The Google H1 Fritz Chip.

Edit (January 2023): This machine is long out of print, but NSA lackeys continue to spread “squid ink” regarding the supposed harmlessness of its Fritz chip. So, for the thick: Yes, it’s a backdoor. The CR50 bypasses any user-installed OS, and can extract arbitrary secrets from disk and memory (or silently implant “incriminating” info) via […]

The secret of the "Debug Accessory Mode" Adapter.

The exact internals of Google’s proprietary “Suzy-Q” debugging device are, at the time of this writing, unknown. However, I have found how to make an apparently-compatible device: We connect the USB-C “business end” into a Asus C101PA machine; the USB-B end into a reasonable Linux PC, where we then: echo 18d1 5014 > /sys/bus/usb-serial/drivers/generic/new_id …and […]

Open Problem: "Debug Accessory Mode" on the Asus C101PA

Edit #2: Aaaand it’s solved: echo 18d1 5014 > /sys/bus/usb-serial/drivers/generic/new_id triggers creation of /dev/ttyUSB0 … 5 , several of which spew console log… Example spew on boot. (Looks like RK’s UART..?) Edit: apparently they’re USB lines! When connected as D-/D+ through a USB B-connector, to a Linux box, we get a device that enumerates with […]

Open Problem: Forcing MaskROM Mode on the Asus C101PA

The Asus C101PA is based on a Rockchip RK3399. These have a “maskrom mode”, where if the SPI EEPROM is disabled, the chip will attempt to boot from other devices: first, NAND flash, then microSD, and then finally a USB debug mode where you can attach a A-A cable and use the rkflashtool utility to […]