Re: USB-serial adapter suggestions needed

From: bob prohaska <fbsd_at_www.zefox.net>
Date: Wed, 27 Dec 2023 15:59:37 UTC
On Wed, Dec 27, 2023 at 01:48:33PM +0000, John F Carr wrote:
> 
> 
> > On Dec 27, 2023, at 03:30, Mark Millard <marklmi@yahoo.com> wrote:
> > 
> > 0000: 6C 6F 67 69 6E 3A 20 C3 AF C2 BF C2 BD C3 AF C2  login: .........
> > 0010: BF C2 BD C3 AF C2 BF C2 BD C3 AF C2 BF C2 BD C3  ................
> > 0020: AF C2 BF C2 BD C3 AF C2 BF C2 BD C3 AF C2 BF C2  ................
> > 0030: BD C3 AF C2 BF C2 BD 0A 50 61 73 73 77 6F 72 64  ........Password
> > 0040: 3A                                               :
> > 
> > The byte pairs that start with C3 's and C2's look far from
> > random to me --also they do not look like glitches.
> 
> Those byte pairs are valid UTF-8.
> 
> C3 AF = 000 1110 1111 = EF
> C2 BF = 000 1011 1111 = BF
> C2 BD = 000 1011 1101 = BD
> 
> What EF BF BD means, I can't say.  As Unicode it is "??????".
> Maybe UTF-8 encoded 8 bit line noise.

A simple-minded Web search for EF BF BD finds quite a few links, one being
https://www.aon.com/cyber-solutions/aon_cyber_labs/when-efbfbd-and-friends-come-knocking-observations-of-byte-array-to-string-conversions/

I don't understand most of it, but it seems to imply EF BF BD are artifacts from
some encryption process. What they might be doing on a private wire between two
serial ports is a mystery, at least to me. SSH invokes encryption, far as I know
tip and cu do not. Maybe something to do with ssh or sshd?

Thanks for writing!

bob prohaska