Mediatek, more like mediarekt. blog.sonicwall... blog.coffinsec... 🏫 COURSES 🏫 Learn to code in C at lowlevel.academy 🔥 SOCIALS 🔥 Come hang out at lowlevel.tv
Just out of interest. You provide good curses, but sadly, the only payment options are im gonna call them the American payment systems (cash app, visa, American bank). So to the question: will there ever be any other payment options ? (Seap, direct transfer, PayPal, etc) Anyways, nice video, always great content, and all of you have a great day.
>still haven't learned how not to index an array out of bounds Some people should only program in BASIC, it won't let you write out of bounds, you have to fight and sabotage BASIC to do so.
Aww, it's like when "it's okay to be smart" rebranded to "Be Smart" . Low level learning was quite good, low level is fine though. Low level learning is stuck on my tongue though it's so fun to say: lowlevellearning lowlevellearning
At this point, all IDEs and compilers should issue a warning for all memcpy, memmov and DMA operations if they do not have a length limit check immediately before it.
Ten minutes later, the devs will disable those warnings at the project level, because obviously they are smart enough that their code does not have such bugs.
For me, it's not about someone done audit on the code - it's about that you can torn thing out and replace it with something else, including your own binary.
Not sure how I feel about the rebrand, but I'm generally terrified of change, so even a UA-camr deciding to remove eight letters from their name can be too much for me sometimes, haha.
Same, i have force awakening poster in my room, i haven't watch the movie (maybe snipptets on TV) i don't plan to since (from what i've heard) it's rather shitty movie, but i have it since middle school (or rather polish equivalent of there of) and i'm 22 in December so now removing it triggers my sentimentality
Was thinking the same thing. Who would want to go on holiday anywhere in the USA (Montana being a notable exception!)... I'd rather spend a week in a septic tank 😅
The reason why lots of those "security features" like ASLR and oft mentioned IOMMU aren't enabled for low level things that interacts with real world is, because they're inconsistent against the real world they interact with. Lots of those makes jittery mess in terms of response times. Webdevs think those are just one click enables because Web is jittery mess anyway but not everything in the world is.
Please stop referring to forks of OpenWrt as OpenWrt, it would be the same as referring to Mint, Zorin, Pop! as Ubuntu. OpenWrt is not vulnerable to this. Additionally OpenWrt 19.x and 21.x are no longer supported, but regardless they are not vulnerable as they are not using Mediatek's proprietary SDK - the only thing with the bug. The mitigations are available as they are used by default in OpenWrt and Mediatek forked from it.
I was so happy when you stopped saying "Hi my name is Low Level Learning" and transitioned to "Hi my name is Ed," and honestly this is still better than introducing yourself as the channel name
“Low Level Learning” speaks to SEO and reconciling your content vertical with viewer behavioral telemetry. Both might be more important than reconciling your content with how humans parse ease and memorability.
Bro have you been hacked? What are you talking about? You starting a new "Tay SEO Tips" channel or something, and you're testing the waters in the UA-cam comments?
Rust would be more adopted if its syntax wasn't so ugly. Beauty goes a long way. C# is much more loved than Java and one reason is that the syntax was much more elegant (debatable today, but true in its glory days).
Rust is like those plastic handles some nails have so you can place it perfectly straight and never hit your fingers. Is a nice tool that solves a problem no professional user ever had. The problem is not the tool. The problem is that people that NEEDS those tools are working as a profesional contractors. And this people will harm themselves with the hammer, even with the help.
I think the problem is burritos. Whenever you eat a burrito, Internet will crash, AI will crash, some plane somewhere will crash. Burritos are dangerous.
What annoys me is that the articles just list the chipsets affected, not actual devices with the chipset in it nor which device firmwares are confirmed to be affected. Ubiquity, for example, claims they are immune to this issue despite being called out specifically in the articles. That creates confusion and makes it a LOT harder to determine what devices are actually affected. Nor do the articles provide any directions to mitigate either. I don't think I'm affected by this but I have no way to figure it out definitively either way.
I'm not mad about the re-brand but It wont stop me watching and if it helps you that's awesome! It does make me feel a bit sad about humanity though, especially if the word learning was scaring off viewers. Good luck with the channel man, your videos are always fascinating and informative.
