This Week In Security: Insecure Chargers, Request Forgeries, And Kernel Security

August 6, 2021 by 13 Comments

The folks at Pen Test Partners decided to take a look at electric vehicle chargers. Many of these chargers are WiFi-connected, and let you check your vehicle’s charge state via the cloud. How well are they secured? Predictably, not as well as they could be.

The worst of the devices tested, Project EV, didn’t actually have any user authentication on the server side API. Knowing the serial number was enough to access the account and control the device. The serial numbers are predictable, so taking over every Project EV charger connected to the internet would have been trivial. On top of that, arbitrary firmware could be loaded remotely onto the hardware was possible, representing a real potential problem.

The EVBox platform had a different problem, where an authenticated user could simply specify a security role. The tenantadmin role was of particular interest here, working as a superadmin that could see and manage multiple accounts. This flaw was patched within an impressive 24 hours. The EVBox charger, as well as several other devices they checked had fundamental security weaknesses due to their use of Raspberry Pi hardware in the product. Edit: The EVBox was *not* one of the devices using the Pi in the end product.

Wait, What About the Raspberry Pi?

Apparently the opinion that a Raspberry Pi didn’t belong in IoT hardware caught Pen Test Partners some flack, because a few days later they published a follow-up post explaining their rationale. To put it simply, the Pi can’t do secure boot, and it can’t do encrypted storage. Several of the flaws they found in the chargers mentioned above were discovered because the device filesystems were wide open for inspection. A processor that can handle device encryption, ideally better than the TPM and Windows Bitlocker combination we covered last week, gives some real security against such an attack. Continue reading “This Week In Security: Insecure Chargers, Request Forgeries, And Kernel Security”

Overhauling A Battle Bot

August 6, 2021 by No comments

Where do old battle bots go to die? Well the great parts-bin in the sky corner of the workshop, where they await disassembly and use in other projects. But once in a while, if a battle bot is really lucky, they get pulled out again and put back into working order. So is the story [Charles] is telling about Overhaul 1, a hulk of a robot who was last see in fighting shape during the 2015 season of the show.

Having been succeeded by newer designs (Overhaul 2 and Overhaul 3), it’s a surprise to see some work being poured into these old bones. It didn’t escape the parts bin unscathed, having lost it’s wheels to another design called sadbot. What’s in place now are “shuffle drive pods”, a cam-based system that kind of crawls the robot along. They’re fun to watch in action in the video after the break, just make sure to turn your volume way down first. It’s no wonder [Charles] plans to replace them with newly-designed wheel modules.

In the heat of a match these things take a lot of damage, and the frame of Overhaul 1 was still twisted and mangled. A hydraulic tire jack is the tool of choice as the damage was caused externally and needed to be pushed out from the inside. As a testament to how these things are built, any old jack just won’t do and a 20-ton unit was acquired for the purpose. A set of prongs on the front (called pontoons) was also bent inward and required a chain and a come-along to pull them out.

The nice thing about revisiting projects years later is that technology tends to move forward. We can imagine that the design work [Charles] has in progress for a new set of wheel modules is much easier, and the parts (motors, drivers, batteries, etc) of a much higher quality than when first built over half a decade ago. This is the first installment in the overhaul of Overhaul series, which we’ll be keeping an eye on.

Need to sate your appetite for how to build indestructible robots? Check out how the indestructible wheels for the “Copperhead” bot are fabricated!

Continue reading “Overhauling A Battle Bot”

SBITX: Hackable HF SDR For The Raspberry Pi

August 6, 2021 by 32 Comments

Cheap, easy to use SDR dongles are an immensely powerful tool for learning about radio technology. However, building your own SDR is not something too many hackers are confident to tackle. [Ashhar Farhan, VU2ESE] hopes to change this with the sBITX, a hackable HF SDR transceiver designed around the Raspberry Pi.

[Ashhar] introduced the project in talk at the virtual “Four Days In May” annual conference of the QRP Amateur Radio Club International. Watch the full talk in the video after the break. He first goes over the available open source SDR radios, and then delves into his design decisions for the sBITX. One of the primary goals of the project was to lower the barrier of entry. To do this, he chose the Raspberry Pi as base, and wrote C code that that anyone who has done a bit of Arduino programming should be able to understand and modify. The hardware is designed to be as simple as possible. On the receive side, a simple superheterodyne architecture is used to feed a 25 kHz wide slice of RF spectrum to an audio codec, which send the digitized audio to the Raspberry Pi. The signal is then demodulated in software using FFT. For transmit, the signal is generated in software, and then upconverted to the desired RF frequency. [Ashhar] also created a GUI for the 7″ Raspberry Pi screen.

At the moment the sBITX is still in the development stage, information is spread between the video after the break, it’s accompanying PDF, the GitHub repo, and a thread on the BITX20 group.

[Ashar Farhan] is well known in the ham radio community for low cost radio designs like the BITX, and it’s successor, the μBITX. He also created the Antuino, an Arduino based antenna tester. Continue reading “SBITX: Hackable HF SDR For The Raspberry Pi”

Vintage Test Equipment Addiction Justified

August 5, 2021 by 2 Comments

Recore 3D printer board developer [Elias Bakken] has posted about the automatic test procedure he developed using a stack-up of four (at least) pieces of vintage HP test equipment. In addition, his test jig and test philosophy is quite interesting.

Besides making a bed-of-nails test jig, he also designed a relay multiplexing board to that selects one of the 23 different voltages for measurement. We like his selection of mechanically latching relays in this application — not only does it save power, but it doesn’t subject the test board to any magnetic fields (except when switching state).

