Author: Dan Maloney

3373 Articles

Everything You Didn’t Know You Need To Know About Glitching Attacks

August 25, 2022 by 1 Comment

If you’ve always been intrigued by the idea of performing hardware attacks but never knew where to start, then we’ve got the article for you: an in-depth look at the hows and whys of hardware glitching.

Attentive readers will recall that we’ve featured [Matthew Alt]’s reverse engineering exploits before, like the time he got root on a Linux-based arcade cabinet. For something a bit more challenging, he chose a Trezor One crypto wallet this time. We briefly covered a high-stakes hack (third item) on one of these wallets by [Joe Grand] a while back, but [Matthew] offers much, much more detail.

After introducing the theory of glitching attacks, which seek to force a processor into an undefined state using various methods, [Matthew] discusses the specifics of the Trezor wallet and how the attack was planned.

His target — the internal voltage regulator of the wallet’s STM32 microcontroller — required desoldering a few caps before the attack could begin, which was performed with a ChipWhisperer. After resolving a few initial timing issues, he was able to glitch the chip into dropping to the lowest level of readout protection, which gave access to the dongle’s SRAM through an ST-Link debugger.

While this summary may make the whole thing sound trivial, it’s obvious that the attack was anything but, nor was the effort that went into writing it all up. The whole thing reads a little like a techno-thriller, and there’s plenty of detail there if you’re looking for a tutorial on chip glitching. We’re looking forward to part 2, which will concentrate on electromagnetic fault-injection using a PicoEMP and what looks like a modified 3D printer.

How Resilient Is The Natural Gas Grid?

August 24, 2022 by 83 Comments

A few years ago, I managed to get myself on a mailing list from a fellow who fancied himself an expert on energy. Actually, it seemed that no area was beyond his expertise, and the fact that EVERY EMAIL FROM HIM CAME WITH A SUBJECT LINE IN CAPS WITH A LOT OF EXCLAMATION POINTS!!!! really sealed the deal on his bona fides. One of the facts he liked to tout was that natural gas was the perfect fuel. Not only is it clean-burning and relatively cheap, it’s also delivered directly to consumers using a completely self-powered grid. Even under “zombie apocalypse” conditions, he claimed that natural gas would continue to flow.

At the time, it seemed a bit overstated, but I figured that there was at least a nugget of truth to it — enough so that I converted from an electric range and water heater to gas-powered appliances a couple of years ago, and added gas fireplaces for supplemental heat. I just sort of took it for granted that the gas would flow, at least until the recent kerfuffle over the Nordstream pipeline. That’s when I got a look at pictures of the immense turbine compressors needed to run that pipeline, the size and complexity of which seem to put the lie to claims about the self-powered nature of natural gas grids.

Surely a system dependent on such equipment could not be entirely self-powered, right? This question and others swirled doubt in my mind, and so I did what I always do in these cases: I decided to write an article so I could look into the details. Here’s what I found out about how natural gas distribution works, at least in North America.

Continue reading “How Resilient Is The Natural Gas Grid?”

Ryobi Battery Hack Keeps CPAP Running Quietly

August 23, 2022 by 34 Comments

When it comes to cordless power tools, color is an important brand selection criterion. There’s Milwaukee red, for the rich people, the black and yellow of DeWalt, and Makita has a sort of teal thing going on. But when you see that painful shade of fluorescent green, you know you’ve got one of the wide range of bargain tools and accessories that only Ryobi can offer.

Like many of us, Redditor [Grunthos503] had a few junked Ryobi tools lying about, and managed to cobble together this battery-powered inverter for light-duty applications. The build started with a broken Ryobi charger, whose main feature was a fairly large case once relieved of its defunct guts, plus an existing socket for 18-volt battery packs. Added to that was a small Ryobi inverter, which normally plugs into the Ryobi battery pack and converts the 18 VDC to 120 VAC. Sadly, though, the inverter fan is loud, and the battery socket is sketchy. But with a little case modding and a liberal amount of hot glue, the inverter found a new home inside the charger case, with a new, quieter fan and even an XT60 connector for non-brand batteries.

It’s a simple hack, but one that [Grunthos503] may really need someday, as it’s intended to run a CPAP machine in case of a power outage — hence the need for a fan that’s quiet enough to sleep with. And it’s a pretty good hack — we honestly had to look twice to see what was done here. Maybe it was just the green plastic dazzling us. Although maybe we’re too hard on Ryobi — after all, they are pretty hackable.

Thanks to [Risu no Kairu] for the tip on this one.

Superconference 2022 Hack Chat

August 22, 2022 by 6 Comments

Join us on Wednesday, August 24 August 31 at noon Pacific for the Superconference 2022 Hack Chat!