When using untrusted libraries, what's wrong with always allocating a properly aligned buffer at twice the maximum possible unsigned size the length variable can hold and pass a pointer to the middle of the buffer? i.e. If the passed length takes a byte, always allocate 256*2 bytes, if the length takes a word, then allocate a 65536*2 bytes, etc. And if you don't have enough memory available to do all that, then don't use that library. Pointer to the middle because you can't trust that the library doesn't incorrectly use the wrong signed or unsigned op code at just the wrong time (thus could wrap around to -max_length/2+1). And aligned if the cpu has op codes that are alignment sensitive. You can't trust that the library isn't (or won't after some update) be using that wrong op code.
Code from a chipset mfg is just sample or test code, it is never meant to be used in a production environment. Such code often doesn't have bounds checking or full error handling. Many are written in plain K&R style C for simplicity.
The following three WiFi 6 Routers released in 2020/2021 features the combination of MediaTek's MT7621A network accelerator and the affected MT7915 Wi-Fi 6 connectivity platform are as follows: - D-Link AXO AX1800 (DIR-X1860) - TP-Link Archer AX20 (AX1800 Dual-Band Wi-Fi 6 Router) released exclusively in China - Buffalo AX1800 (WSR-1800AX4) released exclusively in Japan Check if you own any of the aforementioned routers and please update its firmware ASAP to the latest version that patches up this vulnerability; if its not available then replace them with a WiFi 6E Router that features either a Broadcom or Qualcomm WiFi 6E SoC.
Guys, you don't understand, the switch to L2 from L3 will decreases the latency between a video being requested and a video being recieved! Sure, we're losing some total capacity, but overall it means more videos will be coming out faster!
Not a very practical vulnerability in terms of mass exploitation in the wild. But perfect for targeted attacks. However, it doesn't affect that many devices and only the unpatched.
Goes to show you're never completely safe. I think my AP uses that SOC, time to build a new OpenWRT image I guess. (I live in the sticks with one neighbour, so I'm not super worried. They'd have to be on my lawn (not LAN) to exploit...) FPGA open IP SoC routers/APs when? I guess I'll have to roll up my sleves and actually learn Verilog someday...
Ah well... gcc v12 even has a static analyzer built into it and optimization switches, that always have been in all those compilers for years give you compiler warnings based on bounds checks. Build it into your pipeline before building your release and already a lot of your mistakes are being detected for you.
@@avarise5607trash take. You can like a video and still hate the thumbnail. Boycotting a video that you think you might like just because of the thumbnail is a bit extreme, don't you think?
The year is well beyond 2000... Why are we still pointing to memory in code like this? Why are we still doing mem copy, mem-move and depending on the passed LENGTH of the 'buffers' to be correct?! That was 'acceptable' in old ghetto crunk c/c++ code when we didn't care if crap crashed. If you have code that is anything more critical than a retro mario-game clone running on a phone, then KNOCK THAT OFF!
Not taking any sick days either, huh? You look and sound sick as hell in this vid. I had to bounce a third of the way through the video (buffer overflow) because my lizard brain started screaming internally that "this person is sick get away GET AWAY"
now way haha lowlevel.academy is really cool !?
The community is divided about your name change. Here's my proposal for a compromise:
Low Level Lear
Are range checks allways on in Rust plus they also exist for all kind of buffers?
It's neat that you went to Twitchcon with the CEO of Jurassic Park. 🥰
I think in the future businesses will run Linux servers and not Windows servers.
Just out of interest.
You provide good curses, but sadly, the only payment options are im gonna call them the American payment systems (cash app, visa, American bank).
So to the question: will there ever be any other payment options ? (Seap, direct transfer, PayPal, etc)
Anyways, nice video, always great content, and all of you have a great day.
He dropped "learning" because it's been nearly half a century and people still haven't learned how not to index an array out of bounds
HA
This comment wins
@@amadzarak7746 you win
>still haven't learned how not to index an array out of bounds
Some people should only program in BASIC, it won't let you write out of bounds, you have to fight and sabotage BASIC to do so.
Yeah... I think we should just collectively stick to bound-checked languages at this point...
He has stopped learning. There is nothing left to learn. He has reached the lowest level.
it's true i am immortal
🤨🤨🤨
Calling your level lowest possible is a huge compliment who understands it. :D
they say you can't fall lower than binaries
I wonder if he's gonna correct the "I was right." video, where he was wrong.
low level is no longer learning
Yea, just low level content 😂
Nahh it‘s a fine name, the old one was good already tho.
Brain is no longer braining.
a new low
It's only downhill to a lower level from here
bro's gonna make a surprise video showing a modern CPU through microscopes and find hardware vulnerabilities
rip low level learning. you would've loved low level 😔
Nah I was his classmate in school, everyone called him low level
Even the teacher calls him low level
Aww, it's like when "it's okay to be smart" rebranded to "Be Smart" .