In [Elias]’s setup, the unit under test (UUT) actually orchestrates the testing process itself. This isn’t as crazy as it might sound. The processor is highly integrated in one package plus external DRAM. If the CPUs boot up at all, and pass simple self-test routines, there’s no reason not to utilize the on-board processor as the main test control computer. This might be a questionable decision if your processor was really small with constrained resources and connectivity. But in the case of Recore, the processor is a four-core ARM A53 SoC running Debian Linux — an arrangement that itself could well serve as an automated test computer in other projects.

In the video down below, [Elias] walks us through the basic tests, and then focuses on the heart of the Recore board tests: calibrating the input signal conditioning circuits. Instead of using very expensive precision resistors, [Elias] selected more economical 1% resistors to use in the preamp circuitry. The tradeoff here is the need to calibrate each channel, perhaps at multiple temperature points. This is a situation where using a test jig, automated test scripts, and and stack of programmable test equipment really shines.

[Elias] is still pondering some issues he found trying to calibrate thermocouples, so his adventure is not quite over yet. If you are wondering what Recore is, check out this article from back in June. Have you ever used the microprocessor on a circuit board to test itself, either standalone or in conjunction with an external jig? Let us know in the comments below.

Continue reading “Vintage Test Equipment Addiction Justified”

Raspberry Pi Pico Used As A Transputer

August 5, 2021 by 43 Comments

You can’t fake that feeling when a $4 microcontroller dev board can stand in as cutting-edge 1980s technology. Such is the case with the working transputer that [Amen] has built using a Raspberry Pi Pico.

For a thorough overview of the transputer you should check out [Jenny List’s] longer article on the topic but boiled down we’re talking about a chip architecture mostly forgotten in time. Targetting parallel computing, each transputer chip has four serial communication links for connecting to other transputers. [Amen] has wanted to play with the architecture since its inception. It was expensive back then and today, finding multiple transputers is both difficult and costly. However, the RP2040 chip found on the Raspberry Pi Pico struck him as the perfect way to emulate the transputer design.

The RP2040 chip on the Pico board has two programmable input/output blocks (PIOs), each with four state machines in them. That matches up perfectly with the four transputer links (each is bi-directional so you need eight state machines). Furthermore, the link speed is spec’d at 10 MHz which is well within the Pico’s capabilities, and since the RP2040 runs at 133 MHz, it’s conceivable that an emulated core can get close to the 20 MHz top speed of the original transputers.

Bringing up the hardware has been a success. To see what’s actually going on, [Amen] sourced some link adapter chips (IMSC011), interfacing them through an Arduino Mega to a computer to use the keyboard and display. The transputer architecture allows code to be loaded via a ROM, or through the links. The latter is what’s running now. Future plans are to figure out a better system to compile code, as right now the only way is by running the original INMOS compiler on DOS in a VM.

Listen to [Amen] explain the project in the first of a (so far) six video series. You can find the links to the rest of those videos on his YouTube channel.

Continue reading “Raspberry Pi Pico Used As A Transputer”

Kinesis + Teensy = QMK Advantage Over Your Keyboard

August 5, 2021 by 11 Comments

Back in 2013, [Michael Stapelberg] created what is lovingly referred to as the Stapelberg controller: a replacement keyboard controller for the original Kinesis Advantage, the decades-old darling of the ergonomic clacking world. Whether you’re building a new keeb, you’ve got a broken Kinesis, or you simply want to run QMK on the thing and don’t mind getting your hands dirty, there’s a new Stapelberg controller on the block. It’s called the kinT, for Kinesis + Teensy.

[Michael] built kinT in response to the Advantage 2, which came along in 2017 and changed the way the thumb clusters connect to the main board from a soldered cable to an FPC connector. Whereas the original Stapelberg controller was built in Eagle, this one was done in KiCad and is open-source, along with the firmware. You can use a Teensy 4 with this board but if you don’t have one, don’t worry — kinT is backwards-compatible with pretty much every Teensy, and it will even work on the original Advantage.

Are you on the fence about going full ergo? Check out my in-depth review of the original Kinesis Advantage I got that’s almost 20 years old and still clacking along like new. But don’t wait for a repetitive stress injury to go full ergo. Trust me.

Custom Caliper Tracks For When You’re Going The Distance

August 5, 2021 by 15 Comments

The working principle of digital calipers is mysterious enough that we’d never think to dismantle, much less improve them, right? Well, think again, as [Limi DIY] retrofits the processing element onto a custom track, extending the calipers measurement distance to a whopping 650 mm. Combined with a prior project to extract the measurement data, the result makes for a working multi-axis digital readout, a handy device for machine tools like a manual lathe or milling machine.

Digital calipers operate on the principle of measuring an array of variable capacitors. If we scratch our heads and look back at our physics notes, we’ll recall that the capacitance between two parallel conductive plates is linearly proportional to the surface area. By fixing one dimension of both plates and by sliding one plate over the other, we effectively change the area, giving ourselves a simple linear displacement sensor! (There are some classy error-correcting techniques too, and this [PDF] is a great place to look for more details.)

The theory takeaway is that this array of parallel plates can be embedded directly into a printed circuit board. We just need to know the dimensions. After some close measurement work, [Limi DIY] extracted the crucial measurements and fabbed a PCB with the pattern duplicated over 650 mm. After retrofitting the original processing element onto this new track, they had a working measurement device that’s far longer than the original!

If you’ve ever been tempted to disassemble your calipers but too nervous to bite off the investment, now’s your chance to follow along as [Lima DIY] demonstrates the gratuitous disassembly process for you in video format. And the fruits of their labor is also captured on a project post that includes the key dimensions if you’re looking to do the same thing.

If you’re looking for other ways to improve your calipers, why not start by giving them a major battery life boost.

Thanks to [absd] via [Jubilee Discord] for the tip!

Continue reading “Custom Caliper Tracks For When You’re Going The Distance”