Category Archives: Science

CVE-2025-29909: CryptoLib’s design weakness (19-03-2025)

March 19, 2025 admin Leave a comment

Preface: Human being life average 80 year old. Explorering space is a long time travel. So, it only relies on machine.

Even though exploring machine can relies on solar energy. In space there is a lot of uncertainty. For example, the shock of meteorite. Furthemore, the spacecraft operates in a unique environment, the spacecraft’s power system must also be able to operate in zero gravity and vacuum conditions, and be able to withstand large amounts of radiation (most electronic equipment will not operate in such an environment). On our earth also have gravity seems not want human being leave our earth. Believed it or not, this is our destiny.

Background: CryptoLib is indeed used in space technology! It provides a C-based software implementation of the CCSDS Space Data Link Security Protocol (SDLS) and SDLS Extended Procedures (SDLS-EP) to secure communications between spacecraft flight software and ground stations. This library supports various encryption libraries and protocols, including Telecommand (TC), Telemetry (TM), and Advanced Orbiting Systems (AOS).

CryptoLib is designed to support smaller missions with stringent size, weight, and power constraints, making it a valuable tool for secure satellite communications.

Vulnerability details: CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a heap buffer overflow vulnerability in CryptoLib’s `Crypto_TC_ApplySecurity()` allows an attacker to craft a malicious TC frame that causes out-of-bounds memory writes. This can result in denial of service (DoS) or, under certain conditions, remote code execution (RCE). Any application or system that relies on CryptoLib for Telecommand (TC) processing and does not strictly validate incoming TC frames is at risk. This includes satellite ground stations or mission control software where attackers can inject malformed frames.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-29909

Science, System

Python , have ever you though? (25-02-2025)

February 25, 2025 admin Leave a comment

Preface: Maintaining a satellite’s orbit involves a combination of precise calculations and regular adjustments. Here are the key factors:

Velocity and Gravity: A satellite stays in orbit by balancing its velocity (speed in a straight line) with the gravitational pull of the Earth. The satellite must travel fast enough to counteract the pull of gravity, which keeps it in a stable orbit.
Orbital Station-Keeping: This involves small adjustments using thrusters to correct any deviations in the satellite’s path. These maneuvers ensure the satellite remains in its designated orbit.
Fuel Management: Satellites carry a limited amount of fuel for these adjustments. Efficient fuel management is crucial for prolonging the satellite’s operational life.
Monitoring and Control: Ground stations continuously monitor satellites and send commands to perform necessary adjustments. This helps in maintaining the satellite’s orbit and addressing any potential issues.

Background: The PyEphem module provides highly precise data on the planets and our solar system. This module leverages an extremely robust C library that allows you to pinpoint planets, perform interplanetary calculations and discover more data than you’ll ever know what to do with.

Best practice: If you’re using PyEphem, it’s a good idea to keep your Python environment and libraries up to date and to check the module’s GitHub repository for any reported issues or updates.

AI and ML, IoT, Network (Protocol, Topology & Standard), Potential Risk of CVE, Science, System

CVE-2024-41009: bpf – Fix overrunning reservations in ringbuf (17th July 2024)

July 18, 2024 admin Leave a comment

Preface: Consumer and producer counters are put into separate pages to allow each position to be mapped with different permissions. This prevents a user-space application from modifying the position and ruining in-kernel tracking. The permissions of the pages depend on who is producing samples: user-space or the kernel. Starting from Linux 5.8, BPF provides a new BPF data structure (BPF map): BPF ring buffer (ringbuf). It is a multi-producer, single-consumer (MPSC) queue and can be safely shared across multiple CPUs simultaneously.

Background: The first core skill point is “BPF Hooks”, that is, where in the kernel can BPF programs be loaded. There are nearly 10 types of hooks in the current Linux kernel, as shown below:

kernel functions (kprobes)

userspace functions (uprobes)

system calls

fentry/fexit

Tracepoints

network devices (tc/xdp)

network routes

TCP congestion algorithms

sockets (data level)

Vulnerability details: For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos – cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A’s header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header’s pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A’s header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash.

Official announcement: Please refer to the official announcement for details – https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=47416c852f2a04d348ea66ee451cbdcf8119f225

AI and ML, Application Development, Potential Risk of CVE, Science

CVE-2024-0102: About NVIDIA® CUDA® Toolkit. If you remember, a similar incident happened in April of this year. Believe this is a weakness of similar designs. (11 July 2024)

July 12, 2024 admin Leave a comment

Preface: OpenAI revealed that the project cost $100 million, took 100 days, and used 25,000 NVIDIA A100 GPUs. Each server equipped with these GPUs uses approximately 6.5 kW, so an estimated 50 GWh of energy is consumed during training.

