Popular Printers Pwned In Prodigious Page Prank

A new day dawns, and we have another story involving insecure networked devices. This time it is printers of all makes and descriptions that are causing the panic, as people are finding mystery printouts bearing messages such as this:

Stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned

Well that’s it then, you can’t argue with a deity, especially one who has apparently created a botnet from the world’s printing devices. Printer owners the world over are naturally worried about their unexpected arrival, and have appeared on support forums and the like to express their concern.

We are of course used to taking everything our printers tell us at face value. Low on ink? I hear you, my inanimate reprographic friend! But when our printer tells us it’s part of a botnet perhaps it’s time to have a little think. It is entirely possible that someone could assemble a botnet of compromised printers, but in this case we smell a rat. Only in farcical crime dramas do crooks announce their crimes in such a theatrical fashion, you might say it’s the point of a botnet not to be detected by its host. Reading some of the reports it seems that many of the affected systems have port 9100 open to the world, that’s the standard TCP printer port, so it seems much more likely that someone has written a little script that looks for IP addresses with port 9100 open, and trolls them with this message.

The real message here is one with which we expect Hackaday readers will be very familiar, and which we’ve covered before. Many network connected appliances have scant regard for security, and are a relative push-over for an attacker. The solution is relatively straightforward to those of a technical inclination, be aware of which services the devices is exposing, lock down services such as uPNP and close any open ports on your router. Unfortunately these steps are probably beyond many home users, whose routers remain with their default manufacturer’s settings for their entire lives. It’s a shame our printer troll didn’t add a link to basic router security tips.

If you want to have a little fun, some of the printed pages include an email address for ‘the god’. It would be fun to figure out who this is, right?

Handmade Keyboards For Hands

There were some truly bizarre computer keyboards in the 1980s and 90s. The Maltron keyboard was a mass of injection-molded plastic with two deep dishes for all the keys. The Kinesis Advantage keyboard was likewise weird, placing the keys on the inside of a hemisphere. This was a magical time for experimentations on human-computer physical interaction, the likes of which we haven’t seen since.

Now, though, we have 3D printers, easy to use microcontrollers, and Digikey. We can make our own keyboards, and make them in any shape we want. That’s what [Andrey]’s doing. The 32XE is an ergonomic keyboard and trackball combo made for both hands.

The keyboard has curved palm rests, a trackball under the right thumb, and is powered by the ever popular DIY mechanical keyboard microcontroller, the Teensy 2.0. This keyboard is equipped with a trackball, and that means [Andrey] needed a bit of extra electronics to handle that. The mouse/trackball sensor is built around the ADNS-9800 laser motion sensor conveniently available on Tindie. This laser mouse breakout board is built into the bottom of the keyboard, with enough space above it to hold a trackball… ball.

Since this is a very strange and completely custom keyboard, normal mechanical keyboard keycaps are out of the question. Instead, [Andrey] 3D printed his own keycaps on an FDM printer. Printing keyboard keycaps on a filament-based printer is extremely difficult — the tolerances for the connector between the switch and cap are tiny, and nearly at the limit of the resolution of a desktop filament printer. [Andrey] is taking it even further with inlaid keyboard legends. He’s created a keycap set with two color legends on two sides of the keycaps. If you’ve ever wanted to print keycaps on a 3D printer, this is a project to study.

Tiny Morse Code USB Keyboard

We’ve featured quite a few of [mitxela]’s projects here in the past, and many of them have the propensity to be labelled “smallest”. His Morse Code USB Keyboard Mk II adds to that list. It’s a Saturday afternoon project, with a few parts slapped onto a piece of perf-board, that allows using a Morse key as a USB keyboard. This project isn’t new or fresh, but we stumbled across it while trying to figure out a use for a Morse key lying in the author’s bin of parts. You can practise transmitting, by reading text and typing it out on the key, and then look it up on your computer to see if you made any mistakes. Or you can practise receiving, by asking a friend to punch it out for you. Either way, it’s a great way to hone your skills and prepare for your radio operators license exam.

The project is a follow up to his earlier one where he hooked up the Morse key via a RS-232 — USB converter directly to a computer and let the code do all the work. That turned out to be a very resource hungry, impractical project and made him do it right the next time around. The hardware is dead simple. An ATtiny85, a piezo buzzer, some decoupling capacitors, and a few resistors and zeners to allow a safe USB interface. The design accommodates a straight key, but there is one spare pin left over in the ATtiny to allow for iambic or sideswiper keys too. There is no speed adjustment, which is hardcoded at the moment. That isn’t very user friendly, and [mitxela] suggests adding a speed potentiometer to that last remaining pin on the ATtiny. This would prevent use of iambic/sideswiper keys. Or, you could use the RST pin on the ATtiny as a (weak) IO. The RST pin can read analog values between 5V and 2.5V, and will reset when voltage falls below 2.2V. Or just use another microcontroller as a last resort.

