Chinese manufacturers are independent of the Chinese state.

* How much do we know about Shenzhen Tenda? All I could find in 5 minutes or so of research is that it's the result of the efforts of D.P. Quan to provide networking and enrich the lives of all people through, IIRC, excellence.

* China has a very well-established, well-attributed track record of attacking the tech infrastructure of the rest of the world, and does so through proxy organizations.

* A very blatant backdoor with minimal tech support value is something that is more valuable to a state than to a random tech company.

~~~
est
US gadgets have backdoor - blame the bad programmers

Chinese gadgets have backdoor - evil Communist country making a grand scheme.

~~~
mintplant
Ever since the Snowden situation began every security issue related to the US
has invited comments suggesting the NSA might be involved. I don't see your
point.

------
kayoone
"One teensy-weensy, but ever so crucial little tiny detail is that the
backdoor only listens on the LAN, thus it is not exploitable from the WAN"

mh, so not really phoning home is it ? I thought this was pretty interesting
until i read that..thats a pretty minimal security risk.

~~~
tptacek
It also means that any bit of unprivileged clientside malware an attacker can
get onto your machine might be able to use the bug as a pivot, first to your
whole network, then potentially back to a more privileged place on your
machine.

~~~
kayoone
True, however we are talking about a $30 consumer router. Most people using
something like that have alot of other security flaws to worry about (but
usually dont) and arent that interesting as an attack target to hackers
anyway.

Anyone with a "whole network" who remotely knows what hes doing wont be using
a router like that one.

~~~
sillysaurus2
_Anyone with a "whole network" who remotely knows what hes doing wont be using
a router like that_

Which router would he use?

~~~
kayoone
Probably a enterprise grade router if its a bigger/corporate network or
something halfway decent that supports OpenWRT

------
zenocon
This is why I've replaced all my home network gear's firmware with
[http://www.dd-wrt.com/site/index](http://www.dd-wrt.com/site/index)

~~~
mentat
I've found openwrt to be quite superior, especially config and packet
management.

~~~
swatkat
Also, if you're looking for open-source firmware for 3G/4G USB-enabled
routers, then check out ROOter. ROOter is based on OpenWRT, and supports most
of the popular routers and 3G/4G USB dongles.

[http://ofmodemsandmen.com/supported.html](http://ofmodemsandmen.com/supported.html)

------
taralx
How many other embedded systems on our networks have these backdoors? As the
number of important devices (Nest, I'm looking at you) on my home network
increases, so does my risk profile.

~~~
eob
I used to do R&D for the US defense industry. Three years back I was catching
up with a friend from that industry and asked what they're up to these days.
Her answer? Hacking into connected appliances (furnace, video games, espresso
machines, etc) with the goal of turning them into listening devices, making
them explode or catch fire, or otherwise malfunction.

If you can dream up a sick way to mess with people, odds are there is a
government somewhere funding research into it.

~~~
Cthulhu_
You call it a sick way to mess with people, governments will refer to it as
cyberwarfare. I'd say that the US / Israel's attacks on the Iranian uranium
enrichment facilities (Stuxnet) was just a tame and reserved trial, and that
most modern countries have plans in place that will unleash a devastating
cyberattack on loads of internet-connected devices.

I'd say routers are particularly vulnerable, if only because they are smart
(Linux) machines, but in most cases users will never check them for anything
odd going on. As this article shows, it takes but a simple command for them to
execute stuff, and given how Linux is a general purpose OS, they could install
and perform any kind of task - like install backdoors and whatnot on the PC's
behind the routers, which can then in turn be disabled or used in a massive
botnet to perform a DDoS or other attacks on other systems.

Just think about the implications of there being a backdoor in every internet-
connected computer system, or the consequences of all-out cyberwar.

~~~
dsrguru
A senior VP of a prominent credit card processing company in the US told me
that he fields an average of 200,000 attacks originating from Chinese and
Iranian IP addresses every day. Governments having backdoors everywhere would
be terrifying.

------
w1ntermute
Off-topic: does anyone know what software was used to make graphics like
[http://www.devttys0.com/wp-
content/uploads/2013/10/recvfrom....](http://www.devttys0.com/wp-
content/uploads/2013/10/recvfrom.png) ?

~~~
paraxisi
It's a feature in IDA.

~~~
tptacek
You can get even better graphics out of Hopper.app, which is a great little
program. Hopper will even do a decent first-pass conversion from assembly back
to C.

~~~
conductor
Yet IDA Pro is much more mature and feature-rich, and it has become an
industry standard. I wish there was an open-source alternative.

~~~
tptacek
We use both, but when I can get away with using Hopper, I try to, because the
UI is nicer, the program feels faster, and the Python extension interface is
built right in.

Disassemblers are a good target for open source development. They're
commercially valuable only for a very small subset of users, and the market
leader is terribly mispriced relative to the value it provides, which drags
the whole commercial market for them down.

~~~
X-Istence
Not only are they terribly mis-priced, it is very difficult for people that
are not in the security industry but have an interest in reverse engineering
to get access to the software because the author won't sell to them.

------
eliteraspberrie
Perhaps it's time for an open-source router. Does one exist? I would support a
crowd-funded ADSL router.

~~~
fiatmoney
There's DD-WRT, and of course a ton of free routing software. But I think you
mean open source hardware, which would be very difficult, considering the need
for high-performing ethernet hardware and the like.

~~~
daurnimator
Have you looked into Snabb Switch? (
[https://github.com/SnabbCo/snabbswitch/wiki](https://github.com/SnabbCo/snabbswitch/wiki)
)

------
kuchaguangjie
In china, I think TP-link is much better than D-link and Tenda, Tenda is just
rubbish, it's not easy to use, TP-link is much easier to use, but I am not
sure does it have backdoor.

~~~
est
search for backdoor keyword

userRpmNatDebugRpm26525557

------
happywolf
Hey, I guess PRISM belongs to China, too!

