Introducing USB Armory, a Flash Drive Sized Computer

usb armory

[Andrea] tipped us about USB armory, a tiny embedded platform meant for security projects. It is based on the 800MHz ARM Cortex-A8 Freescale i.MX53 together with 512MB of DDR3 SDRAM, includes a microSD card slot, a 5-pin breakout header with GPIOs/UART, a customizable LED and is powered through USB.

This particular processor supports a few advanced security features such as secure boot and ARM TrustZone. The secure boot feature allow users to fuse verification keys that ensure only trusted firmware can be executed on the board, while the ARM TrustZone enforces domain separation between a “secure” and a “normal” world down to a memory and peripheral level. This enables many projects such as electronic wallets, authentication tokens and password managers.

The complete design is open hardware and all its files may be downloaded from the official GitHub repository. The target price for the final design of the first revision is around €100.

BadUSB Means We’re All Screwed

badusb

Does anyone else get the feeling that the frequency of rather horrible vulnerabilities coming to light is accelerating? Off the top of our head, there’s Heartbleed, Shellshock, and now this one. The BadUSB exploit attack stems from the “invisible” microcontroller in most USB devices.

We first heard about it when we were attending DEFCON in August. The exploit had been announced the same week at Blackhat but there wasn’t much information out yet. Now the talk has been posted and there’s a well-explained overview article at Big Mess o’ Wires.

Here’s how this one goes: all USB devices rely on a microcontroller to handle the peripheral-side of USB communications. The computer doesn’t care which microcontroller, nor does it have a way of knowing even if it wanted to. The uC is “invisible” in this situation, it’s the interface and data flowing through it that the computer cares about. BadUSB is an attack that adds malicious functionality to this microcontroller. To the computer it’s a perfectly normal and functional USB device, while all the bad stuff is happening on the peripheral’s controller where the computer can’t see it.

How deeply do you think about plugging each and every USB device? Check out what happens at 19:20 into the video below. The USB device enumerates and very quickly sets up a spoofed Ethernet connection. You can still load a webpage via WiFi but the fake connection is forwarding packets to a second server.

Once discovered, you can wipe the computer and this will stop happening; until you plug the same device again and reinfect. Worse yet, because the controller is invisible to the computer there’s almost no way to scan for infected devices. If you are smart enough to suspect BadUSB, how long will it take you to figure out if its your mouse, your keyboard, a thumb drive, a webcam, your scanner… you get the point.

[Read more...]

USB to DB25 Adapter Uses GRBL For Parallel Port CNC Communication

USB-Parallel-GRBL

With the continuing manufacture of new computers, there is a clear and obvious trend of the parallel port becoming less and less common. For our younger readers; the parallel port is an interface standard used for bi-directional communication between a computer and a variety of peripherals. The parallel port’s demise is partially due to the invention of the USB standard.

If tinkering with CNC Machines is one of your hobbies then you are familiar with the parallel port interface being fairly popular for CNC control board connections. So what do you do if your new fancy computer doesn’t have a parallel port but you still want to run your CNC Machine? Well, you are certainly not stuck as [Bray] has come up with a USB to Parallel Port Adapter solution specifically for CNC use.

A cheap off-the-shelf USB to DB25 adapter may look like a good idea at first glance but they won’t work for a CNC application. [Bray's] adapter is Arduino-based and runs GRBL. The GRBL code is responsible for taking the g-code commands sent from the computer, storing them in a buffer until they are ready to be converted to step and direction signals and sent to the CNC controller by way of the parallel port DB25 connector. This is a great solution for people needing to control a CNC Machine but do not have a parallel port available.

[Bray] is using a Raspberry Pi running GRBLweb to control his adapter board. However, there are other programs you can use to communicate with GRBL such as Universal G-Code Sender and GRBL Controller.

The board has been created in Eagle PCB Software and milled out using [Bray's] CNC Router. The design is single-sided which is great for home-brew PCBs. He’s even made a daughter board for Start, Hold and Reset input buttons. As all great DIYers, [Bray] has made his board and schematic files available for others to download.

Ask Hackaday: Can Paper USB Business Cards Exist?

swivel business card

The swivelCard Kickstarter campaign recently received a lot of press coverage and makes some impressive claims as their goal is the development of USB and NFC business cards at a $3 unit price. While most USB-enabled business cards we featured on Hackaday were made of standard FR4, this particular card is made of paper as the project description states the team patented

a system for turning regular paper into a USB drive.

