Monitor Not VESA-Compliant? It Is Now!

August 23, 2020 by 37 Comments

Some monitors lack the holes on the back that make them VESA-compliant, so mounting them on a monitor arm can be a non-starter. To handle this, [Patrick Hallek] designed and 3D printed these adapter arms to make flat monitors mount to VESA hardware whether they want to or not.

How does it work? When a monitor can’t attach directly to a VESA mount, this assembly attaches to the mount instead. The three arms extend around the edge of the monitor to grip it from the bottom and top. Some hex-head M5 bolts and nuts are all that are required to assemble the parts, and the top arm is adjustable to accommodate different sizes of monitor. As long as the screen size is between 17 and 27 inches diagonal, and the monitor thickness falls between 30 mm and 75 mm, it should fit.

It’s a smart design that leverages one of the strengths of 3D printing: that of creating specialized adapters or fixtures that would be troublesome to make by hand. That is not to say that there’s no other way to make exactly what one wants when it comes to mounting monitors: check out this triple-monitor setup using some common metal struts, no welding required.

[via reddit]

The CIA’s Corona Project Was About Satellites, Not A Virus

August 23, 2020 by 14 Comments

We take orbital imagery for granted these days, but there was a time that it was high technology and highly secretive. [Scott Manley] has a good overview of the CIA’s Corona spy satellites, along with declassified images from the early days of the program.

It seems strange today, but the spy images needed high resolution and the only practical technology at the time was film. The satellite held a whopping 3,000 feet of film and, once shot, a capsule or bucket would return to Earth for retrieval and development. They didn’t make it to land — or at least they weren’t supposed to. The CIA didn’t want opponents sweeping up the film so an airplane was supposed to snag the bucket as it descended on a parachute, a topic covered in [Tom Nardi’s] article about the history of catching stuff as it falls from space.

The early cameras could see detail down to about 40 feet. By the end of the program in the 1970s, improved cameras could see down to 3 feet or less. Later satellites had a 3D-capable camera and multiple return buckets. The satellites were — officially — a program to expose biological samples to the space environment and return them for analysis. The Discover program was pure cover and the whole thing was declassified in 1992.

Of course, film from airplanes also had a role. Some spy satellites tried to scan film and send the data back, but that saw more use on lunar missions where returning a capsule to Earth was a lot more difficult.

Continue reading “The CIA’s Corona Project Was About Satellites, Not A Virus”

A Miniature Power Supply For High Voltage Hacking

August 23, 2020 by 17 Comments

If you’re looking to experiment with plasma, you’re going to need a high voltage power supply. Usually that means something big, complex, and (naturally) expensive. But it doesn’t have to be. As [Jay Bowles] demonstrates in his latest Plasma Channel video, you can put together a low-cost power supply capable of producing up to 20,000 volts that fits in the palm of your hand. Though you should probably just put the thing down on a table when in use…

Finding the feedback coil with a multimeter.

The secret to the build is the flyback transformer. A household staple during the era of CRT televisions, these devices can still be readily found online or even salvaged from a broken TV. We’d recommend searching eBay for new old stock (NOS) transformers rather than risk getting blown through a wall while poking around in an old TV you found on the side of the road, but really it all depends on your experience level with this sort of thing.

In any event, once you have the flyback transformer in hand, the rest of the build is very simple. [Jay] demonstrates how you can determine the pinout for your transformer even if you can’t find a datasheet for it, and then proceeds to assemble the handful of ancillary parts necessary to drive it. Housed on a scrap of perfboard and mounted to a piece of plastic to keep stray objects away from the sparky bits underneath, this little power supply would be a reliable workhorse for anyone looking to start experimenting with high voltage. Perhaps an ionic lifter is in your future?

Readers with a photographic memory may recall that [Jay] used this same diminutive power supply in his recently completed water-based Marx generator.

Continue reading “A Miniature Power Supply For High Voltage Hacking”

Breaking Smartphone NFC Firmware: The Gory Details

August 23, 2020 by 2 Comments

Near-field Communication (NFC) has been around a while and is used for example in access control, small data exchange, and of course in mobile payment systems. With such sensitive application areas, security is naturally a crucial element of the protocol, and therefore any lower-level access is usually heavily restricted and guarded.

This hardware is especially well-guarded in phones, and rooting your Android device won’t be of much help here. Well, that was of course only until [Christopher Wade] took a deep look into that subject, which he presented in his NFC firmware hacking talk at for this year’s DEF CON.

But before you cry out “duplicate!” in the comments now, [Jonathan Bennett] has indeed mentioned the talk in a recent This Week In Security article, but [Christopher] has since written up the content of his talk in a blog post that we thought deserves some additional attention.

To recap: [Christopher] took a rooted Samsung S6 and searched for vulnerabilities in the NFC chip’s safe firmware update process, in hopes to run a custom firmware image on it. Obviously, this wouldn’t be worth mentioning twice if he hadn’t succeeded, and he goes at serious length into describing how he got there. Picking a brain like his by reading up on the process he went through — from reverse engineering the firmware to actually exploiting a weakness that let him run his own code — is always fascinating and downright fun. And if you’re someone who prefers the code to do the talking, the exploits are on GitHub.

