Hackaday Podcast 221: The Future Of The Raspberry Pi, Sniffing A Toothbrush, Your Tactical Tool Threshold

June 2, 2023 by 2 Comments

Editors Elliot Williams and Tom Nardi are back in the (virtual) podcast studio to talk the latest phase of the 2023 Hackaday Prize, the past, present, and future of single-board computers, and a modern reincarnation of the Blackberry designed by hardware hackers. They’ll also cover the current state of toothbrush NFC hacking, the possibilities of electric farm equipment, and a privately funded satellite designed to sniff out methane. Stick around till the end to find out if there really is such a thing as having too many tools.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Or download all the things!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 221: The Future Of The Raspberry Pi, Sniffing A Toothbrush, Your Tactical Tool Threshold”

Photo of the spectrophotometer in question, with a screenshot of the decoding software on the right

Exporting Data From Old Gear Through LCD Sniffing

May 5, 2022 by 27 Comments

[Jure Spiler] was at a flea market and got himself a spectrophotometer — a device that measures absorbance and transmittance of light at different wavelengths. This particular model seems to be about 25 years old, and it’s controlled by a built-in keyboard and uses a graphical LCD to display collected data. That might have been acceptable when it was made, but it wasn’t enough for [Jure]. Since he wanted to plot the spectrophotometry data and be able to save it into a CSV file, hacking ensued.

He decided to tap into the the display communication lines. This 128×64 graphical display, PC-1206B, uses a 8-bit interface, so with a 16-channel logic analyzer, he could see the data being sent to the display. He even wrote decoder software – taking CSV files from the logic analyzer and using primitive optical recognition on the decoded pixels to determine the digits being shown, and drawing a nice wavelength to absorbance graph. From there, he set out to make a standalone device sniffing the data bus and creating a stream of data he could send to a computer for storage and processing.

[Jure] stumbled into a roadblock, however, when he tried to use an Arduino for this task. Even using a sped-up GPIO library (as opposed to notoriously inefficient digitalRead), he couldn’t get a readout frequency higher than 80 KHz – with the required IO readout rate deemed as 1 MHz, something else would be called for. We do wonder if something like RP2040 with its PIO machinery would be better for making such captures.

At that point, however, he found out that there’s undocumented serial output on one of the pins of the spectrophotometer’s expansion port, and is currently investigating that, having shelved the LCD sniffing direction. Nevertheless, this serves as yet another example for us, for those times when an LCD connection is all that we can make use of.

We’ve seen hackers sniff LCD interfaces to get data from reflow ovens, take screenshots from Game Boys and even equip them with HDMI and VGA ports afterwards. With a skill like this, you can even give a new life to a vintage calculator with a decayed display! Got an LCD-equipped device but unsure about which specific controller it uses? We’ve talked about that!

Continue reading “Exporting Data From Old Gear Through LCD Sniffing”

Hackaday Podcast 152: 555 Timer Extravaganza, EMF Chip Glitching 3 Ways, A Magnetic Mechanical Keyboard, And The Best Tricorder Ever

January 21, 2022 by No comments

Join Hackaday Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi as they bring you up to speed on the best stories and projects from the week. There’s some pretty unfortunate news for the physical media aficionados in the audience, but if you’re particularly keen on 50 year old integrated circuits, you’ll love hearing about the winners of the 555 Timer Contest. We’ll take a look at a singing circuit sculpture powered by the ESP32, extol the virtues of 3D printed switches, follow one hacker’s dream of building the ultimate Star Trek tricorder prop, and try to wrap our heads around how electronic devices can be jolted into submission. Stick around to the end as we take a close look at some extraordinary claims about sniffing out computer viruses, and wrap things up by wondering why everyone is trying to drive so far.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct Download (65 MB)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 152: 555 Timer Extravaganza, EMF Chip Glitching 3 Ways, A Magnetic Mechanical Keyboard, And The Best Tricorder Ever”

This Week In Security: Fail2RCE, TPM Sniffing, Fishy Leaks, And Decompiling

July 30, 2021 by 10 Comments

Fail2ban is a great tool for dynamically blocking IP addresses that show bad behavior, like making repeated login attempts. It was just announced that a vulnerability could allow an attacker to take over a machine by being blocked by Fail2ban. The problem is in the mail-whois action, where an email is sent to the administrator containing the whois information. Whois information is potentially attacker controlled data, and Fail2ban doesn’t properly sterilize the input before piping it into the mail binary. Mailutils has a feature that uses the tilde key as an escape sequence, allowing commands to be run while composing a message. Fail2ban doesn’t sanitize those tilde commands, so malicious whois data can trivially run commands on the system. Whois is one of the old-school unix protocols that runs in the clear, so a MItM attack makes this particularly easy. If you use Fail2ban, make sure to update to 0.10.7 or 0.11.3, or purge any use of mail-whois from your active configs. Continue reading “This Week In Security: Fail2RCE, TPM Sniffing, Fishy Leaks, And Decompiling”

Hacking A KVM: Teach A Keyboard Switch To Spy

August 8, 2015 by 11 Comments

When it comes to large systems, there are a lot more computers than there are people maintaining them. That’s not a big deal since you can simply use a KVM to connect one Keyboard/Video/Mouse terminal up to all of them, switching between each box simply and seamlessly. The side effect is that now the KVM has just as much access to all of those systems as the human who caresses the keyboard. [Yaniv Balmas] and [Lior Oppenheim] spent some time reverse engineering the firmware for one of these devices and demonstrated how shady firmware can pwn these systems, even when some of the systems themselves are air-gapped from the Internet. This was their first DEF CON talk and they did a great job of explaining what it took to hack these devices.

Continue reading “Hacking A KVM: Teach A Keyboard Switch To Spy”

Sniffing RF Hardware Communication Packets

February 7, 2011 by 7 Comments

[Travis Goodspeed] put together a proof of concept hack that sniffs wireless keyboard data packets. He’s using the Next HOPE badge that he designed as the hardware platform for these tests. It has an nRF24L01+ radio on-board which can easily communicate with 2.4 GHz devices.

The real trick comes in getting that radio to listen for all traffic, then to narrow that traffic down to just the device from which you want data. He covers the protocol that is used, and his method of getting around MAC address verification on the hardware. In the end he can listen to all keyboard data without the target’s knowledge, and believes that it is possible to inject data using just the hardware on the badge.

Black Hat 2009: Powerline And Optical Keysniffing

July 29, 2009 by 21 Comments

sniff

The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.

Continue reading “Black Hat 2009: Powerline And Optical Keysniffing”