This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness

August 19, 2022 by 9 Comments

It’s debatable just how useful Secure Boot is for end users, but now there’s yet another issue with Secure Boot, or more specifically, a trio of signed bootloaders. Researchers at Eclypsium have identified problems in the Eurosoft, CryptoPro, and New Horizon bootloaders. In the first two cases, a way-too-flexible UEFI shell allows raw memory access. A startup script doesn’t have to be signed, and can easily manipulate the boot process at will. The last issue is in the New Horizon Datasys product, which disables any signature checking for the rest of the boot process — while still reporting that secure boot is enabled. It’s unclear if this requires a config option, or is just totally broken by default.

The real issue is that if malware or an attacker can get write access to the EFI partition, one of these signed bootloaders can be added to the boot chain, along with some nasty payload, and the OS that eventually gets booted still sees Secure Boot enabled. It’s the perfect vehicle for really stealthy infections, similar to CosmicStrand, the malicious firmware we covered a few weeks ago.
Continue reading “This Week In Security: Secure Boot Bypass, Attack On Titan M, KASLR Weakness”

Every Frame A Work Of Art With This Color Ultra-Slow Movie Player

August 19, 2022 by 15 Comments

One of the more recent trendy builds we’ve seen is the slow-motion movie player. We love them — displaying one frame for a couple of hours to perhaps a full day is like an ever-changing, slowly morphing work of art. Given that most of them use monochrome e-paper displays, they’re especially suited for old black-and-white films, which somehow makes them even more classy and artsy.

But not every film works on a monochrome display. That’s where this full-color ultra-slow motion movie player by [likeablob] shines. OK, full color might be pushing it a bit; the build centers around a 5.65″ seven-color EPD module. But from what we can see, the display does a pretty good job at rendering frames from films like Spirited Away and The Matrix. Of course there is the problem of the long refresh time of the display, which can be more than 30 seconds, but with a frame rate of one every two hours, that’s not a huge problem. Power management, however, can be an issue, but [likeablob] leveraged the low-power co-processor on an ESP32 to handle the refresh tasks. The result is an estimated full year of battery life for the display.

We’ve seen that same Waveshare display used in a similar player before, and while some will no doubt object to the muted color rendering, we think it could work well with a lot of movies. And we still love the monochrome players we’ve seen, too.

Mecanum-Wheeled Robot Chassis Takes Commands From PS4 Controller

August 19, 2022 by 1 Comment

Mecanum wheels are popular choices for everything from robots to baggage handling equipment in airports. Depending on their direction of rotation, they can generate forces in any planar direction, providing for great maneuverability. [ATOM] set about building just such a robot chassis, and learned plenty in the process.

The design is similar to those we’ve seen in the past. The robot has four mecanum wheels, each driven by its own motor. Depending on the direction of rotation of the various wheels, the robot can move forward, backwards, and even strafe left and right. Plus, it can effectively tank turn without excessive slippage thanks to the rollers on each wheel. An ESP32 serves as the brains of the ‘bot, allowing it to be readily remote controlled via a PS4 gamepad over Bluetooth.

If you’re looking to build a small robot chassis that’s great at moving about in tight, small spaces, this could be a great project to learn with. All the necessary parts are relatively easily available, and the PCB files can be had on GitHub.

If you like the idea of mecanum wheels but need something bigger, consider starting with a set of hoverboard wheel motors. Continue reading “Mecanum-Wheeled Robot Chassis Takes Commands From PS4 Controller”

I’m Your Overlord, May I Take Your Order?

August 18, 2022 by 44 Comments

If you’ve ever been at an eatery and thought the server was a bit robotic, you should try San Francisco’s Mezli. The restaurant claims to be the first one to be totally automated. There are no humans in there. The restaurant serves Mediterranean grain bowls. Honestly, it is hard to decide if Mezli is a restaurant or a very sophisticated vending machine.

Then again, that makes sense. Only in science fiction do you have androids flying spaceships. In real life, the robot probably is the spaceship. Obviously, someone is still loading ingredients into the machine — some precooked — but that’s about it. Some restaurants let you order from a computer while a human makes your food and we’ve seen a few automated chefs, but nothing with this degree of mechanization.

Continue reading “I’m Your Overlord, May I Take Your Order?”

The Tools To Fight Against Single-Use Plastic

August 18, 2022 by 91 Comments

Imagine for a moment that you design products for a living. But you can’t design all the things, so you have to buy some of your stuff from big-box stores just to go about your everyday life. This is more or less what happened to [Eric Strebel], who recently bought a bathroom faucet from IKEA. This particular flat-pack faucet came with a single-use plastic nut driver to be used in putting the faucet together. Since there is no marking that indicates the plastic type, it can’t be easily recycled. Not even the size of the business end is indicated. So between the shoddy plastic construction and the lack of information, most people are going to just throw this thing away. And that’s terrible.

So what’s to be done? Aside from boycotting IKEA (which [Eric] may do in the future for all we know), there’s not much to do but to offer up solutions on public platform and see what happens. To that end, [Eric] came up with five different ways of making this nut driver that are arguably more sustainable than single-use mystery plastic.

Say what you will about sustainability of using metals, which have to be mined, versus plastic – many of these methods use no tooling, so that’s something. Nut drivers made by [Eric] would instead be laser-cut from flat stock and either folded up and welded, or assembled from a multi-piece cut into a single-piece tool via perpendicular members that slot together. Or as [Eric] points out, the design could stay exactly the same as the plastic original and be die-cast instead.

It’s certainly an interesting exercise in design, and it’s really cool to see a little bit into [Eric]’s thought process when it comes to improving existing things. Be sure to check it out after the break, and let us know how you’d have done it better.

Continue reading “The Tools To Fight Against Single-Use Plastic”

LCD Monitor Plays The Hits

August 18, 2022 by 1 Comment

In the old days, it wasn’t uncommon to put an AM radio near a computer or a monitor and deliberately cause interference to have a crude form of sound generation. Did you miss out on that? No! Thanks to [luambfb] you can now do the same trick with a common LCD monitor. You’ll need the horizontal refresh rate of the monitor in question.

Of course, doing it is somewhat less interesting than learning how it works. The effect relies on the fact that the LCDs emit signals as it refreshes a row. A black row emits relatively low energy while a white row emits more. Grayscale… well, you get the idea. Continue reading “LCD Monitor Plays The Hits”

Angled Drill Guide Helps You With Those Tricky Holes

August 18, 2022 by 18 Comments

If you’ve ever tried to drill a hole on an angle with a power drill, you’ve probably drilled some pretty shocking holes. To do it right, you really need some mechanical assistance, and this jig from [Kartik_Nandrui] should do the trick.

The device uses a guide that sits on the surface to be drilled, with a pair of angled connectors that fit two wooden dowels. These connect the guide to a corresponding sleeve that fits around the drill body. The sleeve then slides up and down the dowels, allowing the drill to move in a straight line towards the targeted area.

It’s a useful hack, but we can see room for some improvements that would take it to the next level. Having a way to lock the angle of the guide base would be great for accuracy. As it’s 3D printed, it would also be simple to create a version with a curved guide base that could fit over pipes, or other designs to fit complex geometries like roof sheeting or other corrugated materials.

Sometimes the most interesting hacks are the ones that get us thinking about our own potential projects. If you’ve got any creative tool hacks you’ve been brewing up in the lab, be sure to let us know!