>> Alright this is my first time onstage at Def Con not rapping, so I am a little bit nervous This is um, Anti-Forensics AF Uh, I’m.. when I would see internet memes that were like that’s silly AF or that’s stupid AF, I would read it as like that’s silly Anti-Forensics And… [Laughter] My name is Int Eighty. I’m the rapper in dual core and um this is the fourth Anti-Forensics talk that I’ve ever made. Uh so the other three, they’re online, I’ve presented at like Derby Con and stuff like that, so you can watch them on YouTube. And uh, here’s, here’s some stuff that we’re gonna talk about today Um, we are uh, we’re gonna start kind of where I left off with my previous Anti-Forensics talk and we’ll talk about some self modifying code in memory for Windows executables. Um, this is like coming from the context of being an operator and being on a compromised system and you have malware in place running and you’re trying to prevent your malware from being acquired and analyzed. Uh then we’ll talk about some Android stuff. Um so I’ve got some Android Forensics research that I’ve done with my girlfriend and then also some Anti Forensics. And uh I’ll probably win the award for worst Def Con demo ever. And then uh, I have some stuff with SD Cards but I’m having, uh display issues with my Linux laptop. So if we can’t get it to work, uh we will, uh I don’t know, I’ll be in the vendor area afterwards so I’d be happy to show you guys some cool Sd card tricks [Baaahhh] [Laughter] Uh so I currently work on a red team and I get shells and write malware uh for, for a living and I come from a reverse engineering background so I’ve never done forensics professionally so um you know, don’t, don’t really take my word for all of this. I mean it works, but I’m not a forensics professional. UH, I’ve had some really interesting run ins with uh law enforcement and three letter agencies and I’d be happy to talk about my trolling of certain agencies like the FBI and the NSA. Um in some other time when I have a drink in my hand or something like that so if you want to find me after the talk, I can tell you some fun stories. Again I’m not an expert, uh I just like to try stupid things on computers and see what happens and so your milage may vary but I’m sure you guys are all way smarter than I am and can come up with way cooler and more technical things. And then the last part is um kind of a commentary on our current legal sys, uh system and um every cool thing I know how to do with computers is illegal and so I’ve learned to cool things with computers by doing illegal things. So I highly recommend doing illegal things. [Laughter] [Baaaahhh!!] [Laughter] Alright cool so, uh we’ve all known for the past like decade or so Memory Forensics is the new hotness right? You can get all of the good stuff out of ram. And so again the context here is you’re an operator, you’re an attacker, you’re on a system, you’ve got malware running, you’ve got an implant, you’ve got you know, persistence. But you know, it’s expensive to build a tool chain and so you don’t want to get your malware caught. You don’t want it to be analyzed, you don’t want IOCs to be coming out about your malware, you don’t want it to be detected. So the whole goal is to keep our malware running on a system and thwart either acquisition and or un analysis. And so in the previous talk, um I’ve done some tampering, uh for the acquisition side, and in this one we’ll look at the analysis side. With a little bit of acquisition. Uh like I said, cool stuff happens in memory, um but we kind of take advantage of this. Right? The analysis tools, they need all of the data about your malware in order to be successful in analyzing uh what you, what you’ve coded. And so we don’t need all of those sections, uh once we’re loaded in memory. Um so we can tamper them, or remove them or whatever and therefor our execution still continues, we persists as operators on our target environment but analysts lose and can’t analyze our malware Uh and so it’s great, we can basically just, like I said, either modify or remove bytes and the analysis cools…tools can’t do their job. [Baaahhhh!!] [Laughter] So this first demo is um, a POC that I wrote called “The keys are like right next to each other.” It’s kind of a throwback to the Bash dot org quote. It’s a common type, the keys are like right next to each other. Alright, here we go Okay, everybody see that okay? My text is big enough? >> All good. >> Cool, alright awesome Alright so uh I have a malware sample that I wrote called the

