Author: Pedro Umbelino

77 Articles

Refurbishing An Old P3Steel

October 4, 2017 by 15 Comments

In the aftermath of the London Unconference, after the usual beer drinking networking at the pub, I meet Javier Varela, one of our many readers that were present. It turns out my fellow Iberic friend is involved in some interesting hardware projects, one of them being the OVM20 Lite board. I was looking for an excuse to mess around with my old Prusa and this was the perfect one. The P3Steel 3D printer was just getting dusty on my basement and it printed just fine in the past. Until one day…

Based on Arduino Mega 2560 with the RAMPS 1.4, it was a pretty standard and cheap option to get some years ago (and still is). My additional modifications or upgrades from the standard options was a LCD screen and the DRV8825 stepper drivers.

What happened was that one fine day the prints started to skew. No matter how hard I tried, it skewed. I checked the driver’s potentiometer, I went back to the motor specifications, I swapped drivers around, and I even flashed another firmware. If the print was big enough, it will get messed up. Sometimes even small prints failed. When you are debugging something like this for hours, there comes a point in time that you start to suspect everything. Was it overheating the drivers? If so, why did this never happened before? Maybe the power supply is fluctuating and coming to the end of its life? Some messed up capacitor in the board? Was it RAMPS’ fault or Arduino? A motor starting to fail? A mechanical issue? I had a fine-tuned Marlin firmware that I manually tweaked and slightly changed, which I had no backup off after the flashing. In retrospect, I actually checked for a lot of things that couldn’t really be related to the problem back then but I also learned quite a lot.

Continue reading “Refurbishing An Old P3Steel”

OLED Hacked Power Bank

September 29, 2017 by 20 Comments

In a feat of over-engineering, [Everett Bradford] hacked his power bank to add power monitor via an OLED display to show live current, voltage, temperature, and capacity information. The idea came when he learned about the INA219 chip. The INA219 is a current shunt and power monitor IC with an I²C or SMBUS compatible interface. The device is able to monitor both shunt voltage drop and bus supply voltage, with programmable conversion times and filtering. A programmable calibration value, combined with an internal multiplier, enables direct readouts of current in amperes. An additional multiplying register calculates power in watts.

With impressive miniaturization skills, [Everett] dissembles the Xiaomi Mi power bank and manages to add a custom power monitoring module and an OLED display. Not only that, he replaced the 4 LEDs that were the battery level indicators and actually consume more amps than his board plus the display. While active, the board consumes about 8mA. In sleep mode, it consumes less than 30µA.

The 32×64 OLED display and the custom-made circuit was assembled and tightly fitted into the original case. The power bank now gives readings of the battery charge level in a small graph, numeric current input/output, voltage and temperature. The seamless integration of the display into the power bank makes it look like something that could perfectly have come from a store. This is not your typical DIY power bank nor a gigantic 64 cells power bank. It is a precise and careful modification of an existing product, adding value, functionality, and dare I say it, style: an awesome hack!

We can see [Everett] process in the following video:

Continue reading “OLED Hacked Power Bank”

OptionsBleed – Apache Bleeds In Uncommon Configuration

September 19, 2017 by 8 Comments

[Hanno Böck] recently uncovered a vulnerability in Apache webserver, affecting Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27. This bug only affects Apache servers with a certain configuration in .htaccess file. Dubbed Optionsbleed, this vulnerability is a use after free error in Apache HTTP that causes a corrupted Allow header to be replied by the webserver in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain sensitive information. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.

Unlike the famous Heartbleed bug in the past, Optionsbleed leaks only small chunks of memory and more importantly only affects a small number of hosts by default. Nevertheless, shared hosting environments that allow for .htaccess file changes can be quite sensitive to it, as a rogue .htaccess file from one user can potentially bleed info for the whole server. Scanning the Alexa Top 1 Million revealed 466 hosts with corrupted Allow headers, so it seems the impact is not huge so far.

The bug appears if a webmaster tries to use the “Limit” directive with an invalid HTTP method. We decided to test this behaviour with a simple .htaccess file like this:

Continue reading “OptionsBleed – Apache Bleeds In Uncommon Configuration”

Bluetooth Vulnerability Affects All Major OS

September 14, 2017 by 52 Comments

Security researchers from Armis Labs recently published a whitepaper unveiling eight critical 0-day Bluetooth-related vulnerabilities, affecting Linux, Windows, Android and iOS operating systems. These vulnerabilities alone or combined can lead to privileged code execution on a target device. The only requirement is: Bluetooth turned on. No user interaction is necessary to successfully exploit the flaws, the attacker does not need to pair with a target device nor the target device must be paired with some other device.

