Day: March 26, 2021

Serial Silicone Molding

March 26, 2021 by 5 Comments

The techniques for making single-digit quantities of custom molded parts don’t scale well when you need to make dozens, as [Kevin Holmes] discovered. He needed to make 80-some sets of a silicone motor mount, and the one-up mold process was not going to work. He explores several solutions, which he rejects as being too complicated. Finally [Kevin] comes up with the idea of daisy-chaining banks of molds clamped together with rails of stock metal bars. It’s a pretty nifty process to watch and you can check the video out below, which is not unlike a very slow 7495 four-bit shift register.

Even though the silicone he uses is clear, pay attention and you can still see the carry-out as it propagates from mold to mold. He manually performs the nibble carry operation from one bank to the next — we wonder if he could cascade these banks, and inject all 80 in one really big squeeze?

Why would someone need 80 sets of silicone rubber motor mounts, you may ask? Well, you may remember the 4-mation 3D zoetrope that we wrote about back in 2018. [Kevin] is one of the founders of this mesmerizing project, and it would seem that their Kickstarter project has been successful. As he demonstrates in the video below, without some type of noise dampening mounts, a rumble from the motor is amplified through the stage of the zoetrope. If you have any favorite mold-making tips for small batch manufacturing, let us know in the comments below. Thanks to [George Graves] for sending this tip our way.

Continue reading “Serial Silicone Molding”

This Week In Security: XcodeSpy, Insecure SMS, And Partial Redactions

March 26, 2021 by 25 Comments

There seems to be a new trend in malware, targeting developers and their development and build processes. The appeal is obvious: rather than working to build and market a malicious application, an attacker just needs to infect a development machine. The hapless infected developers can now do the hard work to spread the malicious payload.

The newest example is XcodeSpy, discovered by a researcher who chose to remain anonymous. It works by using the Xcode IDE’s Run Script function to, well, run a script that completely backdoors your computer. The instance was found in a repackaged open source project, TabBarInteraction, but they’re just innocent victims. It was simple enough for someone to insert a script in the build process, and distribute the new, doped package. It’s probably not the only one out there, so watch out for Run Scripts with obfuscated payloads.

Continue reading “This Week In Security: XcodeSpy, Insecure SMS, And Partial Redactions”

USB Comes To The ESP32

March 26, 2021 by 20 Comments

Since the ESP8266 came on the scene a few years ago and revolutionized the way microcontrollers communicate with other devices, incremental progress on this chip has occurred at a relatively even pace. First there was the realization that code could be run on the chip itself. Next the ESP32 was released which built more on that foundation. The next step in that process of improvement may be here now as well, with this project which turns the ESP32 into a USB host.

USB is not a native feature on all microcontrollers or even Arduino-compatible boards. While some do have it built in like those based on the 32u4 for example, most either don’t have it at all or rely on a separate on-board chip to do some form of translating. The ESP32 is lacking this advanced feature so the USB needs to be cobbled together from scratch if you want this specific board to be able to interface directly with peripherals. This project does just that, allowing for four USB 1.1 devices to be connected directly to the ESP32 without a separate dedicated chip.

If you’ve been waiting for USB on this tiny, capable microcontroller this might be your chance to try it out. All of the project’s code is available on the project page. And, while it is limited in scope, it’s easily able to handle a keyboard or mouse. This might be a more cost-effective way of doing something like a KVM switch rather than doing it with three Arduinos.

 

Undocumented X86 Instructions Allow Microcode Access

March 26, 2021 by 19 Comments

For an old CPU, finding all the valid instructions wasn’t very hard. You simply tried them all. Sure, really old CPUs might make it hard to tell what the instruction did, but once CPUs got illegal instruction traps, you could quickly just scan possible op codes and see what didn’t throw an exception. Modern processors, though, are quite another thing. For example, you might run a random instruction that locks up the machine or miss an instruction that would have been valid but the CPU is in the wrong mode. [Can Bölük] has a novel solution: By speculatively executing the target instruction and then monitoring the microcode sequencer, he can determine if the CPU is decoding an instruction even if it refuses to execute it.

Some unknown instructions may have power for good or evil, such as the recently announced undocumented instructions that can apparently rewrite the microcode. We expect to see a post soon on how to reprogram your Intel processor to run as a 6502 natively.

Continue reading “Undocumented X86 Instructions Allow Microcode Access”