Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 14:00
    henriquejourdan opened #267
  • Jan 21 14:15
    ondrej1024 commented #210
  • Jan 21 14:07
    Pogman commented #210
  • Jan 21 08:13
    ondrej1024 commented #210
  • Jan 21 07:21
    mortlind commented #210
  • Jan 20 22:04
    ondrej1024 commented #210
  • Jan 20 17:20
    mortlind commented #210
  • Jan 20 17:19
    mortlind commented #210
  • Jan 20 17:18
    mortlind commented #210
  • Jan 20 17:17
    mortlind commented #210
  • Jan 20 16:59
    Pogman commented #210
  • Jan 20 14:56
    Pogman commented #210
  • Jan 20 14:56
    ondrej1024 commented #210
  • Jan 20 14:51
    ondrej1024 commented #210
  • Jan 20 13:30
    mortlind commented #210
  • Jan 20 13:22
    Pogman commented #210
  • Jan 20 07:40
    ondrej1024 commented #210
  • Jan 17 06:06
    JesseEN opened #266
  • Jan 12 19:29
    Pogman commented #172
  • Jan 10 20:44
    jothi1971 commented #172
Pogman
@Pogman
I run 24/7/365 without a bother using the stripped down CNL above
marcuspatzner
@marcuspatzner
yeah, i mean it is a solution but not for everybody, i.e. requires to do it yourself etc. not plug and play etc
like what we think is
have a way to basically "plug-and-play" with some custom hardware to upload data
so fathers of children can look at it remotely
and control it
without it being a big haslse
Pogman
@Pogman
You can't make a device that is made for people without FDA approval or being sued
You can design something that people can then diy fro parts
marcuspatzner
@marcuspatzner
hm i see
yeah we were unsure about sued part
(been considering jurisidications, etc) - but major issue first would be the problem at hand
interacting via OTA with pump
but bottom line if I understand correclt
y, does it mean that it is basically less required on man power (i.e. embedded developers/reverse engineers working on it, but more on actual vulnerability existing?)
like my understanding of it all is somewhat limited really (sorry), just learning about it for some days since it was a topic irl and wondering feasibility
like if we ignore any legal, etc. topics for now
like, if we post a bounty of $10k or something do you think it would help figuring out the OTA encryption, or is it more random/just have to hope people find a vulnerability in the firmware code?
marcuspatzner
@marcuspatzner
(one thing we also considering is using like tiniest android phone with otg cable to connect and then upload data to cloud etc)
but we got that and it is still kinda cumbersome
Pogman
@Pogman
You would probably be looking at bounty of 50K+ and lots of access to hw pumps meters and so on. Firmware code is locked in the chip and not accessible unfortunately.
marcuspatzner
@marcuspatzner
ah uff
yeah we have access to hw pump meters etc and could provide, firmware code cannot be dumped at all?
Pogman
@Pogman
nope it's all been tried
marcuspatzner
@marcuspatzner
:(
so it is many pumps, meters etc (probably ~50k worth?) and also ~50k bounty minimum to even have a chance
damn
considering code cannot be dumped, it means someone would have to analyze the chip some other way or
(not even sure how to describe... like analyze it with a microscope? lol)
or to bruteforce encryption which based on encryption is not feasible
right?
Pogman
@Pogman
bruteforce is feasable... how much time you got ;)
marcuspatzner
@marcuspatzner
haha
and computing power :(
Pogman
@Pogman
yep
marcuspatzner
@marcuspatzner
so those are only two ways right? crazy magic analysis of the chip and brute force and pray
(just trying to wrap my head around it)
like my background is in reverse engineering for windows mostly, zero clue about anything else
and magic analysis would be crazy amount of time required?
Pogman
@Pogman
You can look through the chat on https://gitter.im/medtronic-flash/Lobby for some more info on what's been done
marcuspatzner
@marcuspatzner
thanks for link!
janhuizenga
@janhuizenga
Hi, all. I'm new in Gitter and probably ask the wrong things but I was wondering if someone was able to install this software on a Raspberry zero? I found some messages in this thread about Raspberry Zero only the solution to his problem was (I have the same problem, usb driver issue it seamed) not clear to me.
janhuizenga
@janhuizenga
By installing some extra packages on the raspberry zero I did manage to make this project run.
I hoped I could upload my sensor readings to NighScout with this project. Sorry, I did not read the everything.
ksar298
@ksar298
Hi
Just something from the top of my mind, what about mechanical hacking similar to the first Remote Vehicle to interpret the inputs.
so we can enumerate the clicks on cnl keypad through input/inject circuit directly in response to what comes on the screen as preset basal for example. Or more advanced a RPi3 that can get the feed of the display and act as AI to translate the required inputs to key press
i think this is pretty simple than cracking the AES keys
ksar298
@ksar298
Check this prototype