Google Drive
Gist
Clipboard
$ bazel build //accelerator --cpu=aarch64 --crosstool_top=//tools/aarch64_compiler:toolchain --verbose_failures
INFO: Invocation ID: 8adbeb7f-2e1c-49ac-8230-e4708000ce86
ERROR: /home/ajubuntu/Desktop/tangle-accelerator/tools/aarch64_compiler/BUILD:3:1: in cc_toolchain_suite rule //tools/aarch64_compiler:toolchain: cc_toolchain_suite '//tools/aarch64_compiler:toolchain' does not contain a toolchain for cpu 'aarch64'
ERROR: Analysis of target '//accelerator:accelerator' failed; build aborted: Analysis of target '//tools/aarch64_compiler:toolchain' failed; build aborted
INFO: Elapsed time: 1.287s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (1 packages loaded, 3 targets configured)
Fetching @boost; fetching
#define DEFAULT_TAM_URI "http://localhost:54321/OTrP"
#define OTRP_URI L"http://localhost:54321/OTrP"
https://github.com/DLTcollab/general/issues/122
https://github.com/torvalds/linux/blob/master/Documentation/tee.txt
TEE subsys, linux/drivers/tee/tee_core.c, https://github.com/torvalds/linux/blob/master/drivers/tee/tee_core.c
如果收集的資料至normal world,在做加密,會有一段時間有機會被惡意程式竊取。
解法:
要把抓資料的driver porting至optee的driver層,並提供optee API給TA使用。如果要做這步需要不少時間。
假設一組seed和private key對應一個IOT device。
在qemu+optee上撰寫TA負責generate address,並驗證此TA產生正確。
在qemu+optee上撰寫TA負責generatre signature,並驗證此TA執行正確。
在qemu+optee上傳撰寫TA負責加解密Message,並驗證此TA執行正確。
在硬體上建置 tangle-accelerator(dcurl)
https://github.com/DLTcollab/tangle-accelerator/tree/9f9ce5b9288b3fe1f950170efae008d3c9d61111
How to Configure Pi with Static IP Address?, https://www.raspberrypi.org/forums/viewtopic.php?t=221060
sudo nano /etc/dhcpcd.conf
#Config for static IP on eth0
interface eth0
static ip_address=192.168.1.121/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
tangle-accelerator與seed-related TA-implemented IOTA API做整合並驗證執行正確。
加入抓資料的API與Queue整合至tangle-accelerator並可以產生transaction
實作tangle-accelerator + seed-related TA-implemented IOTA API 的run time cost分析
實作seed-related TA-implemented IOTA API的footprint
關於Seed-Related TA-implemented IOTA API (iota_sign_address_gen/ iota_sign_signature_gen)加速的想法,目前未定案。
參考結案報告,需做Keccak運算,可能需要做不使用FPGA的加速(FPGA資源是做POW),來增加產生交易速度。或者也可以做normal world的muti-thread設計來與ta合作取得address或者signature,參考:ta/concurrent
預計使用metasploit拿到reverse shell。
download file
string
參考FPGA-accelerated TrustZone-enabled IOTA Swarm Nodes,由於在新的FPGA板子,如果不是Cyclone V,需做以下工作:
cc_library(
name = "api",
srcs = [
"iota_client_core_api.c",
"iota_client_extended_api.c",
],
hdrs = [
"iota_client_core_api.h",
"iota_client_extended_api.h",
],
visibility = ["//visibility:public"],
deps = [
":service",
"//cclient/http",
"//common/helpers:checksum",
"//common/helpers:digest",
"//common/helpers:pow",
"//common/helpers:sign",
"//utils:time",
"//utils/containers/hash:hash243_queue",
],
)
cc_library(
name = "shared",
hdrs = ["http.h"],
visibility = ["//visibility:public"],
deps = ["//cclient:service"],
)
cc_library(
name = "http",
srcs = [
"http.c",
],
visibility = ["//visibility:public"],
deps = [
":shared",
"//network:sockets",
"@http_parser",
],
)
cc_binary(
name = "libcclient.so",
linkshared = True,
deps = [":api"],
)
cc_library(
name = "service",
srcs = [
"service.c",
],
hdrs = ["service.h"],
visibility = ["//visibility:public"],
deps = [
"//cclient/request:requests",
"//cclient/response:responses",
"//cclient/serialization:serializer_json",
],
)
整合方案一: RPi 3透過區域網路方式連接FPGA board,但對外連接需要hub或者開啟無線網路。
整合方案二:
rpi3與FPGA板子透過GPIO溝通或者其他介面。
LampaLab/iota_fpga
891*4.6 = 4098
Hikey 960, https://www.96boards.org/documentation/consumer/hikey/hikey960/getting-started/
https://world.taobao.com/dianpu/cat-35646333-810067291.htm
https://item.taobao.com/item.htm?spm=a21wu.12321156-tw.0.0.2558b750ADxZIS&id=557802312480
40000
https://www.mouser.tw/ProductDetail/Intel-Altera/5CSEMA4U23C6N?qs=TN6zvtaX%252baNEGVGZbjwaqA==
Intel Cyclone® V SE 5CSEBA6U23I7NDK
5382
https://microengineer.eu/2018/04/25/iota-pearl-diver-fpga/
https://microengineer.eu/2018/04/24/old-iota-pow-hardware-accelerator-fpga-for-altera-de1/
Cyclone 10 LP SPI Slave to Avalon Master Bridge Design Example
https://fpgacloud.intel.com/devstore/platform/17.0.0/Standard/cyclone-10-lp-spi-slave-to-avalon-master-bridge-design-example/
INTEL® CYCLONE® 10 LP FPGA APPLICATIONS
https://www.intel.com.tw/content/www/tw/zh/products/programmable/fpga/cyclone-10/lp/applications.html
