korisnik
Posts: 9
Joined: Mon Dec 28, 2015 3:21 pm

Total Refresh

Mon Dec 28, 2015 3:27 pm

How to make your raspberry like new like it waz just bought?
I am talkinga about cleaning all RAM, Flashing ROM, cleaning all EPROM and and flashing ARM Cortex-A7 CPU...
Bascily is it possible to make it like it waz newer used?

User avatar
rpdom
Posts: 17451
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Total Refresh

Mon Dec 28, 2015 3:46 pm

korisnik wrote:How to make your raspberry like new like it waz just bought?
I am talkinga about cleaning all RAM, Flashing ROM, cleaning all EPROM and and flashing ARM Cortex-A7 CPU...
Bascily is it possible to make it like it waz newer used?
Turn off power and remove the SD card. That's it.

There are no EPROMs or anything to flash. Everything is on the SD card.

korisnik
Posts: 9
Joined: Mon Dec 28, 2015 3:21 pm

Re: Total Refresh

Tue Dec 29, 2015 12:17 am

rpdom wrote:
korisnik wrote:How to make your raspberry like new like it waz just bought?
I am talkinga about cleaning all RAM, Flashing ROM, cleaning all EPROM and and flashing ARM Cortex-A7 CPU...
Bascily is it possible to make it like it waz newer used?
Turn off power and remove the SD card. That's it.

There are no EPROMs or anything to flash. Everything is on the SD card.
You sure? There is RAM but it shoud empty auto on poweroff... So you telling me there is nothing recoreded on it? Shoudent there be some stuff in graphic part or ARM ?

User avatar
davidcoton
Posts: 5192
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK
Contact: Website

Re: Total Refresh

Tue Dec 29, 2015 12:27 am

Almost nothing. AIUI, there is some "write once" memory, for things like serial number and for detecting if you have overclocked/overvolted enough to void the warranty. Obviously you can't reset that.

What specifically are you concerned about? The alternative is, see what is stored that you want to remove. Wipe the card, re-install the OS. Reboot and look for what should be gone. If it has gone, good. If not, we'll all scratch our heads to wok out why not.
Location: 345th cell on the right of the 210th row of L2 cache

korisnik
Posts: 9
Joined: Mon Dec 28, 2015 3:21 pm

Re: Total Refresh

Tue Dec 29, 2015 3:37 pm

davidcoton wrote:Almost nothing. AIUI, there is some "write once" memory, for things like serial number and for detecting if you have overclocked/overvolted enough to void the warranty. Obviously you can't reset that.

What specifically are you concerned about? The alternative is, see what is stored that you want to remove. Wipe the card, re-install the OS. Reboot and look for what should be gone. If it has gone, good. If not, we'll all scratch our heads to wok out why not.
I am concerned about hardware mailwere like those for PC where somone can inbed bad stuff in your graphic card memmory, bios and similar..
Write once memory is it accesable only from outiside with hardwere?

User avatar
rpdom
Posts: 17451
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Total Refresh

Tue Dec 29, 2015 4:15 pm

korisnik wrote:I am concerned about hardware mailwere like those for PC where somone can inbed bad stuff in your graphic card memmory, bios and similar..
Write once memory is it accesable only from outiside with hardwere?
You don't need to worry about that. The Write once memory does not contain any code. It can be set once by special code to set the serial number and a few other settings when the Pi is made. After it is programmed it cannot be changed. There is one bit that can get set by the firmware if too high overvolt and overclock settings are used. Again, once set, that cannot be cleared.

There is no BIOS, graphic card memory or similar. The only memory on the Pi is the RAM which loses everything when power is turned off. The only code in on the board is a small bootloader which is hard-coded into the chip and cannot be changed. That contains just enough code enough to read the SD card and get the boot code from it.

ejolson
Posts: 5636
Joined: Tue Mar 18, 2014 11:47 am

Re: Total Refresh

Tue Dec 29, 2015 6:02 pm

korisnik wrote:I am concerned about hardware malware like those for PC where somone can embed bad stuff in your graphic card memory, bios and similar..
Write once memory is it accessible only from outside with hardware?
From what I understand, the GPU boots the Pi and therefore must contain some bootstrap program that loads and starts execution of an image from the sdcard. The sdcard itself also contains a microcontroller to handle sector mapping and wear leveling. There have been some examples of changing the microcontroller firmware on an sdcard, which could be used to bypass standard security measures. However I've never heard of the bootstrap code in the GPU being changed.

A general rule on security is that once a sufficiently valuable collection of data has been made, then any interested and well-funded organization will obtain it, whether acting outside the law or with its protection. While many governments and corporations create large collections of valuable data, very few individuals do. Unless you are a politician, advisor to a politician, military general, corporate CEO, famous celebrity or an engineer using the Pi to control a nuclear reactor, then reformatting the sdcard with a new version of Raspbian and changing the default passwords should be sufficient to remove all malware.

