Man-in-the-Middle PCB Unlocks HP Ink Cartridges

September 28, 2024 by Maya Posch 150 Comments

It’s a well-known secret that inkjet ink is being kept at artificially high prices, which is why many opt to forego ‘genuine’ manufacturer cartridges and get third-party ones instead. Many of these third-party ones are so-called re-manufactured ones, where a third-party refills an empty OEM cartridge. This is increasingly being done due to digital rights management (DRM) reasons, with tracking chips added to each cartridge. These chip prohibit e.g. the manual refilling of empty cartridges with a syringe, but with the right tweak or attack can be bypassed, with [Jay Summet] showing off an interesting HP cartridge DRM bypass using a physical man-in-the-middle-attack.

This bypass takes the form of a flex PCB with contacts on both sides which align with those on the cartridge and those of the printer. What looks like a single IC in a QFN package is located on the cartridge side, with space for it created inside an apparently milled indentation in the cartridge’s plastic. This allows is to fit flush between the cartridge and HP inkjet printer, intercepting traffic and presumably telling the printer some sweet lies so that you can go on with that print job rather than dash out to the store to get some more overpriced Genuine HP-approved cartridges.

Not that HP isn’t aware or not ticked off about this, mind. Recently they threatened to brick HP printers that use third-party cartridges if detected, amidst vague handwaving about ‘hackers’ and ‘viruses’ and ‘protecting the users’ with their Dynamic Security DRM system. As the many lawsuits regarding this DRM system trickle their way through the legal system, it might be worth it to keep a monochrome laser printer standing by just in case the (HP) inkjet throws another vague error when all you want is to just print a text document.

Continue reading “Man-in-the-Middle PCB Unlocks HP Ink Cartridges” →

Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

September 27, 2024 by Maya Posch 55 Comments

These days everything needs to be connected to remote servers via the internet, whether it’s one’s TV, fridge or even that new car you just bought. A recently discovered (and already patched) vulnerability concerning Kia cars was a doozy in this regard, as a fairly straightforward series of steps allowed for any attacker to obtain the vehicle identification number (VIN) from the license plate, and from there become registered as the car’s owner on Kia’s network. The hack and the way it was discovered is described in great detail on [Sam Curry]’s website, along with the timeline of its discovery.

Notable is that this isn’t the first vulnerability discovered in Kia’s HTTP-based APIs, with [Sam] this time taking a poke at the dealer endpoints. To his surprise, he was able to register as a dealer and obtain a valid session ID using which he could then proceed to query Kia’s systems for a user’s registered email address and phone number.

With a specially crafted tool to automate the entire process, this information was then used to demote the car’s owner and register the attacker as the primary owner. After this the attacker was free to lock/unlock the doors, honk to his heart’s content, locate the car and start/stop the vehicle. The vulnerability affected all Kia cars made after 2013, with the victim having no indication of their vehicle having been hijacked in this manner. Aside from the doors randomly locking, the quaint honking and engine turning on/off at a whim, of course.

Perhaps the scariest part about this kind of vulnerability is that it could have allowed an attacker to identify a vulnerable parked car, gained access, before getting into the car, starting the engine and driving away. As long as these remote APIs allow for such levels of control, one might hope that one day car manufacturers will take security somewhat more serious, as this is only the latest in a seemingly endless series of amusingly terrifying security vulnerabilities that require nothing more than some bored hackers with HTTP query crafting tools to discover.

Continue reading “Hacking Kia: Remotely Hijack A Car Using Only Its License Plate” →

An excerpt from Lord Rayleigh’s published manuscript.

Estimating The Size Of A Single Molecule Of Oil Using Water

September 26, 2024 by Maya Posch 21 Comments

What is the size of a single molecule of oil? What may initially seem like a trick question – answerable only through the use of complicated, high-tech scientific equipment – is actually as easy to calculate as the circumference of planet Earth. Much like how [Eratosthenes] used a couple of sticks to achieve the latter feat back in about 240 BCE, the size of a molecule of olive oil was calculated in 1890 by [Lord Rayleigh], which is the formal title of [John William Strutt]. Using nothing but water and said olive oil, he managed to calculate the size of a single olive oil molecule as being 1.63 nanometers in length.

