File Format Posters

It’s not uncommon for hackers to have a particular delectation for unusual interior decoration. Maybe it’s a Nixie tube clock, or a vacuum fluorescent display reading out the latest tweets from a favorite chatbot. If this sounds like your living room already, perhaps you’d like some of these file format posters to adorn your walls.

The collection of images includes all kinds of formats — GIF, ZIP and WAV are all represented, but it even gets into some real esoterica — DOLphin format executables are here if you’re a total GameCube fanatic. Each poster breaks down the format into parts, such as the header, metadata and descriptor sections, and come in a variety of formats themselves — most available in SVG, PDF and PNG.

If we’re totally honest, these aren’t all designed for hanging on your wall as-is — we’d consider putting some work into to optimize the color palettes and layouts before putting these to print. But regardless, they’re an excellent visual representation of data structures that you might find particularly useful if you need to do some reverse engineering down the track.

If you still have wall space available after seeing this, here’s the electronic reference poster that should fill it.

[Thanks to JD for the tip!]

Grant Anyone Temporary Permissions to Your Computer with SSH

This is a super cute hack for you Linux users out there. If you have played around with SSH, you know it’s the most amazing thing since sliced bread. For tunneling in, tunneling out, or even just to open up a shell safely, it’s the bees knees. If you work on multiple computers, do you know about ssh-copy-id? We had been using SSH for years before stumbling on that winner.

Anyway, [Felipe Lavratti]’s ssh-allow-friend script is simplicity itself, but the feature it adds is easily worth the cost of admission. All it does is look up your friend’s public key (at the moment only from GitHub) and add it temporarily to your authorized_keys file. When you hit ctrl-C to quit the script, it removes the keys. As long as your friend has the secret key that corresponds to the public key, he or she will be able to log in as your user account.

Continue reading “Grant Anyone Temporary Permissions to Your Computer with SSH”

TruffleHog Sniffs Github for Secret Keys

Secret keys are quite literally the key to security in software development. If a malicious actor gains access to the keys securing your data, you’re toast. The problem is, to use keys, you’ve got to write them down somewhere – oftentimes in the source code itself. TruffleHog has come along to sniff out those secret keys in your Github repository.

It’s an ingenious trick — a Python script goes through the commit history of a repository, looking at every string of text greater than 20 characters, and analyzing its Shannon entropy. This is a mathematical way of determining if it looks like a relatively random string of numbers and letters. If it has high entropy, it’s probably a key of some sort.

Sharing source code is always a double-edged sword for security. Any flaws are out for all to see, and there are both those who will exploit the flaws and those who will help fix them. It’s a matter of opinion if the benefits outweigh the gains, but it’s hard to argue with the labor benefits of getting more eyes on the code to hunt for bugs. It’s our guess though, that a lot of readers have accidentally committed secret keys in a git repository and had to revert before pushing. This tool can crawl any publicly posted git repo, but might be just as useful in security audits of your own codebase to ensure accidentally viewable keys are invalidated and replaced.

For a real world example of stolen secret keys, read up on this HDMI breakout that sniffs HDCP keys.

Interactive ESP8266 Development with PunyForth

Forth is one of those interesting languages that has a cult-like following. If you’ve never looked into it, its strength is that it is dead simple to put on most CPUs, yet it is very powerful and productive. There are two main principles that make this possible. First, parsing is easy because any sequence of non-space characters makes up a legitimate Forth word. So while words like “double” and “solve” are legal Forth words, so is “#$#” if that’s what you want to define.

The other thing that makes Forth both simple and powerful is that it is stack-based. If you are used to a slide rule or an HP calculator, it is very natural to think of “5+2*3” as “5 2 3 * +” but it is also very simple for the computer to interpret.

[Zeroflag] created PunyForth–a Forth-like language for the ESP8266. You can also run PunyForth for cross development purposes on Linux (including the Raspberry Pi). The system isn’t quite proper Forth, but it is close enough that if you know Forth, you’ll have no trouble.

Continue reading “Interactive ESP8266 Development with PunyForth”

Open Source SNES to USB Converter Lets You Emulate Legally

[Andrew Milkovich] was inspired build his own Super Nintendo cartridge reader based on a device we covered an eternity (in internet years) ago. The device mounts a real cartridge as a USB mass storage device, allowing you to play your games using an emulator directly from the cart.

This uses a Teensy++ 2.0  at its core. [Andrew] had to desolder the EEPROM pins from the SNES cartridge and reverse engineer the pinouts himself, but the end result was a device that could successfully read the cartridge without erasing it, no small accomplishment. The finished cartridge reader is build on some protoboard and we’d like to complement [Andrew] on his jumper routing on the underside of that board.

Of course, the experience of any console is just not the same without the original controller. So [Andrew] went a step further and made his own SNES controller to USB converter. This had the venerable Atmel ATmega328 at its core, and can be used separate from the cartridge reader if desired.

Atomic Arduino (and Other) Development

Even the most die-hard Arduino fan boys have to admit that the Arduino development environment isn’t the world’s greatest text editor (they’d probably argue that its simplicity is its strength, but let’s ignore that for now). If you are used to using a real code editor, you’ll probably switch to doing your Arduino coding in that and then use the external editor integration in the IDE.

That works pretty well, but there are other options. One we noticed, PlatformIO, extends GitHub’s Atom editor. That makes it cross-platform, powerful, and with plenty of custom plug ins. It also supports a range of platforms including Arduino, many ARM platforms, MSP430, and even desktop computers running Linux or Windows.

Continue reading “Atomic Arduino (and Other) Development”

Crowdsourcing Reference Designs from Github

A ton of open source hardware projects make their way onto Github, and Eagle is one of the most popular tools for these designs. [TomKeddie] came up with the idea of searching Github for Eagle files containing specific parts at Hacker Camp Shenzhen, and a method of scraping useful ones.

The folks over at Dangerous Prototypes used this to build the Github Hardware Search tool. Simply enter a part number, like “ATmega328P”, and you’ll receive a list of the designs using that part. You can then study the design and use it as a reference for your own project. You can also snag library files for the parts.

Of course, there are some limitations to this. The most obvious one is the lack of quality control. There’s no guarantee that the design you find works, or has even been built. Also, it only works for Eagle 6+ files, since prior versions were not XML. You can read more about the design of the tool over on Dangerous Prototypes.