keys are like right next to each other. So it’s running. Alright we can see that it’s executing, everything’s good let’s do an acquisition of memory. So I’m using uh recall which is an open source framework published by Google. You can grab it off of their GitHub. So first what we’re gonna do is acquire memory and we’re gonna put it in this file called L-O-L dot A- F-F four. And you can, you can name it whatever you want. I just think it’s funny so. [Laughter] I should have like a how to basic video in here somewhere probably. How many people are coming to the Def Con party tonight? [Cheer] Awesome. I’ll be rapping at one thirty headlining so I’ll see you all there. [Woo!] How many people have heard the song, ” Drink all the Booze, Hack all the Things?” [Woo!] >> Many times. >> That is exactly how many album sales we have. Wow. [Laughter] Thank you guys. [Laughter] Alright. I thought Ram was supposed to be fast. How many people first year at Def Con? [Clapping] Nice! Thank you for coming. How many people twenty fourth year at Def Con? [Laughter] Nice! Why did I do a sixty four bit B-M [Laughter] Alright well. While that’s going, this is what the, the malware looks like loaded from disk. Right? This is statically loaded, the keys are like right next to each other in IDA. You get a nice call graph, you see all the subs. You can do strings. Alright, we can see all this cool stuff. Everything looks good, right? There’s, there’s no real complaints here But, yes okay cool. We finish our acquisition, so now lets get that malware. Again, malware’s still running, so… Alright so, uh this basically gives you like an I python notebook for your workspace, um in recall, and we, it’s really nice, it’s basically Python and you can get tab completions. So let’s uh let’s knock out this binary. We don’t even have to know the Pid, we can just say the keys and, let’s give it a dump directory. I’ll just put it right on the desktop. SO it’s dumbing it out of the acquired ram image now Cool. And so there we go, we got a dumped pid forty seven one ninety two. Here’s our executable, forty seven ninety two, load it in IDA. Hmm doesn’t, doesn’t know what to make of it. Guesses it’s a MS Dos Com file. Let’s see what it says. That does not look the same. And so, you notice it doesn’t even know the segment names, these instructions don’t look legit and we have just a bunch of bytes. So, but Malware’s still running. Right? So, what does this look like on like for the code? Uh, this is a c plus plus file, sixty three lines, not including comments, and or including comments. So all we do is resolve our way into finding the header in memory and once we’ve recognized like yup we’ve found our header, our executable header, uh we call virtual protect so we can uh set the right bit for permissions on the page for the header and then we zero off the memory with this call to RTL zero memory. It’s basically just mim set underneath the hood, but what you end up with is losing all the data structure about your portable executable at that point, right? The whole thing is gone. Uh we reset the permissions back with virtual protect, and just in this case, the POC just loops and, and that’s it. So you know pretty simple but BT analysis tools Our malware persists hasn’t been

analyzed. Uh, you know you could, um you could go through here and try to like, you know hit, hit C and IDA and see if you can figure out like you know, is this code, is this code? Right? It’s not data, is it code? And maybe get some disassembly of the instructions but it’s going to be a pain in a butt and I also don’t know any forensic investigators that even have IDA installed to begin with. So, [Chuckle] I don’t know. I’m hedging my bets. My threat model looks like that Cool. Uh let’s see, I can actually show you guys the hex editor too. This is, this is what it looks like in the hex editor. Just a bunch of zeros Right, whereas in the original in hex editor looks like a normal windows executable file So, pretty neat. But if you want to take this further, you can do some interesting things to throw off the analysis tools right, like uh two of my, two of my friends, Richard Wartell from Palo Alto Networks and Craig Smith from Open Garages independently suggested to me like rewriting a new PE Header So I don’t know if you guys have ever seen something like tiny PE where you could write like a new executable into like part of the memory space and you know it might throw the analyst off by a lot. They’d be like oh, it’s just tiny PE even though its you know, a ten K file. Or something like that. Um you can do uh other things like uh modified values in the header and uh you’d get some interesting results aka crashes with the analysis tools if uh if any of you are so inclined to research that particular vector. Alright Any, any questions on what we did with the keys are like right next to each other for Windows? Cool. So the whole reason this works is, in order to get from on disk into memory, you need your PE header so you can load and navigate all the data structures and get everything loaded. Um but once we’re in memory, we don’t need the PE header anymore. Right? We don’t need to reference back into there uh into that section, we, our code is executing, we’re good to go. So in this case, we just zero the memory, and we’re still running, we don’t, we don’t need to reference the section header but the analysts tools failed. And so in the preference Anti Forensics talk, I demoed this in Windows XP uh before it was end of life and here I demoed it in Windows ten, it still works. [Baaaaahhh!!] [Laughter] Uh for completeness in case you guys wanna