Day: May 6, 2022

Super Tough Resin Is Literally As Tough As Nails

May 6, 2022 by 29 Comments

Resin printing still seems to polarize opinions amongst hacker types, with some considering such machines a good tool for the right tasks, and some just plain rejecting them outright. There are many arguments for and against, but like fused deposition modeling (FDM) machines, resin printers are improving in leaps and bounds — and so is the liquid resin itself. Nowadays low-odor resins are common, colors and finishes are varied, and now thanks to some dedicated development work, the brittleness that often characterizes such prints it being addressed. [Mayer Makes] has designed a super tough “engineering resin” that he demonstrates is so tough, you can print a nail and hammer it into a block of wood! (Video, embedded below, if you don’t believe it.)

This particular resin is destined for mixing, given its natural cured shade is a kind of greenish-grey, but it does have a neat trick of presenting a definite yellowish hue when not fully cured, which is very helpful. This is particularly useful when removing support structures as you can use the color change during the curing process to judge the right moment to snap off the thicker sections, minimizing the risk of damaging the print. The resulting printed part is also tough enough to withstand subsequent traditional post-processing, such as milling, giving greater final finishing tolerances. Try doing that with an FDM print.

One of the neat things about resin chemistry is that you can simply mix them in their liquid form to tune the resin properties yourself and they can also be colored with specially formulated dyes without affecting the other properties too much, so this new super-tough resin gives prototypers yet another tool in their resin armory.

Thinking of taking the plunge and giving resin printing a try? Checkout our handy guide which may give you a leg up! If that doesn’t swing it for you, you could always use resin to help smooth out your FDM prints. It’ll probably still smell funny, mind.

Continue reading “Super Tough Resin Is Literally As Tough As Nails”

This Week In Security: UClibc And DNS Poisoning, Encryption Is Hard, And The Goat

May 6, 2022 by 8 Comments

DNS spoofing/poisoning is the attack discovered by [Dan Kaminski] back in 2008 that simply refuses to go away. This week a vulnerability was announced in the uClibc and uClibc-ng standard libraries, making a DNS poisoning attack practical once again.

So for a quick refresher, DNS lookups generally happen over unencrypted UDP connections, and UDP is a stateless connection, making it easier to spoof. DNS originally just used a 16-bit transaction ID (TXID) to validate DNS responses, but [Kaminski] realized that wasn’t sufficient when combined with a technique that generated massive amounts of DNS traffic. That attack could poison the DNS records cached by public DNS servers, greatly amplifying the effect. The solution was to randomize the UDP source port used when sending UDP requests, making it much harder to “win the lottery” with a spoofed packet, because both the TXID and source port would have to match for the spoof to work.

uClibc and uClibc-ng are miniature implementations of the C standard library, intended for embedded systems. One of the things this standard library provides is a DNS lookup function, and this function has some odd behavior. When generating DNS requests, the TXID is incremental — it’s predictable and not randomized. Additionally, the TXID will periodically reset back to it’s initial value, so not even the entire 16-bit key space is exercised. Not great. Continue reading “This Week In Security: UClibc And DNS Poisoning, Encryption Is Hard, And The Goat”

Audio Eavesdropping Exploit Might Make That Clicky Keyboard Less Cool

May 6, 2022 by 45 Comments

Despite their claims of innocence, we all know that the big tech firms are listening to us. How else to explain the sudden appearance of ads related to something we’ve only ever spoken about, seemingly in private but always in range of a phone or smart speaker? And don’t give us any of that fancy “confirmation bias” talk — we all know what’s really going on.

And now, to make matters worse, it turns out that just listening to your keyboard clicks could be enough to decode what’s being typed. To be clear, [Georgi Gerganov]’s “KeyTap3” exploit does not use any of the usual RF-based methods we’ve seen for exfiltrating data from keyboards on air-gapped machines. Rather, it uses just a standard microphone to capture audio while typing, building a cluster map of the clicks with similar sounds. By analyzing the clusters against the statistical likelihood of certain sequences of characters appearing together — the algorithm currently assumes standard English, and works best on clicky mechanical keyboards — a reasonable approximation of the original keypresses can be reconstructed.

If you’d like to see it in action, check out the video below, which shows the algorithm doing a pretty good job decoding text typed on an unplugged keyboard. Or, try it yourself — the link above implements KeyTap3 in-browser. We gave it a shot, but as a member of the non-mechanical keyboard underclass, it couldn’t make sense of the mushy sounds it heard. Then again, our keyboard inferiority affords us some level of protection from the exploit, so there’s that.

Editors Note: Just tried it on a mechanical keyboard with Cherry MX Blue switches and it couldn’t make heads or tails of what was typed, so your mileage may vary. Let us know if it worked for you in the comments.

What strikes us about this is that it would be super simple to deploy an exploit like this. Most side-channel attacks require such a contrived scenario for installing the exploit that just breaking in and stealing the computer would be easier. All KeyTap needs is a covert audio recording, and the deed is done.

Continue reading “Audio Eavesdropping Exploit Might Make That Clicky Keyboard Less Cool”

A small plastic case with an OLED screen showing a side-scrolling game

Game & Light Brings Video Games To Your Keychain

May 6, 2022 by No comments

If you’re old enough to remember the 1990s, you might recall the sheer variety of portable gaming platforms that were around in those days. There was of course the ubiquitous hand-held Game Boy, and if you preferred something larger you could buy a Sega Game Gear or an Atari Lynx. But you could also go smaller with tiny LCD games like Nintendo’s Game and Watch series, with some versions literally the size of a wristwatch.

With all of these having gone the way of the dodo, we’re happy to see that [grossofabian] kept the tiny game world alive by designing the Game & Light: a tiny hand-held games platform with an OLED screen. It’s small enough to attach to your keychain and comes with an LED to act as a mini flashlight. But of course the main feature is the included video game: currently it comes with LEDboy Adventures, a side-scrolling platformer similar to Google’s T-Rex Game. A USB port can be used to recharge the device as well as to upload new games.

The Game & Light is housed in a 3D printed case and powered by a lithium-ion capacitor that can store enough charge for around 40 minutes of play time. The CPU is an ATtiny402 eight-pin microcontroller with 4 kB of flash, which is just enough to store the entire LEDboy game. Although currently only one game is available, the system is fully programmable and open sourced, so anyone who feels up to the task can help develop new games for the platform.

If you like keychain-sized games, you’re in luck: we recently featured the solar-powered but otherwise similar RunTinyRun. A bit longer ago, creative hackers even managed to squeeze entire Game Boys into tiny packages.

Continue reading Game & Light Brings Video Games To Your Keychain”