What Does a Hacker Do With A Photocopier?

The year is 2016. Driving home from a day’s work in the engineering office, I am greeted with a sight familiar to any suburban dwelling Australian — hard rubbish. It’s a time when local councils arrange a pickup service for anything large you don’t want anymore — think sofas, old computers, televisions, and the like. It’s a great way to make any residential area temporarily look like a garbage dump, but there are often diamonds in the rough. That day, I found mine: the Ricoh Aficio 2027 photocopier.

It had spent its days in a local primary school, and had survived fairly well. It looked largely intact with no obvious major damage, and still had its plug attached. Now I needed to get it home. This is where the problems began.

Continue reading “What Does a Hacker Do With A Photocopier?”

A Guide For Building Rubber Dome Keyboards

Let’s talk about computer keyboards for a second. The worst keyboards in the world are the cheap ‘rubber dome’ keyboards shipped with every Dell, HP, and whatever OEM your company has a purchasing agreement with. These ‘rubber dome’ keyboards use a resistive touchpad to activate a circuit, and the springiness of the key comes from a flexible rubber membrane. Mechanical keyboards are far superior to these rubber dome switches, using real leaf springs and bits of metal for the click clack happiness that is the sole respite of a soul-crushing existence. MX blues get bonus points for annoying your coworkers.

Mechanical key switches like the Cherry MX, Gateron, or whatever Razer is using aren’t the be-all, end-all mechanical keyswitch. History repeats, horseshoe theory exists, and for the best mechanical keyswitch you need to go back to rubber domes. Torpre switches are surprisingly similar to the crappy keyboards shipped out by OEMs, but these switches have actual springs, turning your key presses into letters through a capacitive touchpad. Is this a superior switch? Well, a keyboard with Torpre switches costs more than a keyboard with Cherry MX switches, so yeah, it’s a better switch.

It seems everyone is building their own mechanical keyboards these days, and the recipe is always the same: get a few dozen Cherry MX (or clone) switches, build a PCB, grab a Teensy 2, and use the tmk keyboard firmware. There’s not much to it. DIY Torpre boards are rare because of the considerations of building a capacitive switching PCB, but now there’s a DIY guide to making the perfect rubber dome keyboard.

[tomsmalley] put together this guide after reviewing a few amazing projects scattered around the web. Over on Deskthority, [attheicearcade] is building a custom, sculpted, split Torpre board and a split Happy Hacking Keyboard. These are projects worthy of a typing god, but so far there has been no real beginner’s guide for interfacing with these weird capacitive switches.

As far as circuitry goes on these capacitive boards, the PCB is the thing. Each key has a pair of semi-circular pads on the PCB to serve as plates on a capacitor. These pads are connected to a microcontroller through an analog mux, with a little opamp magic thrown into the mix.

With a relatively decent guide to the hardware, [tomsmalley] has also been working on his own firmware for capacitive switches. Shockingly, this firmware is compatible with the Teensy 3.0, which will provide enough horsepower to read a bunch of analog values and spit out USB.

Mechanical keyboards are great, and we really like to see all these hardware creators pushing the state of the art. You can only see so many custom sculpted keycaps or DIY MX boards, though, and we’re really eager to see where the efforts to create a custom Torpre board take us. If you’re building one of these fantastic keyboards, send it in on the tip line.

Popular Printers Pwned In Prodigious Page Prank

A new day dawns, and we have another story involving insecure networked devices. This time it is printers of all makes and descriptions that are causing the panic, as people are finding mystery printouts bearing messages such as this:

Stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned

Well that’s it then, you can’t argue with a deity, especially one who has apparently created a botnet from the world’s printing devices. Printer owners the world over are naturally worried about their unexpected arrival, and have appeared on support forums and the like to express their concern.

We are of course used to taking everything our printers tell us at face value. Low on ink? I hear you, my inanimate reprographic friend! But when our printer tells us it’s part of a botnet perhaps it’s time to have a little think. It is entirely possible that someone could assemble a botnet of compromised printers, but in this case we smell a rat. Only in farcical crime dramas do crooks announce their crimes in such a theatrical fashion, you might say it’s the point of a botnet not to be detected by its host. Reading some of the reports it seems that many of the affected systems have port 9100 open to the world, that’s the standard TCP printer port, so it seems much more likely that someone has written a little script that looks for IP addresses with port 9100 open, and trolls them with this message.

The real message here is one with which we expect Hackaday readers will be very familiar, and which we’ve covered before. Many network connected appliances have scant regard for security, and are a relative push-over for an attacker. The solution is relatively straightforward to those of a technical inclination, be aware of which services the devices is exposing, lock down services such as uPNP and close any open ports on your router. Unfortunately these steps are probably beyond many home users, whose routers remain with their default manufacturer’s settings for their entire lives. It’s a shame our printer troll didn’t add a link to basic router security tips.

If you want to have a little fun, some of the printed pages include an email address for ‘the god’. It would be fun to figure out who this is, right?

Handmade Keyboards For Hands

There were some truly bizarre computer keyboards in the 1980s and 90s. The Maltron keyboard was a mass of injection-molded plastic with two deep dishes for all the keys. The Kinesis Advantage keyboard was likewise weird, placing the keys on the inside of a hemisphere. This was a magical time for experimentations on human-computer physical interaction, the likes of which we haven’t seen since.

Now, though, we have 3D printers, easy to use microcontrollers, and Digikey. We can make our own keyboards, and make them in any shape we want. That’s what [Andrey]’s doing. The 32XE is an ergonomic keyboard and trackball combo made for both hands.

