This Week In Security: The Log4j That Won’t Go Away, WebOS, And More

December 31, 2021 by 5 Comments

In the past two weeks, Log4j has continued to drive security news, with more vulnerable platforms being found, and additional CVEs coming out. First up is work done by TrendMicro, looking at electric vehicles and chargers. They found a log4j attack in one of the published charger frameworks, and also managed to observe evidence of vulnerability in the Tesla In-Vehicle Infotainment system. It isn’t a stretch to imagine a piece of malware that could run on both a charger, and an EV. And since those systems talk to each other, they could spread the virus through cars moving from charger to charger.

Log4j is now up to 2.17.1, as there is yet another RCE to fix, CVE-2021-44832. This one is only scored a 6.6 on the CVSS scale, as opposed to the original, which weighed in at a 10. 44832 requires the attacker to first exert control over the Log4j configuration, making exploitation much more difficult. This string of follow-on vulnerabilities demonstrates a well-known pattern, where a high profile vulnerability attracts the attention of researchers, who find other problems in the same code.

There are now reports of Log4j being used in Conti ransomware campaigns. Additionally, a Marai-based worm has been observed. This self-propagating attack seems to be targeting Tomcat servers, among others.

Continue reading “This Week In Security: The Log4j That Won’t Go Away, WebOS, And More”

3D Printering: Adding A Web Interface Where There Was None Before

December 31, 2021 by 8 Comments

[Renzo Mischianti] got himself a Chinese 3D printer, specifically a FlyingBear Ghost 5. (Cracking name, huh?) He was more than a little irritated with the fact that whilst the controller, an MKS Robin Nano, did have a integrated Wi-FI module, it provided no browser-based interface for monitoring and control purposes. This seemed a bit short-sighted in this day and age, to say the least. Not being at all happy with that situation, [Renzo] proceeded to write dedicated Wi-Fi firmware using websockets, but not without fully documenting his journey in a detailed series of the blog posts.

The resulting BeePrint web interface supports all the usual functions you would expect when managing a printer, everything from monitoring warm-up at the prep stage, to keeping tabs on the potential spaghetti monster via the connected IP camera. All good stuff. [Renzo] used an ESP32-cam, which is a low-cost 2 MP unit from our friends at Olimex, but we suspect it wouldn’t vastly difficult to add your own IP camera into the mix.

[Renzo] has a YT channel detailing quite a few other projects, which is definitely worth some viewing time in our opinion.

We’ve been covering 3D printer hacking since the dinosaurs were roaming. This is the oldest, and still one of the strangest, posts that we could find in a quick search. Anyone care to find something older?

Continue reading “3D Printering: Adding A Web Interface Where There Was None Before”

Hackaday Podcast Wishes You Happy New Year

December 31, 2021 by No comments

Our two-week-long winter hibernation continues on the Podcast, but we’ll be coming at you next week with guest host Tom Nardi. We’ve got two weeks full of hacks to cover, and Tom is working on a Best Hacks of 2021 piece, so we’ll be starting off 2022 with a bang.

Happy New Year!

Direct download (5 MB)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Wishes You Happy New Year”

A Tidy Cyberdeck That You Could Take Anywhere.

December 31, 2021 by 18 Comments

The cyberdeck trend has evolved to a relatively straightforward formula: take a desktop computer and strip it to its barest essentials of screen, PCB, and input device, before clothing it in a suitably post-apocalyptic or industrial exterior. Sometimes these can result in a stylish prop straight from a movie set, and happily for [Patrick De Angelis] his Raspberry Pi based cyberdeck (Italian, Google Translate link) fits this description, taking the well-worn path of putting a Raspberry Pi and screen into a ruggedised flight case. Its very unremarkability is the key to its success, using a carefully-selected wired keyboard and trackpad combo neatly dodges the usual slightly messy arrangements of microcontroller boards.

