Archive for February 12, 2014

Wednesday, February 12, 2014 [Tweets] [Favorites]

Anatomy of a Cheap USB to Ethernet Adapter

Angus Gratton:

One of them is sold on ebay for $3.85 AU ($3.99 US), including postage to Australia. The other is sold at Apple Stores for $29.

[…]

The Apple adapter also has many more small components – two inductors (the cheap adapter has none), over twenty five capacitors (the cheap adapter has only nineteen), more resistors. For the cheap adapter design, every fraction of a cent saved is important!

One thing that surprised me is that the cheap adapter has a functioning blue activity LED, that glows through the enclosure. The Apple adapter actually has a space on the PCB for this, but no LED in place (Apple’s designers presumably nixed it for aesthetic reasons.) I’m surprised the manufacturer paid the few cents to add this feature.

Timestamp Disservice

Daniel Jalkut:

In the event that the timestamp server cannot be reached for whatever reason, codesign simply fails. This is probably a good idea, because if it’s important for signed code to also contain a timestamp, you wouldn’t want to accidentally ship a major release of your app without it. But because the timestamp server can be unavailable for a variety of reasons, some of them common, we need some simple solution for continuing with the the day-to-day building of our apps without ever being bothered by the pesky timestamp service issue.

Lucky for us, such a solution exists in the form of a codesign command-line flag: “–timestamp”. Ordinarily this flag is used to specify the URL of a timestamp server, if you choose to use one other than the Apple default. But a special value none indicates that timestamping of the signed code should be disabled altogether.

It’s not clear to me why the timestamp servers should be so unreliable.

On Hacking MicroSD Cards

Andrew Huang:

Today at the Chaos Computer Congress (30C3), xobs and I disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution — on the memory card itself. On the dark side, code execution on the memory card enables a class of MITM (man-in-the-middle) attacks, where the card seems to be behaving one way, but in fact it does something else. On the light side, it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers.

An Illustrated History of objc_msgSend

Greg Parker on the Mavericks version of objc_msgSend:

  • The method cache data structure is rearranged for higher speed and smaller data cache footprint but larger total dirty memory footprint. Previously, the cache header was allocated separately from the cache buckets, and each cache bucket was a pointer to a Method struct containing the SEL and IMP. This required a chain of four pointer dereferences: object->isa->cache->method->imp. Now the cache header is stored in the class itself, and each cache bucket stores a SEL and IMP directly. The pointer dereference chain is now only three: object->isa->cache->imp, resulting in fewer serialized memory accesses and fewer data cache lines touched. The disadvantage is slower cache updates (to preserve thread-safety) and more dirty memory overall (to store SELs and IMPs in both the method list and the method cache).
  • The new method cache data structure also requires fewer registers, so there are now zero register spills.
  • One-byte branch hint instruction prefixes are added to the nil check and the tagged pointer check. The CPU’s instruction decoder is most efficient if the instructions are not packed too closely together, and these extra two bytes expand the first few instructions to the optimal size for current CPUs. The branch hints themselves are ignored by the CPU because its branch predictors are smarter than compile-time hinting. The only thing they do is take up space.

He has similar analyses for each version of Mac OS X.

rezycle 1.5.5

Rezycle (App Store):

Simply drop your classic application or resource file onto rezycle and it will extract all of the resources for you and place them into a folder next to the original file. But wait, thats not all! It will not only extract the old stuff for you, but it will also convert it into fabulous modern formats! Have some old 'snd ' resources? BANG! Now you have some spiffy new AIFF files! Old icons and cursors? BANG! Transformed into lovely png files! As a special bonus, anything rezycle can't convert will be exported as binary files for you to attack with your favorite hex editor!

Embedding Resource Files in a Cocoa Foundation Command Line Tool

Drew McCormack:

Graham Lee and several others pointed me to two standard solutions: you can use the linker to embed the files in the __text section of the Mach-O binary, or you can use a tool called xxd to convert the file’s data to a C array, and include that directly in your source code. I ended up with the second solution, which I will explain further below. I didn’t investigate using the linker, but Quinn “The Eskimo!” assures me that you use getsectXXX APIs to extract the data at run time. (Update: Daniel Jalkut has a post describing this approach.)