Low level learning was quite good, low level is fine though. Low level learning is stuck on my tongue though it's so fun to say:
lowlevellearning lowlevellearning
At this point, all IDEs and compilers should issue a warning for all memcpy, memmov and DMA operations if they do not have a length limit check immediately before it.
Ten minutes later, the devs will disable those warnings at the project level, because obviously they are smart enough that their code does not have such bugs.
@@angrydachshund That's what I do 👍
@@angrydachshund -Wno-warning-i-know-better
IDE alerts the FBI when you make such mistakes and you get swatted.
"you know it's being more openly monitored", why is there an assumption that most open source code is actually monitored?
Its monitored, by like 2 people, dev and the gvmt agent on his way to make name with new fancy backdoor 😂
@@avarise5607So 2 eyes now!
Most people confuse "it is monitored" with "it can be monitored"
@@tablettablete186 better than 5 eyes
For me, it's not about someone done audit on the code - it's about that you can torn thing out and replace it with something else, including your own binary.
Not sure how I feel about the rebrand, but I'm generally terrified of change, so even a UA-camr deciding to remove eight letters from their name can be too much for me sometimes, haha.
I am too, but thats life :)
Same, i have force awakening poster in my room, i haven't watch the movie (maybe snipptets on TV) i don't plan to since (from what i've heard) it's rather shitty movie, but i have it since middle school (or rather polish equivalent of there of) and i'm 22 in December so now removing it triggers my sentimentality
It's just a nice change it's a rebrand without the word A.I or Cloud afterwards. 😅
You have replaced about 330 billion cells in your body over the last 24 hours. You are not even the same person you were 30 minutes ago 😅
next up: Low, just low
shorty got low
LPL: This is Lockpicking, and today...
FW: Thanks for turning in for Forgotten, I'm iMac...
And of course SteveMRE1988 becoming just Steve
Who goes to new Jersey for vacation?
I hear the shore is a pretty exciting place
You do if your priest assigned it as penance.
Was thinking the same thing. Who would want to go on holiday anywhere in the USA (Montana being a notable exception!)... I'd rather spend a week in a septic tank 😅
@@NotMarkKnopfler Upper Michigan, New Hampshire and Pacific Northwest are quite beautiful too.
@@Lutz64 I'll deal with the state if I get to see the ship.
The reason why lots of those "security features" like ASLR and oft mentioned IOMMU aren't enabled for low level things that interacts with real world is, because they're inconsistent against the real world they interact with. Lots of those makes jittery mess in terms of response times. Webdevs think those are just one click enables because Web is jittery mess anyway but not everything in the world is.
@@すどにむ 🤣🤣🤣🤣
A MediaTek chip has a hole in it. The world yawns.
Please stop referring to forks of OpenWrt as OpenWrt, it would be the same as referring to Mint, Zorin, Pop! as Ubuntu. OpenWrt is not vulnerable to this. Additionally OpenWrt 19.x and 21.x are no longer supported, but regardless they are not vulnerable as they are not using Mediatek's proprietary SDK - the only thing with the bug. The mitigations are available as they are used by default in OpenWrt and Mediatek forked from it.
Ed: *Drop "Learning"*
Literally Everyone: My Disappointment is Immeasurable and My Day is Ruined.
SHARP suit my dude
I understand why you rebranded to Low Level. However, my 2 cents is that I prefer Low Level Learning😔
Having a good day
LLL releases a new vid
Misery resumes
Having a good day
LL releases a new vid
Misery resumes
Actually 🤓☝️ it’s LL now
Edit: Nooo someone beat me to it
Might be showing my age, but WAP will always mean 'like the internet, on a Nokia 3310, but somehow worse than that implies' to me.
I was so happy when you stopped saying "Hi my name is Low Level Learning" and transitioned to "Hi my name is Ed," and honestly this is still better than introducing yourself as the channel name
I appreciate dropping the learning because I felt bad at myself for not understanding a thing even when it's dummy simple
in my head this guy will forever be the tech bro version of nick from the yard
love the rebrand, channel feels more down to earth, more personal
Well... that's certainly some news... If you'll excuse me.... * Ron swanson throws computer into dumpster dot gif *
“Low Level Learning” speaks to SEO and reconciling your content vertical with viewer behavioral telemetry. Both might be more important than reconciling your content with how humans parse ease and memorability.
Low Level Learning is both easy to remember and has a better ring to it, I really can't see any pros to dropping it, like, at all.