Naturally, [Christopher] disclosed his findings to Samsung, but the exploited vulnerability — and therefore the ability to reproduce this — has of course been out there for a long time already. Sure, you can use a Proxmark device to attack NFC, or the hardware we saw a few DEF CONs back, but a regular-looking phone will certainly raise a lot less suspicion at the checkout counter, and might open whole new possibilities for penetration testers. But then again, sometimes a regular app will be enough, as we’ve seen in this NFC vending machine hack.

Continue reading “Breaking Smartphone NFC Firmware: The Gory Details”

Graphene Prints More Smoothly Under The Influence Of Alcohol

August 22, 2020 by 10 Comments

If you’ve ever sloshed coffee out of your mug and watched the tiny particles scurry to the edges of the puddle, then you’ve witnessed a genuine mystery of fluid mechanics called the coffee ring effect. The same phenomenon happens with spilled wine, and with functional inks like graphene.

Graphene and other 2D crystals print much better under the influence of alcohol.

The coffee ring effect makes it difficult to print graphene and similar materials onto silicon wafers, plastics, and other hard surfaces because of this drying problem. There are already a few commercial options that can be used to combat the coffee ring effect, but they’re all polymers and surfactants that negatively affect the electronic properties of graphene.

Recently, a group of researchers discovered that alcohol is the ideal solution. In the case of spilled graphene, the particles fleeing for the edges are naturally spherical. By adding a mixture of isopropyl and 2-butanol alcohol, they get flattened into a pancake shape, resulting in smoother deformation during the drying process and an easier printing process with better results.

Graphene is quite interesting by nature, and has many uses. It can shift from an insulator to a superconductor with the right temperature changes, and it can desalinate sea water for drinking.

Facing The Coronavirus

August 22, 2020 by 1 Comment

Some of us are oblivious to how often we touch our faces. The current finding is we reach for our eyes, nose, or mouth every three to four minutes. Twenty times per hour is an awful lot of poking, picking, itching, and prodding when we’re supposed to keep our hands away from glands that can transmit and receive disease. To curb this habit and enter the 2020 Hackaday Prize, [Lloyd lobo] built a proof-of-concept device that sounds the alarm when you reach for your face.

We see an Arduino Uno connected to the classic HC-SR04 ultrasonic distance sensor, an LED, and we have to assume a USB battery pack. [Lloyd] recommends the smaller Nano, we might reach for the postage-stamp models and swap the ultrasonic module out for the much smaller laser time of flight sensor. At its soul, this is an intruder alarm. Instead of keeping siblings out of your room, you will be keeping your hands out of the area below the bill of the hat where the sensor is mounted. If you regularly lift a coffee cup to your lips, it might chastise you, and if you chew sunflower seeds, you might establish a tempo. *crunch* *chip* *beep* *crunch* *chip* *beep*

We have reviewed technology to improve our habits like a bracelet that keeps a tally, and maybe there is a book that will help shirk some suboptimal behaviors.

Continue reading “Facing The Coronavirus”

FBI Reports On Linux Drovorub Malware

August 22, 2020 by 26 Comments

The FBI and the NSA released a report on the Russian-based malware that attacks Linux known as Drovorub (PDF) and it is an interesting read. Drovorub uses a kernel module rootkit and allows a remote attacker to control your computer, transfer files, and forward ports. And the kernel module takes extraordinary steps to avoid detection while doing it.

What is perhaps most interesting though, is that the agencies did the leg work to track the malware to its source: the GRU — Russian intelligence. The name Drovorub translates into “woodcutter” and is apparently the name the GRU uses for the program.

A look inside the code shows it is pretty mundane. There’s a server with a JSON configuration file and a MySQL backend. It looks like any other garden-variety piece of code. To bootstrap the client, a hardcoded configuration allows the program to make contact with the server and then creates a configuration file that the kernel module actively hides. Interestingly, part of the configuration is a UUID that contains the MAC address of the server computer.

The rootkit won’t persist if you have UEFI boot fully enabled (although many Linux computers turn UEFI signing off rather than work through the steps to install an OS with it enabled). The malware is easy to spot if you dump raw information from the network, but the kernel module makes it hard to find on the local machine. It hooks many kernel functions so it can hide processes from both the ps command and the /proc filesystem. Other hooks remove file names from directory listings and also hides sockets. The paper describes how to identify the malware and they are especially interested in detection at scale — that is, if you have 1,000 Linux PCs on a network, how do you find which ones have this infection?

This is a modern spy story, but not quite what we’ve come to expect in Bond movies. “Well, Moneypenny, it appears Spectre is using the POCO library to generate UUIDs,” is hard to work into a trailer. We prefer the old days when high-tech spying meant nonlinear junction detectors, hacking Selectrics, moon probe heists, and passive bugging.