To achieve this feat, he took 0.81 mg of olive oil and put it on a known area of water. Following the assumption that the distributed oil across the water surface would form a monolayer, i.e. a layer of oil one molecule thick, he divided the volume of the oil by the covered area, which gave him the thickness of the oil layer. Consequently, this result would also be the dimension (diameter) of a single olive oil molecule.

Many years later we know now that olive oil is composed of triacylglycerols, with a diameter of 1.67 nm, or only about 2% off from the 1890 estimate. All of which reinforces once more just how much science one can do with only the most basic of tools, simply through logical deduction.

Labelled die of the Ramtron FM24C64 FeRAM chip. (Credit: Ken Shirriff)

Inside A 1999 Ramtron Ferroelectric RAM Chip

September 26, 2024 by Maya Posch 16 Comments

Structure of the Ramtron FeRAM. The image is focus-stacked for clarity. (Credit: Ken Shirriff)

Although not as prevalent as Flash memory storage, ferroelectric RAM (FeRAM) offers a range of benefits over the former, mostly in terms of endurance and durability, which makes it popular for a range of (niche) applications. Recently [Ken Shirriff] had a look inside a Ramtron FM24C64 FeRAM IC from 1999, to get an idea of how it works. The full die photo can be seen above, and it can store a total of 64 kilobit.

One way to think of FeRAM is as a very small version of magnetic core memory, with lead-zirconate-titanate (PZT) ferroelectric elements making up the individual bits. These PZT elements are used as ferroelectric capacitors, i.e. the ferroelectric material is the dielectric between the two plates, with a positive voltage storing a ‘1’, and vice-versa.

In this particular FeRAM chip, there are two capacitors per bit, which makes it easier to distinguish the polarization state and thus the stored value. Since the distinction between a 0 and a 1 is relatively minor, the sense amplifiers are required to boost the signal. After a read action, the stored value will have been destroyed, necessitating a write-after-read action to restore the value, all of which adds to the required logic to manage the FeRAM. Together with the complexity of integrating these PZT elements into the circuitry this makes these chips relatively hard to produce and scale down.

You can purchase FeRAM off-the-shelf and research is ongoing, but it looks to remain a cool niche technology barring any kind of major breakthrough. That said, the Sega Sonic the Hedgehog 3 cartridges which used an FeRAM chip for save data are probably quite indestructible due to this technology.

Remembering CompuServe: The Online Experience Before The World Wide Web

September 25, 2024 by Maya Posch 29 Comments

July 1981 cover of CompuServe's magazine. — July 1981 cover of CompuServe’s magazine.

Long before the advent of the Internet and the World Wide Web, there were other ways to go online, with Ohio-based CompuServe being the first to offer a consumer-oriented service on September 24, 1979. In an article by [Michael De Bonis] a listener-submitted question to WOSU’s Curious Cbus is answered, interspersed with recollections of former users of the service. So what was CompuServe’s contribution to society that was so important that the state of Ohio gave historical status to the building that once housed this company?

The history of CompuServe and the consumer-facing services which it would develop started in 1969, when it was a timesharing and remote access service for businesses who wanted to buy some time on the PDP-10s that Golden United Life Insurance as the company’s subsidiary used. CompuServe divested in 1975 to become its own, NASDAQ-listed company. As noted in the article, while selling timeshares to businesses went well, after business hours they would have these big computer systems sitting mostly idly. This was developed by 1979 into a plan to give consumers with their newfangled microcomputers like the TRS-80 access.

