Day: August 19, 2022

This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness

August 19, 2022 by 9 Comments

It’s debatable just how useful Secure Boot is for end users, but now there’s yet another issue with Secure Boot, or more specifically, a trio of signed bootloaders. Researchers at Eclypsium have identified problems in the Eurosoft, CryptoPro, and New Horizon bootloaders. In the first two cases, a way-too-flexible UEFI shell allows raw memory access. A startup script doesn’t have to be signed, and can easily manipulate the boot process at will. The last issue is in the New Horizon Datasys product, which disables any signature checking for the rest of the boot process — while still reporting that secure boot is enabled. It’s unclear if this requires a config option, or is just totally broken by default.

The real issue is that if malware or an attacker can get write access to the EFI partition, one of these signed bootloaders can be added to the boot chain, along with some nasty payload, and the OS that eventually gets booted still sees Secure Boot enabled. It’s the perfect vehicle for really stealthy infections, similar to CosmicStrand, the malicious firmware we covered a few weeks ago.
Continue reading “This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness”

Every Frame A Work Of Art With This Color Ultra-Slow Movie Player

August 19, 2022 by 15 Comments

One of the more recent trendy builds we’ve seen is the slow-motion movie player. We love them — displaying one frame for a couple of hours to perhaps a full day is like an ever-changing, slowly morphing work of art. Given that most of them use monochrome e-paper displays, they’re especially suited for old black-and-white films, which somehow makes them even more classy and artsy.

But not every film works on a monochrome display. That’s where this full-color ultra-slow motion movie player by [likeablob] shines. OK, full color might be pushing it a bit; the build centers around a 5.65″ seven-color EPD module. But from what we can see, the display does a pretty good job at rendering frames from films like Spirited Away and The Matrix. Of course there is the problem of the long refresh time of the display, which can be more than 30 seconds, but with a frame rate of one every two hours, that’s not a huge problem. Power management, however, can be an issue, but [likeablob] leveraged the low-power co-processor on an ESP32 to handle the refresh tasks. The result is an estimated full year of battery life for the display.

We’ve seen that same Waveshare display used in a similar player before, and while some will no doubt object to the muted color rendering, we think it could work well with a lot of movies. And we still love the monochrome players we’ve seen, too.

Mecanum-Wheeled Robot Chassis Takes Commands From PS4 Controller

August 19, 2022 by 1 Comment

Mecanum wheels are popular choices for everything from robots to baggage handling equipment in airports. Depending on their direction of rotation, they can generate forces in any planar direction, providing for great maneuverability. [ATOM] set about building just such a robot chassis, and learned plenty in the process.

The design is similar to those we’ve seen in the past. The robot has four mecanum wheels, each driven by its own motor. Depending on the direction of rotation of the various wheels, the robot can move forward, backwards, and even strafe left and right. Plus, it can effectively tank turn without excessive slippage thanks to the rollers on each wheel. An ESP32 serves as the brains of the ‘bot, allowing it to be readily remote controlled via a PS4 gamepad over Bluetooth.

If you’re looking to build a small robot chassis that’s great at moving about in tight, small spaces, this could be a great project to learn with. All the necessary parts are relatively easily available, and the PCB files can be had on GitHub.

If you like the idea of mecanum wheels but need something bigger, consider starting with a set of hoverboard wheel motors. Continue reading “Mecanum-Wheeled Robot Chassis Takes Commands From PS4 Controller”