lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Apr 2024 14:45:26 +0200
From: Johan Hovold <johan@...nel.org>
To: Janaki Ramaiah Thota <quic_janathot@...cinc.com>
Cc: Doug Anderson <dianders@...omium.org>,
	Johan Hovold <johan+linaro@...nel.org>,
	Marcel Holtmann <marcel@...tmann.org>,
	Luiz Augusto von Dentz <luiz.dentz@...il.com>,
	Matthias Kaehlcke <mka@...omium.org>,
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, Stephen Boyd <swboyd@...omium.org>,
	quic_mohamull@...cinc.com, quic_hbandi@...cinc.com
Subject: Re: [PATCH] Bluetooth: qca: fix invalid device address check

On Fri, Apr 26, 2024 at 04:12:07PM +0530, Janaki Ramaiah Thota wrote:

> Please note BDA values listed below are in the firmware (FW) data
> order, but the actual BDA value should be in the reverse of that order.

Thanks for clarifying. I realised this when I looked at the hexdump for
the Trogdor firmware.

> On 4/26/2024 11:53 AM, Janaki Ramaiah Thota wrote:
> > On 4/25/2024 9:28 PM, Johan Hovold wrote:
> >>> ---------------------------------------------------------
> >>> |   BDA            |      Chipset                       |
> >>> ---------------------------------------------------------
> >>> | 20 00 00 10 80 39  | WCN3988 with ROM Version 0x0200    |
> >>> ---------------------------------------------------------
> >>> | 00 08 74 12 80 39  |  WCN3988 with ROM Version 0x0201    |
> >>> ---------------------------------------------------------
> >>> | 00 07 64 21 90 39  |  WCN3990                    |
> >>> ---------------------------------------------------------
> >>
> >> Thanks a lot for these. I see now that the default Trogdor address Doug
> >> reported (39:98:00:00:5a:ad) appears to comes from the fw too:
> >>
> >>     $ od -x crnv32.bin | grep 5aad
> >>
> >>     0000020 0000 0000 5aad 0000 3998 0008 0008 0000

It seems the most significant bytes here indeed do reflect the hardware
even if it's not entirely consistent:

	WCN3988		39:80

	WCN3990		39:90
	WCN3991		39:98

but I guess that doesn't help much unless also the remaining bytes on
WCN3988 and WCN3990 can be inferred somehow.

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