This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation

June 9, 2023 by 2 Comments

Modded Minecraft is having a security moment, to match what we’ve seen in the Python and JavaScript repositories over the last few months. It looks like things started when a handful of burner accounts uploaded malicious mods to Curseforge and Bukkit. Those mods looked interesting enough, that a developer for Luna Pixel Studios (LPS) downloaded one of them to test-run. After the test didn’t pan out, he removed the mod, but the malicious code had already run.

Where this gets ugly is in how much damage that one infection caused. The virus, now named fractureiser, installs itself into every other Minecraft-related .jar on the compromised system. It also grabs credentials, cookies, cryptocurrency addresses, and the clipboard contents. Once that information was exfiltrated from the LPS developer, the attacker seems to have taken manual actions, using the purloined permissions to upload similarly infected mod files, and then marking them archived. This managed to hide the trapped files from view on the web interface, while still leaving them exposed when grabbed by the API. Once the malware hit a popular developer, it began to really take off.

It looks like the first of the malicious .jar files actually goes all the way back to mid-April, so it may take a while to discover all the places this malware has spread. It was first noticed on June 1, and investigation was started, but the story didn’t become public until the 7th. Things have developed rapidly, and the malware fingerprints has been added to Windows Defender among other scanners. This helps tremendously, but the safe move is to avoid downloading anything Minecraft related for a couple days, while the whole toolchain is inspected. If it’s too late and you’ve recently scratched that voxel itch, it might be worth it to take a quick look for Indicators of Compromise (IoCs).

Continue reading “This Week In Security: Minecraft Fractureiser, MOVEit, And Triangulation”

They Used To Be A Big Shot, Now Eagle Is No More

June 9, 2023 by 246 Comments

There once was a time when to make a PCB in our community was to use CadSoft EAGLE, a PCB design package which neatly filled the entry level of that category with a free version for non-commercial designs. Upgrading it to the commercial version was fairly inexpensive, and indeed that was a path which quite a few designers making the step from hobby project to small production would take.

Then back in 2017, CadSoft were bought by Autodesk, and their new version 8 of the software changed its licensing model from purchase to rental. It became a product with a monthly subscription and an online side, and there began an exodus of users for whom pay-to-play meant too much risk of losing access to their designs. Now six years later the end has come, as the software behemoth has announced EAGLE’s final demise after a long and slow decline. Continue reading “They Used To Be A Big Shot, Now Eagle Is No More”

Gesture Sensor Teardown Reveals Intel Heritage

June 9, 2023 by 5 Comments

A few years ago, there was a rush of products on the market to detect motion. The idea being you could interact with your computer like they do on science fiction movies, with giant expressive hand motions in the air. Most of these were aimed at desktop computer users but one company, YouSpace, wanted to bring this technology to retail stores. [IMSAI Guy] got one of their sensor devices and decided to see what was inside it. You can see, too, in the video below.

The device appeared to have a laser inside, which motivated the teardown. We aren’t sure exactly what YouSpace had planned, but you can see their now-defunct website on the Wayback machine. The use cases listed didn’t really help us get a clear picture, so maybe that was part of the problem.

Getting into the device was the first challenge. Like many modern smartphones, there didn’t appear to be any fasteners, so you simply had to pry the case apart. Inside the case: a tiny circuit board and a metal assembly containing the laser and cameras that were easy to remove. The main PCB appears to be an Intel off-the-shelf board that was in many Intel RealSense products, and currently go for about $50 on eBay. The camera assembly looks a bit like an Intel D430, so it is possible the entire thing was off-the-shelf hardware. Even the little connector board is, technically, a D400 Interposer.

The peek into the structured light project under the microscope was interesting. We expected it would look different, and [IMSAI Guy] clearly didn’t expect its appearance either. The chip was made to beam a known pattern that the cameras would use to deduce the shape of the surfaces it hits.

If you can find these on the surplus market, they would probably be a good deal if you need this hardware which is typically pretty expensive. Just beware, though. Intel announced in late 2021 they were “winding down” RealSense. We don’t know if there will be third-party support in the future or if the whole product line will just be orphaned.

We’ve seen the occasional project that uses structured light. The technique can be very precise.

Continue reading “Gesture Sensor Teardown Reveals Intel Heritage”

Using Excel To Manage A Commodore 64

June 8, 2023 by 16 Comments

The “save” icon for plenty of modern computer programs, including Microsoft Office, still looks like a floppy disk, despite the fact that these have been effectively obsolete for well over a decade. As fewer and fewer people recognize what this icon represents, a challenge is growing for retrocomputing enthusiasts that rely on floppy disk technology to load any programs into their machines. For some older computers that often didn’t have hard disk drives at all, like the Commodore 64, it’s one of the few ways to load programs into computer memory. And, rather than maintaining an enormous collection of floppy discs, [RaspberryPioneer] built a way to load programs on a Commodore using Microsoft Excel instead.

