Foreshadow: The Sky Is Falling Again For Intel Chips

August 14, 2018 by Brian Benchoff 46 Comments

It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate private regions of memory. These private regions of memory, or enclaves, were designed for VMs and DRM.

How Foreshadow Works

The Foreshadow attack utilizes speculative execution, a feature of modern CPUs most recently in the news thanks to the Meltdown and Spectre vulnerabilities. The Foreshadow attack reads the contents of memory protected by SGX, allowing an attacker to copy and read back private keys and other personal information. There is a second Foreshadow attack, called Foreshadow-NG, that is capable of reading anything inside a CPU’s L1 cache (effectively anything in memory with a little bit of work), and might also be used to read information stored in other virtual machines running on a third-party cloud. In the worst case scenario, running your own code on an AWS or Azure box could expose data that isn’t yours on the same AWS or Azure box. Additionally, countermeasures to Meltdown and Spectre attacks might be insufficient to protect from Foreshadown-NG

The researchers behind the Foreshadow attacks have talked with Intel, and the manufacturer has confirmed Foreshadow affects all SGX-enabled Skylake and Kaby Lake Core processors. Atom processors with SGX support remain unaffected. For the Foreshadow-NG attack, many more processors are affected, including second through eighth generation Core processors, and most Xeons. This is a significant percentage of all Intel CPUs currently deployed. Intel has released a security advisory detailing all the affected CPUs.

Hackaday Links: August 12, 2018

August 12, 2018 by Brian Benchoff 25 Comments

Falling into the marvelous space between, ‘I really want to do that’ and ‘but that’s a lot of work and I’m lazy’ comes this reproduction of the motherboard from the original IBM 5150. This is a complete reproduction of the first PC, being sold as a kit. Yes, chips are included, although I highly doubt they’ve gone through the trouble of finding chips with contemporaneous date codes. We’re dying for a writeup on this one.

Someone has found the source code for the first Furby. [Mark Boldyrev] was talking with a few fellows on the MAME forum to see if anyone had the source for the Furby. He was looking into contacting the USPTO for the original source but the red tape involed was a bit too intense. Luckily, that research turned up some info from [Sean Riddle] who somehow already found the original source listing. After [Mark] got in contact, [Sean] posted it as a PDF. Yes, it’s 6502 source, although the microcontroller is technically a SPC81A, with the rest of the hardware consisting of TI50C04 speech chip. (you would not believe how many toys are still shipping with a 6502-ish core somewhere inside). The files are up in the archive, and we’re probably going to have a Furby MAME sometime soon.

The Bitfi hardware wallet is a cryptocurrency storage device being bandied about by [John McAffee], and there’s a quarter million dollar bug bounty on it. It’s ‘unhackable’, and ‘it has no memory’. I’m serious, those are direct quotes from [McAffee]. Both of those claims are nonsense and now it can play Doom.

Oh noes, a new hardware backdoor in x86 CPUs! [xoreaxeaxeax] has published a demo that allows userland code to read and write kernel data (that’s very bad). The exploit comes in the form of the ‘rosenbridge backdoor’, a small embedded processor tightly coupled to the CPU that is similar to, but entirely different from, Intel’s ME. This processor has access to all the CPU’s memory, registers, and pipeline. The good news, and why this isn’t big news, is that this exploit only affects Via C3 CPUs. Yes, the other company besides Intel and AMD that makes x86 CPUs. These are commonly found in industrial equipment and ATMs.

The Quick-Build PowerWall

August 11, 2018 by Brian Benchoff 106 Comments

Elon Musk isn’t just the greatest human being — he’s also a great inventor. He’s invented the reusable rocket, the electric car, and so much more. While those are fantastic achievements, Elon’s greatest invention is probably the PowerWall. The idea of a PowerWall is simple and has been around for years: just get a bunch of batteries and build a giant UPS for your house. Elon brought it to the forefront, though, and DIYers around the world are building their own. Thanks, Elon.

Of course, while the idea of building your own PowerWall is simple, the devil is in the details. How are you going to buy all those batteries? How are you going to connect them together? How do you connect it to your fuse box? It’s a systems integration nightmare, made even more difficult by the fact that lithium cells can catch fire if you do something wrong. [jehugarcia] is building his own PowerWall, and he might have hit upon an interesting solution. He’s built a modular system to store and charge hundreds of 18650 cells. It looks great, and this might be the answer to anyone wanting to build their own PowerWall.

Aside from acquiring hundreds of 18650 cells, the biggest problem in building a PowerWall is simply connecting all the cells together. This can be done with 3D printed battery holders, solder, and bus bars, with a few people experimenting with spot welding wires directly onto the cells. This project might be a better solution: it uses standard plastic battery holders easily acquired from your favorite Chinese retailer and a PCB to turn cells into a battery.

The design of this battery module consists of a PCB with sufficiently wide traces, an XT60 power connector, and a few headers for the balance connector of a charger. This is a seven cell setup, and in contrast to the hundreds of hours that go into making a PowerWall the old fashioned way, these modules can be assembled pretty quickly.

Testing of these modules revealed no explosions, and everything worked as intended. There was a problem, though: when drawing a high load, the terminals of these cheap battery connectors got up to 150°. That makes these modules unsuitable for high load applications like an e-bike, but it should be okay if you’re putting hundreds of these modules together to power your house. It might be a good idea to invest in some cooling, though.
Continue reading “The Quick-Build PowerWall” →

This Is The Year Of PCB Inductors

August 10, 2018 by Brian Benchoff 35 Comments

It’s a story we’ve told dozens of times already. The cost to manufacture a handful of circuit boards has fallen drastically over the last decade and a half, which has allowed some interesting experiments on what PCBs can do. We’ve seen this with artistic PCBs, we’ve seen it with enclosures built out of PCBs, and this year we’re seeing a few experiments that are putting coils and inductors on PCBs.

