Code So Sneaky You Have To Explain It

Your mission, should you choose to accept it, is to code a program that leaks information to the user but does so in a way that can’t be discovered in a code audit. This was the challenge for the 2014 Underhanded C contest; the seventh time they’ve held the event. [Richard Mitton] took part and wrote a very entertaining entry. He didn’t win, but he did just share the details of his super-sneaky code.

The challenge set out for the Citizen-Four-like coders set up a scenario where they were writing a program for a shady company (or sketchy government entity) which makes completely secret decisions based on publicly posted social media. The twist is they were tasked with getting code past an audit that leaked the decisions made by this program to the users being secretly observed.

Above is the core trick which [Richard] used after taking inspiration from Heartbleed. The struct assignment has an off-by-one error in it which is shown corrected in the lower code block. This, used in conjunction with malloc and free, allows memory to be used under the guise of storage during the encryption process. Secretly, this same bit of memory is accessed later and leaked to the user being targeted.

Have your own Underhanded C that you’re dying to share? We want to hear about it so send us a tip!

Need Timing Diagrams? Try Wavedrom

When working with anything digital, you’re going to end up reading or writing a timing diagram before long. For us, that’s meant keeping (text) notes, drawing something on a napkin, or using a tool like Inkscape. None of these are ideal.

An afternoon’s search for a better tool ended up with Wavedrom.

Just so you know where we’re coming from, here’s our list of desiderata for a timing diagram drawing solution:

  • Diagrams have a text-based representation, so their generation can be easily scripted and the results versioned and tracked throughout project development
  • Command-line rendering of images, because we like to automate everything
  • Looks good
  • Simple to use for common cases, but flexible enough to do some strange stuff when needed
  • Output modifiable when absolutely necessary: SVG would be nice

Basically, what we want is graphviz for timing diagrams.

Wavedrom nails four out of these five at the moment, and has promise to cover all of the bases. Give the online editor demo a try. We found it intuitive enough that we could make simple diagrams without even reading the fine manual. The tutorial has got you covered for more esoteric use cases.

foo

Clearly, some good thought has been put into the waveform description language, WaveJSON; it’s mostly readable and makes the essentials quick and easy. Because you can also enter straight SVG, it leaves the door open for full-fledged lunacy.

Wavedrom is written in JavaScript, and built for embedding in webpages; that’s the way they intend us to use it. On the other hand, if you want to run your own local version of the online editor, you can download it and install it locally if you’d like.

Our only quibble is that the standalone, command-line application wouldn’t generate images without the GUI on our Arch system. (Looks like there are some Google Chrome dependencies?) Otherwise, we think we’ve found our solution.

There are other applications out there. Drawtiming looks good, but we can’t quite get our head around the file format and the graphic output isn’t as flexible as we’d like: it only outputs GIF and we’re more into SVG because it can be edited easily after the fact.

There are font-based solutions that let you “type” the timing diagrams. We found Xwave and “Timing Diagram Font“. These work but aren’t particularly flexible; if you want something to happen at odd times, you’re out of luck. Plus, it just feels like a dirty hack, as if that were a bad thing.

Latex users can use tikz-timing, which makes sketching out your timing diagrams as much fun as laying out a very complex table in Latex (that is: not fun at all). On the other hand, it looks good, is ultimately flexible, outputs PDF, and would be scriptable if someone put the time in to write a nice frontend.

So for the next little while, we’re trying out Wavedrom.

What do you use for making timing diagrams?

Manual Data Recovery With A Hex Editor

Let’s say you use an SD card-base portable audio recorder for work – doing an interview, perhaps. Things go well until one day, you turn the recorder off before stopping the recording. Without pressing that big red Stop button, the file doesn’t close, and you’re left with a very large 0kB file on the SD card. How do you get it back?  There are tools that will do it for you, but they cost money. You can do it yourself with a hex editor, though, and it’s actually pretty easy.

The software required for this feat of data recovery is Roadkil’s Disk Imager to dump all the bits on the SD card to an image file, the free version of ISO Buster to show the block addresses and length of each file, and the hex editor of your choice. The process starts as simply an experiment for hot to create an MP3 file by cutting and pasting bits into a hex editor. A good file was found in the hex editor, copied to a new file, and played. Everything works so far; great.

For the actual data recovery, a spreadsheet was created to make an educated guess as to where the lost file should be. Starting at this address, about 90MB of data was copied into a new hex editor window. This is where the recovery hit a snag. Because the SD card was plugged into a Mac before, a bunch of data was written on the card. This went into the first available place on the disk, which just happened to be the header of the lost MP3 file.

That’s not a problem; there’s already the header from an MP3 file sitting in a hex editor from the first experiment to see if this was possible. By copying a few hundred bytes to the front of the lost file, the file was corrected just enough that an MP3 player could reconstruct the file.

