OG DOOM Shows Off The Origins Of Multi-Monitor

February 7, 2023 by Jonathan Bennett 13 Comments

We have a thing for DOOM, and we admit it. The source was released, and clever hackers have ported the engine to every system imaginable. It’s a right of passage, when hacking a machine, to run DOOM on it — be it a VoIP phone, or tractor. But the original 1993 release does have a few notable tricks, and there’s something to be said for recreating that experience on period hardware. And that’s what we’re covering today: [Tech Tangents] discovered DOOM’s multi-monitor support, and built a 4-computer cluster to show it off.

There is a catch, of course. DOOM 1.1 has the multi-monitor support, and under-the-hood, it works by running a copy of the game on individual computers, and controlling the drones over the network. As the game’s network code was updated for version 1.2, the multi-monitor feature was axed to make the network code easier to maintain. So, find a 1.1 shareware release, install it on a DOS machine with IPX drivers, and start each iteration with a -net flag. Use -left and -right to set the drones to the appropriate view. And that view is ninety degrees left and right.

Maybe not ideal, but at the time it was one of the first games to have any sort of multi-monitor support at all. Likely inspired by a commercial flight simulator setup. Either way, it’s a neat feature, and kudos to [Tech Tangents] for showing off this obscure feature of a beloved classic!

Continue reading “OG DOOM Shows Off The Origins Of Multi-Monitor” →

Surfing The Web Like It’s 1978 — Carbonyl

February 6, 2023 by Jonathan Bennett 29 Comments

[Fathy] gets a kick out of doing odd things with Chromium, and Carbonyl is a clever byproduct of that hobby. In this case, it’s what you get when you connect chrome’s renderer to an SVG output module and then convert that SVG to colored characters on a terminal. See, html2svg is an earlier project, taking Chromium’s Skia engine and plugging it into an SVG back-end. And once you have SVG, why not render it to the terminal?

And the results are actually pretty impressive. Imagery is rendered using Unicode 2584, a half-block character. The background and foreground color can be set per character, giving us two controllable pixels per character. Text is handled a bit differently, rendering using the normal text fonts, making for readable pages.

The source is very much a work in progress, but there are some neat ideas already coalescing around the project, like using sixels for better rendering. There’s already decent mouse support and audio output, making for an impressive terminal experience. This might be a project to keep an eye on.

Fulcrum Foils Finger Fatigue

February 4, 2023 by Jonathan Bennett 10 Comments

It turns out that typing all day just might be bad for your hands and fingers. Repetitive Strain Injury, RSI, was a real problem for [David Schiller], particularly when coding. So, naturally, he started designing his own keyboard. And bless him, he’s shared the whole project on GitHub.

The solution is Fulcrum, a chording keyboard with keys that can be pressed with minimal movement. And one more clever trick is a thumb joystick, mounted in the thumb’s opposable orientation. It’s a 5-way switch, making for a bunch of combinations. The base model is a 20-key arrangement, and he’s also designed a larger, 40-key option.

The build is pretty simple, if you have access to a 3D printer. Print the STLs, add key switches, and wire it all up to a microcontroller. Use the supplied code, and all that’s left is to learn all the chord combos. And why stop with combos for single characters, when there are plenty of common words and plenty of key combinations. If you decide to build your own take on the Fulcrum, be sure to let us know about it!

This Week In Security: Github, Google, And Realtek

February 3, 2023 by Jonathan Bennett 4 Comments

GitHub Desktop may have stopped working for you yesterday, Febuary 2nd. The reason was an unauthorized access to some decidedly non-public repositories. The most serious bit of information that escaped was code signing certificates, notably used for GitHub Desktop and Atom. Those certificates were password protected, so it’s unlikely they’ve been abused yet. Even so, Github is taking the proper steps of revoking those certificates.

The only active certificate that was revoked was used for signing the Mac releases of GitHub Desktop, so quite a few older versions of that software is no longer easily installed. If nothing else, it’s a reminder that even a project with a well run security team can have problems.

Sh1mmer-ing Chromebooks

There’s a new, clever attack on the Chromebook, specifically with the goal of unenrolling the device from an educational organization. And the “vulnerability” is a documented feature, the RMA Shim. That’s a special boot loader target that contains a valid signature, but allows the booting of other code, intended for troubleshooting and fixing devices in a repair center. Quite a few of those images have leaked, and Sh1mmer combines the appropriate image with a boot menu with some interesting options.