take pictures of the slides, or anything like that, I mean I guess they’re on the CD too but I don’t know anybody that has a CD drive. Buy Dual Core CDs [Laughter] Alright, this is, this is what we ran [Baaaaaahhh!!] [Laughter] Alright, so then uh you know, the next question is, well will it run in Linux? Usually the question is, will it run Linux but it’s an intel chip so it’ll run Linux fine. Alright. Alright cool. So uh here I’ve got uh you know Linux port of the code, uh the keys are like, right next to each other, running. This is just some debugging output Alright cool so let’s get ram in Linux. Sorry I made this talk a bit ago and I’m really forgetful because contact switching so I have all my notes here. Alright So uh to acquire ram in Linux, uh you know in Windows, we use recall but we’re going to use Lime which is an open sourced tool. Published by the five oh forensics guys. You can grab this off of GitHub as well. And once you build it, it um it shows up as a colonel module so in this case its this uh lime generic dash K O. Which matches the version number of your Linux colonel. And, we’ll specify a path to dump it out to. So great, all we’re doing is just loading, loading this colonel module and it’s gonna acquire ram for us. Are you kidding me? [Laughter] Oh maybe I did’t build it. Let’s build it [Laughter] Uh. Woo! [Laughter] I really didn’t know what was gonna happen there. [Laughter] Alright, that one worked. Good Alright so. Great, we have a memory acquisition. Let’s check it out with volatility. Oh God, I hope this works too [Laughter] Alright, so. This is

uh Volatility’s um by the volat…, Volatility foundation Open source framework written in Python. Does a lot of cool stuff. Uh one thing I’ll go over with more verbosity in the slides is um building Volatility for uh your Linux setup. Um by a default it doesn’t come ready to run on Linux uh but it’s pretty straight forward to get it, to get it going. So let’s… let’s take a look at our memory acquisition here. Alright first let’s find our PID. These are just modules that weren’t installed. Oh God. Oh there it is. Phew. [laughter] Alright Ninety eight oh one. And just to confirm. Yup, we’re still, still running. Still doing evil stuff [Laughter] It’s false advertising by the way. It’s just printing. >> It’s pretty evil. >> Okay. So, looks, looks like it dumped, right? Outside of the module. Module said it tried to load. Uh everything else fine, no complaints, right? We’re good to go. Four, four hundred thousand hex looks like a solid base address for standard Linux image. So let’s take a look. Uh, there it is. Okay cool. So here’s our process dumped out in memory. Oh that’s weird, it’s empty. Ah ha sweet, we won. Zero file size They couldn’t… Forensics investigator can’t get our malware out in memory. Good job us. [Yay, laughter] [Applause] Uh, let’s take a look at what this one looks like. So it’s pretty much the same thing. A little extra debugging output Uh.. This code here, lines sixteen through twenty is bad And I should feel bad [Laughter] Uh, I’m literally like taking a short cut to, to, I’m using F scan F and reading out of the Proc maps to find the header and memory.Um there’s probably an actual legit way to do this but I’m lazy and this worked so. Uh Cool. So we find the header, just like we did in the Windows version. Uh in this case instead of virtual pretect, protect we call emprotect uh again setting permissions for both read right all three read right and execute. Uh then we call mem set, zero out the header in memory and call and protect again to restore the original permissions. So if you, if you caught this right at the moment that the the overwrite was happening, it might look weird seeing the header with all three read right execute permissions but if you catch it afterwards, which you will, maybe. Um, then you’ll see it look like normal with only read and execute. And then uh this is just more debug output and here we go. Just infinitely looping, doing evil stuff. So, that’s all it takes. Hack the planet [Laughter] Cool. So you know we did, we did get an acquisition with Lime, um we didn’t tamper the acquisition too much but we ended up not being able to extract the actual binary volatility. So, good job [Baaaahhhh!!] [Laughter] This works for the same reason that the Windows one works. Uh we don’t need the executable header, right so, Windows uses portable executable, or PE. And Linux uses ELF which I don’t know what it stands for but who cares? And uh, we do the same thing. We zero the header, and since we don’t need it once we’re in memory, it continues to run but the analysis tools fail So this was my uh this was my win on the fly I successfully built Lime with a make command Good job, me. Uh the real bread and butter here is the insmod, so inserting the colonel module And um uh pointing it at the output path and giving it the format. And this is the volatility stuff, so if you want to install it straight out of their GitHub, just do a Git clone um, python setup dot py install, pretty normal. Although I always forget that if I don’t do it like if I always use PIP for awhile and then I’m like wait, how do I do this manually? Uh that’s why I put that line in there. And then um, this is building the Linux profile Right, like I said, volatility out of the box, is not gonna work on a Linux Vm or a Linux system. So you need to build a profile for the actual system that you’re gonna be um, uh, um