Originally called MicroNet and marketed by Radio Shack, the service offered the CompuServe menu to users when they logged in, giving access to features like email, weather, stock quotes, online shipping and booking of airline tickets, as well as online forums and interactive text games.

Later renamed to CompuServe Information Service (CIS), it remained competitive with competitors like AOL and Prodigy until the mid-90s, even buying one competitor called The Source. Ultimately it was the rise of Internet and the WWW that would close the door on this chapter of computing history, even as for CompuServe users this new Internet age would have felt very familiar, indeed.

Reviving A 15-Year Old Asus EeePC With Modern MX Linux

September 25, 2024 by Maya Posch 71 Comments

It’s often said these days that computers don’t become outdated nearly as quickly as they did in the past, with even a decade-old computer still more than capable of handling daily tasks for the average person. Testing that theory, [Igor Ljubuncic] revisited the Asus eeePC which he purchased back in 2010. Although it’s not specified exactly which model it is, it features an Intel Atom N450 (1 core, 2 threads) running at 1.67 GHz, 1 GB of 667 MHz DDR2 and a 250 GB HDD, all falling into that ultra-portable, 10.1″ Netbook category.

When new, the netbook came with Windows 7 Starter Edition, which [Igor] replaced with Ubuntu Netbook Remix 10.04, which was its own adventure, but the netbook worked well and got dragged around the world on work and leisure assignments. With increasingly bloated updates, Ubuntu got replaced by MX Linux 18, which improved matters, but with the little CPU struggling more and more, [Igor] retired the netbook in 2019. That is, until reviving it recently.

Upon booting, the CMOS battery was of course empty, but the system happily continued booting into MX Linux. The Debian update repositories were of course gone, but changing these to the archive version allowed for some (very old) updates. This raised the question of whether modern Linux would even run on this ancient Atom CPU, the answer of which turned out to be a resounding ‘yes’, as MX Linux still offers 32-bit builds of its most recent releases. A 15 minute upgrade process later, and a 2 minute boot later, the system was running a Linux 6.1 kernel with Xfce desktop.

As for the performance, it’s rather what you expect, with video playback topping out at 480p (on the 1024×600 display) and applications like Firefox lacking the compact density mode, wasting a lot of screen space. Amazingly the original battery seems to still deliver about half the runtime it did when new. All of which is to say that yes, even a ‘low-end’ 2010-era netbook can still be a very usable system in 2024, with a modern OS.

The Possibility Of Reverting Time On The Ageing Of Materials

September 23, 2024 by Maya Posch 7 Comments

Everyone knows that time’s arrow only goes in one direction, regardless of the system or material involved. In the case of material time, i.e. the ageing of materials such as amorphous materials resulting from glass transition, this material time is determined after the initial solidification by the relaxation of localized stresses and medium-scale reordering. These changes are induced by the out-of-equilibrium state of the amorphous material, and result in changes to the material’s properties, such as a change from ductile to a brittle state in metallic glasses. It is this material time which the authors of a recent paper (preprint) in Nature Physics postulates to be reversible.

Whether or not this is possible is said to be dependent on the stationarity of the stochastic processes involved in the physical ageing. Determining this stationarity through the investigation of the material time in a number of metallic glass materials (1-phenyl-1-propanol, laponite and polymerizing epoxy) was the goal of this investigation by [Till Böhmer] and colleagues, and found that at least in these three materials to be the case, suggesting that this process is in fact reversible.

Naturally, the primary use of this research is to validate theories regarding the ageing of materials, other aspects of which have been investigated over the years, such as the atomic dynamics by [V.M Giordano] and colleagues in a 2016 paper in Nature Communications, and a 2022 study by [Birte Riechers] and colleagues in Science Advances on predicting the nonlinear physical ageing process of glasses.

While none of these studies will give us time-travel powers, it does give us a better understanding of how materials age over time, including biological systems like our bodies. This would definitely seem to be a cause worthy of our time.

Header image: Rosino on Flickr, CC BY-SA 2.0.