Didier Stevens

Sunday 31 July 2022

Quickpost: iPad Pro Charging – Power Consumption

Filed under: Hardware,Quickpost — Didier Stevens @ 9:01

I charged an iPad Pro (12.9 Inch) and measured the power consumption (at 120V and 230V). According to the specs, this iPad has a battery with a capacity of 40.88 Wh.

Procedure: when the iPad Pro turns itself of because of a low battery, I started to charge the iPad with an Apple A2347 USB C charger and measured the AC power consumption of this charger. It consumes around 21 Watt, this value starts to diminish when the battery approaches full charge. When at 100%, the charger will still deliver power, slowly decreasing to 3 Watts, and then it stops delivering power for charging. At that point, I stop the power consumption measurement.

I did not use the iPad while charging.

This measurement was done twice: at 120V 60Hz and 230V 50Hz (using an AC power supply).

ACWhDuration
120V 60Hz57.17103:07:48
230V 50Hz57.55903:09:16

There’s not much difference between the two measurements, but what I’ll certainly take away from this test, is that it takes around 57 Wh of AC power to charge a 40.88 Wh battery!

Update: when I did these tests, my iPad Pro had around 84 charging cycles.

Quickpost info

Monday 25 July 2022

Quickpost: Standby Power Consumption Of My USB Chargers (120V vs 230V)

Filed under: Hardware,Quickpost — Didier Stevens @ 16:11

I did not explicitly specify in my post “Quickpost: Standby Power Consumption Of My USB Chargers” that I did my tests here in Flanders, Belgium and thus that the mains electricity is 230V 50Hz.

I wondered what the results would be in other parts of the world, like the USA. To answer this question, I redid my tests with the USB chargers powered by an AC power supply that delivers electricity at 120V and 60Hz.

The devices I tested are:

  1. Apple A1357
  2. Apple A2347
  3. Anker A2053

The no-brand USB charger was not tested, as the input specs specify 220V – 240V.

I connected each one to the AC power supply (120V 60Hz) and used a powermeter (GPM 8310, resolution 0,1 µW) to measure the standby power consumption over 24 hours.

This is the result:

Model24 hours (Wh)1 hour (Wh)1 year (Wh)
Apple A13572,04250,0851745,5125
Apple A23470,54730,0228199,7718
Anker A20533,75270,15641369,7360

24 hours is the measured data, the “1 hour” and “1 year” columns are calculated based on the 24 hours data.

And here is the summary for 120V and 230V:

Model1 hour (Wh, 120V 60Hz)1 hour (Wh, 230V 50Hz)
Apple A13570,08510,1202
Apple A23470,02280,0530
Anker A20530,15640,2114

It’s clear that my USB chargers consume less standby power at 120V 60Hz than at 230V 50Hz.

Quickpost info

Sunday 24 July 2022

Update: re-search.py Version 0.0.21

Filed under: My Software,Update — Didier Stevens @ 7:24

This new version of re-search.py adds a regex for UNCs to the library and has a Python 3 fix.

re-search_V0_0_21.zip (http)
MD5: 294DD5D4027F0AFD0A2DE6432FE4552D
SHA256: B818CE4F7E217B381128550A3A36B40B6D07CC687CE4CF5AFF3C70EC0D3EEAD2

Saturday 23 July 2022

Update: oledump.py Version 0.0.69

Filed under: My Software,Update — Didier Stevens @ 7:59

This update brings an update to plugin plugin_vba_dco.py.

This is a plugin that scans VBA source code for keywords (Declare, CreateObject, GetObject, CallByName and Shell), extracts all lines with these keywords, followed by all lines with identifiers associated with these keywords.

For example, if the result of a CreateObject call is stored in variable oXML, then all lines with this oXML identifier are selected.

I updated this plugin with two options -g (–generalize) and -a (–all).

Option -g generalize will replace all identifiers (like variable & functions names) with a general name: Identifier#### where #### is a numeric counter.

