Bypassing the Windows Lock Screen

Most of us know that we should lock our computers when we step away from them. This will prevent any unauthorized users from gaining access to our files. Most companies have some sort of policy in regards to this, and many even automatically lock the screen after a set amount of time with no activity. In some cases, the computers are configured to lock and display a screen saver. In these cases, it may be possible for a local attacker to bypass the lock screen.

[Adrian] explains that the screen saver is configured via a registry key. The key contains the path to a .scr file, which will be played by the Adobe Flash Player when the screen saver is activated. When the victim locks their screen and steps away from the computer, an attacker can swoop in and defeat the lock screen with a few mouse clicks.

First the attacker will right-click anywhere on the screen. This opens a small menu. The attacker can then choose the “Global settings” menu option. From there, the attacker will click on “Advanced – Trusted Location Settings – Add – Add File”. This opens up the standard windows “Open” dialog that allows you to choose a file. All that is required at this point is to right-click on any folder and choose “Open in a new window”. This causes the folder to be opened in a normal Windows Explorer window, and from there it’s game over. This window can be used to open files and execute programs, all while the screen is still locked.

[Adrian] explains that the only remediation method he knows of is to modify the code in the .swf file to disable the right-click menu. The only other option is to completely disable the flash screen saver. This may be the safest option since the screen saver is most likely unnecessary.

Update: Thanks [Ryan] for pointing out some mistakes in our post. This exploit specifically targets screensavers that are flash-based, compiled into a .exe file, and then renamed with the .scr extension. The OP mentions these are most often used in corporate environments. The exploit doesn’t exist in the stock screensaver.

Stumbling Upon an Uber Vulnerability

[Nathan] is a mobile application developer. He was recently debugging one of his new applications when he stumbled into an interesting security vulnerability while running a program called Charles. Charles is a web proxy that allows you to monitor and analyze the web traffic between your computer and the Internet. The program essentially acts as a man in the middle, allowing you to view all of the request and response data and usually giving you the ability to manipulate it.

While debugging his app, [Nathan] realized he was going to need a ride soon. After opening up the Uber app, he it occurred to him that he was still inspecting this traffic. He decided to poke around and see if he could find anything interesting. Communication from the Uber app to the Uber data center is done via HTTPS. This means that it’s encrypted to protect your information. However, if you are trying to inspect your own traffic you can use Charles to sign your own SSL certificate and decrypt all the information. That’s exactly what [Nathan] did. He doesn’t mention it in his blog post, but we have to wonder if the Uber app warned him of the invalid SSL certificate. If not, this could pose a privacy issue for other users if someone were to perform a man in the middle attack on an unsuspecting victim.

[Nathan] poked around the various requests until he saw something intriguing. There was one repeated request that is used by Uber to “receive and communicate rider location, driver availability, application configurations settings and more”. He noticed that within this request, there is a variable called “isAdmin” and it was set to false. [Nathan] used Charles to intercept this request and change the value to true. He wasn’t sure that it would do anything, but sure enough this unlocked some new features normally only accessible to Uber employees. We’re not exactly sure what these features are good for, but obviously they aren’t meant to be used by just anybody.

3D Printed Fish Feeder

[Helios Labs] recently published version two of their 3D printed fish feeder. The system is designed to feed their fish twice a day. The design consists of nine separate STL files and can be mounted to a planter hanging above a fish tank in an aquaponics system. It probably wouldn’t take much to modify the design to work with a regular fish tank, though.

The system is very simple. The unit is primarily a box, or hopper, that holds the fish food. Towards the bottom is a 3D printed auger. The auger is super glued to the gear of a servo. The 9g servo is small and comes with internal limiters that only allow it to rotate about 180 degrees. The servo must be opened up and the limiters must be removed in order to enable a full 360 degree rotation. The servo is controlled by an Arduino, which can be mounted directly to the 3D printed case. The auger is designed in such a way as to prevent the fish food from accidentally entering the electronics compartment.

You might think that this project would use a real-time clock chip, or possibly interface with a computer to keep the time. Instead, the code simply feeds the fish one time as soon as it’s plugged in. Then it uses the “delay” function in order to wait a set period of time before feeding the fish a second time. In the example code this is set to 28,800,000 milliseconds, or eight hours. After feeding the fish a second time, the delay function is called again in order to wait until the original starting time.

A Kitchen Timer Fit for MacGyver

Here’s a project that you don’t want to bring into an airport, ship through the mail, or probably even remove from your home. [ProjectGeek] has built himself a simple kitchen timer masquerading as a bomb. The build is actually pretty simple, but the end result is something that would look at home in a Hollywood action flick.

The timer circuit is built from four simple components. An 8051 microcontroller board is used as the primary controller and timer. The code is available on GitHub. This board is attached to a another board containing four momentary push buttons. These are used to program the timer and to stop the buzzing. Another board containing four 7-segment displays is used to show the remaining time on the timer. A simple piezo buzzer is used to actually alert you when the timer has run out. All of these components are connected with colorful jumper wires.

