Matthew [wrongbaud] Alt Is Fighting The Good Fight

September 30, 2022 by 6 Comments

In a perfect world, all of our electronic devices would come with complete documentation, and there’d be open source libraries available for interfacing them with whatever we wanted. There’d never be arbitrary lockouts preventing us from using a piece of hardware in a way the manufacturer didn’t approve of, and the “cloud” wouldn’t be a black-box server in some data center on the other side of the planet, but a transparent and flexible infrastructure for securely storing and sharing information.

Unfortunately, that’s not the world we live in. What’s worse, rather than moving towards that electronic utopia, the industry appears to be heading in the opposite direction. It seems like every month we hear about another service shutting down and leaving viable hardware to twist in the wind. Just yesterday Google announced they’d be retiring their Stadia game streaming service early next year — leaving users with unique Internet-connected controllers that will no longer have a back-end to communicate with.

Matthew Alt

Luckily for us, there’s folks like Matthew [wrongbaud] Alt out there. This prolific hacker specializes in reverse engineering, and has a knack not just for figuring out how things work, but in communicating those findings with others. His conquests have graced these pages many times, and we were fortunate enough to have him helm the Introduction to Reverse Engineering with Ghidra class for HackadayU back in 2020. This week, he stopped by the Hack Chat to talk about the past, present, and future of reverse engineering.

Matthew got his start in reverse engineering during college, when he was working in a shop that specialized in tuning engine control units (ECUs). He was responsible for figuring out how the ECUs functioned, which ultimately would allow them to be modified to improve engine performance beyond the vehicle’s stock configuration. Sometimes that involved uploading modified calibration data, or disabling functions that were detrimental to engine performance. These software changes could potentially increase engine output by as much as 50 HP, though he says that sometimes the goal was to simply increase throttle response so the vehicle would feel more aggressive on the road.

Moving on to the tools of the trade, Matthew explained why he prefers using Ghidra for embedded targets over classic reverse engineering tools like IDA Pro. As an example he points to a recent project where he used Ghidra’s API and intermediary language PCode to crack passwords in Game Boy Advance games. Though he does mention that IDA still has its place if you’re looking to peek into some Windows C++ software.

Matthew also pointed to new techniques and tools for working with fault injection which have opened up a lot of exciting possibilities over the last few years. In fact, he says tools like ChipWhisperer will become invaluable as newer devices adopt advanced security features. When gadgets are using secure boot and encrypted firmware, gaining access is going to take a bit more than just finding an unleaded serial port on the board. Glitching attacks will become more commonplace, so you might as well get up to speed now.

Colin O’Flynn’s ChipWhisperer makes side-channel power analysis and glitching attacks far more accessible.

To that end, Matthew pointed out a number of instructional courses that he and other hardware hackers such as Joe Grand have put together for those who want to get started with practical reverse engineering and have some disposable income. For those who’d rather work though it on their own, he dropped links to several Capture-the-Flag (CTF) events and wargames you can use to hone your skills.

We’d like to thank Matthew Alt for not just stopping by the Hack Chat, but for being such a good friend to the Hackaday community. His work has been inspirational for all of us here, and it’s always exciting when he’s penned a new blog post detailing another challenge bested. The next time your favorite MegaCorp releases some anti-consumer gadget, you can take some comfort in knowing he’s still out there bending hardware to his will.

The Hack Chat is a weekly online chat session hosted by leading experts from all corners of the hardware hacking universe. It’s a great way for hackers connect in a fun and informal way, but if you can’t make it live, these overview posts as well as the transcripts posted to Hackaday.io make sure you don’t miss out.

Hackaday Podcast 187: The Sound Of Gleeful Gerbils, The Song Of The Hard Drive, And A Lipstick Pickup Lullaby

September 30, 2022 by 2 Comments

This week, Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos gushed about NASA’s live obliteration of minor planet Dimorphos using a probe outfitted with a camera. Spoiler alert: the probe reaches its rock-dappled rocky target just fine, and the final transmitted image has a decidedly human tinge.

Kristina brought the mystery sound again this week, much to Elliot’s sonic delight. Did he get it? Did he figure it out? Well, no. The important thing is one of you is bound to get it.

We kick off the hacks with a really neat 3D printed linkage that acts as an elevator for a marble run, and then we discuss a mid-century hack that helps you decide whether it’s time to emerge from the fallout shelter using the contents of your typical 1950s pockets. We spent a few minutes comparing our recent radiation exposure levels  — Kristina wins with about a dozen x-rays so far this year, but no full-body CT scans. Then we talk guitars for a bit, remember a forgotten CPU from TI, and spend a few cycles talking about a tone-wheel organ that sounds like a chorus of gleeful gerbils.

Finally, we talk toner transfer for 3D prints, argue in defense of small teams versus large committees, and get all tangled up in cursive.

Direct download.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 187: The Sound Of Gleeful Gerbils, The Song Of The Hard Drive, And A Lipstick Pickup Lullaby”

Microsoft Wants You (To Help With Assistive Tech)

September 30, 2022 by 12 Comments

In college I had an exceptional piano teacher that was entirely blind. One day he noticed I had brought in my new-ish laptop, and his unexpected request — “can I look at your laptop?” — temporarily flabbergasted me. Naturally there wasn’t much he could do with it, so he gave it a once over with his fingers to understand the keyboard layout, and that was that. I still think about this experience from time to time, and the most obvious lesson is that my paradigm for using a computer didn’t map well to his abilities and disability.

The folks at Microsoft are thinking about this problem, too, and they’re doing a lot of work to make technology work for more users, like the excellent Xbox Adaptive Controller pictured above. Now, if you have some experience helping folks overcome the challenges of disability, or have a killer idea for an assistive technology solution, Microsoft is looking for projects to fund. Did you rig up a Raspberry Pi and webcam to automatically read text aloud? Maybe you pulled that old Kinect out, and are working on sign-language reader using 3D data points.