It’s not perfect – the first fifty seconds of the interview was garbled. The rest of the interview was saved, though, and that’s much better than losing the entire thing. Thanks [Lewin] for sending this one in.

Continue reading “Manual Data Recovery With A Hex Editor”

Laser-Cut Clock Kicks Your CAD Tools to the Curb and Opts for Python

In a world deprived of stock hardware other than #6-32 bolts and sheets and sheets of acrylic, [Lawrence Kesteloot] took it upon himself to design and build a laser-cut pendulum clock. No Pricey CAD programs? No Problem. In a world where many fancy CAD tools can auto-generate gear models, [Lawrence] went back to first principles and wrote scripts to autogenerate the gear profiles. Furthermore, not only can these scripts export SVG files for the entire model for easy laser cutting, they can also render a 3D model within the browser using Javascript.

Given the small selection of materials, the entire project is a labor of love. Even the video (after the break) glosses over the careful selection of bearings, bolt-hole spacing, and time-sensitive gear ratios, each of which may be an easy macro in other CAD programs that [Lawrence], in this case, needed to add himself.

Finally, the entire project is open source and up for download on the Githubs. It’s not every day we can build ourselves a pendulum clock with a simple command-line-incantation to

make cut

Thanks for the tip, [Bartgrantham]!

Continue reading “Laser-Cut Clock Kicks Your CAD Tools to the Curb and Opts for Python”

Doppler Gesture Sensing in JavaScript

[Daniel] stumbled on an interesting paper (which we featured before) on Doppler gesture sensing using only a computer’s speaker and microphone. Unfortunately the paper didn’t include source code so [Daniel] created his own implementation of Doppler gesture sensing in JavaScript that works right in the browser.

[Daniel]’s JavaScript library generates a sine wave at 20 kHz that’s played through the computer’s speakers. The frequency is high enough that it’s pretty much inaudible. While the tone is being played through the speakers, the computer’s microphone is used to sample the audio and calculate the frequency spectrum of the signal. As you move your hand closer to the computer while the tone is playing, the frequency of the received signal shifts higher; as you move your hand away, it shifts lower. [Daniel]’s script looks for this frequency shift and uses it to trigger events.

doppler

[Daniel] has some awesome examples included on his website where you can test out the functionality for yourself. He has a hands-free scrolling example, spectrum plot, and even a virtual theremin. Since his code is bundled up into an easy-to-use library, it should be fairly easy to integrate into any webpage. The only real limitation to the library is that it only works in Chrome right now (Firefox doesn’t support disabling echo cancellation).

Animated ASCII Fluid Dynamics Simulator is Retro Cool

ASCII art holds a place near and dear to our hearts. If you were fortunate enough to get started in computers before there was such a thing as a graphical user interface (GUI) then you remember tolling for hours to make clever use of the ASCII characters to make on screen graphics appear as realistic as possible.

Although this animated ASCII fluid dynamics simulator dates back to 2012, it’s just too cool not to share. It’s the product of the International Obfuscated C Code Contest (IOCCC). A contest held each year where the goal is to write the most confusing C code that you can – making use of loopholes and ambiguity in the C programming language to obfuscate(hide) the purpose of the program. Basically, doing everything you’re taught not to do in school. You can take a look at the source code here.

We’re sure the programmer [Yusuke Endoh] would be the first to admit, that there is no practical use for such a low resolution simulator, but we give it an A+ in the retro cool department anyways. (Not to mention, the source code is way too confusing to even comment on) Take a look at the animated ASCII graphics in the video after the break.

Continue reading “Animated ASCII Fluid Dynamics Simulator is Retro Cool”

Using MATLAB and SDR to Reverse Engineer 433MHz Messages

Hackers everywhere are having a lot of fun with SDR – as is obvious from the amount of related posts here on Hackaday. And why not, the hardware is cheap and easily available. There are all kinds of software tools you can use to dig in and explore, such as SDR# , Audacity, HDSDR and so on. [illias] has been following SDR projects for a while, which piqued his interest enough for him to start playing with it. He didn’t have any real project in mind so he focused on studying the methodology and the tools available for analyzing 433MHz RF transmission. He describes the process of using MATLAB to recover the transmissions being received by the SDR

He started off by studying the existing tools available to uncover the details of the protocol. The test rig uses an Arduino UNO with the rc-switch library to transmit via a common and inexpensive 433MHz module. SDR# is used to record the transmissions and Audacity allows [illias] to visualize the resulting .wav files. But the really interesting part is where he documents the signal analysis using MATLAB.

He used the RTL-SDR package in conjunction with the Communications System Toolbox to perform spectrum analysis, noise filtering and envelope extraction. MATLAB may not be the easiest to work with, nor the cheapest, but its powerful features and the fact that it can easily read data coming from the SDR makes it an interesting tool. For the full skinny on what this SDR thing is all about, check out Why you should care about Software Defined Radio.