Bro have you been hacked? What are you talking about? You starting a new "Tay SEO Tips" channel or something, and you're testing the waters in the UA-cam comments?
@@9hoot789 he is referring to discovery by search engines and recommendation algorithms, as opposed to traditional branding/word of mouth
Keep bringing us that chocolate rain the comments bro.
I like the old name better personally
I'm pretty sure most people do, I dont understand the need to change it
Rip LLL
atleast this forces mediatek to push updates to their old network cards, mine haven't gotten new one in the last like 2 years lol
Next rebrand: Low
thats too hard to say.
Next Next rebrand: L
After that, "L".
The real shock here is SonicWall found this.
They discovered a CIA backdoor 😔
Rust would be more adopted if its syntax wasn't so ugly. Beauty goes a long way. C# is much more loved than Java and one reason is that the syntax was much more elegant (debatable today, but true in its glory days).
like petition to turn back to Low Level Learning (please dont ban me i love your videos)
It had a nice ring to it for sure
Low Level: i'm beneath you but nothing is beneath me
Behold the Underminerrrrrrrr
This only applies to stock factory drivers, not opensource ones.
The thumbnail feels like clickbait. Why mention openwrt when its a mediatek vuln?
Always whenever he goes to vacation something like that happens.
You rebranded as Low level? So we stopped being noob learners and now we're just noob? Man, that's a downer.
The community is divided about your name change. Here's my proposal for a compromise:
Low Level Lear
You should start writing an OS in Rust. That would be sick! This can become THE THEME of this channel, a pinnacle of "Low Level Learning" so to speak.
Rust is like those plastic handles some nails have so you can place it perfectly straight and never hit your fingers. Is a nice tool that solves a problem no professional user ever had.
The problem is not the tool. The problem is that people that NEEDS those tools are working as a profesional contractors. And this people will harm themselves with the hammer, even with the help.
gotta love the "but what would Rust do?", this never gets old.
I think the problem is burritos. Whenever you eat a burrito, Internet will crash, AI will crash, some plane somewhere will crash. Burritos are dangerous.
i miss the learning man
Vanilla OpenWRT is not affected by this, as it uses open source mt76 driver with hostapd. wapp is part of Mediatek's proprietary driver
Look at the cve-rs repo to find safe ways to bust rust. Great repo.
What annoys me is that the articles just list the chipsets affected, not actual devices with the chipset in it nor which device firmwares are confirmed to be affected. Ubiquity, for example, claims they are immune to this issue despite being called out specifically in the articles. That creates confusion and makes it a LOT harder to determine what devices are actually affected. Nor do the articles provide any directions to mitigate either. I don't think I'm affected by this but I have no way to figure it out definitively either way.
bruh this can't be how I learned this a week late. Good luck with the rebrand!
"Low Level"?
Are you calling yourself a noob?
Before assignment check the length, it should be easy. Should...
Might use your courses for CPEs, looks dope.
Even the fire tv stick is affected.
Thank you for sacrificing you vacation days for the sake of stopping any more computer security vulnerabilities appearing .
> use software provided by your hw vendor
> get bad quality code
who would expect that…
and that is why we should push for FOSS firmware
I discovered this years ago but never talked about this because I thought this bug was obvious.
I liked the aliteration of the old name. Good video!
I'm not mad about the re-brand but It wont stop me watching and if it helps you that's awesome!
It does make me feel a bit sad about humanity though, especially if the word learning was scaring off viewers.
Good luck with the channel man, your videos are always fascinating and informative.
low level learning sounds like an educational channel, but low level is like you are flexing how low level youa are (still, your vids are great)
This confirms my bias against non-intel wifi chips
i was listening to the into and i was like oh shit... im currently on a wireless device :O
When using untrusted libraries, what's wrong with always allocating a properly aligned buffer at twice the maximum possible unsigned size the length variable can hold and pass a pointer to the middle of the buffer? i.e. If the passed length takes a byte, always allocate 256*2 bytes, if the length takes a word, then allocate a 65536*2 bytes, etc. And if you don't have enough memory available to do all that, then don't use that library.
Pointer to the middle because you can't trust that the library doesn't incorrectly use the wrong signed or unsigned op code at just the wrong time (thus could wrap around to -max_length/2+1). And aligned if the cpu has op codes that are alignment sensitive. You can't trust that the library isn't (or won't after some update) be using that wrong op code.
Man, you make me want to return to reversing again...