As you are likely aware, the chances of lower value IT targets being compromised through changes to firmware are more likely as the number of devices with changeable firmware goes up. While sufficient for now, simply reformatting the sdcard may not be enough in the future.

korisnik
Posts: 9
Joined: Mon Dec 28, 2015 3:21 pm

Re: Total Refresh

Wed Dec 30, 2015 4:36 pm

OK i am making Raspberry Pi Ray of Doom and i want to be secure cuz i dont want anybody to use it to cut the earth in half....

So can i somehow reload firmwere of sdcard slot (guessing you were talking about SD CARD slot/controler on board of RPi cuz my SD CARD cant be compromised)?

Thats why i wanted to flash arm chip with defaults just to be sure to clear GPU memmory

W. H. Heydt
Posts: 13057
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Total Refresh

Wed Dec 30, 2015 4:56 pm

korisnik wrote:OK i am making Raspberry Pi Ray of Doom and i want to be secure cuz i dont want anybody to use it to cut the earth in half....

So can i somehow reload firmwere of sdcard slot (guessing you were talking about SD CARD slot/controler on board of RPi cuz my SD CARD cant be compromised)?

Thats why i wanted to flash arm chip with defaults just to be sure to clear GPU memmory
No...he's talking about the actual SD card. It has internal circuitry for reading and writing data (flash memory is organized in pages and you read or write an entire page at once) and for moving pages of data around to keep the usage of each page more or less even, since flash memory has a limited number of times it can be written before it fails.

Heater
Posts: 16338
Joined: Tue Jul 17, 2012 3:02 pm

Re: Total Refresh

Wed Dec 30, 2015 5:24 pm

If a compromised SD worries you then just smash it and get a new one. This is amazingly unlikely to happen but it cures paranoia.

After that your Pi is as good as new. Save those one time programmable bits. One or more of those gets set if you select dangerous over volt and/ or over clock modes. No going back then.

I guess it's possible that some malware might have tweaked those bits, if that worries you just smash the Pi and get a new one :)
Memory in C++ is a leaky abstraction .

ejolson
Posts: 5636
Joined: Tue Mar 18, 2014 11:47 am

Re: Total Refresh

Wed Dec 30, 2015 7:26 pm

korisnik wrote:OK i am making Raspberry Pi Ray of Doom and i want to be secure cuz i dont want anybody to use it to cut the earth in half....
Heater wrote:If a compromised SD worries you then just smash it and get a new one. This is amazingly unlikely to happen but it cures paranoia.
As builder of the Pi Ray of Doom you have now been identified as a high value IT target, and chances are that every new Pi, sdcard and Raspbian image you receive will come with Earth-slicing malware preinstalled. On the other hand, if the microcontroller on your current sdcard really has been compromised, then it is better to donate it to an antivirus company instead of smashing it. For better security I would suggest the Pi Ray of Doom not be an IOT connected device.

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: Total Refresh

Wed Dec 30, 2015 7:55 pm

I feel paranoia is difficult to cure.

It's sometimes not because lack of knowledge, but lack of trust. Maybe it's always about trust from the very beginning.

I've just tried set up a proxy far away(real distance, should imply hop either) from a Windoz guy. He can't reach his bandwidth speed via the proxy.
His TCP window scaling hint was "restricted".
So I told him to enable TCP window scaling to "normal" or "experimental", enable ECN, and enable RFC 1323 timestamp.

However, after reboot, he's browser refuse to work with proxy. I mean, it works with plain connection, not socks5.
He is so scared and just "netsh winsock reset" everything.

After that, the ECN and RFC 1323 timestamp back to "disabled". Luckily TCP window scaling is still in "normal".
He was so happy with it, and just don't care what I say anyway.

I told him: It's just like a water tube, when the tube is long, you need pump more water into it to fill it up, however the default setting maybe not pumping enough water.

But I just got ignored. He already abandoned thinking, and devote all his faith to M$ default.
Luckily, "netsh winsock reset" didn't kill TCP scaling hint.

korisnik
Posts: 9
Joined: Mon Dec 28, 2015 3:21 pm

Re: Total Refresh

Wed Dec 30, 2015 11:13 pm

I expected that if i tell that i am asking this cuz mailwere i will get zilion responses thet are not answers just troling me about being paranoid. Duno if thats bad or not but i am perfectionst and if i can do somthing why not do it and be more secure if i can?

So if only SD CARD itself can be compromised, that is a eazy fix.... Cant i just attach some wires to ARM or whatewer memmory chips to clean/restore to default those?

