This Week In Security: APT Targeting Researchers, And Someone Watching All The Cameras

March 12, 2021 by 16 Comments

Microsoft’s Patch Tuesday just passed, and it’s a humdinger. To add the cherry on top, two seperate BSOD inducing issues led to Microsoft temporarily pulling the update.

Among the security vulnerabilities fixed is CVE-2021-26897, another remote code exploit in the Windows DNS server. It’s considered a low-complexity attack, but does require local network access to pull off. CVE-2021-26867 is another of the patched vulnerabilities that sounds very serious, allowing an attacker on a Hyper-V virtual machine to pierce the barrier and run code on the hypervisor. The catch here is that the vulnerability is only present when using the Plan 9 filesystem, which surely limits the scope of the problem to a small handful of machines.

The most interesting fixed flaw was CVE-2021-26411 a vulnerability that allowed remote code execution when loading a malicious web page in either IE or pre-chromium Edge. That flaw was actively being exploited in a unique APT campaign, which we’ll cover right after the break.

Continue reading “This Week In Security: APT Targeting Researchers, And Someone Watching All The Cameras”

The IEEE Builds A Smart Watch

March 6, 2021 by 24 Comments

It used to be that building your own watch was either a big project or it meant that you didn’t really care about how something looked on your wrist. But now with modern parts and construction techniques, a good-looking smart watch isn’t out of reach of the home shop. But if you don’t want to totally do it yourself, you can turn to a kit and that’s what [Stephen Cass] did. Writing in IEEE Spectrum, he took a kit called a Watchy and put it through its paces for you.

Watchy is an open source product that uses an ESP32, an E-ink display, and costs about $50. The display is 1.5 inches — good enough for a watch — and it has a real time clock, a vibration motor, an accelerometer, and four buttons. The whole thing runs on a 200 mAh lithium polymer battery. The charger is microUSB and you can also upload software to it using the usual Arduino tools.

However, [Stephen] found that none of the examples he tried would work at first. He found problems with the Mac software, but he also had problems under Windows. The answer? Switching to a Raspberry Pi seemed to work and once the watch was wiped clean, the Mac tools would work, too. It sounds like this isn’t a common problem, but he has to erase the watch with the Pi before each programming cycle.

Unlike a normal Arduino program, all the work in a typical Watchy program happens in setup() so the watch can mostly sleep and it updates the 200×200 typically just once a minute. As an example, [Stephan] wrote a watch face that uses an old Irish alphabet to tell time. He plans to add code to grab online data, too, and the phone has support for connecting wirelessly and parsing JSON to make tasks like that easier.

We always thought the EZ430-Chronos was a good-looking watch, but its screen is dated now. You can also pick up a lot of cheap import watches that can be hacked.

Apple Watch Gets Custom Transparent Case

January 27, 2021 by No comments

The Apple Watch was the tech company’s attempt to bring wrist computers into the mainstream. It’s naturally available in a variety of fits and finishes, but if you want something properly original, you’ve got to go custom. [Useless Mod] does just that with a clear case for the popular smartwatch.

The mod starts with a patient, careful disassembly of the watch – necessary given the delicate components inside. It’s achieved in the end with only having to drill out 1 screw and an unfortunately snapping of the crown wheel axle. However, [Useless Mod] presses on, and silicone casts the original Apple enclosure. The video goes over all the finer points, from degassing to using strips of acrylic plastic to act as runners. Once done, the silicone mold is used to produce a replica case in transparent epoxy, and the watch is reassembled.

The final result is impressive, with the case optically clear and showing off the watch’s internals. The look is improved by removing some of the original insulation tape to better reveal the PCBs inside. Unfortunately, the design of the watch, which is largely covered by a screen and heartbeat sensor, means it’s not the greatest choice for a clear case mod, but it works nonetheless. We’ve seen similar work before from [Useless Mod] too – like this transparent drone case for the Mavic Mini. Video after the break.

Continue reading “Apple Watch Gets Custom Transparent Case”

Watch This Scaly Gauntlet’s Hypnotizing, Rippling Waves

December 22, 2020 by No comments

[Will Cogley]’s mechanized gauntlet concept sure has a hypnotizing look to it, and it uses only a single motor. Underneath the scales is a rod with several cams, each of which moves a lever up and down in a rippling wave as it rotates. Add a painted scale to each, and the result is mesmerizing. This is only a proof of concept prototype, and [Will] learned quite a few lessons when making it, but the end result is a real winner of a visual effect.

The gauntlet uses one motor, 3D printed hardware, and a mechanical linkage between the wrist and the rest of the forearm. Each of the scales is magnetically attached to the lever underneath, which provides some forgiveness for when one inevitably bumps into something. You can see the gauntlet without the scales in the video, embedded below the break, which should make clear how the prototype works.

The scales were created with the help of a Mayku desktop vacuum former by making lightweight copies of 3D printed scales. Interestingly, 3D printing each scale with full supports made for a useful mold; there was no need to remove supports from underneath the prints, because they are actually a benefit to the vacuum forming process. When vacuum forming, the presence of overhangs can lead to plastic wrapped around the master, trapping it, but the presence of the supports helps prevent this. 3D prints don’t hold up very well to the heat involved in vacuum forming, but they do well enough for a short run like this. Watch it in action and listen to [Will] explain the design in the video, embedded below.