The keyboard has curved palm rests, a trackball under the right thumb, and is powered by the ever popular DIY mechanical keyboard microcontroller, the Teensy 2.0. This keyboard is equipped with a trackball, and that means [Andrey] needed a bit of extra electronics to handle that. The mouse/trackball sensor is built around the ADNS-9800 laser motion sensor conveniently available on Tindie. This laser mouse breakout board is built into the bottom of the keyboard, with enough space above it to hold a trackball… ball.

Since this is a very strange and completely custom keyboard, normal mechanical keyboard keycaps are out of the question. Instead, [Andrey] 3D printed his own keycaps on an FDM printer. Printing keyboard keycaps on a filament-based printer is extremely difficult — the tolerances for the connector between the switch and cap are tiny, and nearly at the limit of the resolution of a desktop filament printer. [Andrey] is taking it even further with inlaid keyboard legends. He’s created a keycap set with two color legends on two sides of the keycaps. If you’ve ever wanted to print keycaps on a 3D printer, this is a project to study.

Tiny Morse Code USB Keyboard

We’ve featured quite a few of [mitxela]’s projects here in the past, and many of them have the propensity to be labelled “smallest”. His Morse Code USB Keyboard Mk II adds to that list. It’s a Saturday afternoon project, with a few parts slapped onto a piece of perf-board, that allows using a Morse key as a USB keyboard. This project isn’t new or fresh, but we stumbled across it while trying to figure out a use for a Morse key lying in the author’s bin of parts. You can practise transmitting, by reading text and typing it out on the key, and then look it up on your computer to see if you made any mistakes. Or you can practise receiving, by asking a friend to punch it out for you. Either way, it’s a great way to hone your skills and prepare for your radio operators license exam.

The project is a follow up to his earlier one where he hooked up the Morse key via a RS-232 — USB converter directly to a computer and let the code do all the work. That turned out to be a very resource hungry, impractical project and made him do it right the next time around. The hardware is dead simple. An ATtiny85, a piezo buzzer, some decoupling capacitors, and a few resistors and zeners to allow a safe USB interface. The design accommodates a straight key, but there is one spare pin left over in the ATtiny to allow for iambic or sideswiper keys too. There is no speed adjustment, which is hardcoded at the moment. That isn’t very user friendly, and [mitxela] suggests adding a speed potentiometer to that last remaining pin on the ATtiny. This would prevent use of iambic/sideswiper keys. Or, you could use the RST pin on the ATtiny as a (weak) IO. The RST pin can read analog values between 5V and 2.5V, and will reset when voltage falls below 2.2V. Or just use another microcontroller as a last resort.

For the USB interface, [mitxela] is using the V-USB library after wasting some time trying to reinvent the wheel. And since this is designed to work as a HID, there are no drivers required – plug it in, and the OS detects it as a keyboard. He’s borrowed code from the EasyLogger project to use the internal oscillator and help free up the IO pins. And to detect the characters being typed, his code uses a long string of compare statements instead of a dictionary lookup. Writing that code was tedious, but it makes the identification quicker, since most characters can be identified in less that five comparisons (one dit = E, two dits = I, three dits = S and so on). This “tree” makes it easier to figure it out.

If you’d like to look up some of his other “tiny” projects, check out The smallest MIDI synthesizer, Smallest MIDI synth, again! and the ATtiny MIDI plug synth.

Continue reading “Tiny Morse Code USB Keyboard”

MalDuino — Open Source BadUSB

MalDuino is an Arduino-powered USB device which emulates a keyboard and has keystroke injection capabilities. It’s still in crowdfunding stage, but has already been fully backed, so we anticipate full production soon. In essence, it implements BadUSB attacks much like the widely known, having appeared on Mr. Robot, USB Rubber Ducky.

It’s like an advanced version of HID tricks to drop malicious files which we previously reported. Once plugged in, MalDuino acts as a keyboard, executing previous configured key sequences at very fast speeds. This is mostly used by IT security professionals to hack into local computers, just by plugging in the unsuspicious USB ‘Pen’.

[Seytonic], the maker of MalDuino, says its objective is it to be a cheaper, fully open source alternative with the big advantage that it can be programmed straight from the Arduino IDE. It’s based on ATmega32u4 like the Arduino Leonardo and will come in two flavors, Lite and Elite. The Lite is quite small and it will fit into almost any generic USB case. There is a single switch used to enable/disable the device for programming.

The Elite version is where it gets exciting. In addition to the MicroSD slot that will be used to store scripts, there is an onboard set of dip switches that can be used to select the script to run. Since the whole platform is open sourced and based on Arduino, the MicroSD slot and dip switches are entirely modular, nothing is hardcoded, you can use them for whatever you want. The most skilled wielders of BadUSB attacks have shown feats like setting up a fake wired network connection that allows all web traffic to be siphoned off to an outside server. This should be possible with the microcontroller used here although not native to the MalDuino’s default firmware.

For most users, typical feature hacks might include repurposing the dip switches to modify the settings for a particular script. Instead of storing just scripts on the MicroSD card you could store word lists on it for use in password cracking. It will be interesting to see what people will come up with and the scripts they create since there is a lot of space to tinker and enhanced it. That’s the greatness of open source.

Continue reading “MalDuino — Open Source BadUSB”

Bitbanging Qualcomm Charge Controllers

With more and more manufacturers moving to USB-C, it seems as though the trusty USB port is getting more and more entrenched. Not that that’s a bad thing, either; having a universal standard like this is great for simplicity and interconnectability. However, if you’re still stuck with USB 2.0 ports on your now completely obsolete one-year-old phone, there’s still some hope that you can at least get rapid charging. [hugatry] was able to manipulate Qualcomm’s rapid charging protocol to enable it to work with any device.

Continue reading “Bitbanging Qualcomm Charge Controllers”