A router with WPS requires a PIN to allow other devices to connect, and this PIN should be unique to every router and not derived from other easily accessible data found on the router. When [Craig] took a look at the firmware of a D-Link DIR-810L 802.11ac router, he found exactly the opposite; the WPS PIN was easily decipherable because it was generated entirely from the router’s MAC address and could be reverse engineered by sniffing WiFi.
When [Craig] was taking a look at the disassembled firmware from his router, he noticed a bit of code that accessed the NVRAM used for storing device-specific information like a serial number. This bit of code wasn’t retrieving a WPS pin, but the WAN MAC address instead. Instead of being unique to each device and opaque to every other bit of data on the router, the WPS pin was simply generated (with a bit of math) from the MAC address. This means anyone upstream of the router can easily derive the WPS pin of the router, and essentially gives everyone the keys to the castle of this router.
A few years ago, it was discovered the WPS pin was extremely insecure anyway, able to be brute-forced in a matter of minutes. There are patches router manufacturers could apply to detect these brute force attacks, closing that vulnerability. [Craig]‘s code, though, demonstrates that a very large number of D-Link routers effectively broadcast their WPS PIN to the world. To make things even worse, the BSSID found in every wireless frame is also derived from the WAN MAC address. [Craig] has literally broken WPS on a huge number of D-Link routers, thanks to a single engineer that decided to generate the WPS PIN from the MAC address.
[Craig] has an incomplete list of routers that are confirmed affected on his site, along with a list of confirmed unaffected routers.
Who of us out there don’t have a spare iPad and Mac Classic kicking around? If you are one of those lucky folks then this project is for you. [site hirac] has made a pretty neat stand for an iPad made out of a Mac Classic case (translated). It just happens that the screens of the Mac Classic and iPad are pretty darn close in size. Although the screen size is similar, the resolution is not. The original Macintosh Classic had a black and white screen with a resolution of 512 × 342 pixels. The iPad’s resolution of 1024 x 768 pixels has 450% more pixels than the original Mac.
To get the iPad to fit correctly, the case had to be significantly modified. First, all of the internals of the Mac were removed, leaving just an empty case. The front panel of the case was removed and a slot on the left side is made. This slot helps to allow the iPad to slide into the Mac. On the inside of the front panel quite a few of injection molded supports were trimmed away for clearance. A slot was also cut in the left side of the rear case half. When the case is re-assembled, the slots in the front and rear halves provide a large enough hole for the iPad to fit through. Oddly, there are some plastic features on the front panel that are at just the right height to hold the iPad in the ideal location to line up with the screen cutout in the case.
Continue reading “iPad Finds New Home in Mac Classic”
Check out this jumbled confirmation window. At first glance the message appears to contain a bunch of gibberish, but it can actually be read if you start at the right side and read each character moving left. The text displays like this because it is prefixed by a special Right-to-Left override Unicode character. The technique is being used in malware to obscure the actual extension of the file being launched. Notice that when written backwards your eye can still pick out the string “pdf” which may be enough to trick the uninitiated into approving the launch of the file.
This confirmation screen is launched when clicking on a piece of malware found in the wild a little over a week ago. If you do choose to run it, a decoy PDF file is opened in order not to arouse suspicion. But at the same time the program — which is signed with an Apple Developer ID — is installing itself in the home directory and making a cron job to launch at each boot. Sneaky!
[Mitchell Johnson] wanted to develop for the STM32F4 Discovery board on his Mac. There are a few ready-to-use options when it comes to the ARM toolchains, but he couldn’t find one that satisfied all of his needs. After working out all the kinks he wrote a guide and tweaked a script to install the ARM tools on a Mac.
The problem he had with some of the pre-packaged tool chains is that they didn’t support the hardware floating point functionality of STM’s Cortex-M4 chips. To get around this without doing his own ground-up build (which can be quite a challenge) he forked the Summon Arm Toolchain script and modified it to include ST-Link support in the build. One of the things that we like about that script is it installs the tools in a sub-directory of your home directory. This way if you already have another ARM toolchain you can switch between the two by tweaking your PATH variable.
[Ricard Dias] wrote in to tell us about his guide for developing Linux applications on a Mac. He really enjoys the development environment provided by XCode, and it doesn’t take much to make it work as an all-in-one solution for Linux development.
The real trick here is the use of SSH to access a Linux environment. In this example he uses Ubuntu running as a virtual machine, but also mentions that the same thing can be done just as easily with a separate box as long as it is on the same network as the Mac. SSHFS (the SSH Filesystem) lets him mount the development directory on the Linux box locally. This is where the XCode project and files will be stored, but building the program will be done by the Linux machine via a script calling the make comand via SSH. To test out the newly built program, [L] tunnels in using X11 forwarding for ssh, and the application will be shown as a window in OSX, even though it is running on the Ubuntu machine.
We love SSH and use it all the time. It’s amazing how hand it can be.
[Steve] over at Big Mess O’ Wires has never been so happy to see the “Sad Mac” icon.
A little over a month ago, he decided to take on the task of building his own Mac clone using modern technology. Not to be confused with Mac emulation on modern hardware, he is attempting to build a true Mac clone using an FPGA that is functionally identical to the original.
He is calling his creation the “PlusToo”, with the goal of producing a modern version of the Macintosh Plus. The Plus shares a good amount of hardware with its other original Mac brethren, allowing him to replicate any of the other machines such as the Mac 128K, with a few simple configuration changes.
Building this clone is an incredible undertaking, and it’s a lot of fun to watch the construction progress bit by bit. [Steve] has been diligently working for a little over a month now, recently getting the clone to run 68000 code from the Mac ROM, resulting in the Sad Mac image you see above. While the logo has been dreaded among Mac users for years, it signals to [Steve] that things are coming along nicely.
Provided you haven’t been toiling away in a secret lair somewhere (we’re looking at you [Jack]), odds are you may have seen the news that [Steve Jobs] stepped down as CEO of Apple this past Wednesday.
This earth-shattering news even eclipsed that of the East Coast Megaquakeapocalypse. It sent the blogosphere into a tizzy, sparking a whirlwind of news posts and retrospectives on his career. It’s been impossible to ignore the coverage (we’ve tried), and since we see everyone else writing about it, we feel the need to be at least somewhat up on our current events as well.
At the end of the day though, we don’t care how many patents [Steve] owns, how many failed products he has dreamed up over the years, or that he and [Woz] used to wear matching thongs to the beach in the 80s*.
Nope, we just care about the hacks. So here’s a trip down memory lane highlighting the Apple-related hacks we’ve seen so far in 2011, which will forever be known as the year [Steve Jobs] gave up the reigns at Apple (again).
XBMC on iOS Devices
Overhauling an old Apple keyboard
Mac Pro serial terminal
Taking secret photos of Apple Store patrons
Apple ][ USB keyboard conversion
Apple ][ Weather Display Parts 1, 2, 3