Hide glue has been around for thousands of years, and some of it is holding wood pieces three thousand years after application. It is made from animal protein, so vegetarians may want to stick to the petroleum-based adhesives. [Surjan Singh] wanted to see if its longevity made it a contender with modern epoxy by casting a couple of fiberglass car parts with the competing glues. In short, it doesn’t hold up in this situation, but it is not without merit.
Musical instrument makers and antique restorers still buy and use hide glue, but you would never expose it to heat or moisture. To its credit, hide glue doesn’t require a ventilator. All you need is boiling water and a popsicle stick, and you are in business. [Surjan] writes his findings like a narrative rather than steps, so his adventures are a delight to read. He found that a car part made with fiberglass and epoxy will withstand the weather better than the alternative because heat and humidity will soften hide glue. His Saab 96 isn’t the right application, but since it is nearly as strong as epoxy once set, you could make other fabric shapes, like a flannel nightstand or a lace coffee table, and you could shape them in the living room without toxifying yourself
Raccoon is the next flashy security flaw with a name, cute logo, and a website (and a PDF). Raccoon is a flaw in TLS version prior to 1.3, and seems to be a clever bit of work, albeit one with limited real-world application. The central problem is that these older versions of TLS, when using Diffie Hellman (DH), drop leading all-zero bytes in the resulting pre-master key. As that key is part of the input for calculating the master session key, a shortened pre-master key results in a slightly faster calculation of the master key. If an attacker can make fine-grained timing measurements, he can determine when the pre-master key is trimmed.
Let’s review Diffie Hellman, briefly. The client and server agree on two numeric values, a base g and modulus p, and each party generates a secret key, a and b. Each party calculates a public key by raising the shared base to their own private key, mod the shared modulus: A = g^a mod p. These public keys are exchanged, and each party raises the received key to their own secret key: A^b. Exponents have a non-obvious quirk, the power rule. A value raised to a power raised to a power is the same as the value raised to the power of the exponents multiplied together. g^a^b is equal to g^(a*b). By going through this mathematical dance, the server and client have arrived at a shared value that only they know, while preserving the secrecy of their private keys. Continue reading “Security This Week: Racoons In My TLS, Bypassing Frontends, And Obscurity”→
Pedaling in place isn’t the most exciting pastime, so it’s no surprise that modern technology is being used to make the in-home biking experience a bit more interactive. With a stand on the rear wheel providing resistance, and a movable steering plate under the front to read the handlebar angle, you can now use your standard bike as the “controller” in a virtual environment provided by software such as Zwift.
[Keith Wakeham] wanted to take a closer look at how Zwift communicated with his Sterzo steering device, and it turned into a pretty epic bout of exploration and reverse engineering. As the video after the break shows, he didn’t just go from sniffing the device’s proprietary Bluetooth Low Energy (BLE) communications protocol to figuring out how to emulate it in software so you could roll your own Zwift peripheral. He also tore the device apart, pulled the firmware from its microcontroller, and postulated how you could build your own low-cost clone device that would work with the existing software.
Even if you have absolutely zero interest in virtual biking, the video [Keith] has put together for this project is really a must watch. Have you ever wanted to sniff and reverse engineer BLE communications? Looking for a real-world example of pulling the firmware off of a consumer device? Maybe in the market for some tips on how to identify unknown ICs on a board? All of that, and quite a bit more, is covered in this nearly hour long hacking tour de force.
For those of us old enough to experience it first hand, the original Game Boy was pretty incredible, but did have one major downside: battery consumption. In the 90s rechargeable batteries weren’t common, which led to most of us playing our handhelds beside power outlets. Some modern takes on the classic Game Boy address these concerns with modern hardware, but this group from the Delft University of Technology and Northwestern has created a Game Boy clone that doesn’t need any batteries at all, even though it can play games indefinitely.
This build was a proof-of-concept for something called “intermittent computing” which allows a computer to remain in a state of processing limbo until it gets enough energy to perform the next computation. The Game Boy clone, fully compatible with the original Game Boy hardware, is equipped with many tiny solar panels which can harvest energy and is able to halt itself and store its state in nonvolatile memory if it detects that there isn’t enough energy available to continue. This means that Super Mario Land isn’t exactly playable, but other games that aren’t as action-packed can be enjoyed with very little impact in gameplay.
The researchers note that it’ll be a long time before their energy-aware platform becomes commonplace in devices and replaces batteries, but they do think that internet-connected devices that don’t need to be constantly running or powered up would be a good start. There are already some low-powered options available that can keep their displays active when everything else is off, so hopefully we will see even more energy-efficient options in the near future.