If this cyberdeck has a special feature it’s in the extra wireless interfaces and the stack of antennas on its right-hand side. The Pi touchscreen is a little small for the case and perhaps we’d have mounted it centrally, but otherwise this is a box we could imagine opening somewhere in the abandoned ruins of a once-proud Radio Shack store for a little post-apocalyptic Hackaday editing. After all, your favourite online tech news resource doesn’t stop because the power’s gone out!

The No-MCU Fan Controller

December 31, 2021 by 33 Comments

The default for any control project here in 2019 was to reach for a microcontroller. Such are their low cost and ubiquity that they can be used to replicate what might once have needed some extra circuitry, with the minimum of parts. But here we are at the end of 2021, and of course microcontrollers are hard to come by in a semiconductor shortage. [Hesam Moshiri] has a project that takes us back to a simpler time, a temperature controlled fan the way they used to be made, without a microcontroller in sight.

Old hands will no doubt guess where this design is heading, there is an LM35 temperature sensor producing a voltage proportional to its temperature, and half of an LM358 which forms a comparator against a static voltage from a divider. The LM358’s output drives a MOSFET which in turn switches on or off the fan motor. This type of circuit used to be the daily fare of simple control electronics in the days when a microcontroller represented a significant expense, and it’s still a handy circuit to be reminded of.

Have you forgotten sensors such as the LM35 in a world of on-board sensors? Time to refresh your sensing memory.

Threaded Wires Save Phone Numbers

December 30, 2021 by 23 Comments

If you thought programming your 1990s VCR was rough, wait until you see this Russian telephone autodialer that [Mike] took apart over on the mikeselectricalstuff YouTube channel (video below the break). [Mike] got this 1980s Soviet-era machine a few years ago, and finally got around to breaking into it to learning what makes it tick. The autodialer plugs into the phone line, much like an old-school answering machine. It provides the user with 40 pre-set telephone numbers, arranged in two banks of 20, and a speaker to monitor the connection process. It uses pulse dialing — no touch tones. What’s surprising is how you program the numbers. Given that this was build in the 1980s Soviet Union, he wasn’t expecting a microcontroller. But he wasn’t expecting transformer core “rope” memory, either.

The phone normally sits on a platform on the left side of the machine. Raising up the platform exposes a bank of toroidal cores, arranged in seven rows of four. Each row corresponds to a dialed digit, and the four cores used to encode a single digit. At the top and bottom of the programming board are two 40-pin connectors, each pin corresponding to one of the preset phone numbers. A bunch of patch wires would have been provided, and you program each number by threading a long wire through the appropriate cores, connecting it at the top and bottom connectors much like a modern solderless breadboard. It’s also interesting to see the components and construction technique of this circuit board. For example, the diodes have the strip on the Anode end, not the cathode as we’re normally used to today. The transistor cans are mounted upside down like dead spiders.

Continue reading “Threaded Wires Save Phone Numbers”

Customisable Micro-Coded Controller Helps With In-Circuit Debugging

December 30, 2021 by No comments

Over on Hackaday.io, [Zoltan Pekic] has been busy building a stack of tools for assisting with verifying and debugging retro computing applications. He presents his take on using Intel hex files for customised in-circuit testing, which is based upon simple microcoded sequencers, which are generated automatically from a high level description.

The idea is that it is very useful to be able to use an FPGA development board to emulate the memory bus component of the CPU, allowing direct memory access for design validation purposes. This approach will also allow the production of a test rig to perform board level verification. The microcode compiler (MCC) generates all the VHDL, and support files needed to target a Xilinx FPGA based dev board, but is generic enough to enable targeting other platforms with a little adaptation.

Another interesting use case enables in-circuit tracing of buggy memory accesses, with the microcode sequencer decoding the accesses and dumping the relevant information out to either a serial port, or even direct to an embedded VGA controller, hardware allowing.

This automated approach to generating customisable microcoded hardware is a very nice trick to have in your bag, and even if it only helps in certain circumstances, [Zoltan] notes that it at least serves as an interesting example of the architecture of computers from history, if not much else.

Source for the example 8085 project can be found on the project GitHub, and the toolchain source can found here also.

For an interesting practical use of microding to implement emulations of historical hardware, checkout this neat switchable reproduction calculator project.