Unmasking The Identity Of An Unusual Nintendo DS

April 16, 2021 by Tom Nardi 9 Comments

The Nintendo DS family encompasses a dizzying array of portable game systems released over a span of 17 years. The original DS received several refreshes and special editions, and when the next generation 3DS came along, it spawned a whole new collection of spin-offs. But even among all those machines there’s a name that even Mario himself would never have heard of: the Nintendo DS ML.

In a recent video, [The Retro Future] says he discovered this oddball system selling for around $25 USD on Chinese shopping site Taobao and bought one so he could get a closer look at it. Externally the system looks quite a bit like the refreshed DS Lite, but it’s notably larger and the screens look quite dated. That was already a strong hint to its true identity, as was the placement of its various buttons and controls.

Note the conspicuous absence of Nintendo’s name.

But it wasn’t until [The Retro Future] cracked the system open that he could truly confirm what he had on his hands. This was an original Nintendo DS, potentially a new old stock unit that had never been distributed, which was transplanted into a custom enclosure designed to look like one of the later upgraded models. As for what this seller meant by calling this chimera the DS ML is anyone’s guess, though one of the commenters on the video thought “Maybe Legal” had a nice ring to it.

Now assuming these really are brand new systems that were simply installed in fresh cases, $25 is arguably a good deal. So long as you aren’t concerned with playing the latest titles, anyway. But at the same time its a reminder that you get what you pay for when dealing with shady overseas sellers. It’s just as likely, perhaps even more so, that these were used systems that got spruced up to make a quick buck.

Fake components are everywhere. In fact there’s an excellent chance most of the people reading this site have received some fake parts over the years, even if they didn’t realize it at the time. When there’s fly by night companies willing to refurbish a nearly 20 year old Nintendo handheld for $25, what are the chances that Bosch actually made that $2 temperature sensor you just ordered on eBay?

Continue reading “Unmasking The Identity Of An Unusual Nintendo DS” →

This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree

April 16, 2021 by Jonathan Bennett 11 Comments

Our first story this week comes courtesy of the Pwn2own contest. For anyone not familiar with it, this event is held twice a year, and features live demonstrations of exploits against up-to-date software. The one exception to this is when a researcher does a coordinated release with the vendor, and the update containing the fix drops just before the event. This time, the event was held virtually, and the attempts are all available on Youtube. There were 23 attacks attempted, and only two were outright failures. There were 5 partial successes and 16 full successes.

One of the interesting demonstrations was a zero-click RCE against Zoom. This was a trio of vulnerabilities chained into a single attack. The only caveat is that the attack must come from an accepted contact. Pwn2Own gives each exploit attempt twenty minutes total, and up to three attempts, each of which can last up to five minutes. Most complex exploits have an element of randomness, and exploits known to work sometimes don’t work every time. The Zoom demonstration didn’t work the first time, and the demonstration team took enough time to reset, they only had enough time for one more try.

BleedingTooth

We first covered BleedingTooth almost exactly six months ago. The details were sparse then, but enough time has gone by to get the full report. BleedingTooth is actually a trio of vulnerabilities, discovered by [Andy Nguyen]. The first is BadVibes, CVE-2020-24490. It’s a lack of a length check in the handling of incoming Bluetooth advertisement packets. This leads to a buffer overflow. The catch here is that the vulnerability is only possible over Bluetooth 5. Continue reading “This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree” →

Detergent DRM Defeated On Diminutive Dishwasher

April 16, 2021 by Dan Maloney 71 Comments

Has it really come to this? Are we really at the point that dishwashers have proprietary detergent cartridges that you’re locked into buying at inflated prices?

Apparently so, at least for some species of the common kitchen appliance. The particular unit in question goes by the friendly name of Bob, and is a compact, countertop unit that’s aimed at the very small kitchen market. [dekuNukem] picked one of these units up recently, and was appalled to learn that new detergent cartridges would cost an arm and a leg. So naturally, he hacked the detergent cartridges. A small PCB with an edge connector and a 256-byte EEPROM sprouts from each Bob cartridge; a little reverse engineering revealed the right bits to twiddle to reset the cartridge to its full 30-wash count, leading to a dongle to attach to the cartridge when it’s time for a reset and a refill.

With the electronics figured out, [dekuNukem] worked on the detergent refill. This seems like it was the more difficult part, aided though it was by some fairly detailed specs on the cartridge contents. A little math revealed the right concentrations to shoot for, and the ingredients in the OEM cartridges were easily — and cheaply — sourced from commercial dishwashing detergents. The cartridges can be refilled with a properly diluted solution using a syringe; the result is that each wash costs 1/75-th of what it would if he stuck with OEM cartridges.

For as much as we despise the “give away the printer, charge for the ink” model, Bob’s scheme somehow seems even worse. We’ve seen this technique used to lock people into everything from refrigerator water filters to cat litter, so we really like the way [dekuNukem] figured everything out here, and that he saw fit to share his solution.

DOOM On A Bootloader Is The Ultimate Cheat Code

April 16, 2021 by Bryan Cockfield 14 Comments

Porting DOOM to run on hardware never meant to run it is a tradition as old as time. Getting it to run on embedded devices, ancient computers, virtual computers, and antique video game consoles are all classic hacks, but what DOOM ports have been waiting for is something with universal applicability that don’t need a bespoke solution for each piece of hardware. Something like DOOM running within a bootloader.

The bootloader that [Ahmad] works with is called Barebox and is focused on embedded systems, often those running Linux. This is the perfect environment for direct hardware access, since the bootloader doubles as a bare metal hardware bring-up toolkit. Now that DOOM runs on this bootloader, it effectively can run anywhere from embedded devices to laptops with minimal work, and although running it in a bootloader takes away a lot of the hard work that would normally need to be done during a port, it may still need some tweaking for specific hardware not otherwise supported.

For those already running Barebox, the bareDOOM code can be found on [Ahmad]’s GitHub page. For those not running Barebox, it does have a number of benefits compared to other bootloaders, even apart from its new ability to play classic FPS games. For those who prefer a more custom DOOM setup, though, we are always fans of DOOM running within an NES cartridge.

Photo: AntonioMDA, CC BY-SA 4.0 via Wikimedia Commons