Background: Parallel processing is a method in computing of running two or more processors (CPUs) to handle separate parts of an overall task. Breaking up different parts of a task among multiple processors will help reduce the amount of time to run a program. GPUs render images more quickly than a CPU because of its parallel processing architecture, which allows it to perform multiple calculations across streams of data simultaneously. The CPU is the brain of the operation, responsible for giving instructions to the rest of the system, including the GPU(s).

NVIDIA CUDA provides a simple C/C++ based interface. The CUDA compiler leverages parallelism built into the CUDA programming model as it compiles your program into code.
CUDA is a parallel computing platform and programming interface model created by Nvidia for the development of software which is used by parallel processors. It serves as an alternative to running simulations on traditional CPUs.

Vulnerability details: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful exploit of this vulnerability might lead to denial of service.

Official announcement: Please refer to the vendor announcement for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5548

Potential Risk of CVE, Science, Under our observation

To be new or it was former: Rowhammer Attacks on AMD Zen-Based Platforms. So called ZenHammer (25-03-2024)

March 26, 2024 admin Leave a comment

Preface: It is possible to trigger Rowhammer bit flips on DDR4 devices on AMD Zen 2 and Zen 3 systems despite deployed TRR mitigations, said researchers at ETH Zurich.

Background: When high-energy charged particles pass through the crystal lattice of a silicon wafer, their charges can interfere with the electrons within the lattice itself and provide energy. If the lattice is moved closer together within the wafer, this disturbed electron trajectory can create a temporary highly conductive path that did not exist before. The effect of this trace is similar to running a very thin wire across the wafer in random directions. If the particle’s path crosses a feature within the die, such as a floating MOSFET gate or an NMOS DRAM cell, the result may be a flipped bit.

Vulnerability details: On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates performing Rowhammer attacks on DDR4 and DDR5 memory using AMD “Zen” platforms. Given the history around Rowhammer, the researchers do not consider these rowhammering attacks to be a new issue.

Mitigation: Please see the following official announcement for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7021.html

Science

International Space Station slipping across the Moon’s face as it flies by at 8 kilometers per second (8th Mar 2024)

March 10, 2024 admin Leave a comment

The moon and the earth rotate synchronously, so people on Earth can only see the same side of the moon throughout their lives. Because the moon also rotates, people on Earth cannot see the other side (see Figure L1a). There are also days when the moon faces away from the sun. It was pitch black at this time. Even if the International Space Station orbited the moon, it was pitch dark for part of the time because it faced away from the sun.

The gravitational force of two large masses is equal to the centripetal force required for small objects to move accordingly. Therefore, the moon falls at the Lagrangian point between the sun and the earth (L1, L1a & L3). NASA announce (James Webb) The Abel Space Telescope is also a Lagrangian point. (See attached picture L1, L2 & L3). I wonder if there is a chance to see the other side of the moon?

Ref: Please refer to the link for details – https://www.facebook.com/groups/355731256819830/permalink/421271603599128/

AI and ML, Science

LiDAR assists archaeologist discovered ruins found in upper Amazon rainforest (15th Jan 2024)

January 16, 2024 admin Leave a comment

Preface: In ancient time of South America Tribal leaders would cover their bodies with gold powder and wash themselves in a holy lake in the mountains. For example, the famous place for ancient civilization execute this ceremony is Lake Titicaca. Priests and nobles would throw precious gold and emeralds into the lake dedicated to God.

El Dorado, so called the Golden Kingdom is an ancient legend that first began with a South American ritual. Spanish Conquistadors, upon hearing these tales from the natives, believed there was a place abundant in gold and precious stones and began referring to it as El Dorado. Many explorers believe that Ciudad Blanca is the legendary El Dorado. Legend has it that somewhere beneath the forest canopy lies the ancient city of Ciudad Blanca and now archaeologists think they may have found it.

A group of scientists from fields including archaeology, anthropology and geology using new technology known as airborne light detection and ranging (LiDAR). They found what appears to be a network of plazas and pyramids, hidden for hundreds of years in the underneath of the forest.

Background: What is LiDAR? LiDAR (light detection and ranging) is a remote sensing method that uses a laser to measure distances. Pulses of light are emitted from a laser scanner, and when the pulse hits a target, a portion of its photons are reflected back to the scanner. Because the location of the scanner, the directionality of the pulse, and the time between pulse emission and return are known, the 3D location (XYZ coordinates) from which the pulse reflected is calculable.

Which software is used for LiDAR data processing?

While LiDAR is a technology for making point clouds, not all point clouds are created using LiDAR. For example, point clouds can be made from images obtained from digital cameras, a technique known as photogrammetry. The one difference to remember that distinguishes photogrammetry from LiDAR is RGB. Unlike the RGB image, the LIDAR projection image does not have obvious texture, and it is difficult to find patterns in the projected image.