As you can guess this piqued our interest, as all paper based technologies we had seen until now mostly consisted of either printed PCBs or paper batteries. ‘Printing a USB drive on regular paper’ (as the video says) would therefore involve printing functional USB and NFC controllers.

Luckily enough a quick Google search for the patents shown in one of the pictures (patent1, patent2) taught us that a storage circuitry is embedded under the printed USB pads, which may imply that the team had an Application-Specific Integrated Circuit (ASIC) designed or that they simply found one they could use for their own purposes. From the video we learn that ‘each card has a unique ID and can individually be programmed’ (the card, not the UID) and that it can be setup to open any webpage URL. The latter can even be modified after the card has been handed out, hinting that the final recipient would go to a ‘www.swivelcard.com/XXXX” type of address. We therefore got confused by

Imagine giving your business card with pictures, videos, presentations, and websites for the recipient to interact with!

paragraph that the project description contains.

This leads us to one key question we have: what kind of USB drive can make a given user visit a particular website, given that he may have Linux, Windows, Mac or any other OS? They all have similar USB enumeration processes and different key strokes to launch a browser… our wild guess is that it may be detected as storage with a single html file in it. Unfortunately for us the USB detection process is not included in the video.

Our final question: Is it possible to embed both USB and NFC controllers in a thin piece of paper without worrying about broken ICs (see picture above)? NFC enabled passports have obviously been around for a long time but we couldn’t find the same for USB drives.

Possible or not, we would definitely love having one in our hands!

Edit: One of our kind readers pointed out that this campaign actually is a re-launch of a failed indiegogo one which provides more details about the technology and confirms our assumptions.

DIY USB Spectrometer Actually Works

image of diy spectrometer

When we hear spectrometer, we usually think of some piece of high-end test equipment sitting in a CSI lab. Sure, a hacker could make one if he or she put their mind to it. But make one out of a webcam, some cheap diffraction grating purchased off ebay and some scrap? Surely not.

[Renaud] pulls off this MacGyver like build with a detailed knowledge of how spectrometers work. A diffraction grating is used to split the incoming light into its component wavelengths. Much like a prism would. The wavelengths then make their way through a slit, which [Renaud] made from two pieces of highly polished brass, so the webcam sensor can see a specific wavelength. While the spectrometer-from-webcam concept isn’t new,  the build is still impressive.

Once the build was complete, [Renaud] put together some software to make sense of the data. Though a bit short on details, we hope this build will inspire you to make your own spectrometer, and document it on hackaday.io of course.

ZX Spectrum Turned Into A USB Keyboard

ZX

They’re a little hard to find in the US, but the ZX Spectrum is right up there with the Commodore 64 and the Atari 8-bit computers in England. [Alistair] wanted to recreate the feeling of sitting right in front of the TV with his Speccy, leading him to create the ZX Keyboard, a Spectrum repurposed into a USB keyboard.

While most projects that take an old key matrix and turn it into a USB keyboard use the TMK firmware, [Alistair] wanted to flex his programming muscles and wrote the firmware from scratch. It runs on an Arduino Pro Mini, scanning the matrix of five columns and eight half rows to turn combinations of keypresses into an astonishing number of commands, given the limited number of keys on the ZX.

The firmware is available on [Alistair]‘s repo, available to anyone who doesn’t want to pay the £50 a new ZX Spectrum keyboard will cost. As far as the usability of a Spectrum keyboard goes, at least [Alistair] didn’t have an Atari 400 sitting in the attic.

USB Rotary Phone: A Lync to the Past

usb rotary phone[Ivan] is fed up with all this rampant virtualization. When his company took away his physical desk phone in favor of using MS Lync, he was driven to build a USB rotary phone. His coworkers loved it and one of them asked [Ivan] to build another. The build log focuses on converting his coworker’s vintage brass and copper number that must weigh a ton.

He had to do a bit more work with this one because it had rusted out inside and a few of the contacts were bent. The good news is that the speaker and microphone were in working order and he was able to use them both. After restoring the stock functionality, he added a USB sound card and created a USB keyboard using a PIC32MX440F256H.

The rotary phone’s dial works using two switches, one that’s open and one that’s closed when no one is dialing. Once dialing is detected, the open switch closes and the closed switch clicks according to the dialed digit (ten clicks for 0). [Ivan] also reads the switch hook state and has added debouncing. This gave him some trouble because of the quick response expected by the PC bus, but he made use of interrupts and was allowed to keep his seat.

Please stay on the line. [Ivan]‘s videos will be with you shortly.

[Read more...]

Follow

Get every new post delivered to your Inbox.

Join 96,669 other followers