This Week In Security: NAME:WRECK, Signal Hacks Back, Updates, And More

NAME:WRECK is a collection of vulnerabilities in DNS implementations, discovered by Forescout and JSOF Research. This body of research can be seen as a continuation of Ripple20 and AMNESIA:33, as it builds on a class of vulnerability discovered in other network stacks, problems with DNS message compression.

Their PDF Whitepaper contains a brief primer on the DNS message format, which is useful for understanding the class of problem. In such a message, a DNS name is encoded with a length-value scheme, with each full name ending in a null byte. So in a DNS Request, Hackaday.com would get represented as [0x08]Hackaday[0x03]com[0x00]. The dots get replaced by these length values, and it makes for an easily parsable format.

Very early on, it was decided that continually repeating the same host names in a DNS message was wasteful of space, so a compression scheme was devised. DNS compression takes advantage of the maximum host/domain length of 63 characters. This max size means that the binary representation of that length value will never contain “1”s in the first two digits. Since it can never be used, length values starting with a binary “11” are used to point to a previously occurring domain name. The 14 bits that follow this two bit flag are known as a compression pointer, and represent a byte offset from the beginning of the message. The DNS message parser pulls the intended value from that location, and then continues parsing.

The problems found were generally based around improper validation. For example, the NetX stack doesn’t check whether the compression pointer points at itself. This scenario leads to a tight infinite loop, a classic DoS attack. Other systems don’t properly validate the location being referenced, leading to data copy past the allocated buffer, leading to remote code execution (RCE). FreeBSD has this issue, but because it’s tied to DHCP packets, the vulnerability can only be exploited by a device on the local network. While looking for message compression issues, they also found a handful of vulnerabilities in DNS response parsing that aren’t directly related to compression. The most notable here being an RCE in Seimens’ Nucleus Net stack. Continue reading “This Week In Security: NAME:WRECK, Signal Hacks Back, Updates, And More”

This ESP8266 Dev Board Has A Surprising Story Behind It

If you’re looking to get started with the ESP8266, there’s no shortage of development boards out there to select from. But we don’t think you’ll find one with a more unique a backstory than the open source ME-ESP8266. That’s because Malouf, the company that makes the $20 USD board, is a home goods company better known for their pillows and bed frames.

So how do you go from mattress toppers to microcontrollers? Well, as unlikely as it might seem, the missing element is Toys R’ Us. Or more specifically, the liquidation of Toys R’ Us. A Texas distribution center Malouf purchased from the iconic toy retailer included an automated conveyor belt system to move product through the gargantuan building, but unfortunately, they couldn’t get it to work with their existing system. The company decided to use their in-house team of engineers to solve the problem, and the ME-ESP8266 was born.

It turns out that an ESP8266 board developed to move bedding around an old Toys R’ Us warehouse has a lot of useful features for hackers and makers. It’s got an integrated relay, 16 MB of flash storage, an IR receiver, beefy screw terminals, and a 2.54mm-pitch GPIO pin header. There’s even a MAX232 on the board so it can talk to RS-232 devices. The hardware is compatible with the standard Arduino IDE as a “Generic ESP8266 Module”,  so you’ll have no problem using existing libraries and example code.

Now under normal circumstances, the public would never know about this sort of behind the scenes engineering. But instead of keeping their new ESP board to themselves, the team at Malouf got the go ahead from the company’s Chief Technology Officer (CTO) to release it as an open source project. Even more impressive, they got the company to put the board into production so it could be sold to the public. So today we not only learned that bedding companies have CTOs, but that they can be exceptionally open-minded.

Our hats off to the engineers at Malouf and the forward thinking brass that green lit production of the ME-ESP8266. It’s not the first interesting development to come from the liquidation of Geoffrey’s kingdom, but it just might be the most useful.

Stepper Motor Analyzer Reveals All

In theory, you really don’t need much to work with electronics. A scope ought to do everything. However, for special purposes, it is handy to have meters, logic analyzers, and other special-purpose instruments. If you work on motion systems like 3D printers and CNC machines, you ought to have a way to look at stepper motors. You don’t? [Zapta] has a great Simple Stepper Motor Analyzer and [Teaching Tech] has a great video (see below) that shows some of the great things it can do.