Continue reading “Watch This Scaly Gauntlet’s Hypnotizing, Rippling Waves”

Watch Life Tick Away, One LED Segment At A Time

December 21, 2020 by 15 Comments

In the grand scheme of things, a single human lifetime is a drop in the bucket. Even if we don’t like to acknowledge it, we all know the meter is running so to speak. Yet you’re still squandering your precious time on this Earth by reading Hackaday instead of doing something constructive. Of course nobody is burning up more time on this site than those of us who are writing it all, so don’t feel too bad.

To remind us that life is fleeting, [Dries Depoorter] has designed the Shortlife: a device that counts down until your expected departure date. Before you get too excited, it can’t predict the future. The gadget is programmed with the vital statistics for the individual user, and data provided by the World Health Organization is used to calculate how much of your estimated life expectancy has already elapsed. Some would find this information depressing, while others will no doubt look at it as a source of inspiration. Us? We just think its a slick piece of gear.

The Shortlife is made up of a custom PCB mounted to a marbled block of recycled plastic. On the board there’s an ATmega328 microcontroller, a MAX7219 LED driver, and of course the red LED segment displays. Three of them are the classic seven count, while the rightmost display sports fourteen segments for a bit of added accuracy. All the user has to do if they want to watch their remaining time slip away is plug the device into a USB power source and set the current time.

We’ve seen similar mortal countdown clocks in the past, but the Shortlife certainly brings a certain level of elegance to the idea. Plus we also like the fact that you’re just a line of code or two away from having the display tick down to some other date in the future when that whole existential crisis kicks in

A Straightforward Guide To Unlocking The Nintendo Game And Watch

December 2, 2020 by 15 Comments

Nintendo’s reborn tiny handheld game has certainly attracted the attention of hardware hackers, and we’ve been treated to a succession of exploits as its secrets have been one by one unlocked. With relatively straightforward hardware it conceals potential far beyond a simple Mario game or two, and it’s now at the stage of having a path to dumping both its SPI Flash and internal Flash, unlocking its processor, and running arbitrary code. The process of unlocking it is now atraightforward enough to warrant a HOWTO video, to which [stacksmashing] has treated us. It’s early days and this is still touted as for developers rather than gamers, but it serves to show where work on this console is going.

The console’s STM32 architecture means that programming hardware is straightforward enough to find, though we’re cautioned against using the cheap AliExpress type we might use with a Blue Pill or similar. Instead the snap-off programmer that comes with an STM Nucleo board is a safer choice that many people are likely to have already.

The relative simplicity of the process as seen in the video below must conceal an immense amount of work from multiple people. It’s a succession of scripts to sequentially unlock and back up the various firmwares with STM payloads for each step. Finally the STM32 itself is unlocked, and the backed-up Nintendo firmware can be returned to the device or instead a custom firmware can be created. Aside from the DOOM we’ve already seen there are work-in-progress NES and Game Boy emulators, and fascinatingly also work on bare-metal games.

Given the lack of custom chips in this console it is easily possible that its hardware could be directly cloned and that Nintendo might have unintentionally created a new general purpose hacker’s handheld gaming platform. There are a few hardware works-in-progress such as increasing the SPI Flash size and finding the unconnected USB pins, so we look forward to more exciting news from this quarter.

Continue reading “A Straightforward Guide To Unlocking The Nintendo Game And Watch”

DOOM Running On The Nintendo Game & Watch

November 22, 2020 by 14 Comments

Today the newly-released Nintendo Game & Watch can play DOOM. Sure, there are caveats…this is a watered down version due to the restraints of the hardware itself. But the important thing is that this shows the hardware has been fully owned. This is code written to replace the firmware that ships on the STM32 within, and that makes this a gorgeous little hardware platform that is completely open to homebrew hacking.

Honestly, you had to assume this was going to happen pretty quickly considering the effort being thrown into it. We first reported on Tuesday that the EEPROM memory which stores the ROMs on the Game and Watch had been decoded. Shortly after that was published, [stacksmashing] and [Konrad Beckmann] were showing test patterns on the display and mentioning the audio was working as well. Turns out they were able to dump the stock firmware despite the chip being security locked.

We’ll have to wait for more details on exactly how to dump firmware, but [stacksmashing] drops enough of a mention in the video below to confirm the obvious. A common approach to dumping code from a locked microcontroller is to find a vulnerability that grants execution of custom code. Being able to run just a few lines of your own code is enough set up something as simple as looping through all internal flash memory addresses and dumping them over a few GPIO pins. In this case our two heroes discovered some ARM code was being loaded from the EEPROM onto the STM32, and managed to inject their own directives to perform the dump. They have promised full details soon.

What we have today is a pretty tricky hack not just to load code, but to get DOOM to run on meager hardware specs. Notably, 128 k of SRAM and 1.3 MB of external RAM. There’s also a bottleneck with the 1.1 MB of FLASH for storing game files. The textures were stripped down, and memory allocation was rewritten, but the proof of concept is there and the game runs. Homebrew, here we come!

Continue reading “DOOM Running On The Nintendo Game & Watch”