acquiring the ram from. So uh, you’ll go into tools Linux sub directory in the volatility of directory, run make and it will create this module dot dwarf file. And if you run head on it, the first line you should see should be dot debug info and that will tell you that you did a good job. And I think all of this is in their GitHub anyways [Bahh!] [Laughter] Uh, and then, um once you built the module for that dwarf file, you copy it into the volatility file system where it wants it and then you can verify that you’ve got it by running that first volatility command that I ran and grepping for Linux and that will tell you, uh that you’ve got a profile for Linux now. Then we did PS list to find our process ID and then uh we did proc dump and that tries to dump out the image of our malware and fails [Baaahhh!] [Laughter] Alright, uh Android stuff. Um before I get started on the Android stuff, I will say uh that none of this addresses any of the Qualcomm trust zone issues or like the driving of hardware encryption key from that. The premise is in my threat model, I’m not going up against somebody that… or um the people that I might against don’t care about me enough that they’re gonna send my Android device off to Israel for cracking. [Woo!] Alright, cool So uh, I also used Tor, used Signal for this. It followed the grugq on Twitter. Planning Thanksgiving, use Tor, use Signal. [Laughter] I like that one because I’m allergic to nuts. My tree nerd credibility The retweet in here is I want to eat a pint of jerry garcia ice cream should I use a bowl or not? Use Tor, use Signal [Laughter] Selling social security numbers for bitcoin please contact me on my XMPP and will discuss further. use Tor, Use Signal. [Laughter] [Baahhh] [Baaaaahhhhh!!!!] {laughter] Okay, I’m really sorry. I’m just gonna say it, I’ve had like this research for awhile and really the only reason I made this talk ’cause I thought the format for screaming goats in slide transitions was hilarious. And so I’m so sorry to everybody [Laughter] Okay so this whole premise of Android stuff is all about using encryption right? And so to understand why using entrip, encryption is so important for your Android device, uh we’re gonna talk about the acquisition and analysis process of Android Forensics first. TLDR it sucks [Bahhh!] [Laughter] Okay, so Android Forensics, is not the easiest thing. Um anybody here done Android Forensics? Few people. Nice. Alright so, this is the way that my girlfriend and I figured out how to do it if you’ve got like flashy hardware and budget and stuff like that. It’s probably way easier. But uh, you have all these, these like um blockers in place that you need to work in order for your kill chain to be successful. So if you want ram, you have to be running a, uh, an Android colonel or a Linux colonel that allows loadable colonel modules. Because you can use Lime to acquire ram on an Android as well but out of all of the Android devices I looked at none of them have a colonel that allows loadable colonel modules. Which I mean is good, for my personal usage I wouldn’t want that, right? Um so, you’re probably going to lose at memory forensics right from, right off the, right off the bat. Uh the way we did acquisition, was by cross compiling net cat um for arm and then placing it on to the device which already your, you know if you do uh traditional forensics, you’re only read only. Right? Your method is read only. And so you’re already writing on to the device that you’re gonna be doing read only from. And there’s a bunch of different interfaces that get exposed based on your build of Android So, in order for successful acquisition of ram. You need the device to be powered on, the device to be decrypted, unlocked, rooted, and USB debugging. that’s if you want a full physical acquisition of the nand storage. So guess what, if you’re encrypted, then you already killed them with the second, second step. Then if you want ram acquisition, then you need the loadable, loadable colonel modules. [bahhh] [bahhh] [bahhh] [Laughter] Okay, uh so, um this is like kind of the verbose notes of um doing