What can it do? It analyzes the motor in place and can visualize what’s happening during stepping, microstepping, and other operating modes. Connecting the instrument is easy since you just use a four-pin pass-through connector.

Continue reading “Stepper Motor Analyzer Reveals All”

Visual Raspberry Pi With Node-Red And TensorFlow

If you prefer to draw boxes instead of writing code, you may have tried IBM’s Node-RED to create logic with drag-and-drop flows. A recent [TensorFlow] video shows an interview between [Jason Mayes] and [Paul Van Eck] about using TensorFlow.js with Node-RED to create machine learning applications for Raspberry Pi visually. You can see the video, below.

The video doesn’t go into much detail since it is only ten minutes long. But it does show how easy it is to do things like identify images using an existing TensorFlow model. There is a more detailed tutorial available, as well as a corresponding video, which you can see below.

Continue reading “Visual Raspberry Pi With Node-Red And TensorFlow”

Make Your Own Variable Inductor

Inductors are not the most common component these days and variable ones seem even less common. However, with a ferrite rod and some 3D printing, [drjaynes] shows how to make your own variable inductor. You can see him show the device off in the video below.

The coil itself is just some wire, but the trick is moving the ferrite core in and out of the core. The first version used some very thick wire and produced an inductor that varied from 6 to 22 microhenrys. Switching to 22 gauge wire allowed more wire on the form. That pushed the value range to 2 to 12 millihenrys.

Continue reading “Make Your Own Variable Inductor”

Heating A Home With Sunlight… And Water

The sun is a tremendous source of energy, and while photovoltaic panels are an easy way to harvest some of that energy especially now that prices for them are incredibly low, there are plenty of other ways to tap into that free energy as well. [Engelbert] was looking for alternative ways to heat his house since traditional methods were prohibitively expensive, and ended up building a heat exchanger using solar-heated water to cover his home heating needs. (Google Translate from Dutch)

The system uses several large roof-mounted hot water heating panels. The heat captured by them is then pumped into an underground pipe network which is able to warm up a large area of earth in the summer. In the winter, that heat is able to be extracted back out of the earth and used to heat his home. The system includes almost three kilometers of pipe which are buried two meters below grade, so this will probably not be a weekend project, but it still cost much less than the €80,000 to install gas heating in his home.

[Engelbert] is able to use this self-built system to keep his home and another smaller building at a constant 23°C all year. He actually overbuilt the system slightly and has since disconnected almost half of the pipes, but we certainly understand the desire to over-engineer things around here. The only problem he has had is with various government entities that are slow to adopt energy-efficient systems like these. Perhaps the Dutch government can take some notes from the Swiss when it comes to installing geothermal systems like these.

Thanks to [Jero] for the tip!

Turn On Your Lights With A Wave Of A Magic Wand

Smartphones and voice assistants are the typical way most of us interact with our smart devices around the home, but it doesn’t have to be the only way. [Sam March] wanted things to feel a little more magical – so built a wand to do the job instead.

The wand relies on a DA14531 Bluetooth Low Energy (BLE) system-on-chip, and is paired with what appear to be smart plugs running on the same hardware. With an accelerometer in the wand, it’s able to detect waving motions, and then signal the smartplugs over Bluetooth to switch outlets on or off. As far as the magic side of things is concerned, [Sam] took his lead from [Arthur C. Clarke], who famously stated “Any sufficiently advanced technology is indistinguishable from magic.” Thus, efforts were made to miniaturize the electronics down to a single tiny PCB, allowing it to be secreted inside a turned wooden wand that’s wrapped in leather.

The end result is a fun project that’s also probably useful when [Sam] wants to turn the lights off without getting out of bed. We could imagine that, configured properly to work on a room-by-room basis, it could be useful for guests who don’t know where the light switches are.

If the name sounds familiar, it’s because we’ve heard from [Sam] before – with his great DIY smartwatch build. Video after the break.

Continue reading “Turn On Your Lights With A Wave Of A Magic Wand”