Code from a chipset mfg is just sample or test code, it is never meant to be used in a production environment. Such code often doesn't have bounds checking or full error handling. Many are written in plain K&R style C for simplicity.
How bout some Low Level Yearning?
i swear to god people in the cybersecurity world make up the most nonsense names for stuff possible lmao
Congrats on scoring the name Low Level!
Frick, my router use mtk 7621
Same, but it's not running 21.02 nor has any wifi functionality, so...
Rust boys will have a field day with this one
I would’ve rebranded the channel, in a typical aws fashion, as L3.
we no longer want new people learning the new level, too much buffer overflow bugs recently
low level learning is beter
sure.... no coincidence at all that these seem to overlap with your absences.... not sus at all
Openwrt in thumbnail but more like a mediatek vuln which is scarier
Low Level when High Level walks in:
If you stop going on vacation, vulns will be solved!
Not gonna lie, I though this was your second chanel at first
The reabrand feels weird and I miss your Logo.
But "LowLevel" feels way more connected to your Community, so I think its a good thing.
The following three WiFi 6 Routers released in 2020/2021 features the combination of MediaTek's MT7621A network accelerator and the affected MT7915 Wi-Fi 6 connectivity platform are as follows:
- D-Link AXO AX1800 (DIR-X1860)
- TP-Link Archer AX20 (AX1800 Dual-Band Wi-Fi 6 Router) released exclusively in China
- Buffalo AX1800 (WSR-1800AX4) released exclusively in Japan
Check if you own any of the aforementioned routers and please update its firmware ASAP to the latest version that patches up this vulnerability; if its not available then replace them with a WiFi 6E Router that features either a Broadcom or Qualcomm WiFi 6E SoC.
Mediatek is in a lot of consumer routers.. Linksys/belkin/tp use this router.
Meditek is an arm processor /soc made by the CCP
Today I learned that my WAP has an Atheros chipset in it.
Guys, you don't understand, the switch to L2 from L3 will decreases the latency between a video being requested and a video being recieved! Sure, we're losing some total capacity, but overall it means more videos will be coming out faster!
Not a very practical vulnerability in terms of mass exploitation in the wild. But perfect for targeted attacks.
However, it doesn't affect that many devices and only the unpatched.
Not that WAP,
I'll allow it... 10/10
“Not that Wap” 😂😂
Low Level Learning completed his learning. That's why it's Low Level now. When he levels up, it will be Low. When he smokes weed, it will be High.
Awesome Thank you for Sharing 💯✴
Daemon in Christianity translates to DEMON maybe they shouldn't let DEMONS work on computers who don't know what they're doing.
Correlation does not mean causation. Take time off when needed😁
I cringed when he pronounced SoC “sock” 💀
Goes to show you're never completely safe.
I think my AP uses that SOC, time to build a new OpenWRT image I guess.
(I live in the sticks with one neighbour, so I'm not super worried. They'd have to be on my lawn (not LAN) to exploit...)
FPGA open IP SoC routers/APs when? I guess I'll have to roll up my sleves and actually learn Verilog someday...
Ah well... gcc v12 even has a static analyzer built into it and optimization switches, that always have been in all those compilers for years give you compiler warnings based on bounds checks. Build it into your pipeline before building your release and already a lot of your mistakes are being detected for you.
"On vacation in New Jersey".... I don't understand that sentence... They are English words but don't make sense in that order 😂
What’s with the super clickbait titles these days? Love the channel but feels bad, man.
Blame is on you for getting baited, not the author on using it. You got free will, use it
@@avarise5607trash take. You can like a video and still hate the thumbnail. Boycotting a video that you think you might like just because of the thumbnail is a bit extreme, don't you think?
Rip low level learning, i guess im not learning anything anymore
The year is well beyond 2000...
Why are we still pointing to memory in code like this? Why are we still doing mem copy, mem-move and depending on the passed LENGTH of the 'buffers' to be correct?!
That was 'acceptable' in old ghetto crunk c/c++ code when we didn't care if crap crashed.
If you have code that is anything more critical than a retro mario-game clone running on a phone, then KNOCK THAT OFF!
i'm having a hard time adjusting to low-level
this channel is one of my favorite to watch. im 16 and i like computers
computers, Pog
Not taking any sick days either, huh? You look and sound sick as hell in this vid. I had to bounce a third of the way through the video (buffer overflow) because my lizard brain started screaming internally that "this person is sick get away GET AWAY"
low iq comment (i have an iq of 150)
I really want a Burrito...
Another day another vulnerability
That video title made me a bit nervous 😅