Make a pitch of your project or solid idea by the November 4th deadline, and just maybe you can get some help to make it a reality. Just make sure you come back and tell us about it! After all, some of the coolest hacks we’ve ever covered have been adaptive tech projects.

Thanks to [MauroPichiliani] for sending in this tip.

This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR

September 30, 2022 by 13 Comments

According to researchers at GTSC, there’s an unpatched 0-day being used in-the-wild to exploit fully patched Microsoft Exchange servers. When they found one compromised server, they made the report to Microsoft through ZDI, but upon finding multiple Exchange servers compromised, they’re sounding the alarm for everyone. It looks like it’s an attack similar to ProxyShell, in that it uses the auto-discover endpoint as a starting point. They suspect it’s a Chinese group that’s using the exploit, based on some of the indicators found in the webshell that gets installed.

There is a temporary mitigation, adding a URL-based request block on the string .*autodiscover\.json.*\@.*Powershell.. The exact details are available in the post. If you’re running Exchange with IIS, this should probably get added to your system right now. Next, use either the automated tool, or run the PowerShell one-liner to detect compromise: Get-ChildItem -Recurse -Path -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200. This one has the potential to be another really nasty problem, and may be wormable. As of the time of writing, this is an outstanding, unpatched problem in Microsoft Exchange. Come back and finish the rest of this article after you’ve safed up your systems.

Continue reading “This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR”

Slap This Big Red Button For An Instant Social Media Detox

September 30, 2022 by 8 Comments

Dangerous machines, like ones that can quickly reduce you to a fine red mist or a smoking cinder, tend to have a Big Red Button™ to immediately stop whatever the threat is. Well, if a more dangerous machine than social media has ever been invented, we’re not sure what it would be, which is why we’re glad this social media kill switch exists.

The idea behind [Gunter Froman]’s creation is to provide a physical interface to SocialsDetox, a service that blocks or throttles connectivity to certain apps and websites. SocialDetox blocks access using either DNS over HTTPS (DoH) or, for particularly pesky and addictive apps, a service-specific VPN. The service does require a subscription, the cost of which varies by the number of devices you want to protect, but the charges honestly seem pretty reasonable.

While SocialsDetox can be set up to block access on a regular schedule, say if you want to make the family dinner a social-free time, there may be occasions where killing social access needs to happen right now. This is where the Big Red Button comes into it, which is attached to a Wemos D1 Mini. Pressing the kill switch sends an API request to either enable or disable the service, giving you a likely much-needed break from the swirling vortex of hate and envy that we all can’t seem to live without. Except for Hackaday, of course — it’s totally not like that here.

The irony of using an IoT appliance to restrict access to social media is not lost on us, but you work with the tools you’ve got. And besides, we like the physical interface here, which sort of reminds us this fitting enclosure for a PiHole.

This Computer Is Definitely Not A Toy

September 30, 2022 by 6 Comments

If you’ve ever eyed up a kids laptop and wondered whether it could take an upgrade with a single board computer, you’re not alone. [Labz] have taken a couple of Brazilian Max Steel toy computers from a decade or more ago, and made them into usable if unconventional portable computers (Brazilian Portuguese, but YouTube’s subtitle translation is your friend).

The computers are similar to the ones you may be familiar with from the likes of VTech, a QWERTY keyboard and fairly conventional form factor but with a tiny monochrome LCD and a few built-in games. In the video below the break we see both the laptop and desktop variants butchered with a rotary tool to receive new larger screens, with the laptop getting a Raspberry Pi and the desktop getting a small form factor PC. The laptop needed a 3D printed extension to make extra space, while the desktop received a PCI Express extension cable for a video card. Finally, an Arduino took care of the keyboard.

The cherry on the cake for this video comes at the end, when they find the now-grown-up kid from the original advert. Meanwhile, kids computers have featured here before a few times.

Continue reading “This Computer Is Definitely Not A Toy”

Building A Replica Of An Obscure Romanian Computer

September 29, 2022 by 5 Comments

We’ve all seen emulated Apple II and Commodore 64 boards about the place. Few of us have heard of the Romanian ZX Spectrum clone known as the Cobra, let alone any efforts to replicate one. However, [Thomas Sowell] has achieved just that, and has shared the tale with us online.

The Cobra was named for its origins in the city of Brasov – hence, COmputer BRasov. The replica project was spawned for a simple reason. Given that sourcing an original Romanian Cobra would be difficult, [Thomas] realized that he could instead build his own, just as many Romanians did in the 1980s. He set about studying the best online resources about the Cobra, and got down to work.

The build started with board images sourced from Cobrasov.com, and these were used to get a PCB made. [Thomas] decided to only use vintage ICs sourced from the Eastern Bloc for authenticity’s sake, too. Most came from the former USSR, though some parts were of East German, Romanian, or Czechoslovakian manufacture. The project took place prior to the Russian invasion of Ukraine, so there weren’t any hassles shipping across borders.

With everything hooked up and the EEPROMs given a real Cobra ROM image, the computer burst into life. There were some hiccups, with an overheating video IC and some memory glitches. However, with some nifty tweaks and replacements subbed in, the computer came good. Other work involved adding a custom keyboard and modifying 3.5″ floppy drives to work with the system.

Overall, the build is a faithful tribute to what was an impressive piece of engineering from behind the Iron Curtain. [Thomas]’s work also embodies the DIY ethos behind many homebrew Cobra computers built back in the day.

If all this talk has got you curious about the full history of the Cobra and Romania’s underground computer movement, we have everything you’re looking for right here!