The programs to process LiDAR are numerous and increasing rapidly in accordance with the evolving field and user needs. ArcGIS has LiDAR processing functionality. ArcGIS accepts LAS or ASCII file types and has both 2D and 3D visualization options. Additionally, there are other options on the market. For example: NVIDIA DeepStream Software Development Kit (SDK). This SDK is an accelerated AI framework to build pipelines. DeepStream pipelines enable real-time analytics on video, image, and sensor data.

The architecture diagram on the right is for reference.

Headline News: https://www.sciencenews.org/article/ancient-urban-complex-ecuador-amazon-laser

Application Development, Science

Pulling back the curtain on Python satellite technology (24th Nov 2023)

November 24, 2023 admin Leave a comment

Preface: Satellite communications use the very high-frequency range of 1–50 gigahertz (GHz; 1 gigahertz = 1,000,000,000 hertz) to transmit and receive signals. The frequency ranges or bands are identified by letters: (in order from low to high frequency) L-, S-, C-, X-, Ku-, Ka-, and V-bands. The band 435- 438 MHz is heavily used for amateur satellites in accordance with No. 5.282. No. 5.278 (WRC-19) provides primary status for the amateur service at 430-440 MHz in 11 countries in Region 2.

Background: About twenty-five years ago, satellites were advanced technology. Satellite technology services, especially GPS, have become commonplace today. Perhaps it is an invisible force that makes development stronger and stronger. Who is this knight? It is the Python programming language technology. But you may ask, why do people always say that Python program development has a large share in the industrial world including aerospace technology. Long story short, Python has ready-made software modules, and software developers can use similar concepts to start their new development. This is the advantage of open source software.

Pulling back the curtain on Python satellite technology: gr-satellites is an OOT module encompassing a collection of telemetry decoders that supports nearly 40 different Amateur satellites. This open-source project started in 2015 with the goal of providing telemetry decoders for all the satellites that transmit on the Amateur radio bands.

gr-satellites is a GNU Radio out-of-tree module encompassing a collection of telemetry decoders that supports many different Amateur satellites.It supports most popular protocols, such as AX.25, the GOMspace NanoCom U482C and AX100 modems, an important part of the CCSDS stack, the AO-40 protocol used in the FUNcube satellites, and several ad-hoc protocols used in other satellites.

The KISS frame allow transmission of AX.25 packet radio frames containing IP packets over an asynchronous serial link.

KISS stands for “Keep It Simple, Stupid” and is not only a design principle, but also one of the most used Host-to-TNC communication protocols in HAM Radios. It is a very simple protocol that standardizes the transmission of data, normally AX.25 packets, over a asynchronous serial link, like RS232 or UART. It allows the transmission any arbitrary data, with no length limitation.

Reference: Using GPS in amateur radio is about GPS and other GNSS (Global Navigation Satellite System) satellites and how we can use the data broadcast by them for amateur radio. You will find that GPS benefits in digital modes like FT8, WSPR, and WSJT which rely on accurate transmit and receive period timing and this is easy to achieve with internet access to international time servers.

Please refer to the link for details:

https://orbitntnu.com

https://github.com/daniestevez/gr-satellites

Potential Risk of CVE, Science

CVE-2023-45282: In openmct 2.2.5 before 545a177, prototype pollution can occur via an import action.(9th Oct 2023)

October 9, 2023 admin Leave a comment

Preface: Java is highly functional in several data science processes like data analysis, including data import, cleaning data, deep learning, statistical analysis, Natural Language Processing (NLP), and data visualization.

Background: Open MCT Web is a platform single page applications which runs entirely in the browser. Most applications will want to additionally interact with server side resources, to (for example) read telemetry data or store user created objects. This interaction is handled by individual bundles using APIs which are supported in browser (such as XMLHttpRequest, typically wrapped by Angular’s $http).

Vulnerability details: In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.

Ref: Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-45282

Science

OSIRIS-REx accomplished feat, next station is Apophis (24-09-2023)

September 25, 2023 admin Leave a comment

Preface: A long-awaited asteroid sample has landed in the US, said CNN – https://edition.cnn.com/2023/09/24/world/osiris-rex-asteroid-sample-return-scn/index.html

Background: Asteroid 101955 Bennu – Level 3 on the Palermo impact hazard index, a small celestial body with the highest risk of impacting the Earth.

Early in the history of the solar system, the gravity of newly formed Jupiter brought an end to the formation of planetary bodies in this region and caused the small bodies to collide with one another, fragmenting them into the asteroids we observe today.

the slight push created when the asteroid absorbs sunlight and re-emits that energy as heat — and gravitational tugs from other celestial bodies, it has drifted closer and closer to Earth from its likely birthplace: the Main Asteroid Belt between Mars and Jupiter.

Why does NASA track it?

Chicxulub crater, the buried remnants of an asteroid impact off the Yucatán Peninsula in Mexico that killed off the dinosaurs 66 million years ago.

Official announcement: Please refer to link for details – https://www.youtube.com/live/Kdwyqctp908?si=vFsL88l5u4o_xuBW

Cyber security technical information