User avatar
DougieLawson
Posts: 39618
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Total Refresh

Wed Dec 30, 2015 11:41 pm

korisnik wrote:Cant i just attach some wires to ARM or whatewer memmory chips to clean/restore to default those?
There is NOTHING stored in your ARM processor or the GPU. There's no interface to write to any non-volatile memory. Once that memory is written in the factory it NEVER changes (give or take the warranty bit).

So you are tilting at windmills and worrying about something that is NOT an issue.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

W. H. Heydt
Posts: 13057
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Total Refresh

Thu Dec 31, 2015 12:00 am

korisnik wrote:I expected that if i tell that i am asking this cuz mailwere i will get zilion responses thet are not answers just troling me about being paranoid. Duno if thats bad or not but i am perfectionst and if i can do somthing why not do it and be more secure if i can?

So if only SD CARD itself can be compromised, that is a eazy fix.... Cant i just attach some wires to ARM or whatewer memmory chips to clean/restore to default those?
There is the "write once" memory, which is minimal. Note that "once" part. The RAM (system and graphics memory) is DRAM. That is, it must go through refresh cycles to retain what is stored there. Remove the power and within less than 10 seconds (probably less than 1 second with modern DRAM), it contains *nothing*. So...an unpowered Pi without an SD card has no information stored and *cannot* contain malicious code (or any other code, either).

Now as for the SD card... Pretty much the only malicious thing done with SD cards is to make them look like they are bigger (more capacity) than they really are. This is done by unscrupulous people to sell such cards for more than they would fetch if they had the higher capacity. So long as you stick with reputable suppliers, this won't be a problem. *And* such cards don't contail malicious code, in the usual sense. They just lie to you.

The vulnerable areas are: The download site from which to get Raspbian and the programs you use to write Raspbian onto the SD card. *In*theory* someone could either put up a malware-infected image, or create a CD imager program that inserted malware. But note...in order to add malware to an image being written, the bad guy would have to know that the program was going to be used to write specific images to the card. For there to be an infected image, someone would have to build the image *and* get it substituted in place of a clean image. Both of those scenarios are extremely unlikely, since there are vastly easier ways to infect a Pi.

There is a joke (from before Linux existed) about a virus that would infect a unix system. You get an e-mail that says "Please run this program."

Unless you're a really big target to a group that is very, very skilled, you have nothing to worry about. Just take normal security precautions and you have nothing to worry about.

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: Total Refresh

Thu Dec 31, 2015 12:09 am

korisnik wrote:Cant i just attach some wires to ARM or whatewer memmory chips to clean/restore to default those?
My textbook told me a computer has 5 parts: Controller, Processor, Memory, Input, Output.

ARM CPU is the Controller and Processor. Not the Memory.

So even if I want to erase/restore some memory, I won't wire to ARM CPU.

Maybe text books differ anyway.

On Pi, the SD card is the Memory that initialize the system. You plugged it out. The Pi can't form a program execution environment.

QuietZone
Posts: 89
Joined: Sat Dec 05, 2015 7:13 pm

Re: Total Refresh

Thu Dec 31, 2015 1:06 am

I have a question for the OP. Your dialect fascinates me. It's obviously not English, but I'm uncertain as to its origin. Do you speak (type) that way on purpose in order to sound like a hip, cool SMS kid, or did it come from some country of which I am unaware.

I'm really curious, and would really appreciate it if you could help me out here.

Note, BTW, that your original question has been answered and so that part of this thread is over and done with. We might as well go ahead an explore new territory on this thread.
"If you haven't got anything nice to say about anybody come sit next to me." — Alice Roosevelt Longworth

User avatar
DougieLawson
Posts: 39618
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Total Refresh

Thu Dec 31, 2015 1:14 am

allfox wrote:
korisnik wrote:Cant i just attach some wires to ARM or whatewer memmory chips to clean/restore to default those?
My textbook told me a computer has 5 parts: Controller, Processor, Memory, Input, Output.

ARM CPU is the Controller and Processor. Not the Memory.

So even if I want to erase/restore some memory, I won't wire to ARM CPU.

Maybe text books differ anyway.

On Pi, the SD card is the Memory that initialize the system. You plugged it out. The Pi can't form a program execution environment.
Wrong!

The SDCard is the long term storage, it's the equivalent of a hard disk on any other computer and is connected on an input/output device. There's either 256MB, 512MB or 1GB of random access memory (RAM) which is tightly coupled to the processor.
Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: Total Refresh

Thu Dec 31, 2015 2:45 am

DougieLawson wrote:The SDCard is the long term storage, it's the equivalent of a hard disk on any other computer and is connected on an input/output device. There's either 256MB, 512MB or 1GB of random access memory (RAM) which is tightly coupled to the processor.
Let's talk about our understanding of the universe. :)

I would defense myself.

I think the Controller, Processor and Memory could form a computing environment, however, it couldn't influence the outside world, nor it could see outside world. It would be a closed system that the human nor network could influence its inside nor see its inside either.

