I was actually trying to use it from inside the Medtronic system, after the graphical depictions had indicated that it had connected OK, so I'm reasonably confident the software side was setup correctly. I just couldn't connect to anything.
The mycarelink is the interface for an implantable loop recorder. That is a small flash card sized device implanted in the chest for long term ecg monitoring. This is not a pacemaker or a defibrillator but rather only monitors the heart long term. It is frequently used for patients to identify rare arrhythmias, often in the setting of unexplained fainting. This device is purely sensing and does not have the ability to pace or shock the heart.
> Aha! So this mysteriously-named /usr/sbin/eis3920 program is responsible for the decryption. eis3920 is an ARM binary, but running strings on it came up with some items of interest:
Yes, you can run strings on a Windows exe from Linux or a Mac. I just tried this and it gives everything from "!This program cannot be run in DOS mode." to DLL names to Windows function names. However, Windows text strings that get displayed are 16-bit so you need the "-e l" flag to see them; this flag works on Linux but not Mac.
TL;DR: running strings on an exe is trickier than I expected, but works.
THIS! This is why I love hacker news. Much thanks for the pointer. I've never actually used (or, I believe, needed to directly use) strings before. Thanks so much.
Please be careful when running strings, if possible, don't, as it can be used as an attack surface. Just take a look at CVE-2014-8485 if you need clarification.
Basically it will print out any strings of ascii charters in a file. Which in a binary usually represent string constants or "hard coded" strings that have not been obfuscated.
Great writeup. I interned for Medtronic and got to work on a web interface for the clinician side of a CareLink like project. It's encouraging that some energy was put into securing the monitor. Medical device companies get a bad rap when it comes to security.
Astounding to see that some goofballs took the time to encrypt an SD card partition, and then hide the password in immediate proximity to the ostensibly secured resource.
Thumb to the wind, and the author MITM'd it in minutes?
Ah well, I suppose it's better to anticipate the SD card becoming separated from the device chassis with the original eeprom password or some such blah blah blah.
27 comments
[ 3.0 ms ] story [ 68.4 ms ] threadOtherwise it could be a newer MS-2131i which requires a little more configuration.
I was actually trying to use it from inside the Medtronic system, after the graphical depictions had indicated that it had connected OK, so I'm reasonably confident the software side was setup correctly. I just couldn't connect to anything.
https://linux.die.net/man/1/strings
Could I use this on random Windows exe files if I'm running a linux box? EXE files are just compiled binary blogs, right?
That, or view/edit them with a hex editor.
TL;DR: running strings on an exe is trickier than I expected, but works.
http://www.mcafee.com/it/downloads/free-tools/bintext.aspx
(a number of hex editors AFAIK want you to specify if ASCII or Unicode)
https://en.wikipedia.org/wiki/Strings_(Unix)
EDIT: lol... we're all so helpful (4 replies all at '0 minutes ago' at the moment)
Try running:
I get: https://linux.die.net/man/1/stringsBasically it will print out any strings of ascii charters in a file. Which in a binary usually represent string constants or "hard coded" strings that have not been obfuscated.
[1] https://technet.microsoft.com/en-us/sysinternals/strings.asp...
[2] https://www.safer-networking.org/products/filealyzer/
[3] http://www.catch22.net/software/hexedit
I loved the idea of getting the crypt key off the eeprom by editing the mount script to log it's own arguments. Very tricky!
Astounding to see that some goofballs took the time to encrypt an SD card partition, and then hide the password in immediate proximity to the ostensibly secured resource.
Thumb to the wind, and the author MITM'd it in minutes?
Ah well, I suppose it's better to anticipate the SD card becoming separated from the device chassis with the original eeprom password or some such blah blah blah.
Strap yourselves in for what the future holds.
Internet of things, hurr dee durr...