For the USB interface, [mitxela] is using the V-USB library after wasting some time trying to reinvent the wheel. And since this is designed to work as a HID, there are no drivers required – plug it in, and the OS detects it as a keyboard. He’s borrowed code from the EasyLogger project to use the internal oscillator and help free up the IO pins. And to detect the characters being typed, his code uses a long string of compare statements instead of a dictionary lookup. Writing that code was tedious, but it makes the identification quicker, since most characters can be identified in less that five comparisons (one dit = E, two dits = I, three dits = S and so on). This “tree” makes it easier to figure it out.

If you’d like to look up some of his other “tiny” projects, check out The smallest MIDI synthesizer, Smallest MIDI synth, again! and the ATtiny MIDI plug synth.

Continue reading “Tiny Morse Code USB Keyboard”

MalDuino — Open Source BadUSB

MalDuino is an Arduino-powered USB device which emulates a keyboard and has keystroke injection capabilities. It’s still in crowdfunding stage, but has already been fully backed, so we anticipate full production soon. In essence, it implements BadUSB attacks much like the widely known, having appeared on Mr. Robot, USB Rubber Ducky.

It’s like an advanced version of HID tricks to drop malicious files which we previously reported. Once plugged in, MalDuino acts as a keyboard, executing previous configured key sequences at very fast speeds. This is mostly used by IT security professionals to hack into local computers, just by plugging in the unsuspicious USB ‘Pen’.

[Seytonic], the maker of MalDuino, says its objective is it to be a cheaper, fully open source alternative with the big advantage that it can be programmed straight from the Arduino IDE. It’s based on ATmega32u4 like the Arduino Leonardo and will come in two flavors, Lite and Elite. The Lite is quite small and it will fit into almost any generic USB case. There is a single switch used to enable/disable the device for programming.

The Elite version is where it gets exciting. In addition to the MicroSD slot that will be used to store scripts, there is an onboard set of dip switches that can be used to select the script to run. Since the whole platform is open sourced and based on Arduino, the MicroSD slot and dip switches are entirely modular, nothing is hardcoded, you can use them for whatever you want. The most skilled wielders of BadUSB attacks have shown feats like setting up a fake wired network connection that allows all web traffic to be siphoned off to an outside server. This should be possible with the microcontroller used here although not native to the MalDuino’s default firmware.

For most users, typical feature hacks might include repurposing the dip switches to modify the settings for a particular script. Instead of storing just scripts on the MicroSD card you could store word lists on it for use in password cracking. It will be interesting to see what people will come up with and the scripts they create since there is a lot of space to tinker and enhanced it. That’s the greatness of open source.

Continue reading “MalDuino — Open Source BadUSB”

Bitbanging Qualcomm Charge Controllers

With more and more manufacturers moving to USB-C, it seems as though the trusty USB port is getting more and more entrenched. Not that that’s a bad thing, either; having a universal standard like this is great for simplicity and interconnectability. However, if you’re still stuck with USB 2.0 ports on your now completely obsolete one-year-old phone, there’s still some hope that you can at least get rapid charging. [hugatry] was able to manipulate Qualcomm’s rapid charging protocol to enable it to work with any device.

Continue reading “Bitbanging Qualcomm Charge Controllers”

Do You Miss The Sound Of Your Model M?

There is one aspect of desktop computing in which there has been surprisingly little progress over the years. The keyboard you type on today will not be significantly different to the one in front of your predecessor from the 1970s. It may weigh less, its controller may be less power-hungry, and its interface will be different, but the typing experience is substantially identical. Or at least, in theory it will be identical. In fact it might be worse than the older peripheral, because its switches are likely to be more cheaply made.

The famous buckled springs in operation. Shaddim [CC BY-SA 3.0], via Wikimedia Commons.
The famous buckled spring in operation. Shaddim [CC BY-SA 3.0], via Wikimedia Commons.
Thus among keyboard aficionados the prized possessions are not necessarily the latest and greatest, but can often be the input devices of yesteryear. And one of the more famous of these old keyboards is the IBM Model M, a 1984 introduction from the computer behemoth that remains in production to this day. Its famous buckled-spring switches have a very positive action and a unique sound that once heard can never be forgotten.
Continue reading “Do You Miss The Sound Of Your Model M?”

Victorian Mouse

If Babbage had started the computer revolution early, we might have seen a mouse like the one [Peter Balch] created. He started with the guts from a USB wheeled mouse and some gears from an old clock movement. In addition to the big wheels to capture X and Y movement, the mouse buttons look like the keys from an old typewriter.

mechanical-mouse-magicWe were afraid the project would require advanced wood or metal working capability, but the bottom of the mouse is made from paper mache. The top and sides are cut from tinplate. Of course, the paint job is everything.

The electronics part is pretty simple, just hacking a normal mouse (although it is getting harder to find USB mice with mechanical encoders). However, we wondered if it would have been as simple to use an optical wireless mouse. That would leave the wheels just for show, but honestly, most people aren’t going to know if the wheels are useful or just ornamental, anyway.

If you don’t feel like gutting a mouse, but you still want USB, you could use an Arduino or similar board that can simulate a mouse. We’ve seen quite a few of those in the past. Now all you need is a matching keyboard.