The different point between the IO device and Memory is whether they could interact the outside world. IO device is able to interact with the outside, Memory couldn't.

Normally, we couldn't toggle bit on hard disk by hand, nor we could see those bits. We would need some telescope to observe those bits, which is monitor. And we need some kind of agent to make change on them, which could be keyboard or network.

You might say, we could install a new storage device to the computer. However, that means the system itself is changed, it's not the original system. And the new system is another closed system.

A computer system with IO device would be a open system.
The difference between a closed system and a open system is that the information in a closed system would reach a stable state in finite future, a open system won't. We outside world could keep the change on information going in the computer universe by supplying new information. If we don't do so, it would become stable sometime later.

It's like the physical universe, a closed physical system would meet heat death, while a open system could have new energy or material to supply the entropy.
In computer universe, information could mapping to energy and material, algorithm could mapping to entropy. An algorithm must end in a finite time, so is the entropy would only grow up.

The SD card, which we can't directly interact with, is a Memory.
With it plugged into a Pi, Pi could boot up and execute predefined process, but this process would make the whole Pi system into a stable state in finite future.
Unless we use the USB keyboard or Ethernet to give it some new information.

ejolson
Posts: 5636
Joined: Tue Mar 18, 2014 11:47 am

Re: Total Refresh

Thu Dec 31, 2015 2:49 am

W. H. Heydt wrote: Both of those scenarios are extremely unlikely, since there are vastly easier ways to infect a Pi.
While the chances that a room full of monkeys with typewritters would produce the complete works of Shakespeare might seem unlikely, the odds change dramatically if one of the monkeys is, in fact, William Shakespeare. When there is a security hole in a computer system, the resulting danger is not from people doing random things. If someone decides to exploit a security hole, then with 100% certainly it is exploited. It doesn't matter how likely the event would otherwise occur.
Last edited by ejolson on Thu Dec 31, 2015 6:15 am, edited 3 times in total.

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: Total Refresh

Thu Dec 31, 2015 3:19 am

It comes to my mind that, while the physical universe particle has an Uncertainty principle out there, the computer's memory has finite bit states, and can be known accurately.

Is that means
1 What could a computer system do is finite.
2 More memory, more things could a computer system done.
?

User avatar
Shoka
Posts: 147
Joined: Sat Jul 12, 2014 8:35 pm
Location: Manchester, UK

Re: Total Refresh

Thu Dec 31, 2015 8:53 pm

To the best of my knowledge the Pi itself contains nothing that can survive a power cycle.

The SD card however....

http://www.bunniestudios.com/blog/?p=3554
Cheers Harry

korisnik
Posts: 9
Joined: Mon Dec 28, 2015 3:21 pm

Re: Total Refresh

Fri Jan 01, 2016 11:46 am

Shoka wrote:To the best of my knowledge
half of you are just troling me if you not informed dosent mean you are right
here an exaple of USB firmwere compromised
http://www.extremetech.com/extreme/1914 ... sb-devices
so guessing if somone writed custom USB microcontroler firmwere i am guessing that can be done for alot of other microcontrolers
Thats why i am asking can i somwere get all default firmwere and wire flash it back ?

User avatar
rpdom
Posts: 17451
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Total Refresh

Fri Jan 01, 2016 1:05 pm

korisnik wrote:
Shoka wrote:To the best of my knowledge
half of you are just troling me if you not informed dosent mean you are right
here an exaple of USB firmwere compromised
http://www.extremetech.com/extreme/1914 ... sb-devices
so guessing if somone writed custom USB microcontroler firmwere i am guessing that can be done for alot of other microcontrolers
Thats why i am asking can i somwere get all default firmwere and wire flash it back ?
If anyone is trolling, it is you. We've given you the answers but you won't listen.

THERE IS NO FIRMWARE STORED IN THE PI.

Everything (other than the hard-coded fixed initial boot code) is on the SD card and you can wipe the card and start again.

Yes, people can hack firmware on USB devices like mice and memory sticks and keyboards and hubs. Guess what? The Pi isn't one of those devices.

User avatar
davidcoton
Posts: 5192
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK
Contact: Website

Re: Total Refresh

Fri Jan 01, 2016 1:06 pm

korisnik wrote: Thats why i am asking can i somwere get all default firmwere and wire flash it back ?
It's all on the card. Just because you don't like (or don't believe) the information you are given, doesn't make it wrong.
Even if we are all wrong, there is no known method to re-flash the Pi itself. There are no components that contain flashable memory.
Please stop arguing your case unless you can demonstrate that there is rewritable software on the Pi. You seem to be in a minority of one. While that doesn't mean you are wrong, you need stronger evidence to make your case.
Location: 345th cell on the right of the 210th row of L2 cache

Return to “General discussion”