Day: April 19, 2019

Printing On Wood, With An Inkjet

April 19, 2019 by 18 Comments

As a little experiment in desktop printing, because you can make a desk out of wood, [BlueFlower] modified a standard inkjet printer to print on wood. This is not an electronics mod by any means; this is still a printer that’s plugged into a USB port, does all the fancy printer firmware stuff, tells you to refill the yellow ink cartridge when you only want to print black, and all the other things that inkjet printer firmware will do. This is a mechanical mod. By taking apart the belts and rails and mounting them to a new frame, [BlueFlower] was able to open up the printer so a moving bed holding a board could be moved through the mechanics.

While the printer itself looks a little janky, you can’t argue with results. The prints look good, and should hold up well with a bit of finish. There’s a height adjustment for different thicknesses of stock, and if you’re exceptionally clever, you might be able to put a six-foot-long board through this thing. You can check out a video of this direct to wood printer in action below.

Continue reading “Printing On Wood, With An Inkjet”

Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security

April 19, 2019 by 21 Comments

Let’s get caught up on computer security news! The big news is Shadowhammer — The Asus Live Update Utility prompted users to download an update that lacked any description or changelog. People thought it was odd, but the update was properly signed by Asus, and antivirus scans reported it as safe.

Nearly a year later, Kaspersky Labs announced they had confirmed this strange update was indeed a supply chain attack — one that attacks a target by way of another vendor. Another recent example is the backdoor added to CCleaner, when an unknown actor compromised the build system for CCleaner and used that backdoor to target other companies who were using CCleaner. Interestingly, the backdoor in CCleaner has some similarities to the backdoor in the Asus updater. Combined with the knowledge that Asus was one of the companies targeted by this earlier breach, the researchers at Kaspersky Lab suggest that the CCleaner attack might have been the avenue by which Asus was compromised.

Shadowhammer sits quietly on the vast majority of machines it infects. It’s specifically targeted at a pool of about 600 machines, identified by their network card’s MAC address. We’ve not seen any reporting yet on who was on the target list, but Kaspersky is hosting a service to check whether your MAC is on the list.

While we’re still waiting for the full technical paper, researchers gave a nearly 30 minute presentation about Shadowhammer, embedded below the break along with news about Dragonblood, Amazon listening to your conversations, and the NSA delivering on Ghidra source code. See you after the jump!
Continue reading “Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security”

Pano Logic FGPA Hacking Just Got Easier

April 19, 2019 by 8 Comments

When Pano Logic went out of business in 2012, their line of unique FPGA-based thin clients suddenly became a burden that IT departments didn’t want anything to do with. New and used units flooded the second-hand market, and for a while you could pick these interesting gadgets up for not much more than the cost of shipping. Thanks to considerable interest from the hacking community the prices for these boxes have climbed a bit on eBay, but they’re still a great way to get your feet wet with FPGA hacking.

Especially now, as Pano Logic fanatic [Skip Hansen] has figured out how to flash a new firmware on them without having to crack open the case and break out the JTAG or SPI programmer. For the seasoned hardware hacker that might not seem like a big deal, but if you’re new to the game or just more interested in the software side of the equation, this trick makes things considerably more accessible. Having an external programmer is still a good idea if things go south, but if you’re just looking to flash some demos and see what the hardware is capable of this is a huge quality of life improvement.

Even if you aren’t interested in fiddling with the orphaned products of a defunct Bay Area startup, the write-up is a fascinating look at practical software reverse engineering. As it turns out, [Skip] didn’t create this new firmware update tool from scratch. He actually opened up the official Linux update utility from Pano Logic in Ghidra and was able to figure out where the firmware image actually lived inside the program. He then wrote his own tool in C which will patch the update tool with a user-supplied firmware image.

After patching, all you need to do is follow the official update procedure, which Pano Logic helpfully documented in the YouTube video after the break. [Skip] mentions he didn’t find any clear license information in the official software he was fiddling with, and of course with the company out of business it’s not too likely anyone is going to come knocking down his door anyway. Still, he says the downloads for the Pano Logic updater are still floating around on the tubes out there for you to find, so he’s not distributing anyone’s code but his own in this project.

There are a number of hackers out there working to turn the Pano Logic thin clients into useful general purpose FPGA platforms, such as [Tom Verbeure], who’s incredible graphics demos got [Skip] inspired to grab his own unit off eBay. With support for USB and SDRAM added by [Wenting Zhang] while getting his FPGA GBA emulator running on the hardware, it seems there’s never been a better time to get on the Pano Logic train.

Continue reading “Pano Logic FGPA Hacking Just Got Easier”

Forget Artificial Intelligence; Think Artificial Life

April 19, 2019 by 19 Comments

If you are a science fiction fan, you are probably aware of one of the genre’s oddest dichotomies. A lot of science fiction is concerned about if a robot, alien, or whatever is a person. However — sometimes in the same story — finding life is as easy as asking the science officer with a fancy tricorder. If you go to Mars and meet Marvin, it is pretty clear he’s alive, but faced with a bunch of organic molecules, the task is a bit harder. Now it is going to get harder still because Cornell scientists have created a material that has an artificial metabolism and checks quite a few boxes of what we associate with life. You can read the entire paper if you want more detail.

Three of the things people look for to classify something as alive is that it has a metabolism, self-arranges, and reproduces. There are other characteristics, depending on who you ask, but those three are pretty crucial.

Continue reading “Forget Artificial Intelligence; Think Artificial Life”