An artistic representation of a red Moon, hovering over the Earth

Is That The Moon Worming Its Way Into Your BIOS?

January 23, 2022 by 52 Comments

When facing a malware situation, the usual “guaranteed solution” is to reinstall your OS. The new developments in malware world will also require you to have a CH341 programmer handy. In an arguably inevitable development, [Kaspersky Labs] researchers have found an active piece of malware, out in the wild, that would persist itself by writing its bootstrap code into the BIOS chip. It doesn’t matter if you shred the HDD and replace it with a new one. In fact, so-called MoonBounce never really touches the disk at all, being careful to only store itself in RAM, oh, and the SPI flash that stores the BIOS code, of course.

MoonBounce is Microsoft-tailored, and able to hook into a chain of components starting from the UEFI’s DXE environment, through the Windows Loader, and finishing as a part of svchost.exe, a process we all know and love.

This approach doesn’t seem to be widespread – yet, but it’s not inconceivable that we’ll eventually encounter a ransomware strain using this to, ahem, earn a bit of extra cash on the side. What will happen then – BIOS reflashing service trucks by our curbsides? After all, your motherboard built-in BIOS flasher UI is built into the same BIOS image that gets compromised, and at best, could be disabled effortlessly – at worst, subverted and used for further sneaky persistence, fooling repairpeople into comfort, only to be presented with one more Monero address a week later.

Will our hardware hacker skills suddenly go up in demand, with all the test clip fiddling and SOIC-8 desoldering being second nature to a good portion of us? Should we stock up on CH341 dongles? So many questions!

This week’s installment of “threat vectors that might soon become prevalent” is fun to speculate about! Want to read about other vectors we might not be paying enough attention to? Can’t go wrong with supply-chain attacks on our repositories! As for other auxiliary storage-based persistence methods – check out this HDD firmware-embedded proof-of-concept rootkit. Of course, we might not always need the newfangled ways to do things, the old ways still work pretty often – you might only need to disguise your malicious hardware as a cool laptop accessory to trick an average journalist, even in a hostile environment.

Continue reading “Is That The Moon Worming Its Way Into Your BIOS?”

Display Your Speech In Realtime To Help Lipreaders In The Mask Era

January 23, 2022 by 18 Comments

Masks are all well and good when it comes to reducing the spread of deadly pathogens, but they can make it harder to understand people when they speak. They also make lipreading impossible. [Kevin Lewis] set about building something to help.

The system consists of a small screen that can be worn on the chest or other part of the body, and a lapel microphone to record the wearer’s speech. Using the Deepgram AI speech recognition API running on a Raspberry Pi Zero W, the system decodes the speech and displays it on the Hyperpixel screen.

The API is quite capable, and can be set to only respond to the wearer’s voice, or in a group mode, display speech from multiple people in the area, displaying other voices in another colour. There’s also a translation feature using the iTranslateApp API as well.

It’s a neat tool that could be of great use in conferences or in situations where a quick simple machine translation could majorly ease communication. Video after the break.
Continue reading “Display Your Speech In Realtime To Help Lipreaders In The Mask Era”

A bird-shaped yellow PCB with legs wound out of wire, perched on its creator's arm. The bird has a lot of through-hole components on it, as well as an assortment of different-colored LEDs.

Printed Circuit Bird Family Calls For Us To Consider Analog

January 23, 2022 by 16 Comments

On our favourite low-attention-span content site, [Kelly Heaton] has recently started sharing a series of “Printed Circuit Birds”. These are PCBs shaped like birds, looking like birds and chirping like birds – and they are fully analog! The sound is produced by a network of oscillators feeding into each other, and, once tuned, is hardly distinguishable from the bird songs you might hear outside your window. Care and love was put into making this bird life-like – it perches on Kelly’s arm with legs woven out of single-strand wire and talons made out of THT resistors, in the exact same way you would expect a regular bird to sit on your arm – that is, if you ever get lucky enough. It’s not just one bird – there’s a family of circuit animals, including a goose, a crow and even a cricket.

