This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming

November 13, 2020 by 9 Comments

Git’s Large File System is a reasonable solution to a bit of a niche problem. How do you handle large binary files that need to go into a git repository? It might be pictures or video that is part of a project’s documentation, or even a demonstration dataset. Git-lfs’s solution is to replace the binary files with a text-based pointer to where the real file is hosted. That’s not important to understanding this vulnerability, though. The problem is that git-lfs will call the main git binary as part of its operation, and when it does so, the full path is not used. On a Unix system, that’s not a problem. The $PATH variable is used to determine where to look for binaries. When git is run, /usr/bin/git is automagically run. On a Windows system, however, executing a binary name without a path will first look in the current directory, and if a matching executable file is not found, only then will the standard locations be checked.

You may already see the problem. If a repository contains a git.exe, git.bat, or another git.* file that Windows thinks is executable, git-lfs will execute that file instead of the intended git binary. This means simply checking out a malicious repository gets you immediate code execution. A standard install of git for Windows, prior to 2.29.2.2, contains the vulnerable plugin by default, so go check that you’re updated!

Then remember that there’s one more wrinkle to this vulnerability. How closely do you check the contents of a git download before you run the next git command? Even with a patched git-lfs version, if you clone a malicious repository, then run any other git command, you still run the local git.* file. The real solution is pushing the local directory higher up the path chain. Continue reading “This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming”

Low-Tech Fix Saves Expensive, High-Tech TV From Junk Pile

October 27, 2020 by 67 Comments
Wiggling this connector caused the backlight to turn off and on.

[Tweepy]’s TV stopped working, and the experience is a brief reminder that if a modern appliance fails, it is worth taking a look inside because the failure might be something simple. In this case, the dead TV was actually a dead LED backlight, and the fix was so embarrassingly simple that [Tweepy] is tempted to chalk it up to negligently poor DFM (design for manufacture) at best, or even some kind of effort at planned obsolescence at worst.

What happened is this: the TV appeared to stop working, but one could still make out screen content while shining a bright light on the screen. Seeing this, [Tweepy] deduced that the backlight had failed, and opened up the device to see if it could be repaired. However, the reason for the backlight failure was a surprise. It was not the power supply, nor even any of the LEDs themselves; the whole backlight wouldn’t turn on because of a cheap little PCB-to-PCB connector, and the two small spring contacts inside that had failed.

The failed connector, once cut open, showed contacts in poor condition (click to enlarge). It was ditched for a soldered connection, and the TV lived again.

From the outside things looked okay, but wiggling the connector made the backlight turn on and off, so the connection was clearly bad. Investigating further, [Tweepy] saw that the contact points of the PCBs and the two little conductors inside the connector showed clear signs of arcing and oxidation, leading to a poor connection that eventually failed, resulting in a useless TV. The fix wasn’t to clean the contacts; the correct fix was to replace the connector with a soldered connection.

Using that cheap little connector doubtlessly saved some assembly time at the factory, but it also led to failure within a fairly short amount of time. Had [Tweepy] not been handy with a screwdriver (or not bothered to investigate) the otherwise working TV would doubtlessly have ended up in a landfill.

It serves as a good reminder to make some time to investigate failures of appliances, even if one’s repair skills are limited, because the problem might be a simple one. Planned obsolescence is a tempting doorstep upon which to dump failures like this, but a good case can be made that planned obsolescence isn’t really a thing, even if manufacturers compromising products in one way or another certainly is.

TV Output From Arduino — 1980s Style!

September 11, 2020 by 20 Comments

We’ll admit it, we’re all spoiled. A few bucks can now buy a computer that would have been the envy of everyone back in the late 1970s or early 1980s. So it’s no surprise that [krallja] was able to use an old-style video output chip to drive a TV with an Arduino. The TMS9918A is a venerable output device, and if the old computers could drive it then it makes sense that a modern computer could too. You can see a video of the whole experiment, below.

The Internet has also spoiled us, in that it’s dead simple to find datasheets for nearly anything, even these old chips. The only real problem with such aged silicon is that they typically expect a processor with a data and address bus, but most microcontrollers now keep all of that internal. But with enough fast I/O you can simulate a bus just fine. For now, the experiment just cycles through the color output.

Continue reading “TV Output From Arduino — 1980s Style!”

Pocket TV Now Shows The Inspection Channel 24/7

August 31, 2020 by 9 Comments

Those little pocket TVs were quite the cool gadget back in the ’80s and ’90s, but today they’re pretty much useless at least for their intended purpose of watching analog television. (If someone is out there making tiny digital-to-analog converter boxes for these things, please let us know.)

Now that analog pocket TVs are obsolete, they’re finally affordable enough for hacking into a useful tool like an inspection camera. [technichenews] found a nice Casio TV and a suitable analog pinhole camera that also does IR. Since the camera has RCA plugs and the TV’s video input is some long-gone proprietary 3.5mm cable, [technichenews] made a new video-only cable by soldering the yellow RCA wires up to the cable from an old pair of headphones. Power for the camera comes from a universal wall wart set to 12V.

