mikerr
Posts: 2826
Joined: Thu Jan 12, 2012 12:46 pm
Location: UK
Contact: Website

Re: Which components of the Pi have writable firmware..?

Wed Oct 05, 2016 3:43 pm

SD card serial number:

Code: Select all

udevadm info -a -n /dev/mmcblk0 | grep -i serial
ATTRS{serial}=="0x2124178d"
Android app - Raspi Card Imager - download and image SD cards - No PC required !

User avatar
davidcoton
Posts: 5505
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK
Contact: Website

Re: Which components of the Pi have writable firmware..?

Wed Oct 05, 2016 3:46 pm

Still no-one has explained any credible security risk from having a serial number.
Wanting to change the serial number is getting even closer to trying to break the codec licensing.
The serial number can only be read by an outsider if they have already hacked all your security.
Just because the OP is paranoid, doesn't mean the world isn't out to him him/her.
After the postings here, add the CIA, MI6, GCHQ, and maybe several other acronyms to "the world".
Location: 345th cell on the right of the 210th row of L2 cache

W. H. Heydt
Posts: 13620
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Which components of the Pi have writable firmware..?

Wed Oct 05, 2016 3:52 pm

mfa298 wrote:
CarlRJ wrote:I've heard you can change what results are obtained when trying to read the serial number from the Pi by the application of a moderately heavy blow on the SoC from the rounded end of a ball-peen hammer. This will prevent anyone from reading the serial number in the future.
I believe you can also stop the serial number being read by removing all cables from the Pi, encasing it in a ton of concrete and then depositing that off the side of a container ship in the middle of the Atlantic.
Well...just removing *all* the cables and putting the Pi in a drawer would work almost as well. As a practical matter--for the more paranoid among us--keeping the Pi from being connected to any network would do the trick well enough for any situation where you can prevent physical access, and if you can't prevent that, there's not much you can do to protect the system, anyway.

Really, what this thread comes down to is usability against security. The more secure a system is, the less usable it is. In practice, there has to be a balance between the two. Where that balance lies is up to the individual Pi owner, or people the owner has to please.

kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 9:32 am

Original poster here.

Can I ask, at what point does your serial number ever get uploaded over the web..?

During the very first NOOBS / Raspbian installation..?

Or just when you try to buy a codec...?

Or some other time..?

Thanks

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2466
Joined: Thu Jul 11, 2013 2:37 pm

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 9:40 am

The serial number is required when purchasing a codec licence, as already explained.

As the user has complete control over what software is run on the ARM, uploading "over the web" or not is entirely at user discretion.
Rockets are loud.
https://astro-pi.org

mikerr
Posts: 2826
Joined: Thu Jan 12, 2012 12:46 pm
Location: UK
Contact: Website

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 9:47 am

kingneil wrote: Can I ask, at what point does your serial number ever get uploaded over the web..?
They are currently NEVER sent over the web.

You send your serial via email when purchasing a codec licence, and the key is then generated and emailed back to you.

http://www.raspberrypi.com/mpeg-2-license-key/

https://www.raspberrypi.org/blog/new-video-features/
http://thedigitallifestyle.com/w/index. ... pberry-pi/

It's not sent anywhere at any other time (or required for anything else AFAIK)
Android app - Raspi Card Imager - download and image SD cards - No PC required !

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 27438
Joined: Sat Jul 30, 2011 7:41 pm

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 12:47 pm

kingneil wrote:Original poster here.

Can I ask, at what point does your serial number ever get uploaded over the web..?

During the very first NOOBS / Raspbian installation..?

Or just when you try to buy a codec...?

Or some other time..?

Thanks
Just out of interest, what security issue/hole are you trying to fix? Serial numbers on any device have never been regarded as a security risk as far as I know.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

mutley
Posts: 61
Joined: Sat Jan 02, 2016 8:06 pm

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 2:50 pm

jamesh wrote: Just out of interest, what security issue/hole are you trying to fix? Serial numbers on any device have never been regarded as a security risk as far as I know.
There is no security issue/hole, but there is an anonymity issue. From the questions it seems the OP is either confusing security with anonymity, or trying to get anonymity information under the disguise of security.
kingneil wrote: Or even if it's not large enough to have a executable virus.. could it perhaps have some sort of identifier written into it, which ties the Pi to a given user, rather than a "random" serial number...? Perhaps a serial number that is slightly less random..?
kingneil wrote: Then, assume that you get around this by not stopping the device from being hacked... but instead, stopping the device from being tied to you.

For example, imagine using a Pi through a Tor-only router... Or using a Pi on a public open WiFi.
kingneil wrote:Original poster here.
Can I ask, at what point does your serial number ever get uploaded over the web..?
During the very first NOOBS / Raspbian installation..?
kingneil, It would seem to me that you are more interested in how a PI can't be tied back to an user, rather than security from a hacker / attack.

kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 7:25 pm

mutley wrote:kingneil, It would seem to me that you are more interested in how a PI can't be tied back to an user, rather than security from a hacker / attack
Correct.

I am not trying to stop the Pi itself getting hacked. Firefox has new exploits on a monthly basis. Chrome less often, but still enough.

It is about repeat hackings being tied back to a given serial number.

My security system obscures WHO you are by hiding behind a 2nd Pi on an Ethernet crossover cable running a Tor-only router... but doesn't attempt to hide WHAT you are doing.

Look at this: https://github.com/grugq/PORTALofPi

Or this: http://foolcontrol.org/?p=1853

But if the hacker can just obtain the unique serial number, then they can see it's the same user.

I personally would rather pay $10 extra to eliminate the serial number.. But I am only a single user.. $10 to me is a fish and chips.

But if Pi is being sold in bulk for education etc, I can see how the extra $10 would add up, especially in developing countries.

So I'm not trying to change Pi and get them to do things differently.... I am simply asking how it works.

I think I have a very good idea now.

Thank you everyone for the answers.

Heater
Posts: 16853
Joined: Tue Jul 17, 2012 3:02 pm

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 7:35 pm

Not sure I follow all this but...

Have you tried visiting https://amiunique.org from your crossover cable connected Pi and checked how well you can be tracked, even over HTTPS and with no serial number non-sense going on?

By the way, how on Earth does use of a cross-over cable change anything?
Memory in C++ is a leaky abstraction .

User avatar
rpdom
Posts: 17728
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 7:45 pm

Heater wrote:By the way, how on Earth does use of a cross-over cable change anything?
It reverses the polarity of the bits, making them impossible to trace. :lol:

Heater
Posts: 16853
Joined: Tue Jul 17, 2012 3:02 pm

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 7:59 pm

Ah, so if my computer sends anti-bits and your computer receives anti-bits nobody in between can read the packets.

Because when bits and anti-bits collide their computer explodes!
Memory in C++ is a leaky abstraction .

User avatar
rpdom
Posts: 17728
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 8:07 pm

Heater wrote:Ah, so if my computer sends anti-bits and your computer receives anti-bits nobody in between can read the packets.

Because when bits and anti-bits collide their computer explodes!
Yes, into little bits.

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2466
Joined: Thu Jul 11, 2013 2:37 pm

Re: Which components of the Pi have writable firmware..?

Thu Oct 06, 2016 8:57 pm

OP has his answers - even if gleaned in a completely roundabout way.

Locking before we end up firmly in tinfoil territory.
Rockets are loud.
https://astro-pi.org

Return to “General discussion”