Why did these animals came to life – metaphorically, but also, literally? There must be more to a non-ordinary project like this, and we asked Kelly about it. These birds are part of her project to explore models of consciousness in ways that we typically don’t employ. Our habit is to approach complex problems in digital domains, but we tend to miss out on elegance and simplicity that analog circuits are capable of. After all, even our conventional understanding of a neural network is a matrix of analog coefficients that we then tune, a primitive imitation of how we assume human brains to work – and it’s this “analog” approach that has lately moved us ever so closer to reproducing “intelligence” in a computer.

Kelly’s work takes a concept that would have many of us get the digital toolkit, and makes it wonderfully life-like using a small bouquet of simple parts. It’s a challenge to our beliefs and approaches, compelling in its grace, urging us to consider and respect analog circuits more when it comes to modelling consciousness and behaviours. If it’s this simple to model sounds and behaviour of a biological organism, a task that’d have us writing DSP and math code to replicate on a microcontroller – what else are we missing from our models?

Kelly has more PCBs to arrive soon in preparation for her NYC exhibit in February, and will surely be posting updates on her Twitter page! We’ve covered her work before, and if you haven’t seen it yet, her Supercon 2019 talk on Electronic Naturalism would be a great place to start! Such projects tend to inspire fellow hackers to build other non-conventional projects, and this chirping pendant follows closely in Kelly’s footsteps! The direction of this venture reminds us a lot of BEAM robotics, which we’ve recently reminisced upon as something that’s impacted generations of hackers to look at electronics we create through an entirely different lens.

Continue reading “Printed Circuit Bird Family Calls For Us To Consider Analog”

Cables Too Long? Try Cable Management Via DIY Coiling

January 23, 2022 by 34 Comments

Annoyed by excessively-long cables? Tired of the dull drudgery and ugly results of bunching up the slack and wrapping it with a twist-tie? Suffer no longer, because the solution is to make your own coiled cables!

[Dmitry] is annoyed with long, unruly cables and shared a solution he learned from the DIY keyboards community: coil them yourself with a piece of dowel, a hair dryer, and about 10 minutes of your time. However, it’s just a wee bit more complicated than it may seem at first glance.

The process begins with wrapping a cable around a mandrel, then heating it as uniformly as possible to thermoform the jacket, but the instructional video (embedded below) says that all by itself that isn’t quite enough to yield lasting results. After heating the cable and letting it cool, the coils will be formed but it will not hold the new shape very well. The finishing touch is to “reverse” the direction of the coils, by re-wrapping it backward around the mandrel, inverting the coils upon themselves. This process is awkward to explain, but much simpler to demonstrate. This video by [DailySetupTech] explains this process around the 2:30 mark. That final step is what yields a tightly-wound, springy coil.

The nice part about using this process as a cable management technique is that it is possible to coil only a portion of a cable, leaving the exact amount of uncoiled slack required for a given application. Keep it in mind the next time some cables need managing. And if you don’t want to coil a cable but still need it out of the way, you might find this design for a DIY cable chain made from a tape measure useful.

Continue reading “Cables Too Long? Try Cable Management Via DIY Coiling”

Web-Centric Gabuino Has Compiler, Will Travel

January 23, 2022 by 16 Comments

Arguably the biggest advantage of the Arduino platform is its ease of use, especially when compared to what microcontroller development looked like before the introduction of the open source board and its associated software development environment. All you need to do is download the IDE for your platform, plug in your Arduino, and you can have code running on the hardware with just a few clicks.

But can it get even easier? [Gabriel Valky] certainly thinks so, which is why he’s developed the cloud-based Gabuino platform. As of right now it only supports the DS213 pocket oscilloscope and LA104 logic analyzer, but he says the code is lightweight enough that it should work with any STM32 board that has the appropriate bootloader. Using Gabuino requires no software to be installed on the computer, just plug in the board, and you’re already half way there.