Our favorite part of this project is the way that [technichenews] leveraged what is arguably the most useless part of the TV — the antenna — into the star. Their plan is to use the camera to peer into small engines, so by mounting it on the end of the antenna, it will become a telescoping, ball-jointed, all-seeing eye. You can inspect the build video after the break.

Need a faster, easier way to take a closer look without breaking the bank? We hear those slim earwax-inspection cameras are pretty good.

Continue reading “Pocket TV Now Shows The Inspection Channel 24/7”

VR Technology Helps Bring A Galaxy Far, Far Away To Our TV

August 27, 2020 by 18 Comments

Virtual reality is usually an isolated individual experience very different from the shared group experience of a movie screen or even a living room TV. But those worlds of entertainment are more closely intertwined than most audiences are aware. Video game engines have been taking a growing role in film and television production behind the scenes, and now they’re stepping out in front of the camera in a big way for making The Mandalorian TV series.

Big in this case is a three-quarters cylindrical LED array 75 ft (23 m) in diameter and 20 ft (6 m) high. But the LEDs covering its walls and ceiling aren’t pointing outwards like some installation for Times Square. This setup, called the Volume, points inward to display background images for camera and crew working within. It’s an immersive LED backdrop and stage environment.

Incorporating projected imagery on stage is a technique going at least as far back as 1933’s King Kong, but it is very limited. Lighting and camera motion has to be very constrained in order to avoid breaking the fragile illusion. More recently, productions have favored green screens replaced with computer imagery in post production. It removed most camera motion and lighting constraints, but costs a lot of money and time. It is also more difficult for actors to perform their roles convincingly against big blank slabs of green. The Volume solves all of those problems by putting computer-generated imagery on set, rendered in real time via video game engine Unreal.

Continue reading “VR Technology Helps Bring A Galaxy Far, Far Away To Our TV”

Driving A PAL TV Over RF Thanks To PWM Harmonics

August 26, 2020 by 11 Comments

While most analog televisions come with composite video inputs on a yellow RCA jack, the feature is not universal. This problem was even more prevalent in the 1980s, and most home consoles got around the problem by instead feeding video to the television’s tuner with an RF modulator. [Manzel Seet] had just such a television which used the PAL standard. Wanting to display images from a microcontroller, he put together PAL-Streamer.

The aim of the project was to display images on an analog television with minimal investment in hardware over and above what [Manzel] already had on hand. To this end, the project was built using a STM32F411 Nucleo development board. Capable of running at clock speeds up to 100 MHz, there’s plenty of grunt to handle demanding tasks like outputting video signals to a TV.

To achieve the target frequency of VHF Channel 3 (61.25 MHz), [Manzel] elected to rely on the onboard PWM hardware, after being inspired by [CNLohr]’s ATTiny NTSC project. The project takes advantage of the odd harmonics of square waves. Setting the PWM output to operate at 6.86 MHz, the ninth harmonic ends up at around 61.71 MHz, close enough to be tuned in on the TV set. With the hard part done, [Manzel] then implemented a virtual COM port allowing an attached PC to send PNG images or GIF animations to the display.

It’s a fun project that shows it’s possible to drive all kinds of analog displays if you’re willing to be creative about how you do it. Files are available on GitHub for those eager to recreate the work. [Manzel] points out that this method does put out a lot of RF energy in the surrounding bands, but for direct hookup to an antenna input, it works just fine. We love to see creative video projects on microcontrollers, so if you’ve figured out how to get an Arduino Uno to do 1080P over HDMI, be sure to let us know. Video after the break.

Continue reading “Driving A PAL TV Over RF Thanks To PWM Harmonics”

Transparent OLED Hitting The Market With Xiaomi’s Mi TV LUX Transparent Edition

August 21, 2020 by 46 Comments

One of the major advantages of OLED over LCD panels is that the former can be made using far fewer layers as the pixels themselves are emitting the light instead of manipulating the light from a backlight. This led some to ask the question of whether it’s possible to make an OLED panel that is transparent or at least translucent. As Xiaomi’s new Mi TV LUX OLED Transparent Edition shows, the answer there is a resounding ‘yes’. Better yet, for a low-low price of about $7,200 you can own one of these 55″ marvels.

Transparent OLED technology is not new, of course. Back in 2018 LG was showing off a prototype TV that used one of the early transparent OLED panels. In the video that is embedded after the break, [Linus] from Linus Tech Tips goes hands-on with that LG prototype while at LG in South Korea, while including a number of crucial details from an interview from one of the engineers behind that panel.

As it turns out, merely removing the opaque backing from an OLED panel isn’t enough to make it transparent. In order for an OLED panel to become transparent, the circuitry in the pixel layer and TFT layer need to be aligned as best as possible to allow for many, many tiny holes to be punched through the display.

Looking at [Linus]’s experiences with the LG prototype, it does appear that this kind of technology would be highly suitable for signage purposes, while also allowing for something like an invisible television or display in a room that could be placed in front of a painting or other decoration. Once displaying an image, the screen is bright enough that you can comfortably make out the image. Just don’t put any bright lights behind the TV.

Anyone else anxious waiting for sub-10″ versions of these panels?

Continue reading “Transparent OLED Hitting The Market With Xiaomi’s Mi TV LUX Transparent Edition”