Android forensics. Uh once you’ve attached your device to your acquisition machine, uh you can run ADB devices and that will show you a list of Android devices that are attached. Then once you’ve got your cross complied net cat binary, you push it up onto the Android device. So that’s just adb push Then you set up a less listener This is like the weirdest thing I’ve ever seen in forensics. So you’re forwarding all of the acquired data over at TCP listener. In this case port four four four four. And if you’re playing a drinking game and you have to drink on the word four, you’ve be in a lot of trouble right there. Uh then you spawn a shell call a SU. Uh that’s the part of the device being rooted Copy the net cat binary over into dev NC and change motive for executable bits. And then you would DD. And we’re all familiar with DD, so that’s fine, nothing crazy there. Uh but you pipe it into net cat over your listener, [Laughter] And then you acquire it over the net cat connection. It’s all USB right, its not like going out over the air or anything like that. It just, it just seems like such a weird set up. And then uh SHA256 sum it and make a back up copy and SHA256 on the back up copy. [Goat Simulation Video] [Laughter] Goat simulator. Uh okay so one of the weird things that I found uh, um my girlfriend and I found during our research on Android forensics was you’ll find NAND exposed by different interfaces Um so if you look in proc partitions that’ll tell you where you can acquire from but um I’ve seen it under these, these ones that are listed. Dev Block MMC Block, Dev MTD, MTD, Dev MTD BLOCK, Dev EMMC, and I thought I was being clever there with that c plus plus no comment. [Laughter] Dad jokes [Goat simulation video.] [Laughter] Uh if you wanted, that’s if you want physical acquisition, if you want logical acquisition, it’s way easier right? You don’t need root necessarily, you can just plug the device up. You’ll need USB debugging enabled but you can just do a ADB pull. There’s like a bunch of facilities that are available via ADB and the Android SDK that you can, you can acquire data off of a target Android device. I thought ADB back up one was kind of interesting because it creates this like jar file and you have to put a pin in for it um it throws like a pin on the device I think and that then exposes your pin in the bash history. If you were maybe targeting a forensic investigator. I don’t know. [Goat simulation video] [Laughter] Uh, more stuff dump state. Like all these things get you different pieces of data about the device like radio history, location history. Stuff like that. There’s also a tool out there called AF Logical OSE and it’s an open source edition Um it’s pretty nice, it can, it can get you a good acquisition of data as well. I think there’s a law enforcement edition. So if you wanted to impersonate a law officer you could try to get a copy of that. Or be a law enforcement officer. [Laughter] Didn’t even think about that second part. [Laughter] Uh so yeah. So basically like you know it takes all hat stuff to just to get an acquisition. It sucks And you know, you’re writing a net cat binary onto the device you have to be able to justify all the changes that have happened to the device. You’re volition the traditional forensics methodology. Um and yeah all this stuff is easy to describe. We’ve got that super long kill chain. If the device powers off, it’s over. If it’s encrypted, it’s over. If the USB debugging’s not enabled and you can’t get it unlocked, it’s over. [Giraffe simulation video] It’s not even the goat [Laughter] Alright so, use encryption, right? And um here’s like some examples, in areas that I thought were applicable So number one, if you’re out operating and you’re and your or your freedom fighting as the Gruqg calls it. Uh, you’re not going to bring your personal phone with you. You’re not going to bring your personal device right? So you leave it at home but what if you’re out freedom fighting and you get raided by law enforcement while you’re out. You don’t want them to acquire all the evidence off of your device. Uh also like um I may or may not know people that build hardware implants for Android devices and reply them while operating. And so uh you know if your impact gets phone by a blue team or somebody else that’s not meant to find it. You don’t want them to acquire whatever evidence you’ve acquired while operating. And then um how many people here knows, know Koz? So Koz has a penchant for smashing cell phones and initially I put this is as a shrug but when I looked at it in the context of Android it looks like a asked 29:58 throwing his cell phone on the ground. [Laughter] Alright, cool. So my thought was if I’m leaving an Android device somewhere and it’s got full disk

encryption and it’s running, and it gets acquired by somebody that I don’t want to acquire it All I really want to do is just turn off the device. it’s powered off, everything encrypted at rest. I win. Kill chain’s broken. Forensics Investigator get nothing. And then of course, lawyer up. And that’s after you’ve deleted Facebook and hit the gym [Laughter] Oh before actually Lawyer up first. Okay cool. So you have all these awesome sensors available to you in um, in your Android device, right? You’ve got Bluetooth, Cellular, etcetera. So my thought was, you know, you could pair to a Bluetooth device in your house, and if it all the sudden the device becomes unpaired. Turn the phone off. Now its encrypted right so, the FBI comes they put your device in a Faraday bag You become unpaired or you go off the cell network. Right? Turn the phone off. Encrypt it Uh set the GEO fence, if it wanders outside the