AllExJ – WindowsTechs.com

What is commonly done in embedded/IoT systems to encrypt flash storage? Is TPM, PUFs, eFUSEs, TEE used to get the decryption key?

Posted on November 10, 2025 by AllExJ

Assuming that RAM is inside the SoC, nullifying the possibility of cold-boot attacks, the only other way to obtain the decryption key is to extract it from the secure storage in which it is saved.
I think the four possibilities of secure s… Continue reading What is commonly done in embedded/IoT systems to encrypt flash storage? Is TPM, PUFs, eFUSEs, TEE used to get the decryption key?→

How do embedded systems protect encryption keys when no user authentication is possible at startup?

Posted on November 9, 2025 by AllExJ

Embedded and IoT systems power on autonomously, without user input (unlike PCs or phones requiring a PIN/password). If the manufacturer wants to encrypt the flash storage:

Must the decryption key be stored in a fTPM?
Otherwise, the unencr… Continue reading How do embedded systems protect encryption keys when no user authentication is possible at startup?→

Why does BitLocker keep the Volume Master Key (VMK) in plaintext RAM instead of inside a TEE?

Posted on November 9, 2025 by AllExJ

I have two related questions about BitLocker’s key handling:
1)
After the system boots and BitLocker unlocks the drive, TPM releases the Volume Master Key (VMK) and from now on it is resident in plaintext in system RAM.
Why can’t the VMK s… Continue reading Why does BitLocker keep the Volume Master Key (VMK) in plaintext RAM instead of inside a TEE?→

Intercepting and manipulating via MITM but with generic TLS traffic, not https. And with Android as a target

Posted on September 21, 2025 by AllExJ

I’m trying to intercept TLS traffic on port 8443 between an Android app and a IPcam (8443 is the webcam’s port) on my LAN, on-the-fly (like Burp Suite does with HTTP(S)). Protocol in 8443 is not HTTPS.
I tried Burp Suite and mitmproxy by s… Continue reading Intercepting and manipulating via MITM but with generic TLS traffic, not https. And with Android as a target→

For a router, is storing the Wi-Fi password in plain text in its own storage/firmware considered a vulnerability, or is it standard practice?

Posted on August 18, 2025 by AllExJ

All the routers firmwares I’ve dumped so far, memorizes the wifi password as cleartext (or encoded, but it’s basically cleartext).
Is it normal? Or actually for less cheap router there are other solutions to prevent this?
Can this be consi… Continue reading For a router, is storing the Wi-Fi password in plain text in its own storage/firmware considered a vulnerability, or is it standard practice?→

Clarifying BitLocker Full Disk Encryption and the role of TPM

Posted on December 29, 2024 by AllExJ

Question 1:
Can you confirm that in a full disk encryption setup like BitLocker, when we normally boot the system, use the password, and log in, the key to decrypt the disk is loaded into RAM?
If so, this means it is stored in plaintext an… Continue reading Clarifying BitLocker Full Disk Encryption and the role of TPM→

What is the difference between Root of Trust and Trusted Computing Base (TCB)?

Posted on November 25, 2024 by AllExJ

RoT: element within a system that is trusted and must always behave as expected because any misbehavior cannot be detected at runtime. It’s part of the TCB.
TCB: the smallest set of hardware, firmware, software, and other resources (e.g.,… Continue reading What is the difference between Root of Trust and Trusted Computing Base (TCB)?→

Why in this TLS handshake, the ClientHello,ServerHello, etc are not Piggybacked in the ACKs packets? [closed]

Posted on October 14, 2024 by AllExJ

In the TLS handshake, I noticed that key messages like ClientHello and ServerHello aren’t piggybacked onto ACK packets and are instead sent as separate packets. From a networking perspective, this seems inefficient because there could be … Continue reading Why in this TLS handshake, the ClientHello,ServerHello, etc are not Piggybacked in the ACKs packets? [closed]→

Why should an attacker perform a clickjacking attack when they can simulate the click with JavaScript?

Posted on September 22, 2024 by AllExJ

What’s the reason why an attacker should choose to perform a clickjacking attack?
If they create a malicious website, they could just perform the action automatically, they don’t need to "trick" the user to click on the hidden if… Continue reading Why should an attacker perform a clickjacking attack when they can simulate the click with JavaScript?→

Understanding Cross-Domain Cookies and `SameSite` Attributes with Express.js and Third-Party Tracking

Posted on September 9, 2024 by AllExJ

What I have understood (I guess):

Cross-origin Cookies:
Cookies set with Domain="example.com" are not sent with fetch requests from origins like hello.example2.com to mywebsite.example.com because they are different domains. How… Continue reading Understanding Cross-Domain Cookies and `SameSite` Attributes with Express.js and Third-Party Tracking→