The physical part of this build is made from easily available components. Old newspapers are rolled up to form the “explosive” sticks. These are then covered in plain brown paper ordinarily used to cover text books. The rolls are bundled together and fixed with electrical tape. The electronics can then be attached to the base with some hot glue or double-sided tape.

DIY iPhone Mount for a Volvo

[Seandavid010] recently purchased a 2004 Volvo. He really liked the car except for the fact that it was missing some more modern features. He didn’t come stock with any navigation system or Bluetooth capabilities. After adding Bluetooth functionality to the stock stereo himself, he realized he would need a secure location to place his iPhone. This would allow him to control the stereo or use the navigation functions with ease. He ended up building a custom iPhone mount in just a single afternoon.

The key to this project is that the Volvo has an empty pocket on the left side of the stereo. It’s an oddly shaped vertical pocket that doesn’t seem to have any real use. [Seandavid010] decided this would be the perfect place to mount his phone. The only problem was that he didn’t want to make any permanent changes to his car. This meant no drilling into the dash and no gluing.

[Seandavid010] started by lining the pocket with blue masking tape. He then added an additional lining of plastic wrap. All of this was to protect the dashboard from what was to come next. He filled about half of the pocket with epoxy putty. We’ve seen this stuff used before in a similar project. He left a small opening in the middle with a thick washer mounted perpendicular to the ground. The washer would provide a place for an off-the-shelf iPhone holder to mount onto. [Seandavid010] also placed a flat, wooden paint stirrer underneath the putty. This created a pocket that would allow him to route cables and adapters underneath this new mount.

After letting the epoxy putty cure for an hour, he removed the block from the pocket. The stick was then removed, and any gaps were filled in with putty. The whole block was trimmed and smooth down for a more streamlined look. Finally, it was painted over with some flat black spray paint to match the color of the dashboard. An aftermarket iPhone holder allows [Seandavid010] to mount his cell phone to this new bracket. The cell phone holder allows him to rotate the phone into portrait or landscape mode, and even is adjustable to accommodate different sized phones.

Powered Double Pendulum is a Chaotic Display

If you’ve never seen a double pendulum before, it’s basically just a pendulum with another pendulum attached to the end. You might not think that’s anything special, but these devices can exhibit extremely chaotic behavior if enough energy is put into the system. The result is often a display that draws attention. [David] wanted to build his own double pendulum display, but he wanted to make it drive itself. The result is a powered double pendulum.

There aren’t many build details here, but the device is simple enough that we can deduce how it works from the demonstration video. It’s broken into two main pieces; the frame and the pendulum. The frame appears to be made mostly from wood. The front plate is made of three layers sandwiched together. A slot is cut out of the middle to allow a rail to slide up and down linearly. The rail is designed in such a way that it fits between the outer layers of the front plate like a track.

The pendulum is attached to the linear rail. The rail moves up and down and puts energy into the pendulum. This causes the pendulum to actually move and generate the chaotic behavior. The rail slides up and down thanks to an electric motor mounted to the base. The mechanics work similar to a piston on a crankshaft. The motor looks as though it is mounted to a wooden bracket that was cut with precision on a laser cutter. The final product works well, though it is a bit noisy. We also wonder if the system would be even more fun to watch if the rotation of the motor had an element of randomness added to it. Or he could always attach a paint sprayer to the end. Continue reading “Powered Double Pendulum is a Chaotic Display”

Arduino Synth Guitar Really Rocks

[Gr4yhound] has been rocking out on his recently completed synth guitar. The guitar was built mostly from scratch using an Arduino, some harvested drum pads, and some ribbon potentiometers. The video below shows that not only does it sound good, but [Gr4yhound] obviously knows how to play it.

The physical portion of the build consists of two main components. The body of the guitar is made from a chunk of pine that was routed out by [Gr4yhound’s] own home-made CNC. Three circles were routed out to make room for the harvested Yamaha drum pads, some wiring, and a joystick shield. The other main component is the guitar neck. This was actually a Squire Affinity Strat neck with the frets removed.

For the electronics, [Gr4yhound] has released a series of schematics on Imgur. Three SoftPot membrane potentiometers were added to the neck to simulate strings. This setup allows [Gr4yhound] to adjust the finger position after the note has already been started. This results in a sliding sound that you can’t easily emulate on a keyboard. The three drum pads act as touch sensors for each of the three strings. [Gr4yhound] is able to play each string simultaneously, forming harmonies.

The joystick shield allows [Gr4yhound] to add additional effects to the overall sound. In one of his demo videos you can see him using the joystick to add an effect. An Arduino Micro acts as the primary controller and transmits the musical notes as MIDI commands. [Gr4yhound] is using a commercial MIDI to USB converter in order to play the music on a computer. The converter also allows him to power the Arduino via USB, eliminating the need for batteries.

Continue reading “Arduino Synth Guitar Really Rocks”