The research paper, dubbed BlueBorne (what’s a vulnerability, or a bunch, without a cool name nowadays?), details each vulnerability and how it was exploited. BlueBorne is estimated to affect over five billion devices. Some vendors, like Microsoft, have already issued a patch while others, like Samsung, remain silent. Despite the patches, some devices will never receive a BlueBorne patch since they are outside of their support window. Armis estimates this accounts for around 40% of all Bluetooth enabled devices.

A self-replicating worm that would spread and hop from a device to other nearby devices with Bluetooth turned on was mentioned by the researchers as something that could be done with some more work. That immediately reminds us of the BroadPwn vulnerability, in which the researchers implemented what is most likely the first WiFi only worm. Although it is definitely a fun security exercise to code such worm, it’s really a bad, bad idea… Right?…

So who’s affected?

Continue reading “Bluetooth Vulnerability Affects All Major OS”

Broadpwn – All Your Mobiles Are Belong To Us

July 29, 2017 by 50 Comments

Researchers from Exodus Intel recently published details on a flaw that exists on several Broadcom WiFi chipsets. It’s estimated to affect nearly 1 Billion devices, from Android to iPhone. Just to name a few in the top list:

  • Samsung Galaxy from S3 through S8, inclusive
  • All Samsung Notes3. Nexus 5, 6, 6X and 6P
  • All iPhones after iPhone 5

So how did this happen? And how does a bug affect so many different devices?

A smart phone nowadays is a very complicated mesh of interconnected chips. Besides the main processor, there are several other secondary processors handling specialized tasks which would otherwise clog up the main CPU. One of those is the WiFi chipset, which is responsible for WiFi radio communications — handling the PHY, MAC and MLME layers. When all the processing is complete, the radio chipset hands data packets over the kernel driver, which runs on the main CPU. This means that the radio chipset itself has to have some considerable data processing power to handle all this work. Alas, with great power comes great responsibility.

Continue reading “Broadpwn – All Your Mobiles Are Belong To Us”

Hackaday Prize Entry: Water Level Station

June 3, 2017 by 17 Comments

All over the world, in particular in underdeveloped countries, people die every year by the thousands because of floods. The sudden rise of water levels often come unannounced and people have no time to react before they are caught in a bad spot. Modern countries commonly have measure equipment deployed around problematic areas but they are usually expensive for third world countries to afford.

[Benne] project devises a low-cost, cloud-connected, water level measuring station to allow remote and central water level monitoring for local authorities. He hopes that by being able to monitor water levels in a more precise and timely fashion, authorities can act sooner to warn potentially affected areas and increase the chance of saving lives in case of a natural disaster.

At the moment, the project is still in an early stage as they are testing with different sensors to figure out which would work best in different scenarios. Latest version consists essentially in an Arduino UNO, an ultrasonic distance sensor, and a DHT temperature/humidity sensor to provide calibration since these characteristics affect the speed of sound. Some years ago, we covered a simple water level monitoring using a Parallax Ping sensor, but back then the IoT and the ‘cloud’ weren’t nearly as fashionable. They also tested with infrared sensors and a rotary encoder.

They made a video of the rotary encoder, which we can see below:

Continue reading “Hackaday Prize Entry: Water Level Station”

Malduino Elite – First Impressions

May 31, 2017 by 39 Comments

A while back, I wrote an article about Malduino, an Arduino-based, open-source BadUSB device. I found the project interesting so I signed up for an Elite version and sure enough, the friendly postman dropped it off in my mail box last Friday, which means I got to play around with it over the weekend. For those who missed the article, Malduino is USB device which is able to emulate a keyboard and inject keystrokes, among other things. When in a proper casing, it will just look like a USB flash drive. It’s like those things you see in the movies where a guy plugs in a device and it auto hacks the computer. It ships in two versions, Lite and Elite, both based on the ATmega32U4.

The Lite version is really small, besides the USB connector it only contains a switch, which allows the user to choose between running and programming mode, and a LED, which indicates when the script has finished running.

Original Malduino Elite sketch and Lite prototype

The Elite version is bigger, comes with a Micro-SD card reader and four DIP switches, which allow the user to choose which script to run from the card. It also has the LED, which indicates when a script has finished to run. This allows the user to burn the firmware only once and then program the keystroke injection scripts that stored in the Micro-SD card, in contrast to the Lite version which needs to be flashed each time a user wants to run a different script.

These are the two Malduinos and because they are programmed straight from the Arduino IDE, every feature I just mentioned can be re-programmed, re-purposed or dropped all together. You can buy one and just choose to use it like a ‘normal’ Arduino, although there are not a lot of pins to play around with. This freedom was one the first things I liked about it and actually drove me to participate in the crowd-funding campaign. Read on for the full review.
Continue reading “Malduino Elite – First Impressions”