I should patent cryptographically secure keyboard hardware and then refuse to license the patent
Conversation
Notices
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 07:47:52 JST 
Foone🏳️⚧️
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:16:16 JST
Foone🏳️⚧️
@lostdoco it's less "patent trolling" and more "if I patent it before some other asshole, I can make sure it doesn't get used for evil, by simply making sure it doesn't get used period"
-
lostdoco (lostdoco@aus.social)'s status on Thursday, 26-Dec-2024 09:16:17 JST 
lostdoco
@foone the "patent trolling " era of foone lore
-
forza4galicia (forza4galicia@digipres.club)'s status on Thursday, 26-Dec-2024 09:23:44 JST 
forza4galicia
@foone Well...or, even better, let it be free/libre open source, or, like you say, don`t license it, but...probably, a overmonetized company or corporation can re-patent it saying that is something different, where it is the same.
Then, if you make it Free/Libre/OpenSource/Hardware, it can be reused by all companys and repatent effect is far less efective. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:38:34 JST
Foone🏳️⚧️
@forza4galicia No, this isn't about a good idea I want to keep using for good: This is a bad idea I want to stop from being a thing: I don't want anyone to use it. licensed or otherwise.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:39:29 JST
Foone🏳️⚧️
the moment I plug in a keyboard to any kind of computer and the computer goes "sorry that's not a Secure Input Device, you can't use this for passwords or whatever", that computer is going into a lake.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:40:31 JST
Foone🏳️⚧️
this is all assuming it's not patented already.
I was at google in 2019 and I could already see it coming as the next obvious step of their security work -
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:44:55 JST
Foone🏳️⚧️
the problem is that you can have a highly secure workstation and every bit is locked down and you've got secure boot and everything and someone plugs in a keyboard and you have no idea what it's doing. is it saving those passwords? is it mailing them off to another country using a built in 4g modem? All you have is an easily spoofable ID to tell you what it is.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:45:33 JST
Foone🏳️⚧️
and the obvious solution is that you start sticking certificates in keyboards. the PC can verify it when the keyboard is connected, and reject keyboards not on some internal authorized CA list.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:46:26 JST
Foone🏳️⚧️
that makes it SLIGHTLY HARDER to do an evil-keyboard attack against PCs, but it's an improvement from the current "trivial, especially if you use mechanical keyboards"
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 09:55:51 JST
Foone🏳️⚧️
@hon1nbo many of them can be changed into an Evil Keyboard with no hardware changes, as you can just reprogram their (reflashable as a feature) microcontroller
-
Hon1nbo (hon1nbo@social.hackingand.coffee)'s status on Thursday, 26-Dec-2024 09:55:52 JST 
Hon1nbo
@foone what would make mechanical keyboards more "trivial?"
the typical size having more hardware space? the propensity for mechanical keyboard users to bring their own?when we tampered with keyboards we typically hit your standard "came with the workstation" dell keyboards etc.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 10:00:57 JST
Foone🏳️⚧️
anyway I look forward to the time when I have to mount an official Microsoft Licensed Keyboard in a case with servos for all the buttons, just to ensure I can still inject keypresses without violating yet another security barrier to keep me from using my own keyboard.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 10:01:47 JST
Foone🏳️⚧️
@klymilark yeah it's a huge security risk, and one that I'm sure others have noticed.
How do you know it has the same firmware on it when you come in in the morning, and no one flashed a keylogger onto it?
-
Kristell L. (klymilark@mssk.fallcounty.monster)'s status on Thursday, 26-Dec-2024 10:02:47 JST 
Kristell L.
@foone@digipres.club Given this I'm kinda surprised that my job has allowed me to just plug in an microcontroller-powered DIY mechanical keyboard and hasn't even asked me about it.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 10:07:59 JST
Foone🏳️⚧️
maybe they'll take the easy route: turn off USB support in the linux kernel, and design the world's first Thunderbolt Keyboard
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 10:14:14 JST
Foone🏳️⚧️
@pyromuffin awesome! any pictures or info on that online? I'd love to know more!
-
Kelly MacNeill (pyromuffin@mastodon.gamedev.place)'s status on Thursday, 26-Dec-2024 10:14:15 JST 
Kelly MacNeill
@foone almost exactly a year ago, over xmas break, i designed an fpga PCIe keyboard.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 10:30:03 JST
Foone🏳️⚧️
@pyromuffin very cool!
-
Kelly MacNeill (pyromuffin@mastodon.gamedev.place)'s status on Thursday, 26-Dec-2024 10:30:05 JST
Kelly MacNeill
@foone well, it used a zynq chip, and I wrote the pcie reciever logic and windows kernel mode driver (left as an exercise to the reader). Some of that pcie hdl is here https://github.com/Pyromuffin/Omniphone/blob/main/hw/spinal/projectname/Receiver.scala
the idea of this particular project was to dma pcm streams and write a simple user mode program to dump them out, but turning them into keystrokes is similar.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Thursday, 26-Dec-2024 10:41:00 JST
Foone🏳️⚧️
@promovicz ugh I'm gonna have to get this thing and hack it
-
prom™️ (promovicz@chaos.social)'s status on Thursday, 26-Dec-2024 10:41:01 JST 
prom™️
@foone Check out the Cherry Secure Board 1.0. It has keyboard traffic authentication and encryption, next to an NFC/card reader. It's somewhat proprietary, but there is an OSS library for it somewhere.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 10:07:15 JST
Foone🏳️⚧️
@pmdj I've not looked into it, I suspect it's just hardcoded to VID/PID, or they stuck in an extra report for layouts
-
Phil Dennis-Jordan 😷 (pmdj@mstdn.social)'s status on Friday, 27-Dec-2024 10:07:16 JST 
Phil Dennis-Jordan 😷
@foone Any idea whether macOS’s keyboard check uses any fancy crypto to identify Apple’s keyboards or is it just vendor ID or some HID descriptor field? If you plug an Apple keyboard into a Mac it just works. If you plug a third party keyboard in for the first time, you get the “identify this keyboard” dialog, where you have to walk through all the steps until it forwards the hardware HID reports to the event stack. I’ve never bothered to find out how secure this actually is.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Friday, 27-Dec-2024 10:16:03 JST
Foone🏳️⚧️
@StompyRobot I do not want it used in any contexts, ESPECIALLY security ones. I am a hacker, understand.
-
Awesome New Year Robot (stompyrobot@mastodon.gamedev.place)'s status on Friday, 27-Dec-2024 10:16:04 JST 
Awesome New Year Robot
@foone Nah, license it for like a hundred bucks per keyboard. That way, it's not invalidated because of non-participation. Plus you might even get takers in security contexts!
-
All 076萌SNS content and data are available under the