Gabuino processing data from digital calipers.

The trick is that the code editor and compiler have been moved into the cloud, and are accessed through the host computer’s web browser. The web interface also integrates an impressive “Console”, which [Gabriel] likens to the Serial Monitor and Plotter functions of the Arduino IDE, but is actually far more capable. The Gabuino Console is not only bi-directional, but through the use of libraries such as Three.js and WebGL, it’s able to render video output from code running on the microcontroller.

[Gabriel] takes us through some of the capabilities of Gabuino in the video below, and we have to say, it looks pretty impressive. We especially liked the built-in debugging capabilities that let you set breakpoints and examine variables. This plug-and-play approach certainly holds promise for students or beginners, though we think the hardware compatibility will need some work before the project really takes off.

Incidentally, this isn’t the first time [Gabriel] has written some code for the LA104. Last year we covered his very impressive custom firmware for the ~$100 USD gadget, which should sweeten the deal considerably if you end up getting one to experiment with Gabuino on.

Continue reading “Web-Centric Gabuino Has Compiler, Will Travel”

Printing In Silicone

January 22, 2022 by 22 Comments

When you think of making something out of silicone, you usually think of using a mold and injecting it with the material. Can you 3D print it? [Kimberly Beckett] answers that very question in a recent post. The short answer is yes, but you need specialized printing equipment.

Most consumer or hobby printers use either filament deposition or photoresin. Neither of these processes are good for printing silicone. For one thing, silicone doesn’t melt and reform like a thermoplastic. After all, that is why we like making hotend socks and oven utensils with the material. If you do melt silicone, you get a gooey mess, not a nice fluid you can push through an extruder nozzle. As for resin printing, silicone is resistant to UV so the chances of coming up with UV curable silicone are pretty small.

Continue reading “Printing In Silicone”

Hacked DSP5005 unit showing amp-hours screen

Another DPS5005 Alternative Firmware

January 22, 2022 by 9 Comments

These cheap Chinese-built programmable power supplies are nothing new, we’ve been using them for years. They’re not particularly good power supplies, since current feedback is in software, but for some tasks they’re a great fit and you can’t argue with the price. Alternative firmware projects have also been a thing for a while too, but none we’ve seen have been quite as capable and polished as this latest DPS firmware project by [Profi-max.] We’ve not come across the source code yet, but at least the binary image is freely downloadable.Battery charge screen on hacked DPS5005

The firmware has some interesting features, such as programmable pre-sets intended for battery charging applications. In fact, there is a dedicated battery charge mode screen. We want to warn, however, that charging lithium ion batteries with this might not be at all wise, not in the least because of a lack of protection hardware in place. It would be very easy to destroy the unit or overheat a battery this way! However, if you must do this, there are a few features to help you out, such as a handy ‘counters’ screen showing approximate charge delivered.

Remote programmability is, as usual, via the easily hacked in serial port, with firmware support for Bluetooth serial modules if wired USB serial doesn’t suit. For those who like to mount things differently, the screen can be rotated by holding a key on power-up, or if you hook up a MPU6050 accelerometer/gyro module it will even do it automatically!

To update a stock DPS unit, the only requirements are access to an ST-Link compatible programmer dongle, to target the STM32 SWD programming interface, and the STM32CubeProgrammer utility. Open source alternatives to that are also available, stlink comes to mind as a good option. Once you have the module PCB popped out of its plastic casing, only three wires need tacking onto a handy set of pads to complete the connection to the programmer dongle. Pretty simple stuff.

If you’re looking for a similar project, with source immediately available, then checkout the OpenDPS project we covered a few years ago, and if you’re thinking of going crazy, building a DIY open source electronics lab, we got you covered.

Continue reading “Another DPS5005 Alternative Firmware”