Bypassing Bitlocker With A Logic Analzyer

Security Engineer [Guillaume Quéré] spends the day penetration testing systems for their employer and has pointed out and successfully exploited a rather obvious weakness in the BitLocker full volume encryption system, which as the linked article says, allows one to simply sniff the traffic between the discrete TPM chip and CPU via an SPI bus. The way Bitlocker works is to use a private key stored in the TPM chip to encrypt the full volume key that in turn was used to encrypt the volume data. This is all done by low-level device drivers in the Windows kernel and is transparent to the user.

TPM chip pins too small? Just find something else on the bus!

The whole point of BitLocker was to prevent access to data on the secured volume in the event of a physical device theft or loss. Simply pulling the drive and dropping it into a non-secured machine or some other adaptor would not provide any data without the key stored by the TPM. However, since that key must pass as plaintext from the TPM to the CPU during the boot sequence, [Guillaume] shows that it is quite straightforward — with very low-cost tools and free software — to simply locate and sniff out this TPM-to-CPU transaction and decode the datastream and locate the key. Using little more than a cheapo logic analyser hooked up to some conveniently large pins on a nearby flash chip (because the SCK, MISO, and MOSI pins are shared with the TPM) the simple TIS was decoded enough to lock onto the bytes of the TPM frame. This could then be decoded with a TPM stream decoder web app, courtesy of the TPM2-software community group. The command to look for is the TPM_CC.Unseal which is the request from the CPU to the TPM to send over that key we’re interested in. After that just grabbing and decoding the TPM response frame will immediately reveal the goods.

Continue reading “Bypassing Bitlocker With A Logic Analzyer”

QSPICE Picks Up Where LTSpice Left Us

[Mike Engelhardt] is a name that should be very familiar to the hardcore electronics nerd. [Mike] is the developer responsible for LTSpice, which is quite likely the most widely used spice-compatible simulator in the free software domain. When you move away from digital electronics and the comfort of software with its helpful IDEs and toolchains, and dip a wary toe into the murky grey waters of analog or power electronics, LTSpice is your best friend. And, like all best friends, it’s a bit quirky, but it always has your back. Sadly, LTSpice development seems to have stalled some years ago, but luckily for us [Mike] has been busy on the successor, QSpice, under the watchful eye of Qorvo.

It does look in its early stages, but from a useability point of view, it’s much improved over LTSpice. Performance is excellent (based on this scribe’s limited testing while mobile.) Gone (thankfully!) is the uncommon verb-noun usage paradigm — replaced with a more usual cut-n-paste flow. Visually it still kind of looks like LTspice in places, but nicer with a clear and uncluttered design that gets straight to the point. Internally, the simulation engine has improved in speed and accuracy, as well as adding native support for modern semiconductor types, such as wide bandgap materials like SiC. Noted is that this updated software has a particular emphasis on power integrity and noise analysis, which are sticky problems that have a big impact on modern high-power systems.

Continue reading “QSPICE Picks Up Where LTSpice Left Us”

Wireless Data Connections Through Light

When wired networking or data connections can’t be made, for reasons of distance or practicality, various wireless protocols are available to us. Wi-Fi is among the most common, at least as far as networking personal computers is concerned, but other methods such as LoRa or Zigbee are available when data rates are low and distances great. All of these methods share one thing in common, though: their use of radio waves to send data. Using other parts of the electromagnetic spectrum is not out of the question, though, and [mircemk] demonstrates using light as the medium instead of radio.

Although this isn’t a new technology (“Li-Fi” was first introduced in 2011) it’s not one that we see often. It does have a few benefits though, including high rates of data transmission. In this system, [mircemk] is using an LED to send the information and a solar cell as the receiver. The LED is connected to a simple analog modulator circuit, which takes an audio signal as its input and sends the data to the light. The solar cell sends its data, with the help of a capacitor, straight to the aux input on a radio which is used to convert the signal back to audio.

Some of the other perks of a system like this are seen here as well. The audio is clear even as the light source and solar cell are separated at a fairly significant distance, perhaps ten meters or so. This might not seem like a lot compared to Wi-Fi, but another perk shown is that this method can be used within existing lighting systems since the modulation is not detectable by the human eye. Outside of a home or office setting, systems like these can also be used to send data much greater distances as well, as long as the LED is replaced with a laser.

Continue reading “Wireless Data Connections Through Light”

Rocket Range Australia, 1950s Style

The Film and Sound Archive (NFSA) of Australia just released a digitized version of a 1957 film documentary on Australia’s rocket research back in the day ( see video below the break ). The Woomera test range is an isolated place about 500 km northwest of Adelaide ( 2021 population 132 ) and hosts a small village, an airstrip, and launch facilities. In the Salisbury suburb of Adelaide, a former WW2 munitions factory complex was repurposed as a research center for rockets and long range weapons.

