Cybergibbons 🚲🚲🚲 Profile picture
Andrew Tierney. Head of hardware. IoT hacker. Proud resident of Hounslow. Full on Alpha Male.
5 subscribers
May 18 16 tweets 5 min read
A quick comment thread on the NTSB prelim MV Dali report.

The ship had a pretty typical 6.6kV HV/440V LV power system.
Image
Image
They were operating with the HV bus-tie breaker closed. This is, as far as I know, totally normal on most non-DP (dynamic positioning) vessels. Image
May 3 7 tweets 2 min read
The UK mains electricity system in houses is a bit unique.

We have what is called a "ring main" where a large number of sockets are connected in a loop. The loop can provide 32A, but each individual plug can only do 13A.

So we have fuses in our plugs to limit current. Image The idea of these is that they limit the current to each thing you plug into your ring main. The plug/socket can only handle 13A and not 32A, so you need something to limit it.
Apr 28 15 tweets 3 min read
Found a really quirky route to the OT side of a ship this week.

The corporate machines were on the 10.0.73.0/24 range.

When ARP scanning on this network, I could see a host on 192.168.1.45 - odd.

So I set my IP to 192.168.1.123 and scan 192.168.1.45 - a Windows machine. It's called CHIEFPC and it's a HP.

Current corp machines are Lenovo. And not named by role.

I head down to the chief's office and find that his old HP machine is being used for the CCTV onboard the vessel - which is on 192.168.1.0/24.
Apr 9 5 tweets 3 min read
A thread of the variety of products on ships that allow remote monitoring of critical systems on ships.

Just really want to put to bed the idea that systems are always air gapped.

Kongsberg offer multiple systems allowing remote monitoring of ICMS.
kongsberg.com/globalassets/m…
Image Wartsila NACOS, another of the very popular ICMS, allows remote maintenance of their systems.

wartsila.com/docs/default-s…
Image
Apr 3 26 tweets 7 min read
I broadly agree with this thread, but there's a few aspects where I think the scale and magnitude of the issues on modern ships is maybe not clear.

The number of modern vessels that have all their critical safety systems air gapped is getting lower and lower. What do I mean by critical systems?

Steering (which, oddly, depends on the type of vessel)
Propulsion (which can be the same as steering)
Power management system
ECDIS (electronic charts, which may or may not directly impact navigation)
Mar 30 14 tweets 3 min read
Ships might be "wide open" to cyber attack, but in my opinion, this shows a lack of nuance around what is being attacked, what the impact would be, and if it would be stopped by the crew. I would say that IT security - the corporate stuff - in maritime is as bad as it can get.

Getting from IT to OT - operational technology, the actual moving bits - is much harder.

(or just to OT, direct, another topic)
Mar 29 21 tweets 6 min read
Another thread on container ships and how the power and steering systems *should* work when things go wrong.

This diagram is of a fairly typical containership's electrical distribution.

You have four main diesel generators (often called auxilliary engines). Image They are multi-MW in size and produce 6.6kV.

Picture from another ship BTW.

When you are maneuvering you need power and redundancy - so you will have 3 or 4 of these running and on the bus. Image
Mar 28 13 tweets 6 min read
What are the engine rooms like on these Panamax container ships?

They are quite big!

This is the top of the single main engine. It's a Sulzer 10RTA96C.

That's 10 cylinder, each 96cm across. With a 2.5m stroke.

These are just the exhaust valves. Image It's a slow-speed, two stroke diesel. Max speed is around 100rpm. Image
Mar 26 18 tweets 3 min read
The ship has a full blackout for over a minute before impacting the bridge, followed by a second shorter loss of power.

Just after the lights come back on, you can see heavy soot which would likely be one of the main diesel generators being brought up. A blackout at this point in time is about a worst case situation. You'd lose the rudder, main engine and bow thrusters, leaving you unable to do anything.