I added this option to analyze a sample where almost all identifiers where completely unreadable, as they consisted solely out of characters that are between byte values 128 and 255 (e.g., non-ASCII).

Here is the output for that sample, without using any plugin option:

You can see the CreateObject functions, but appart from the WshShell identifier, the other identifiers don’t have letters and are hard to trace in the code.

This changes when you use option -g:

All identifiers have been generalized to names like Identifier0001, Identifier0002, …

To view all generalized code (and not only the lines with keywords), use option -a:

Remark that this plugin is not a VBA parser: it uses some simple scans and regexes to find identifiers. For example, it handles line comments like any other lines.

oledump_V0_0_69.zip (http)
MD5: 9FDE05EB0B475C5BB76A92A926DBE8CD
SHA256: 16761C633DEC83CB691AE7223BB5AE82E5EC668F5D161499800638BC45420285

Wednesday 20 July 2022

Update: sortcanon Version 0.0.2

Filed under: Uncategorized — Didier Stevens @ 0:00

This new version adds a sort function to sort email addresses by domain first.

sortcanon_V0_0_2.zip (http)
MD5: ED6DBE384707778E765C9BD6B6880C05
SHA256: 190922F347AC1B32D0CE503D1763F27A250D9BFDD15CB911EA4435BAB7E69CD3

Tuesday 19 July 2022

Update: base64dump.py Version 0.0.23

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version adds JSON input support, allowing,for example, to detect encoded payloads inside the registry:

More info in an upcoming blog post.

base64dump_V0_0_23.zip (http)
MD5: 00D1E2344A6D09D3A2F18FC257F77090
SHA256: E4CA046198E801DFF309D6A8B346D5084FB4B4DFBFD339C5BCB3EF570CD08A79

Tuesday 12 July 2022

Quickpost: Standby Power Consumption Of My USB Chargers

Filed under: Hardware,Quickpost — Didier Stevens @ 0:00

I did some tests with my USB chargers: how much power do they consume when plugged into a power socket without charging any device (standby)?

The devices I tested are:

  1. Apple A1357
  2. Apple A2347
  3. Anker A2053
  4. No-brand: Chacon EMP604USB

I connected each one to a powermeter and let it measure the standby power consumption for 24 hours.

This is the result:

Model24 hours (Wh)1 hour (Wh)1 year (Wh)
Apple A13572,88470,12021052,9155
Apple A23471,27230,0530464,3895
Anker A20535,07340,21141851,7910
No-brand: Chacon EMP604USB5,64730,23532061,2645

24 hours is the measured data, the “1 hour” and “1 year” columns are calculated based on the 24 hours data.

The no-brand USB charger consumes the most: around 2 kWh per year, which is still less than a switched off Philips Hue lamp.

Using the same cost as for the Philips Hue lamp, that no-brand charger costs me around €1 if I would leave it plugged in for a whole year without letting it charge anything.

Quickpost info

Saturday 9 July 2022

simple_listener.py

Filed under: Announcement,My Software — Didier Stevens @ 21:05

This is the release of simple_listener.py, a Python program that can accept TCP and UDP connections and react according to its configuration. It has evolved from my beta program tcp-honeypot.py, that I will no longer maintain.

Everything you could do with tcp-honeypot, can be done with simple_listener.

I use simple_listener now whenever I need a server that listens for incoming TCP and/or UDP connections. For example, I have a configuration that can accept connections from Cobalt Strike beacons using leaked private keys.

simple_listener has a full man page, explaining all configuration items and options.

simple_listener_v0_1_2.zip (http)
MD5: 8F79FCB51EE2C1EB20B0F30F022EAE47
SHA256: F0EED539775AF36FFEB9B91529AF852C833D6A2764A9B9C65998AEA577F08175

Friday 1 July 2022

Overview of Content Published in June

Filed under: Announcement — Didier Stevens @ 0:00
Here is an overview of content I published in June:

Blog posts: YouTube videos: Videoblog posts: SANS ISC Diary entries:

Blog at WordPress.com.