The documentary showcases a wide variety of state-of-the-art technologies from the late 1950s. As ancient as those appear today, a lot of the basic concepts haven’t changed — careful choreography of the launch countdown sequence of events, the antenna and radio systems to receive and store rocket telemetry, photographic records of the rocket in flight, and post-flight analyses of everything to fix problems and improve your designs. They tried to do as much as possible at the Salisbury campus, because as the narrator notes, it’s expensive to work at the distant test range, a concept which is still a consideration today. There’s even a glimpse of the residents’ leisure life in the barren village. It was a different time, to say the least. Continue reading “Rocket Range Australia, 1950s Style”

Hackaday Prize 2023: Jumperless, The Jumperless Jumperboard

Jumperless is a jumperless breadboard with multicolored LED visualization of signals in real-time. Sounds like magic? This beautifully executed entry to the 2023 Hackaday Prize by [Kevin Santo Cappuccio] uses a boatload of CH446Q analog switch ICs to perform the interconnect between the Raspberry Pi Pico header and the jumper board (or breadboard if you prefer.)

This will add some significant resistance, but for low currents and digital logic levels, this should not be a major concern. Additionally, there are two DAC channels and four ADC channels to help break out of the digital world, which could make for some very interesting non-trivial applications.

The visualization of the Pico header signals is solved neatly with a tiny wishbone-shaped PCB that is reverse-mounted to the back of the main board to illuminate upwards. The masking of the labels is done by using copper to mask off the individual signals and solder mask to draw in the legends. This PCB-level hacking is simply wonderful to see. The PCBs are designed with KiCAD, the design files for which you can find here. It appears however that [Kevin] needed to have the spring clips for the jumper board custom-made, so you’d need to contact them if you needed to get some for a build.

On the software side of things, [Kevin] currently recommends using Wokwi, to run the Arduino stack applications and to perform the signal routing to the virtual jumper board. You can follow how it works internally here. A Python-based bridge application runs on the host computer, which takes care of programming the interconnects as they are constructed, which looking at the demo in the embedded video, appears to ‘just work.’

One word of caution though — the bridge app uses Python requests and Beautiful Soup to scrape the Wowki project page, which could potentially make it vulnerable to getting out-of-sync with updates, so hopefully [Kevin] will keep track of this and keep them in sync.

Need some breadboarding tips? We got you covered. Talking of bread, here’s an 8-bit TTL breadboard-based CPU in a breadbin.

Continue reading “Hackaday Prize 2023: Jumperless, The Jumperless Jumperboard”

Hackaday Podcast 233: Chandrayaan On The Moon, Cyberdecks, Hackerspaces Born At A German Computer Camp

This week, Editor-in-Chief Elliot Williams and Kristina Panos experimented with the old adage that brevity is the soul of wit. That’s right; this week, they’re all Quick Hacks, and that’s to make room for a special series of interviews that Elliot recorded at CCCamp with the pillars of US hackerspace creation. This one’s really special, do have a listen.

We still made room for the news this week: India launched Chandrayaan-3, which combines an orbiter, lander, and rover all in one. Then it’s on to the What’s That Sound results show, and while Kristina did not get it right, she did correctly identify it as being used in Whitney Houston’s “I Wanna Dance With Somebody”, as did one of the guessers who identified it as the cowbell sound from a Roland 808.

Then it’s on to the (quick) hacks, where we alternated for once just to keep things interesting. This week, Elliot is into 3D printing a clay extruder and then printing pottery with that, z-direction conductive tape, and the humble dipole antenna. Kristina is more into cyberdecks for the young and old, a reusable plant monitor, and 3D printing some cool coasters.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Continue reading “Hackaday Podcast 233: Chandrayaan On The Moon, Cyberdecks, Hackerspaces Born At A German Computer Camp”

Privacy And Photography, We Need To Talk

One of the fun aspects of our global community is that there are plenty of events at which we can meet up, hang out, and do cool stuff together. They may be in a Las Vegas convention center, a slightly muddy field in England, or a bar in Berlin, but those of us with a consuming interest in technology and making things have a habit of finding each other. Our events all have their own cultures which make each one slightly different from others.

The German events, for example, seem very political to my eyes — with earnest blue-haired young women seeking to make their mark as activists, while the British ones are a little more laid-back and full of middle-aged engineers seeking the bar. There are some cultural things which go beyond the superficial though and extend into the way the events are run, and it’s one of these which I think it’s time we had a chat about.

Our Community Takes Privacy Seriously

The relevant section about photography in the SHA2017 code of conduct.
The relevant section about photography in the SHA2017 code of conduct.

The hacker community differs from the general public in many ways, one of which is that we tend to have a much greater understanding of privacy in the online age. The Average Joe will happily sign up to the latest social media craze without a care in the world, while we quickly identify it as a huge data slurp in which the end user is the product rather than the customer.

The work of privacy activists in our community in spotting privacy overreaches may pass unnoticed by outsiders, but over the years it’s scored some big wins that benefit everyone. Part of this interest in privacy appears at our events; it’s very much not done to take a photograph of someone at a hacker event without their consent. This will usually be clearly stated in the code of conduct, and thus if taking a picture featuring someone it’s imperative to make damn sure they’re OK with it. Continue reading “Privacy And Photography, We Need To Talk”