Pwning With Sewing Needles

If you don’t have root, you don’t own a device, despite what hundreds of Internet of Things manufacturers would tell you. Being able to access and write to that embedded Linux system in your new flashy gadget is what you need to truly own a device, and unfortunately this is a relatively uncommon feature. At this year’s DEF CON, [Brad Dixon] unveiled a technique that pwns a device using only a sewing needle, multimeter probe, or a paperclip. No, it won’t work on every device, and the devices this technique will work with are poorly designed. That doesn’t mean it doesn’t work, and that doesn’t mean the Pin2Pwn technique isn’t useful, though.

The attack relies on how an embedded Linux device boots. All the software needed to load Linux and the rest of the peripheral magic is usually stored on a bit of Flash somewhere on the board. By using a pin, probe, or paperclip to short two data pins, or two of the latch pins on this memory chip, the bootloader will fail, and when that happens, it may fall back to a uboot prompt. This pwns the device.

There are a few qualifications for this Pwn using a pin. If the device has JTAG, it doesn’t matter – you can already own the device. If, however, a device has a locked-down JTAG, unresponsive serial ports, or even their own secure boot solution, this technique might work.

Two data pins on a TSSOP Flash shorted by a multimeter probe
Two data pins on a TSSOP Flash shorted by a multimeter probe

This exploit works on the property of the bootloader. This bit of code first looks at a piece of Flash or other memory separate from the CPU and loads whatever is there. [Brad] found a few devices (mostly LTE routers) that would try to load Linux from the Flash, fail, try to load Linux again, fail, and finally drop to a uboot prompt.

As with any successful exploit, an equally effective mitigation strategy must be devised. There are two ways to go about this, and in this case, the software side is much better at getting rid of this attack than the hardware side.

Since this attack relies on the software falling back to uboot after an unsuccessful attempt at whatever it should be booting, the simplest and most effective mitigation technique is simply rebooting the device if the proper firmware can’t be found. Having a silent serial console is great, but if the attack relies on falling back to uboot, simply not doing that will effectively prevent this attack.

The hardware side is a little simpler than writing good firmware. Instead of using TSSOP and SOIC packages for storing the device firmware, use BGAs. Hide the pins and traces on an inner layer of the board. While this isn’t a foolproof way of preventing the attack – there will always be someone with a hot air gun, magnet wire, and a steadier hand than you – it’s hard to glitch a data line with a sewing needle if you can’t see the data line.

Ever Buy Music From Apple? Use Linux? You Need This Tool

Sure, you’re a hardcore superuser, but that doesn’t mean you don’t enjoy the finer things in life — like shiny squircles and getting every new app first. But, what’s an OS-indiscriminate person like yourself going to do when it comes time to purchase music? That’s where the recover_itunes tool shines, and if you’re a Linux user with an iPhone, it might just be your new best friend.

Continue reading “Ever Buy Music From Apple? Use Linux? You Need This Tool”

Raspberry Pi Zero Becomes Mighty Miniature Minecraft Machine

In a clever bit of  miniaturization, [JediJeremy] has nearly completed a gyro-mouse controller for a Raspberry Pi Zero! Ultimately this will be a wearable Linux-watch but along the way he had some fun with the interface.

Using the MPU6040 gyroscope/accelerometer card from a quadcopter, [JediJeremy] spent a week writing the driver to allow it to function as a mouse. Strapping an Adafruit 1.5″ PAL/NTSC LCD screen and its driver board to the Zero with rubber bands makes this one of the smallest functional computer and screen combos we’ve seen. Simply tilt the whole thing about to direct the cursor.

It presently lacks any keyboard input, and [JediJeremy] has only added a single button for clicking, but look at this thing! It’s so tiny! In his own words: “I think this is the first computer that I can accidentally spill into my coffee, rather than vice versa.”

Continue reading “Raspberry Pi Zero Becomes Mighty Miniature Minecraft Machine”

Tutorial on Signal Processing in Linux with Octave

If you’ve taken any digital signal processing classes at a college or university, you’ve probably been exposed to MATLAB. However, if you want to do your own work, you might think about Linux and one of the many scientific computing applications available for it.

[David Duarte] recently published a three-part tutorial on using Octave to do scientific audio processing. The first part covers basic reading, writing, and playing of audio files. Part two covers synthesis of signals, plotting, and some basic transformations.  Modulation is the topic of the third part. If you prefer your tutorials on video, you can check out the video below.

We’ve talked about MATLAB before in the context of message cracking. Then again, some of the best signal processing is done by humans. If you don’t like Octave, you might try Scilab, another Linux package that is similar. There’s also Freemat, Sage, and Spyder. Of course, you can also run MATLAB under Linux.

Transcend Wifi SD Card Is A Tiny Linux Server

[jamesone111] bought a Transcend WifiSD card, presumably for photography, but it may just have been because he heard that they’re actually tiny Linux servers.

He read a post about these cards on the OpenWRT forums. They’re all a similar configuration of a relatively large amount of memory (compared to the usual embedded computer), a WiFi chip, and an ARM processor running a tiny Linux install. The card acts as a WiFi access point with a little server running on it, and waits for the user to connect to it via a website. It also has a mode where it will connect to up to three access points specified by the user, but it doesn’t actually have a way to tell the user what its IP address is; which is kind of funny.

[jamesone111] hacked around with the Transcend card for a bit. He found it pretty insecure, which as long as you’re not a naked celebrity, shouldn’t be a huge issue. For the hacker this is great as it opens up the chance of hacking the firmware for other uses.

Some have already pulled off some cool hacks with these cards. For example, [peterburk] hacked a similar card by PQI to turn his iPod into a portable file server. 

Gawking Text Files

Some tools in a toolbox are versatile. You can use a screwdriver as a pry bar to open a paint can, for example. I’ve even hammered a tack in with a screwdriver handle even though you probably shouldn’t. But a chainsaw isn’t that versatile. It only cuts. But man does it cut!

aukAWK is a chainsaw for processing text files line-by-line (and the GNU version is known as GAWK). That’s a pretty common case. It is even more common if you produce a text file from a spreadsheet or work with other kinds of text files. AWK has some serious limitations, but so do chainsaws. They are still super useful. Although AWK sounds like a penguin-like bird (see right), that’s an auk. Sounds the same, but spelled differently. AWK is actually an acronym of the original author’s names.

If you know C and you grok regular expressions, then you can learn AWK in about 5 minutes. If you only know C, go read up on regular expressions and come back. Five minutes later you will know AWK. If you are running Linux, you probably already have GAWK installed and can run it using the alias awk. If you are running Windows, you might consider installing Cygwin, although there are pure Windows versions available. If you just want to play in a browser, try webawk.

Continue reading “Gawking Text Files”

Linux: Assembly Required

Sometimes you might need to use assembly sometime to reach your project objectives. Previously I’ve focused more on embedding assembly within gcc or another compiler. But just like some people want to hunt with a bow, or make bread by hand, or do many other things that are no longer absolutely necessary, some people like writing in assembly language.

In the old days of DOS, it was fairly easy to write in assembly language. Good thing, because on the restricted resources available on those machines it might have been the only way to get things to fit. These days, under Windows or Linux or even on a Raspberry Pi, it is hard to get oriented on how to get an assembly language off the ground.

Continue reading “Linux: Assembly Required”