Broken HP-48 Calculator Reborn As Bluetooth Keyboard

Considering their hardware specification, graphing calculators surely feel like an anachronism in 2019. There are plenty of apps and other software available for that nowadays, and despite all preaching by our teachers, we actually do carry calculators with us every day. On the other hand, never underestimate the power of muscle memory when using physical knobs and buttons instead of touch screen or mouse input. [epostkastl] combined the best of both worlds and turned his broken HP-48 into a Bluetooth LE keyboard to get the real feel with its emulated counterpart.

Initially implemented as USB device, [epostkastl] opted for a wireless version this time, and connected an nRF52 based Adafruit Feather board to the HP-48’s conveniently exposed button matrix pins. For the software emulation side, he uses the Emu48, an open source HP calculator emulator for Windows and Android. The great thing about Emu84 is that it supports fully customizable mappings of regular keyboard events to the emulated buttons, so you can easily map, say, the cosine button to the [C] key. The rest is straight forward: scanning the button matrix detects button presses, maps them to a key event, and sends it as a BLE HID event to the receiving side running Emu84.

As this turns [epostkastl]’s HP-48 essentially into a regular wireless keyboard in a compact package — albeit with a layout that outshines every QWERTY vs Dvorak debate. It can of course also find alternative use cases, for examples as media center remote control, or a shortcut keyboard. After all, we’ve seen the latter one built as stomp boxes and from finger training devices before, so why not a calculator?

Continue reading “Broken HP-48 Calculator Reborn As Bluetooth Keyboard”

This Week In Security: Black Hat, DEF CON, And Patch Tuesday

Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.

First some light-hearted shenanigans. Obviously inspired by Little Bobby Tables, Droogie applied for the vanity plate “NULL”. A year went by without any problems, but soon enough it was time to renew his registration. The online registration form refused to acknowledge “NULL” as a valid license plate. The hilarity didn’t really start until he got a parking ticket, and received a bill for $12,000. It seems that the California parking ticket collection system can’t properly differentiate between “NULL” and a null value, and so every ticket without a license plate is now unintentionally linked to his plate.

In the comments on the Ars Technica article, it was suggested that “NULL” simply be added to the list of disallowed vanity plates. A savvy reader pointed out that the system that tracks disallowed plates would probably similarly choke on a “NULL” value.

Hacking an F-15

In a surprising move, Air Force officials brought samples of the Trusted Aircraft Information Download Station (TADS) from an F-15 to DEF CON. Researchers were apparently able to compromise those devices in a myriad of ways. This is a radical departure from the security-through-obscurity approach that has characterized the U.S. military for years.

Next year’s DEF CON involvement promises to be even better as the Air Force plans to bring researchers out to an actual aircraft, inviting them to compromise it in every way imaginable.

Patch Tuesday

Microsoft’s monthly dump of Windows security fixes landed this week, and it was a doozy. First up are a pair of remotely exploitable Remote Desktop vulnerabilities, CVE-2019-1222 and CVE-2019-1226. It’s been theorized that these bugs were found as part of an RDP code review launched in response to the BlueKeep vulnerability from earlier this year. The important difference here is that these bugs affect multiple versions of Windows, up to and including Windows 10.

What the CTF

Remember Tavis Ormandy and his Notepad attack? We finally have the rest of the story! Go read the whole thing, it’s a great tale of finding something strange, and then pulling it apart looking for vulnerabilities.

Microsoft Windows has a module, MSCTF, that is part of the Text Services Framework. What does the CTF acronym even stand for? That’s not clear. It seems that CTF is responsible for handling keyboard layouts, and translating keystrokes based on what keyboard type is selected. What is also clear is that every time an application builds a window, that application also connects to a CTF process. CTF has been a part of Microsoft’s code base since at least 2001, with relatively few code changes since then.

CTF doesn’t do any validation, so an attacker can connect to the CTF service and claim to be any process. Tavis discovered he could effectively attempt to call arbitrary function pointers of any program talking to the same CTF service. Due to some additional security measures built into modern Windows, the path to an actual compromise is rather convoluted, but by the end of the day, any CFT client can be compromised, including notepad.

The most interesting CFT client Tavis found was the login screen. The exploit he demos as part of the write-up is to lock the computer, and then compromise the login in order to spawn a process with system privileges.

The presence of this unknown service running on every Windows machine is just another reminder that operating systems should be open source.

