Day: July 15, 2021

A Perfect Clock For Any Hacker’s Ohm

July 15, 2021 by 29 Comments

The vast majority of us are satisfied with a standard, base ten display for representing time. Fewer of us like to be a bit old-fashioned and use a dial with a couple of hands that indicate the time, modulo twelve. And an even smaller minority, with a true love for the esoteric, are a fan of binary readouts. Well, there’s a new time-telling game in town, and as far as we’re concerned it’s one of the best ones yet: resistor color codes.

The Ohm Clock is, as you may have guessed, a giant model of a resistor that uses its color bands to represent time.  Each of the four bands represents a digit in the standard HH:MM representation of time, and for anybody well-versed in resistor codes this is sure to be a breeze to read. The clock itself was designed by [John Bradnam]. It’s body is 3D printed, with RGB LEDs to brightly illuminate each segment. The whole thing is controlled by an old favorite – an ATtiny, supported by a Real Time Clock (RTC) chip for accurate timekeeping.

You can set the time in the traditional fashion using buttons, or — and here’s the brilliant part — you can use a resistor. Yup, that’s right. Connecting a 220 Ohm resistor across two terminals on the clock will set the time to 2:20. Genius.

When you come across an art as old as timekeeping, it’s easy to assume that everything’s already been done. We have sundials, hourglasses, analog clocks, digital watches, those cool clocks that use words instead of numbers, the list goes on. That’s why it’s so exciting to see a new (and fun!) idea like this one emerge.

Black Starts: How The Grid Gets Restarted

July 15, 2021 by 96 Comments

Gripped as we are at the time of this writing by a historic heatwave, it’s hard for those of us in the western United States to picture a time when cold and ice reigned across the land. But really, it was only about four months back that another bit of freakish weather was visited across most of the country, including places ill-equipped to deal with the consequences. The now-fabled “February Freeze” left millions, mostly in Texas, scrabbling about in the dark and cold as a series of cascading engineering failures took apart their electrical grid, piece by piece, county by county.

The event has been much discussed and dissected, as an event with such far-reaching impact should be. Like much discussion these days, precious little of it is either informed or civil, and that’s not good news for those seeking to understand what happened and how to prevent it from happening again, or at least to mitigate the effects somewhat. Part of that is understandable, given the life-disrupting and often life-threatening situations the disaster forced people to suddenly face. It’s also difficult for people to discuss an event so widespread in its scope and impact — there’s just too much for anyone to wrap their head around.

To make the present discussion a little easier, we’ll be focusing on one aspect of the February grid crash that’s often bandied about but rarely explained: that the Texas grid was mere minutes away from collapsing completely, and that it would have taken weeks or months to restore had it been able to slip away. Is that really possible? Can the power grid just “go away” completely and suddenly? The answer, sadly, is yes, but thankfully a lot of thought has been put into not only preventing it from happening but also how to restart everything if it does happen, by performing what’s known as a “Black Start.”

Continue reading “Black Starts: How The Grid Gets Restarted”

Amazon Drones Don’t Go Far

July 15, 2021 by 41 Comments

If you are like us, you’ve wondered what all the hoopla about drones making home deliveries is about. Our battery-operated vehicles carry very little payload and still don’t have a very long range. Add sophisticated smarts and a couple of delivery packages and you are going to need a lot more battery. Or maybe not. Amazon’s recent patent filing shows a different way to do it.

In the proposed scheme, a delivery truck drives to a neighborhood and then deploys a bunch of wheeled or walking drones to deliver in the immediate area. Not only does that reduce the range requirement, but there are other advantages, as well.

Continue reading “Amazon Drones Don’t Go Far”

Using Ghidra To Extract A Router Configuration Encryption Key

July 15, 2021 by 24 Comments

Who doesn’t know the struggle? Buying an interesting piece of hardware for a song and a dance, and then finding that the device’s firmware and/or configuration file is locked down with various encryption or obfuscation methods. This was the experience [Ali Raheem] had when he got a TP-Link TL-MR3020 V3 for a mere 18 British Pounds, intending to use this 4G-capable router to increase internet reliability.

Naturally this can all be done when staying inside the vendor-provided marked lines, which in this case meant ignoring the encrypted configuration files. As the owner of the hardware, this was of course unacceptable and thus [Ali] got a firmware image from the TP-Link site to see what could be gleaned from it in terms of encryption keys and other hints.

After obtaining the TP-Link-provided BIN file, the application of binwalk helpfully extracted the files embedded in it, followed by John the ripper decrypting the passwords in the /etc/passwd.bak file, and ultimately finding the encrypted /etc/default_config.xml file. Searching for this filename string in the rest of the extracted files led to /lib/libcmm.so.

Dropping this shared library file into Ghidra to disassemble its code, [Ali] found a function suspiciously called decryptFile. Inside was a reference to the global key string, which when tossed into OpenSSL and after some fiddling turned out to decrypt the XML configuration file in des-ecdb mode. From this point dropping in one’s own configuration files should be no problem after encrypting them to make the firmware happy. Nice work!