Design Store
https://fpgacloud.intel.com/devstore/platform/?acds_version=any&family=cyclone-10-lp
How to enable SPI on HiKey 960
https://discuss.96boards.org/t/how-to-enable-spi-on-hikey-960/4750/7
https://github.com/kkamagui/shadow-box-for-arm
hook
https://hackmd.io/RkjqvkH8Scel53V7-XgHOA
https://hackmd.io/n_wwCngqSI65f1SBUVR8ww
https://hackmd.io/kSQfXM-OTQ-KdziaVS_msA?both
https://hackmd.io/kSQfXM-OTQ-KdziaVS_msA?both
Competing Consumers pattern
https://docs.microsoft.com/en-us/azure/architecture/patterns/competing-consumers
RabbitMQ Work Queues: Avoiding Data Inconsistency with Rebalanser, https://jack-vanlightly.com/blog/2018/7/25/rabbitmq-work-queues-avoiding-data-inconsistency-with-rebalanser
What is an idempotent operation?
https://stackoverflow.com/questions/1077412/what-is-an-idempotent-operation
Asynchronous Messaging Primer
https://docs.microsoft.com/en-us/previous-versions/msp-n-p/dn589781(v=pandp.10)
Request/response messaging
Broadcast messaging
Cloud Design Patterns: Prescriptive Architecture Guidance for Cloud Applications
https://docs.microsoft.com/en-us/previous-versions/msp-n-p/dn568099(v%3Dpandp.10)
Microservices: Asynchronous Request Response Pattern
https://medium.com/@pulkitswarup/microservices-asynchronous-request-response-pattern-6d00ab78abb6
Asynchronous communication with message queue
https://codeblog.dotsandbrackets.com/asynchronous-communication-with-message-queue/
RPC calls to multiple consumers
https://stackoverflow.com/questions/12407485/rpc-calls-to-multiple-consumers
Is the RabbitMQ RPC a kind of “Work queue” with response?
https://stackoverflow.com/questions/45695071/is-the-rabbitmq-rpc-a-kind-of-work-queue-with-response
RabbitMQ in Depth
https://manning-content.s3.amazonaws.com/download/b/5ceeb08-0e8d-4f94-8d06-0300996d9427/sample_ch01_Roy_Rabbit-MQ-in-Depth_September11.pdf
A Survey of Distributed Message Broker Queues
https://arxiv.org/pdf/1704.00411.pdf
RabbitMQ Essentials
http://aad.tpu.ru/1955/Java books/RabbitMQ Essentials.pdf
MESSAGE BROKERS AND RABBITMQ IN ACTION
http://aad.tpu.ru/1955/Java books/RabbitMQ Essentials.pdf
Getting Started with RabbitMQ and CloudAMQP
http://193.40.244.77/idu0080/wp-content/uploads/2016/02/Getting_Started_with_RabbitMQ_and_CloudAMQP-1.pdf
Asynchronous Joins Using RabbitMQ
https://www.compose.com/articles/asynchronous-joins-using-rabbitmq/
Decoupling Microservices using Message-based RPC IPC, with Spring, RabbitMQ, and AMPQ
https://programmaticponderings.com/2017/05/08/decoupling-microservices-using-message-based-rpc-ipc-with-spring-rabbitmq-and-ampq/
RabbitMQ Tutorials
http://www.rabbitmq.com/getstarted.html
rabbitmq direct reply-to 在springAMQP和python之间的使用
https://segmentfault.com/a/1190000010418978
1 理解传统的RPC模式运行流程
传统模式下 Client端向一个指定的队列里推送消息,并声明一个一次性排他队列,然后将发送消息头部的reply-to属性的值设置为队列的名字,correlation_id属性设置为一个随机生成的值用于消息鉴定然后发送消息。在发送后Client端监听声明的排他队列,当收到消息后比对correaltiion_id,正确则处理消息断开监听连接,然后此队列被系统自动回收。 在Server端收到消息后处理消息然后将消息返回,返回的消息的routing-key设置为reply-to的值,properties中设置correlation_id为收到的correlation_id值。这样就完成一次RPC交互模式。
要解决今天这个问题我们还要知道几个知识点:
1当消息发送到exchange后如果没有队列接收此消息,那么此消息就会丢失。
2 一次性的排他队列在Client不在监听此队列就会自动被rabbitmq删除
Real-world RPC with RabbitMQ and Node.JS
https://facundoolano.wordpress.com/2016/06/26/real-world-rpc-with-rabbitmq-and-node-js/
Using direct reply-to for RPC calls #259
https://github.com/squaremo/amqp.node/issues/259
const REPLY_QUEUE = 'amq.rabbitmq.reply-to';
const createClient = (settings) => amqp.connect(settings.url, settings.socketOptions)
.then((conn) => conn.createChannel())
.then((channel) => {
// create an event emitter where rpc responses will be published by correlationId
channel.responseEmitter = new EventEmitter();
channel.responseEmitter.setMaxListeners(0);
channel.consume(REPLY_QUEUE,
(msg) => channel.responseEmitter.emit(msg.properties.correlationId, msg.content),
{noAck: true});
return channel;
});
const sendRPCMessage = (channel, message, rpcQueue) => new Promise((resolve) => {
const correlationId = uuid.v4();
// listen for the content emitted on the correlationId event
channel.responseEmitter.once(correlationId, resolve);
channel.sendToQueue(rpcQueue, new Buffer(message), { correlationId, replyTo: REPLY_QUEUE })
});
Creating a queue per remote method when using RabbitMQ?