Biostar 2

Biostar 2 is a centralized biometric access control system in use by thousands of organizations and many countries around the globe. A pair of Israeli security researchers discovered that the central database that controls the entire system was unencrypted and unsecured. 23 Gigabytes of security data was available, including over a million fingerprints. This data was stored in the clear, rather than properly hashed, so passwords and fingerprints were directly leaked as a result. This data seems to have been made available through an Elasticsearch instance that was directly exposed to the internet, and was found through port scanning.

If you have any exposure to Biostar 2 systems, you need to assume your data has been compromised. While passwords can be changed, fingerprints are forever. As biometric authentication becomes more widespread, this is an unexplored side effect.

Electric Vehicles On Ice

This winter, a group of electric vehicle enthusiasts, including [Dane Kouttron], raced their homemade electric go-karts on the semi-frozen tundra nearby as part of their annual winter tradition. These vehicles are appropriately named Atomic Thing and Doom Sled, and need perfect weather conditions to really put them to the test. You want a glass-like race track but snowfall on ice freezes into an ice-mush intermediate that ends up being too viscous for high-speed ice vehicles. The trick is to watch for temperatures that remain well below zero without snow-like precipitation.

The group is from the community makerspace out of MIT known as MITERS and already have EV hacking experience. They retrofitted their VW Things vehicle (originally built for a high speed electric vehicle competition) to squeeze even more speed out of the design. Starting out with an 8-speed Shimano gearbox and a 7kW motor, they assembled a massive 24S 10P battery out of cylindrical A123 cells salvaged from a Prius A123 Hymotion program. This monster operates at 84V with a 22AH capacity, plenty for power for the team to fully utilize the motor’s potential.

The battery is ratchet strapped to the back of the Atomic Thing to provide more traction on the ice. It must feel just like riding on top of a different kind of rocket.

They tried using ice skates in the front of the Atomic Thing, but the steering was difficult to control over rough ice. Studded solid tires perform quite well, resulting in less jarring movement for the driver. Doom Sled is a contraption built from a frame of welded steel tube and a mountainboard truck with ice skate blades for steering. The motor — a Motenegy DC brush [ME909] — was salvaged from a lab cleanout, transferring power to the wheels through a chain and keyed shaft. The shaft-to-wheel torque was duly translated over two keyed hub adapters.

Doom Sled with seat strapped on

The crew fitted a seat from a longscooter and made a chain guard from aluminum u-channel to keep the flying chain away from the driver’s fingers. The final user interface includes a right-hand throttle and a left-hand “electric brake” (using resistors to remove the stored energy quickly to combat the enormous inertia produced by the vehicle).

Overall, ice racing was a success! You can see the racing conditions were just about perfect, with minimal ice mush on the lake. Any rough patches were definitely buffered smooth by the end of the day.

Continue reading “Electric Vehicles On Ice”

Turning A Sony Into A Leica Through Extreme Camera Modding

The quality of a photograph is a subjective measure depending upon a multitude of factors of which the calibre of the camera is only one. Yet a high quality camera remains an object of desire for many photographers as it says something about you and not just about the photos you take. [Neutral Gray] didn’t have a Leica handheld camera, but did have a Sony. What’s a hacker to do, save up to buy the more expensive brand? Instead he chose to remodel the Sony into a very passable imitation.

This is a Chinese language page but well worth reading. We can’t get a Google Translate link to work, but in Chrome browser, right clicking and selecting “translate” works. If you have a workaround for mobile and other browsers please leave a comment below.

The Sony A7R is hardly a cheap camera in the first place, well into the four-figure range, so it’s a brave person who embarks on its conversion to match the Leica’s flat-top aesthetic. The Sony was first completely dismantled and it was found that the electronic viewfinder could be removed without compromising the camera. In a bold move, its alloy housing was ground away, and replaced with a polished plate bearing a fake Leica branding.

 

Extensive remodelling of the hand grip with a custom carbon fibre part followed, with significantly intricate work to achieve an exceptionally high quality result. Careful choice of paint finish results in a camera that a non-expert would have difficulty knowing was anything but a genuine Leica, given that it is fitted with a retro-styled lens system.

We’re not so sure we’d like to brace Leica’s lawyers on this side of the world, but we can’t help admiring this camera. If you’re after a digital Leica though, you can of course have a go at the real thing.

Thanks [fvollmer] for the tip.