The Excel sheet that manages this task uses Visual Basic for Applications (VBA), an event-driven programming language built into Office, to handle the library of applications for the Commodore (or Commodore-compatible clone) including D64, PRG, and T64 files. This also includes details about the software including original cover art and any notes the user needs to make about them. Using VBA, it also communicates to an attached Arduino, which is itself programmed to act as a disk drive for the Commodore. The neceessary configuration needed to interface with the Arduino is handled within the spreadsheet as well. Some additional hardware is needed to interface the Arduino to the Commodore’s communications port but as long as the Arduino is a 5V version and not a 3.3V one, this is fairly straightforward and the code for it can be found on its GitHub project page.

With all of that built right into Excel, and with an Arduino acting as the hard drive, this is one of the easiest ways we’ve seen to manage a large software library for a retrocomputer like the Commodore 64. Of course, emulating disk drives for older machines is not uncommon, but we like that this one can be much more dynamic and simplifies the transfer of files from a modern computer to a functionally obsolete one. One of the things we like about builds like this, or this custom Game Boy cartridge, is how easy it can be to get huge amounts of storage that the original users of these machines could have only dreamed of in their time.

Op-Amp Challenge: A Logic-Free BCD

June 8, 2023 by 10 Comments

Of digital electronics, a wise man once said that “Every idiot can count to one.” Truer words have rarely been spoken, because at the end of the day, every digital circuit is really just an analog circuit with the interesting bits abstracted away. And to celebrate that way of looking at things, we’re pleased to present this BCD to seven-segment converter that uses no logic chips.

With cheap and easily available chips that perform this exact job, it might seem a little loopy to throw 20 LM324 op-amps at the job. But as [gschmidt958] explains, this is strictly for the challenge, plus it made a nice entry in the recently concluded Op-Amp Challenge contest. His work began in simulation, exploring op-amp versions of the basic logic gates — NAND, AND, OR, and NOT — all of which rely on using the LM324s as comparators. There were real-world curveballs, of course, not least of which was running out of the 10k resistors used for input averaging. Another plot twist was running out of time to order a PCB, which required designing one using MS Paint and etching it at home.

The demo video below shows the circuit at work, taking the BCD output of a 74HC393 counter — clocked by a 555, naturally — and driving a seven-segment LED.  It’s honestly a lot of work for such a simple task, but there’s something satisfying about the whole project. We think [Widlar] would be proud.

Continue reading “Op-Amp Challenge: A Logic-Free BCD”

Robotic Fox Is Part Dog, Part Cat — Just Like The Real Thing

June 8, 2023 by 8 Comments

Foxes are cat software running on dog hardware, or so they say. And [Will Cogley] seems to have taken that to heart with this 3D-printed robotic fox, which borrows heavily from projects like Boston Dynamics Spot robodog. True, the analogy breaks down a bit when you include MIT’s Cheetah on the inspiration list, but you get the point.

Very much a work in progress — [Will]’s RoboFox lacks both a head and a tail, which he aims to add at some point — there are some interesting design elements on display here. Whereas commercial quadruped robots tend to use expensive harmonic drives for the legs, [Will] chose simpler, cheaper hobby servos for his fox’s running gear. Each leg has three of them — one each for the upper and lower leg, and another that moves the whole leg in and out relative to the body. The dual-servo design for the leg is particularly interesting — one servo drives the upper leg directly, while the other servo drives the lower leg through a gear drive and a captive bearing arrangement connected to a parallelogram linkage. The result is a quite compact assembly that still has twelve degrees of freedom, and isn’t anywhere near as “floppy” as you might expect from something driven by hobby servos.

The video below shows off the design details as well as some of the fox’s construction, including some weirdly anatomically correct poses while it’s on its back. The fox is still getting its legs — you can see a few times when the servos get the jitters, and the umbilical is clearly a hindrance for such a lightweight robot. But [Will] has made a great start here, and we’re keen to see RoboFox progress. Although we’re not sure about giving the future head animatronic eyes.

Continue reading “Robotic Fox Is Part Dog, Part Cat — Just Like The Real Thing”

Nissan 300zx Dash Given A New Language

June 8, 2023 by 6 Comments

You don’t have to be a car enthusiast to recognize that the 1984 Nissan 300x dash is a work of art. The graceful swoops and multisegment VFDs evoke an aesthetic that reminds us of a particular era. Rather than replace his dash with something drab and modern, [Evan] modified his dash to accept input from newer devices. Many of the sensors that feed directly into the dash are becoming harder to find as the years wear on, and rather than spoof every old device, [Evan] looked at each gauge.

Temperature and oil pressure are variable resistance sensors, and by removing half the voltage divider, it becomes a variable voltage sensor, as modern temperature sensors can output a voltage from 0 to 5. The tachometer required tracing the signal through the PCB as it expects a pulse every time a cylinder fires. By simulating cylinder pulses with a function generator, [Evan] found the filtering circuit and the microcontroller pin monitoring it. An optoisolator to protect the delicate MCU makes it easy to pipe the signal directly in.

Of course, not everything needed to be modified. A vacuum sensor provides a signal to the dash to indicate how much power the engine produces, which is pretty easy to spoof with a teensy connected to the CAN bus. All these mods are easily reversible and allow [Evan] to keep rocking the iconic dash with a more modern engine.

It’s an incredible hack that offers a view into how to trace, understand, and hack old electronics. Of course, if you’re keeping old built-in car bits, why not keep the carphone but connect it to your smartphone?