At the forefront of these experiments in PCB coil design is [bobricious], and already he’s made brushless and linear motors using only tiny copper traces on top of fiberglass. Now he’s experimenting with inductors. His latest entry to the Hackaday Prize is a Joule Thief, a simple circuit, but one that requires an inductor to work. If you want an example of what can be done with spirals of copper on a PCB, look no further than this project.

The idea was simply to make a Joule Thief circuit. The circuit is not complicated — you only need a transistor, resistor, and an inductor or transformer to boost the voltage from a dead battery enough to light up an LED.

The trick here is that instead of some wire wrapped around a ferrite or an off-the-shelf inductor, [bobricious] is using 29 turns of copper with six mil traces and spacing on a PCB. Any board house can do this, which means yes, you can technically reduce the BOM cost of a Joule Thief circuit at the expense of board space. This is the year of PCB inductors, what else should be be doing with creative PCB trace designs?

Friday Hack Chat: Motors Made Out Of PCBs

August 9, 2018 by Brian Benchoff 15 Comments

One of the most amazing technological advances found in this year’s Hackaday Prize is the careful application of copper traces turned into coils. We’ve seen this before for RFID tags and scanners, but we’ve never seen anything like what Carl is doing. He’s building brushless motors on PCBs.

All you need to build a brushless motor is a rotor loaded up with super powerful and very cheap magnets, and a few coils of wire. Now that PCBs are so cheap, the coils of wire are easily taken care of. A 3D printer and some eBay magnets finish off the rest. For this week’s Hack Chat, we’re talking with Carl about PCB motors.

Carl Bugeja is a 23-year old electronics engineer who is trying to design new robotics technology. His PCB Motor design won the Open Hardware Design Challenge and will be going to the Finals of the Hackaday Prize. This open-source PCB motor is a smaller, cheaper, and easier to assemble micro-brushless motor.

[Carl]’s main project, the PCB Motor is a stator that is printed on a 4-layer PCB board. The six stator poles are spiral traces wound in a star configuration. Although these coils produce less torque compared to an iron core stator, the motor is still suitable for high-speed applications. [Carl]’s been working on other PCB motor designs, like the Linear PCB motor which is a monorail on a PCB and the Flexible PCB actuator where the coils of wire are tucked inside Kapton.

During this Hack Chat, we’re going to be discussing:

The design and construction of brushless motors
How to drive these motors
PCB applications beyond standard circuitry
Building accessible robotics technology

You are, of course, encouraged to add your own questions to the discussion. You can do that by leaving a comment on the Hack Chat Event Page and we’ll put that in the queue for the Hack Chat discussion.

Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This week is just like any other, and we’ll be gathering ’round our video terminals at noon, Pacific, on Friday, August 10th. Need a countdown timer? You wouldn’t if we switched to universal metric time.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io.

You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.

VCF West: Homebrew Lisp Machines And Injection Molded PDPs

August 7, 2018 by Brian Benchoff 19 Comments

Someone walks into the Vintage Computer Festival and asks, ‘what’s new?’. It’s a hilarious joke, but there is some truth to it. At this year’s Vintage Computer Festival West, the exhibit hall wasn’t just filled to the brim with ancient computers from the Before Time. There was new hardware. There was hardware that would give your Apple IIgs even more memory. There was new hardware that perfectly emulated 40-year-old functionality. There’s always something new at the Vintage Computer Festival.

Some of the more interesting projects are just coming off the assembly line. If you want a modern-day Lisp machine, that one won’t be assembled until next week, although there was a working prototype at VCF. If you want the greatest recreation of the most beautiful hardware, VCF has your back. Check out these amazing builds below.

Continue reading “VCF West: Homebrew Lisp Machines And Injection Molded PDPs” →

Video Quick Bit: Power Harvesting Hacks

August 7, 2018 by Brian Benchoff 5 Comments

Majenta Strongheart is back again, this time taking a look at some of the coolest power harvesting projects in this year’s Hackaday Prize.

The entire idea of the Power Harvesting Challenge is to get usable power from something, be it solar energy, a rushing waterfall, or fueling steam turbines with hamsters. [Cole B] decided that instead of capturing energy from one of these power sources, he’d do it all. He created Power Generation Modules, or Lego bricks for harvesting power. There’s a hand crank module, a water turbine module, and enough modules to do something with all that captured power like a light module and a USB charger module.

But maybe you don’t want to generate power the normal way. Maybe you think spinning magnets is too mainstream, or something. If that’s the case, then [Josh] has the project for you. It’s the P Cell, a battery fueled by urine. Yes, it’s just a simple copper zinc wet cell using urea as an electrolyte, but remember: in the early 1800s, human urine was a major source of nitrates used in the manufacture of gunpowder. Why not get some electricity from something that is just sent down the tubes?

Right now we’re in the middle of the Human Computer Interface Challenge. Show us that you have what it takes to get a computer to talk to a human, get a human to talk to a computer, or even recreate one of those weird 3D CAD mice from the early 90s. We’re looking for any interesting ways to bridge that valley between people and their devices. Twenty Human Computer Interface Challenge submissions will be selected to move onto the finals and win $1000 in the process! The five top entries of the 2018 Hackaday Prize will split $100,000!