If you’ve ever purchased a new computer then you are probably familiar with the barrage of bloatware that comes pre-installed. Usually there are system tools, antivirus software trials, and a whole bunch of other things that most of us never wanted in the first place. Well now we can add Superfish spyware to the list.
You may wonder what makes this case so special. A lot of PC’s come with software pre-installed that collect usage statistics for the manufacturer. Superfish is a somewhat extreme case of this. The software actually installs a self-signed root HTTPS certificate. Then, the software uses its own certificates for every single HTTPS session the user opens. If you visit your online banking portal for example, you won’t actually get the certificate from your bank. Instead, you’ll receive a certificate signed by Superfish. Your PC will trust it, because it already has the root certificate installed. This is essentially a man in the middle attack performed by software installed by Lenovo. Superfish uses this ability to do things to your encrypted connection including collecting data, and injecting ads.
As if that wasn’t bad enough, their certificate is actually using a deprecated SHA-1 certificate that uses 1024-bit RSA encryption. This level of encryption is weak and susceptible to attack. In fact, it was reported that [Rob Graham], CEO of Errata Security has already cracked the certificate and revealed the private key. With the private key known to the public, an attacker can easily spoof any HTTPS certificate and systems that are infected with Superfish will just trust it. The user will have no idea that they are visiting a fake phishing website.
Since this discovery was made, Lenovo has released a statement saying that Superfish was installed on some systems that shipped between September and December of 2014. They claim that server-side interactions have been disabled since January, which disables Superfish. They have no plans to pre-load Superfish on any new systems.
While browsing a local auction site, [Viktor] found himself bidding on a beat up Lenovo A600 all-in-one PC. He bid around $50 and won. Then came the hard part – actually making the thing work. The front glass was cracked, but the LCD was thankfully unharmed. The heat pipes looked like they had been attacked with monkey wrenches. The superIO chip’s pins were mangled, and worst of all, the MXM video card was dead.
The first order of business was to fix the superIO chip’s pins and a few nearby discrete components which had been knocked off their pads. Once that was done, [Viktor] was actually able to get the computer to boot into Linux from a USB flash drive. The next step was bringing up the display. [Viktor] only needed a coding station, so in addition to being dead, the video accelerator on the MXM wasn’t very useful to him. The Lenovo’s motherboard was designed to support video on an MXM card or internal video. Switching over meant changing some driver settings and moving a few components, including a rather large LVDS connector for the display itself. A difficult task, compounded by the fact that [Viktor’s] soldering tools were a pair of soldering guns that would be better suited to fixing the bodywork on a ’57 Chevy. He was able to fashion a hot wire setup of sorts, and moved the connector over. When he was done, only one tiny solder bridge remained!
The end result is a new coding battle station for [Viktor] and a computer which was a basket case is saved from the landfill. If you like this hack, check out [Viktor’s] low power PSU, or his 1 wire network!
It doesn’t have buckling springs, Cherry blues, or even the wonderful if forgotten Alps switches, but the keyboard found in ThinkPads has the best keyboard action of any laptop around. They would make a great USB conversion keyboard, but the board to board connector is very hard to find, and no one has yet managed to get the keyboard and track point working as a USB HID device. Until [rampadc] came along, that is.
[Rampadc]’s keyboard adapter is built for the ThinkPad T60 keyboard, which is shared between the Lenovo T60, T61, Z60, Z61, R400, R500, T400, T500, and X41 laptops, among many others. The connector is an extremely odd proprietary deal, that can be found through the usual channels for about $5 in quantity 100. On top of this, the keyboard doesn’t have a controller – that’s offloaded to the laptop’s main board. The only electronics in this keyboard is just a matrix. Despite all this, [rampadc] managed to create a breakout board with a decade counter and an SPI GPIO expander.
The board [rampadc] made features one of the proprietary connectors, a few chips, and a receptacle for an Arduino Micro. With just a little bit of code, the old keyboard becomes one of the best portable keyboards in existence, and probably a bit cheaper than the official Lenovo USB-bound ThinkPad keyboard.
[rampadc] has a few of the expansion boards available over on Tindie should you want to build your own. It’s only cost-effective if you have one of these T60 keyboards sitting around in a junk pile; not a likely situation because these machines just don’t die.
Continue reading “Using A ThinkPad Keyboard Over USB”
We’d bet that most readers stream video as the lion’s share of their entertainment consumption. It’s getting easier and easier thanks to great platforms like XBMC, but not everything is available in one place, which can be a bit off-putting. [Tony Hoang] is trying to simplify his viewing experience by creating one remote to rule all of his streaming software. He’s got an HTPC connected to his entertainment center, and used a bit of scripting to add some functionality to this Lenovo N9502 remote control.
The hack is entirely software-side. The remote already works quite well, but he remapped the home, end, and page up buttons, as well as the mouse controller. The three buttons will launch XBMC, Hulu, and Netflix respectively. They are also set to kill the other applications before launch so that one button will do everything needed to switch between one another. The mouse remapping takes care of up, down, left, and right keys for navigation in the UI and control of the playing videos. See a demo of the setup after the break.
Everything was done with autohotkey scripts for Windows. But this should be easy to code with other OSes as well. If you’re prone to have a slip of the finger you might want to work out a double-click to launch the applications so you don’t accidentally hit a key in the middle of your favorite show.
Continue reading “One remote to stream them all”
Taking portability one step further [Marty Enerson] built a photo booth in a roll-away case. The Pelican mobile case houses an Elo Touchscreen, a Canon PIXMA iP3000 photo printer, and a Canon Powershot SD100 digital camera. Most of this, including a Lenovo laptop to run it, was purchased second-hand from eBay, with a copy of Photoboof (different from the wedding photo booth from last week) to tie up the software side of the project. He plans to add a folding stand later on to make it into a kiosk. For some reason that sparks the image of a voting booth in our minds.