Geo fence using the GPS, turn it off. Must of walked away on its’ own. So um, so yeah, so I’m just leveraging the facilities available to me on the Android device. [Baaahhh] [Laughter] So I wrote this tool called Duck the Police. [Laughter] And it’s just an Android app and I and I suck at programming as you could probably tell from the other source code so. Um it’s not, it’s not amazing but it does turn the phone off. [Laughter] So um, so yeah so, here here’s my entry for the worst Def Con demo ever. So… [Laughter] So you’re just kind of gonna have to take my word for it [Laughter] Uh, so I’ve got my Duck the Police app here with the a Dolan icon. And I select movement, and I Duck the Police There you go. And set my phone down and I pick it up and it’s off. And it’s encrypted now. So now Law Enforcement gets no evidence off of my device. That was the easiest solution I could come up with and like right at the top of my coding capacity [Applause] And uh this is the only meme that I could find that said Duck the Police on it. And these were my next best ones [Laughter] That one I love because a former coworker of mine he was like oh yeah, you know like I can pick the boots on cars. He ca.. I can pick the lock on those. He’s like the police charge a hundred and twenty five dollars to take them off, I charge seventy five [Laughter] So much chaos on the internet. [Laughter] So yeah, so that’s uh that’s like my Android uh Android stuff and uh again like those are my my ideas for scenarios but the device turns off and now all of your evidence is encrypted and again not taking into consideration the trust zone and, trust, Qualcomm trust zone stuff. [Baaahhh] Alright so I was gonna play CTF with you guys but unfortunately the Demo Gods are not with me on the display from my Linux laptop. So I’m happy to demo this, I’m gonna be, I’m bending with Hack Five, they’re the bros in the vendor area that have the huge pineapple. So if you wanna come by or find some other time during the conference, um, I can show you this in person. but, uh basically this is like some cool stuff that Craig Smith from Open Garages put me on to with SD cards. And this was to prevent me for going too far into the slides before showing the answers. [Zebra screaming] [Laughter] But basically, the set, the CTF set up is I have an SD card in my laptop and its got a text file on it and you cat the text file and it says the rules are simple, just add your name. Unmount the text, or uh unmount the SD card. Uh remove it from the laptop, plug it back in and verify that your name is still there. And what ends up happening is, uh you, you can you know mount the SD card, write a pin on to the um text file, you mount it, no complaints at all, you remove the SD card and you put it back in, and your name’s not there And so, the CTF is like we go back and forth, like what would you try. Like people are like try like change mode, zero,zero, zero, zero. You know like all zeros, no, no read no write, no execute bits. That doesn’t work Try change attribute. You make it plus A or plus I, and that doesn’t work. Um and so what it is is actually uh modification uh in working with the firmware

on the Sd card so there’s an open source tool called SD tool and um what it can do is lock and unlock the device. And this is aside from the physical lock that’s on the device. And so the rights all happen in memory so the underling OS, everything looks good, everything fine but then below that the firmware uh to the SD card is not preventing or it’s preventing or not allowing the rights on to the actual storage. so as we all say, no logs, no crime [Laughter] [From audience: So say we all.] And so it’s um, it’s pretty neat. Uh there’s a couple caveats uh so like if you’ve got like a USB hub, it may not work. It might expose it as like um like a mass storage device. Uh but if you have a direct MMC device, it should work. You might need to go through different SD card um cages but one of them should work. [Bahhh] [Laughter] Uh and in the example scenarios, where I thought this would be good also like building your own hardware implants using running off of a Sd card uh anybody that does like PORTAL of Pi or anything similar to that um you can do the same since its Raspberry Pi running off an SD card and if you make your like attack infrastructure attack VM’s running off of SD cards, none of your logs get written to storage. That’s kind of neat >>[Video: I still don’t know what this. What is that?] >> How many people have seen this Ladder Goat? [Laughter] [Screaming sounds] >> Get up there. [Laughter] [Video: Oh you, Ladder Goat. You’re so random. ] [Laughter] >> This is how you use SD tool um, uh you just basically point, once you build it, uh point it at the um MMC device and then you can get the status or lock and unlock it. Uh quick note, I switch my make file to use clang instead of uh GCC. Built, uh GCC gave me errors, but clang was able to build okay. [So hello from the other side. I must have called a thousand ti.. [bahhhh] …mes. ] [Laughter] [To tell you, I’m sorry. ] [Laughter] [Applause]