Reverse Engineering how a USB Switch Switches

[Daniel] found himself with a need to connect a single USB device to two Linux servers. After searching around, he managed to find an inexpensive USB switch designed to do just that. He noticed that the product description mentioned nothing about Linux support, but he figured it couldn’t be that hard to make it work.

[Daniel] started by plugging the device into a Windows PC for testing. Windows detected the device and installed an HID driver automatically.  The next step was to install the control software on the Windows system. This provided [Daniel] with a tray icon and a “switch” function. Clicking this button disconnected the HID device from the Windows PC and connected the actual USB device on the other side of the USB switch. The second computer would now have access to the HID device instead.

[Daniel] fired up a program called SnoopyPro. This software is used to inspect USB traffic. [Daniel] noticed that a single message repeated itself until he pressed the “switch” button. At that time, a final message was sent and the HID device disconnected.

Now it was time to get cracking on Linux. [Daniel] hooked up the switch to a Linux system and configured a udev rule to ensure that it always showed up as /dev/usbswitch. He then wrote a python script to write the captured data to the usbswitch device. It was that simple. The device switched over as expected. So much for having no Linux support!

Open Source, DIY Soldering Robot

After [Brian] starting selling his own Raspberry Pi expansion boards, he found himself with a need for a robot that could solder 40-pin headers for him. He first did what most people might do by looking up pre-built solutions. Unfortunately everything he found was either too slow, too big, or cost as much as a new car. That’s when he decided to just build his own soldering robot.

The robot looks similar to many 3D printer designs we’ve seen in the past, with several adjustments. The PCBs get mounted to a flat piece of aluminum dubbed the “PCB caddy”. The PCBs are mounted with custom-made pins that thread into the caddy. Once the PCBs are in place, they are clamped down with another small piece of aluminum. A computer slowly moves the caddy in one direction, moving the header’s pins along the path of the soldering irons one row at a time.

The machine has two soldering irons attached, allowing for two pins to be soldered simultaneously. The irons are retracted as the PCB caddy slides into place. They irons are then lowered onto the pins to apply heat. Two extruders then push the perfect amount of solder onto each pin. The solder melts upon contact with the hot pins, just as it would when soldered by hand.

The system was originally designed to be run on a Windows 8.1 tablet computer, but [Brian] found that the system’s internal battery would not charge while also acting like a USB host. Instead, they are running the Windows WPF application on full PC. All of the software and CAD files can be found on [Brian’s] github page. Also be sure to check out the demo video below. Continue reading “Open Source, DIY Soldering Robot”

Bypassing the Windows Lock Screen

Most of us know that we should lock our computers when we step away from them. This will prevent any unauthorized users from gaining access to our files. Most companies have some sort of policy in regards to this, and many even automatically lock the screen after a set amount of time with no activity. In some cases, the computers are configured to lock and display a screen saver. In these cases, it may be possible for a local attacker to bypass the lock screen.

[Adrian] explains that the screen saver is configured via a registry key. The key contains the path to a .scr file, which will be played by the Adobe Flash Player when the screen saver is activated. When the victim locks their screen and steps away from the computer, an attacker can swoop in and defeat the lock screen with a few mouse clicks.

First the attacker will right-click anywhere on the screen. This opens a small menu. The attacker can then choose the “Global settings” menu option. From there, the attacker will click on “Advanced – Trusted Location Settings – Add – Add File”. This opens up the standard windows “Open” dialog that allows you to choose a file. All that is required at this point is to right-click on any folder and choose “Open in a new window”. This causes the folder to be opened in a normal Windows Explorer window, and from there it’s game over. This window can be used to open files and execute programs, all while the screen is still locked.

[Adrian] explains that the only remediation method he knows of is to modify the code in the .swf file to disable the right-click menu. The only other option is to completely disable the flash screen saver. This may be the safest option since the screen saver is most likely unnecessary.

Update: Thanks [Ryan] for pointing out some mistakes in our post. This exploit specifically targets screensavers that are flash-based, compiled into a .exe file, and then renamed with the .scr extension. The OP mentions these are most often used in corporate environments. The exploit doesn’t exist in the stock screensaver.

Physical Keys Not Just For Doors Anymore, Now Available For Windows

Physical Key Locks and Unlocks Windows Computer

If you have ever forgotten your computer password after a long weekend or maybe you can remember it but just can’t seem to type it correctly, [Thomas] has a project for you. It’s a physical key that locks and unlocks your PC.

So how does it work? The heart of the project is an Arduino Leonardo. You may recall that this board is a bit different from the preceding Arduinos as it can enumerate on a host computer as a Human Interface Device (HID), such as a keyboard or mouse. The Arduino sketch continually reads an input pin using an internal pull-up resistor to make it logic high with the key switch connecting the signal to ground. When the Arduino sees the pin change from high to low, it sends out a keyboard command consisting of the Windows Key and “L”, which is the keyboard shortcut for locking the computer.

When the physical key is turned again, the Arduino sees the pin change back to a high state and it again emulates a keyboard but this time enters your password. You do have to include your password in the Arduino sketch for this to work. In addition, there are two LED’s wired up to show if the computer is locked or not, but you’ll be able to tell pretty quick when trying to get back to work.

Continue reading “Physical Keys Not Just For Doors Anymore, Now Available For Windows”

Do you know what you’re doing when integrating PC-side apps with USB microcontrollers?

The advent of integrated USB peripherals in microprocessors (PIC, AVR, etc.) has certainly taken a lot of the work out of developing USB devices, not to mention reducing the silicon parts in these designs. But do you know what you’re doing when it comes to controlling them with user-friendly applications? [Simon Inns] is lending a hand with this in his recent tutorial. He shows how to use USB capable AVR chips along with your own Windows applications.

After the break you can see the video from which the above screenshot was captured. That’s a development board of his own making which hosts an ATmega32U4, as well as a USB-B port, LEDs, potentiometer, and a few switches. Taking a closer look, we love the breadboard friendly headers he used on the bottom of the board to break out all of the pins.

His demo shows the Windows app turning LEDs on the board on and off, as well as ADC data displaying the current potentiometer position with the onscreen dial. His code package includes the hardware design, firmware, and app software needed to follow along with what he’s doing.

Continue reading “Do you know what you’re doing when integrating PC-side apps with USB microcontrollers?”

Winterizing: keeping the drafts out of double-hung windows

[Rumplestiltskin] has had work done on his double-hung windows to help prevent drafts and keep them in good working order. But there are still a few that rattle, and let in the cold of winter. Not this year; he’s added a small feature to the jamb that will keep out the cold weather.

A pair of jointing blocks were added to each window. The small block seen above is attached to the window jam with a couple of all-purpose screws, and hosts a machine screw which points toward the window frame. Since there is weather stripping between the two window frames, and between the frame and the outer jamb, tightening this screw will snug the frames up to close any small gaps. This has the unintended consequence of prohibiting the window from being opened (unless you don’t mind scraping the paint as the machine screw slides across the wood). But if only used in the winter months this is a viable solution.

GPU password cracking made easy

The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine he pitted the Cain password recovery tool which uses the CPU for its calculations against ighashgpu which uses ATI or Nvidia graphics cards to do the deed. Hands down ighashgpu is the fastest; with Cain taking about one year to crack an eight character password while ighashgpu can do it in under nineteen hours.

We were very interested to see how easy it is to use this package. We looked in on GPU cracking in September but didn’t focus on the software packages that are out there. Now that you know how easily your password can be unearthed perhaps you will get some use out of this article discussing the usability and security of longer passwords which we ran across over on Reddit.