Day: January 10, 2025

SerenityOS On Real Hardware

January 10, 2025 by No comments

One of the problems facing any developer working on their own operating system is that of hardware support. With many thousands of peripherals and components that can be found in a modern computer, keeping up requires either the commercial resources of Microsoft or the huge community of Linux.

For a small project such as SerenityOS this becomes a difficult task, and for that reason the primary way to run that OS has always been in an emulator. [Sdomi] however has other ideas, and has put a lot of effort to getting the OS to run on some real hardware. The path to that final picture of a laptop with a SerenityOS desktop is long, but it makes for a fascinating read.

The hardware in question is an Intel powered Dell Chromebook. An odd choice you might think, but they’re cheap and readily available, and they have some useful debugging abilities built in. We’re treated to an exploration of the hardware and finding those debug ports, and since the USB debugging doesn’t work, a Pi Pico clone is squeezed into the case. We like that it’s wired up to the flash chip as well as serial.

Getting access to the serial port from the software turned out to be something of a pain, because the emulated UART wasn’t on the port you’d expect. Though it’s an Intel machine it’s not a PC clone, so it has no need. Some epic hackery involving rerouting serial to the PC debug port ensued, enabling work to start on an MMC driver for the platform. The eventual result is a very exclusive laptop, maybe the only one running SerenityOS on hardware.

We like this OS, and we hope this work will lead to it becoming usable on more platforms. We took a look at it back in 2023, and it’s good to hear that it’s moving forward.

This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label

January 10, 2025 by 2 Comments

The mad lads at watchTowr are back with their unique blend of zany humor and impressive security research. And this time, it’s the curious case of backdoors within popular backdoors, and the list of unclaimed domains that malicious software would just love to contact.

OK, that needs some explanation. We’re mainly talking about web shells here. Those are the bits of code that get uploaded to a web server, that provide remote access to the computer. The typical example is a web application that allows unrestricted uploads. If an attacker can upload a PHP file to a folder where .php files are used to serve web pages, accessing that endpoint runs the arbitrary PHP code. Upload a web shell, and accessing that endpoint gives a command line interface into the machine.

The quirk here is that most attackers don’t write their own tools. And often times those tools have special, undocumented features, like loading a zero-size image from a .ru domain. The webshell developer couldn’t be bothered to actually do the legwork of breaking into servers, so instead added this little dial-home feature, to report on where to find all those newly backdoored machines. Yes, many of the popular backdoors are themselves backdoored.

This brings us to what watchTowr researchers discovered — many of those backdoor domains were either never registered, or the registration has been allowed to expire. So they did what any team of researchers would do: Buy up all the available backdoor domains, set up a logging server, and just see what happens. And what happened was thousands of compromised machines checking in at these old domains. Among the 4000+ unique systems, there were a total of 4 .gov. domains from governments in Bangladesh, Nigeria, and China. It’s an interesting romp through old backdoors, and a good look at the state of still-compromised machines.

Continue reading “This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label”

RISC-V Microcontroller Lights Up Synth With LED Level Meter

January 10, 2025 by 5 Comments

The LM3914 LED bar graph driver was an amazing chip back in the day. Along with the LM3915, its logarithmic cousin, these chips gave a modern look to projects, allowing dancing LEDs to stand in for a moving coil meter. But time wore on and the chips got harder to find and even harder to fit into modern projects, what with their giant DIP-18 footprint. What’s to be done when a project cries out for bouncing LEDs? Simple — get a RISC-V microcontroller and roll your own LED audio level meter.

In fairness, “simple” isn’t exactly what comes to mind while reading [svofski]’s write-up of this project. It’s part of a larger build, a wavetable synth called “Pétomane Ringard” which just screams out for lots of blinky LEDs. [svofski] managed to squeeze 20 small SMD LEDs onto the board along with a CH32V003 microcontroller. The LEDs are charlieplexed, using five of the RISC-V chip’s six available GPIO lines, leaving one for the ADC input. That caused a bit of trouble with programming, since one of those pins is needed to connect to the programmer. This actually bricked the chip, thankfully only temporarily since there’s a way to glitch the chip back to life, but only after pulling it out of the circuit. [svofski] recommends adding a five-second delay loop to the initialization routine to allow time to recover if the microcontroller gets into an unprogrammable state. Good tip.

As for results, we think the level meter looks fantastic. [svofski] went for automated assembly of the 0402 LEDs, so the strip is straight and evenly spaced. The meter seems to be quite responsive, and the peak hold feature is a nice touch. It’s nice to know there’s a reasonable substitute for the LM391x chips, especially now that all the hard work has been done.
Continue reading “RISC-V Microcontroller Lights Up Synth With LED Level Meter”

A Low Effort, Low Energy Doorbell

January 10, 2025 by 9 Comments

Bluetooth is a good way to connect devices that are near each other. However, it can drain batteries which is one reason Bluetooth Low Energy — BLE — exists. [Drmph] shows how easy it is to deploy BLE to make, in this case, a doorbell. He even shows how you can refit an existing doorbell to use the newer technology.

Like many projects, this one started out of necessity. The existing wireless doorbell failed, but it was difficult to find a new unit with good review. Cheap doorbells tend to ring spuriously due to interference. BLE, of course, doesn’t have that problem. Common BLE modules make up the bulk of the project. It is easy enough to add your own style to the doorbell like a voice announcement or musical playback. The transmitter is little more than a switch, the module, a coin cell, and an LED.

It is, of course, possible to have a single receiver read multiple doorbells. For example, a front door and back door with different tones. The post shows how to make a remote monitor, too, if you need the bell to ring beyond the range of BLE.

A fun, simple, and useful project. Of course, the cool doorbells now have video. Just be careful not to get carried away.