The 440V emergency generator would be first to start, but this would only restore power to the steering gear immediately. Image
Feb 24 24 tweets 9 min read
I've obtained one of these "EMP generators" that are intended to cause glitches in gaming machines, either for free gaming or to dump coins.

It's pretty odd.
Image
Image
Most prominent is the 3-pin device on top.

It's an NPN transistor for RF.

It's socketed and comes with a spare....
Image
Image
Jan 14 13 tweets 4 min read
I'm trying to decode some digital modes from an SDR and I think I've found the most capable but least user friendly software, ever.

Now, it is free. And it seems to be the best available. BUT OMG, the UI.

This is the config screen. Image Then you get the main RX/TX screen.

Can you spot the button you need to press to open the control of frequency? Image
Dec 18, 2023 24 tweets 4 min read
After the #FlipperZero threads, there's been a few people questioning the ethics and legality of these devices, particularly with respect to NFC cloning.

I think explaining some of the history of NFC security - particularly Mifare Classic - attacks might help. Image Mifare Classic cards are everywhere.

In the UK and US, most hotels and a very large proportion of commercial access control systems will use Mifare Classic.

We've known that they have serious security weaknesses in these cards for over a decade, yet they are still used. Image
Dec 17, 2023 22 tweets 6 min read
Onto another aspect of the Flipper Zero... and not really knowing what it does.

The Frequency Analyzer seems pretty opaque. When it works, it works, but under what conditions does it work? Image There is documentation, but it doesn't really explain any of the limitations.

docs.flipper.net/sub-ghz/read#b…
Dec 17, 2023 23 tweets 7 min read
I finally caved and bought a Flipper Zero.

Whilst it's useful, there's a fair few bits of it that aren't particularly well explained.

Let's start with the Mifare Classic reading!

What's it doing, and how is it doing it? Image There are two dictionaries stored on the SD card in the device - both in /nfc/assets/

mf_classic_dict.nfc (built-in dictionary)
mf_classic_dict_user.nfc (user dictionary) Image
Jan 21, 2023 61 tweets 17 min read
I'm looking at the VDDI-PROG and how it bypasses security mechansisms on many automotive microcontrollers. It's a nice device, in a good plastic case.

Double-sided board, no components on back.

Minimal silkscreen.

The 3V lithium cell is interesting - I'm not sure what needs backup.

No 32.768kHz crystal for an RTC and no real need.
Jan 20, 2023 6 tweets 1 min read
Remember: seek out those to troll, do not let them seek out you. Remember.
Jan 14, 2023 12 tweets 3 min read
How is your weekend going? I think I am going to get vanned.
Jan 12, 2023 17 tweets 7 min read
Trance songs that I like but also have really strange low budget videos.

Delerium - Silence AKA woman going for a run on a beach with her man but he can't keep up and they are both very serious.

Image Darude - Sandstorm.

Lady steals briefcase and weird chase starts with handguns.

Image
Jan 12, 2023 7 tweets 2 min read
The world of Chinese audio gear is so strange.

Here we have the Nobsound power supply, made by Douk.

NOBSOUND?

LOOK AT THAT FONT MIXUP. Image It has a 4-bit display. Image
Dec 13, 2022 11 tweets 4 min read
Ahead of the Emperor's Knew Cloves talk ending up on YouTube, it's worth showing some of the slides.

There have been persistent attempts to edit the What3Words Wikipedia page to suppress criticism. Image This resulted in the article being edited to misrepresent one of my tweets.

"Tierney admitted that three words are easier to remember and communicate than the alternatives"

The edit even linked to the tweet, and it said nothing of the sort! Image
Dec 6, 2022 12 tweets 2 min read
I've been reading a few books about espionage recently, and the harm it causes to both those deceived and the deceiver.

And I can't help but think back to physical access jobs I have done where I have manipulated or exploited people.

And I'm not sure it is healthy. I'd love to distance myself from what spys do, but the techniques I use are calculated and practiced.

It's not a few off-the-cuff lines delivered as me to gain access, it's normally a name, persona, clothing, props, speech, body language, and pre-text. None of it is truth.