The first is unenrolling, so the device will act like a privately owned computer. This gets rid of content blocks and allows removing extensions. But wait, there’s more. Like rooting the device, a raw Bash terminal, and re-enabling developer mode. Now, as far as we can tell, this doesn’t *directly* break device encryption, but it’s likely that the RMA shim could be abused to tamper with the device’s filesystem. Meaning that the leak of a bunch of signed shims is a big problem for device security. If you use a Chromebook, it might be time to do some research on whether that model’s shim has been leaked. Continue reading “This Week In Security: Github, Google, And Realtek” →

Wizards Get Creative, Maybe Save The World

January 30, 2023 by Jonathan Bennett 12 Comments

While it’s not normal Hackaday fare, we’ve covered the Dungeons & Dragons licensing kerfuffle, partially because we’re all nerds at heart, and also because it’s worrying that an Open Source styled license could be “deauthorized”. I did touch base with the Open Source Initiative, and got a telling comment that this issue was outside their purview, as the OGL 1.0a didn’t rise to the definition of an OSI approved license, and the update looked to be a disaster.

Since our coverage was published, Wizards of the Coast released part of the Fifth Edition System reference Document (SRD) under a Creative Commons license, removed the profit sharing language from the OGL update, but notably left the language in place about deauthorizing the 1.0a version of the license. As you can imagine, fans were still unamused, and we informed WotC of our displeasure when they launched a survey, asking fans their thoughts on the new license.

And the outpouring was overwhelming, with over 15,000 survey responses in just over a week. The vast majority (90% for some questions) informed WotC that they had lost their collective minds. That response, combined with a plummeting subscription count on DND Beyond, Paizo’s explosion of popularity and new ORC license announcement, and the plethora of publishers jumping ship, has finally shone the light of reason upon management at WotC.

The latest announcement is a win in basically every regard. The OGL 1.0a will not be deauthorized, and the entire 5e SRD has been released under the Creative Commons 4.0 By Attribution license. That’s an interesting choice, as CC-BY-4.0 is a very permissive license. It’s not “viral”, as it does not place any licensing restrictions on derivative works, and there are no restrictions on commercial use. The only restriction is that attribution must be included. The latest SRD is now available under both licenses, you pick your preference. So as a reward for going through the trauma, we get a sizable chunk of the game under an even less restrictive license. Bravo.

Continue reading “Wizards Get Creative, Maybe Save The World” →

This Week In Security: GTA, Apple And Android, And Insecure Boot

January 27, 2023 by Jonathan Bennett 11 Comments

When we first saw tweets about a security issue in Grand Theft Auto V, it sounded a bit like a troll. “Press ‘alt and f4’ to unlock a cheat mode”, or the hacker that claims to be able to delete your character. [Tez2]’s warning tweet that you shouldn’t play GTA Online without a firewall sounds like another of these online urban legends. But this one actually seems legit. NIST is even in on the fun, assigning CVE-2023-24059 for the exploit.

When playing an online game, other users send a “join request” to join the active session. This packets can contain malformed data which has been observed to crash the game client remotely. It’s believed, though not publicly confirmed, that it’s also a Remote Code Execution (RCE) vulnerability. It seems likely that this aspect will be added to some of the various cheat panels that are already widely used for this 10-year-old game. So now, rather than just giving your own character infinite ammo and health, you can inflict some havoc on other players, possibly up to corrupting their character files and getting them banned.

But why stop there? If we have code execution inside the game, what stops another player from launching a real attack? A video game isn’t sandboxed like a browser, and there’s nothing preventing a disk wiper attack or even a worm from compromising a bunch of players. The worst part is that it’s an old game, and even though there’s a large playerbase, it’s not guaranteed to get a fix. There’s at least one project aiming to be a firewall to prevent the issue. Continue reading “This Week In Security: GTA, Apple And Android, And Insecure Boot” →

This Week In Security: Git Deep Dive, Mailchimp, And SPF

January 20, 2023 by Jonathan Bennett 10 Comments

First up, git has been audited. This was an effort sponsored by the Open Source Technology Improvement Fund (OSTIF), a non-profit working to improve the security of Open Source projects. The audit itself was done by researchers from X41 and GitLab, and two critical vulnerabilities were found, both caused by the same bad coding habit — using an int to hold buffer lengths.

On modern systems, a size_t is always unsigned, and the same bit length as the architecture bit-width. This is the proper data type for string and buffer lengths, as it is guaranteed not to overflow when handling lengths up to the maximum addressable memory on the system. On the other hand, an int is usually four bytes long and signed, with a maximum value of 2^31-1, or 2147483647 — about 2 GB. A big buffer, but not an unheard amount of data. Throw something that large at git, and it will break in unexpected ways.

Our first example is CVE-2022-23521, an out of bounds write caused by an int overflowing to negative. A .gitattributes file can be committed to a repository with a modified git client, and then checking out that repository will cause the num_attrs variable to overflow. Push the overflow all the way around to a small negative number, and git will then vastly under-allocate the attributes buffer, and write all that data past the end of the allocated buffer.

CVE-2022-41903 is another signed integer overflow, this time when a pretty print format gets abused to do something unexpected. Take a look at this block of code:

Continue reading “This Week In Security: Git Deep Dive, Mailchimp, And SPF” →