https://stackoverflow.com/questions/31687652/creating-a-queue-per-remote-method-when-using-rabbitmq/31705146#31705146
RabbitMQ vs Kafka Part 2 - RabbitMQ Messaging Patterns
https://jack-vanlightly.com/blog/2017/12/5/rabbitmq-vs-kafka-part-2-rabbitmq-messaging-patterns-and-topologies
RabbitMQ vs Kafka Part 4 - Message Delivery Semantics and Guarantees
https://jack-vanlightly.com/blog/2017/12/15/rabbitmq-vs-kafka-part-4-message-delivery-semantics-and-guarantees
How to Make Your Messaging System Reliable and Keep Your Support Engineers Happy
https://jack-vanlightly.com/blog/2017/6/11/improving-reliability-and-incident-response-via-a-message-lifecycle
RabbitMQ: direct reply-to?
https://stackoverflow.com/questions/38087136/rabbitmq-direct-reply-to
The Asynchronous Client/Server Pattern
http://zguide.zeromq.org/page:all#advanced-request-reply
https://stackoverflow.com/questions/29830825/zmq-client-worker-communication-pattern
Our code is still pretty simplistic and doesn't try to solve more complex (but important) problems, like:
How should the client react if there are no servers running?
Should a client have some kind of timeout for the RPC?
If the server malfunctions and raises an exception, should it be forwarded to the client?
Protecting against invalid incoming messages (eg checking bounds, type) before processing.
Handle error cases. How should the client react when the RPC server is down for a long time?
http://www.rabbitmq.com/tutorials/tutorial-six-dotnet.html
All You Need to Know About Asynchronous Messaging and RabbitMQ
https://dzone.com/articles/all-you-need-to-know-about-asyncronous-messaging-u
Detecting Dead TCP Connections with Heartbeats and TCP Keepalives
https://www.rabbitmq.com/heartbeats.html
The IOTA API Reference, https://iota.readme.io/reference
tangle-accelerator development, https://hackmd.io/s/HyqSNxKKQ
IOTA C Client Library, https://github.com/iotaledger/entangled/tree/develop/cclient
entangled/mobile/android/Interface.h,https://github.com/iotaledger/entangled/blob/develop/mobile/android/Interface.h
IOTA Random Seed Generator,https://github.com/0x13a/iota-seed-generator
iota.lib.py/examples/send_transfer.py ,https://github.com/iotaledger/iota.lib.py/blob/master/examples/send_transfer.py#L32
IOTA_SEED_RELATED_API,https://github.com/ajblane/IOTA_SEED_RELATED_API
HOW TO INSTALL METASPLOIT FRAMEWORK UBUNTU 17.10, https://www.pentestgeek.com/tools/install-metasploit-framework-ubuntu
Baseline Security Recommendations for IoT, https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot
3 Top IoT “security” Architectures and How to Fix Them,
The Security Architecture Wiki, https://www.peerlyst.com/posts/the-security-architecture-wiki-peerlyst?utm_source=facebook&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post
Industry Best Practice for IoT Security (PDF), https://www.iot-architect.de/iot-security-industry-best-practice
Catalog of 122 open-spec Linux hacker boards, http://linuxgizmos.com/catalog-of-122-open-spec-linux-hacker-boards/?fbclid=IwAR1YMTW4AtwVlfTbRAcWcDz46mHdKTo7afVO3KsbBxv9wLhqA29ynGcFcOg
Creating a new Seed / Wallet, https://iotasupport.com/gui-newseed.shtml
OP-TEE crypto implementation, https://github.com/OP-TEE/optee_os/blob/master/documentation/crypto.md
Secure Key Services in OP-TEE, https://www.slideshare.net/linaroorg/hkg18402-build-secure-key-management-services-in-optee
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe