Author: Jonathan Bennett

527 Articles

SNES Mode 7 Gets An HD Upgrade

April 26, 2019 by 9 Comments

Emulating SNES games hits us right in the nostalgic feels, but playing SNES games on an 1920×1080 monitor is a painful reminder of the limitations of SNES hardware. [DerKoun] felt the same consternation, and decided to do something about it. He realized that some SNES games have much higher resolution textures that weren’t being taken advantage of. The SNES had a revolutionary video mode, mode 7, that allowed a game to set a relatively high resolution background, and then rotate and scale that background during gameplay.

This pseudo 3d effect was amazing for its time, but taking a high resolution image and squashing it into a 320 by 240 pixel viewport makes for some painful artefacts. This is where [DerKoun]’s hack comes in. He wrote a modification to the bsnes emulator, allowing those rotations and scaling to happen in full resolution, vastly improving the visuals of mode 7 games.

The latest teaser for what’s to come is shown above, mapping the mode 7 backgrounds onto a widescreen viewport, as well as HD.

Come back after the break for some mind blowing SNES HD PilotWings action!

Update: Development discussion has continued in a new thread. Start with link above to get origin story and continue to the new dev thread for recent updates.
Continue reading “SNES Mode 7 Gets An HD Upgrade”

Hack My House: UL Certification And Turning The Lights On With An ESP8266

April 22, 2019 by 48 Comments

It’s hard to imagine a smart house without smart lighting. Maybe it’s laziness, but the ability to turn a light on or off without walking over to the switch is a must-have, particularly once the lap is occupied by a sleeping infant. It’s tempting to just stuff a relay in the electrical boxes and control them with a Raspberry Pi or micro-controller GPIO. While tempting, get it wrong and you have a real fire hazard. A better option is one of the integrated WiFi switches. Sonoff is probably the most well known brand, producing a whole line of devices based on the ESP8266. These devices are powered from mains power and connect to your network via WiFi. One disadvantage of Sonoff devices is they only work when connected to Sonoff’s cloud.

Light switches locked in to a cloud provider are simply not acceptable. Enter Tasmota, which we’ve covered before. Tasmota is an open source firmware, designed specifically for Sonoff switches, but supporting a wide range of ESP8266 based devices. Tasmota doesn’t connect to any cloud providers unless you tell it to, and can be completely controlled from within a local network.

Certifications, Liability, and More

We’re well acquainted with some of the pitfalls of imported electronics, but one of the lesser known problems is the lack of certification. In the United States, there are several nationally recognized testing laboratories: Underwriters Laboratories (UL) and Intertek (ETL) are the most prominent. Many  imported electronic devices, including Sonoff devices, do not have either of these certifications. The problem with this is liability, should the worst ever happen and an electrical fire break out. The Internet abounds with various opinions on the importance of the certification — a missing certification mark is somewhere between meaningless and a total hazard. The most common claim is that a house fire combined with non-certified equipment installed would result in an insurance company refusing to pay.

Rather than just repeat this surely sage advice from the Internet, I asked my insurance agent about uncertified equipment in the case of a fire. I discovered that insurance agencies avoid giving definite answers about claim payments. The response that came back was “it depends”: homeowner’s insurance covers events that are accidental and sudden. If a homeowner was aware that they were using uncertified equipment, then it could be categorized as “not an accident”. So far, the myth seems plausible. The final answer from the insurance agency: it’s possible that a non UL-certified device could result in denial of payment on a claim, but it depends on the policy and other details– why take the risk? Certification marks make insurance companies happier.

I also talked to my city’s electrical inspector about the issue. He commented that non-certified equipment is a violation of electrical code when it is hard-wired into a house. He echoed the warning that an insurance company could refuse to pay, but added that in the case of injury, there could be even further liability issues. I’ve opted to use certified equipment in my house. You’ll have to make your own decision about what equipment you’re willing to use.

There are some devices on Amazon that claim to have certification, but searching the certification database leads me to believe that not all of those claims are valid. If in doubt, there is a searchable UL database, as well as a searchable Intertek database.
Continue reading “Hack My House: UL Certification And Turning The Lights On With An ESP8266”

Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security

April 19, 2019 by 21 Comments

Let’s get caught up on computer security news! The big news is Shadowhammer — The Asus Live Update Utility prompted users to download an update that lacked any description or changelog. People thought it was odd, but the update was properly signed by Asus, and antivirus scans reported it as safe.

Nearly a year later, Kaspersky Labs announced they had confirmed this strange update was indeed a supply chain attack — one that attacks a target by way of another vendor. Another recent example is the backdoor added to CCleaner, when an unknown actor compromised the build system for CCleaner and used that backdoor to target other companies who were using CCleaner. Interestingly, the backdoor in CCleaner has some similarities to the backdoor in the Asus updater. Combined with the knowledge that Asus was one of the companies targeted by this earlier breach, the researchers at Kaspersky Lab suggest that the CCleaner attack might have been the avenue by which Asus was compromised.

Shadowhammer sits quietly on the vast majority of machines it infects. It’s specifically targeted at a pool of about 600 machines, identified by their network card’s MAC address. We’ve not seen any reporting yet on who was on the target list, but Kaspersky is hosting a service to check whether your MAC is on the list.

While we’re still waiting for the full technical paper, researchers gave a nearly 30 minute presentation about Shadowhammer, embedded below the break along with news about Dragonblood, Amazon listening to your conversations, and the NSA delivering on Ghidra source code. See you after the jump!
Continue reading “Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security”

What To Do When The Botnet Comes Knocking

March 21, 2019 by 34 Comments

“It was a cold and windy night, but the breeze of ill omen blowing across the ‘net was colder. The regular trickle of login attempts suddenly became a torrent of IP addresses, all trying to break into the back-end of the Joomla site I host. I poured another cup of joe, it was gonna be a long night.”

Tech noir aside, there was something odd going on. I get an email from that web-site each time there is a failed login. The occasional login attempt isn’t surprising, but this was multiple attempts per minute, all from different IP addresses. Looking at the logs, I got the feeling they were pulling usernames and passwords from one of the various database dumps, probably also randomly seeding information from the Whois database on my domain.

Continue reading “What To Do When The Botnet Comes Knocking”

Spoiler, Use-After-Free, And Ghidra: This Week In Computer Security

March 13, 2019 by 24 Comments

The past few days have been busy if you’re trying to keep up with the pace of computer security news. Between a serious Chromium bug that’s actively being exploited on Windows 7 systems, the NSA releasing one of their tools as an open source project, and a new Spectre-like speculative execution flaw in Intel processors, there’s a lot to digest.
Continue reading “Spoiler, Use-After-Free, And Ghidra: This Week In Computer Security”

Hack My House: Raspberry Pi As A Touchscreen Thermostat

February 27, 2019 by 51 Comments

Your thermostat is some of the oldest and simplest automation in your home. For years these were one-temperature setting and nothing more. Programmable thermostats brought more control; they’re alarm clocks attached to your furnace. Then Nest came along and added beautiful design and “learning features” that felt like magic compared to the old systems. But we can have a lot more fun. I’m taking my favorite single-board computer, the Raspberry Pi, and naming it keeper of heat (and cool) by building my own touchscreen thermostat.

Mercury thermostats started it all, and were ingenious in their simplicity — a glass capsule containing mercury, attached to a wound bi-metal strip. As the temperature changes, the contraption tilts and the mercury bead moves, making or breaking contact with the wiring. More sophisticated thermostats have replaced the mercury bead with electronics, but the signaling method remains the same, just a simple contact switch.

This makes the thermostat the prime target for an aspiring home automation hacker. I’ve had this particular project in mind for quite some time, and was excited to dive into it with simple raw materials: my Raspberry Pi, a touchscreen, and a mechanical relay board.

Continue reading “Hack My House: Raspberry Pi As A Touchscreen Thermostat”

Hack My House: Garage Door Cryptography Meets Raspberry Pi

February 13, 2019 by 57 Comments

Today’s story is one of victory and defeat, of mystery and adventure… It’s time to automate the garage door. Connecting the garage door to the internet was a must on my list of smart home features. Our opener has internet connection capabilities built-in. As you might guess, I’m very skeptical of connecting a device to the internet when I have no control over the software running on it.

The garage door is controlled by a button hung on the garage wall. There is only a pair of wires, so a simple relay should be all that is needed to simulate the button press from a Raspberry Pi. I wired a relay module to a GPIO on the Pi mounted in the garage ceiling, and wrote a quick and dirty test program in Python. Sure enough, the little relay was clicking happily– but the garage door wasn’t budging. Time to troubleshoot. Does the push button still work? *raises the garage door* yep. How about the relay now? *click…click* nope.

You may have figured out by now, but this garage door opener isn’t just a simple momentary contact push button. Yes, that’s a microcontroller, in a garage door button. This sort of scenario calls for forensic equipment more capable than a simple multimeter, and so I turned to Amazon for a USB oscilloscope that could do some limited signal analysis. A device with Linux support was a must, and Pico Technology fit the bill nicely.

Searching for a Secret We Don’t Actually Need

My 2 channel Picotech oscilloscope, the 2204A, finally arrived, and it was time to see what sort of alien technology was in this garage door opener. There are two leads to the button, a ground and a five volt line. When the button is pressed, the microcontroller sends data back over that line by pulling the 5 V line to ground. If this isn’t an implementation of Dallas 1-wire, it’s a very similar concept.

Continue reading “Hack My House: Garage Door Cryptography Meets Raspberry Pi”