[Sorry folks — due to a scheduling snafu, we’ve got to push this off a week. — ed]

To say that a lot of water has passed under the bridge since 2019 is something of an understatement. When last we met as a group, in Pasadena in November of that year, the Covid-19 pandemic and its fallout were ahead of us. Supercon 2019 was a smashing success, a three-day meetup that brought together the best the hacker community has to offer to exchange ideas, share their projects, and meet up IRL rather than reading about everyone’s exploits and adventures online. It was a fantastic time, but how were we to know that it would be the last meatspace meetup for a painfully long time?

join-hack-chatThankfully, that’s all behind us now, and Supercon 2022 is back, live and in person! Everyone in the hacker community is going to want to be in Pasadena, but since it’s been so long since we’ve met up in person, we thought a Hack Chat focusing on Supercon would be a good idea. We’ve invited Majenta Strongheart on to field your questions, plus hopefully we’ll have a few surprise guests too. But this will mainly be your chance to sort of “pre-network” before the con. If you’re a Supercon first-timer, this is a great way to ask questions about how it all works and whether it’s worth it to attend (answer: it is — go buy tickets now!) For vets, this is your chance to share your stories of Supercons past, or perhaps to reconnect with con-buddies you’ve lost touch with. There’ll be something for everyone, both at the Hack Chat and at Supercon, so drop by the chat and find out what all the hype is about.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, August 31 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Hackaday Links Column Banner

Hackaday Links: August 21, 2022

August 21, 2022 by 3 Comments

As side-channel attacks go, it’s one of the weirder ones we’ve heard of. But the tech news was filled with stories this week about how Janet Jackson’s “Rhythm Nation” is actually a form of cyberattack. It sounds a little hinky, but apparently this is an old vulnerability, as it was first noticed back in the days when laptops commonly had 5400-RPM hard drives. The vulnerability surfaced when the video for that particular ditty was played on a laptop, which would promptly crash. Nearby laptops of the same kind would also be affected, suggesting that whatever was crashing the machine wasn’t software related. As it turns out, some frequencies in the song were causing resonant vibrations in the drive. It’s not clear if anyone at the time asked the important questions, like exactly which part of the song was responsible or what the failure mode was on the drive. We’ll just take a guess and say that it was the drive heads popping and locking.

Continue reading “Hackaday Links: August 21, 2022”

Z80 Single-Board Computer Looks Like It Could Have Been A Killer Product

August 20, 2022 by 30 Comments

Most retrocomputer builds seem to focus on either restoring old machines or rebuilding them from scratch. Either way, the goal is to get as close as possible to the original machine, and while we certainly respect those builds, there are other ways to celebrate the computers of yesterday, as this Z80 single-board computer nicely demonstrates.

[Ivan Farafontov]’s SBC is sort of a “Z80 that never was” build, one that would almost have been possible back in the heyday of 8-bit computing, and would have made quite a splash if it had. Most of the peripheral chips are from Zilog and would have been found in many of the Z80 machines of the day, like the TRS-80 and ZX Spectrum. Where it goes off the old-school path is with the video section, which uses an Atmel CPLD chip and a dual-port RAM to drive a VGA monitor. It still looks the part, though, with a 256×192 pixel, 16-color display. The compact video section helps keep the overall footprint of this machine pretty small, at least by the standards of the old machines. The machine is barely larger than its custom keyboard, which is populated with mechanical switches and really nice-looking custom keycaps, and everything fits into a 3D-printed case.

The demo that starts at the 4:30 mark of the video below will be a nostalgia storm for a lot of readers, starting as it does with a version of Boulder Dash that [Ivan] wrote from scratch, along with the tile editor he used to create the sprites for the game. All the design files and code are available if you want to build your own, of course. We recently featured another Z80 that never was, but [Ivan]’s machine really makes a statement with its compact size and its capabilities.

Continue reading “Z80 Single-Board Computer Looks Like It Could Have Been A Killer Product”

Rŏ̽ta: Counting, With Style

August 19, 2022 by 3 Comments

Rǒta counts things. That’s it, really — what a cheap little mechanical counter does with a thumb press, or what you can do by counting on your fingers and toes, that’s pretty much all that Rǒta does. But it does it with style.

OK, that’s being a bit unfair to [Kevin Santo Cappuccio] — Rǒta has a few more tricks up its sleeve than simple counting. But really, those functions are just icing on the cake of how this little gadget looks. Rǒta was built around the unbeatable combination of a rotary telephone dial mechanism and a trio of Nixie tubes. The dial looks like it might have come from an old pay phone, all shiny and chrome and super robust looking. The Nixies sit atop the dial on a custom PCB, and everything, including the high-voltage supply for the tubes, is enclosed in a 3D printed case with a little bit of a Fallout vibe.

But what does this thing do? Actually, quite a lot. It’ll count up and down, using whatever number you dial into it. You can either increment from zero, or enter any three-digit number as the starting count. It keeps track of the score of your golf game, if that’s your thing, and it’s also got a stopwatch function. You can even dial up a display of the current battery voltage. It takes some ingenuity to use just the dial for all these functions, but that’s as easy as dialing the operator used to be — dialing 0 puts it in menu mode, allowing you to access any of the functions printed on the card in the center of the dial. It’s pretty clever — check out the video below.

Is it particularly useful? Perhaps not. But when has that ever been a measure of the worth of a project? Something like this rotary cellphone might be more useful, but sometimes looking great is good enough.

Continue reading “Rŏ̽ta: Counting, With Style”