Vizio In Hot Water Over Smart TV GPL Violations

October 22, 2021 by 70 Comments

As most anyone in this community knows, there’s an excellent chance that any consumer product on the market that’s advertised as “smart” these days probably has some form of Linux running under the hood. We’re also keenly aware that getting companies to hold up their end of the bargain when it comes to using Linux and other GPL licensed software in their products, namely releasing their modified source, isn’t always as cut and dried as it should be.

Occasionally these non-compliant companies will get somebody so aggravated that they actually try to do something about it, which is where smart TV manufacturer Vizio currently finds itself. The Software Freedom Conservancy (SFC) recently announced they’re taking the Irvine, California based company to court over their repeated failures to meet the requirements of the GPL while developing their Linux-powered SmartCast TV firmware. In addition to the Linux kernel, the SFC also claims Vizio is using modified versions of various other GPL and LGPL protected works, such as U-Boot, bash, gawk, tar, glibc, and ffmpeg.

According to the SFC press release, the group isn’t looking for any monetary damages. They simply want Vizio to do what’s required of them as per the GPL and release the SmartCast source code, which they hope will allow for the development of an OpenWrt-like replacement firmware for older Vizio smart TVs. This is particularly important as older models will often stop receiving updates, and in many cases, will no longer be able to access all of the services they were advertised as being able to support. Clearly the SFC wants this case to be looked at as part of the larger Right to Repair debate, and given the terrible firmware we’ve seen some of these smart TVs ship with, we’re inclined to agree.

Now of course, we’ve seen cases like this pop up in the past. But what makes this one unique is that the SFC isn’t representing one of the developers who’s software has been found to be part of Vizio’s SmartCast, they’re actually the plaintiff. By taking the position of a consumer who has purchased a Vizio product that included GPL software, the SFC is considered a third-party beneficiary, and they are merely asking the court to be given what’s due to them under the terms of the license.

As firm believers in the open source movement, we have zero tolerance for license violators. Vizio isn’t some wide-eyed teen, randomly copying code they found from GitHub without understanding the implications. This is a multi-billion dollar company that absolutely should know better, and we’ll be happy to see them twist in the wind a bit before they’re ultimately forced to play by the rules.

Testing 3D Printed Cutting Blades Is Scary Work

October 22, 2021 by 15 Comments

[Ivan Miranda] comes from a land where the shops close on Sundays. Thus, when he found himself in need of a cutting blade, he realised he would have to build his own, or simply wait. He elected to do the former, and we get to enjoy the journey. (Video, embedded below.)

His first attempt was to cut a wooden plank with a 3D-printed cutting blade fitted to a mitre saw. After setting up the mitre saw to cut while he was at a safe distance, [Ivan] elected to test the blade. Alas, it simply melted, and the wood was barely scratched, so [Ivan] went back to the drawing board.

His second attempt was to CNC mill an aluminium blade, which was a full 6 mm thick. The saw needed some modifications to the saw to fit properly, but it was able to cut wood without major drama!

Returning to the 3D-printed concept, [Ivan] suspected reducing the surface speed of the cutting disc could reduce friction-induced heating. This would allow the 3D-printed blade to cut wood without melting, in theory. To achieve this, he built his own basic drop saw using a steel frame and a brushless motor. With a little water spray, and careful control of speed and pressure, the blade was able to slowly chew through a plank of wood. Afterwards, the teeth were almost completely worn down.

The fact is, 3D-printed blades are usually going to be too soft to do any real useful work. However, it’s fun to watch, and that’s good enough for us. If you want something more useful though, consider building your own knives.

Continue reading “Testing 3D Printed Cutting Blades Is Scary Work”

Retrotechtacular: This 15th-Century Siege Cannon Might Kill You Instead Of The Target

October 22, 2021 by 10 Comments

For a happy weekend away in early September, I joined a few of my continental friends for the NewLine event organised by Hackerspace Gent in Belgium. You may have seen some of the resulting write-ups here, and for me the trip is as memorable for the relaxing weekend break it gave me in a mediaeval city as it is for the content of the talks and demonstrations. We took full advantage of the warm weather to have some meals out on café terraces, and it was on the way to one of them that my interest was captured by something unexpected. There at the end of the street was a cannon, not the normal-size cannon you’ll see tastefully arranged around historical military sites the world over, but a truly massive weapon. I had stumbled upon Dulle Griet, one of very few surviving super-sized 15th century siege cannons. It even had a familiar feel to it, being a sister to the very similar Mons Meg at Edinburgh Castle in Scotland.

Continue reading “Retrotechtacular: This 15th-Century Siege Cannon Might Kill You Instead Of The Target”

Hackaday Podcast 141: LowFER Badges, Outrun Clocks, Dichroic Lamps, And Piano Action

October 22, 2021 by No comments

Hackaday editors Mike and Elliot Williams catch up on a week’s worth of hacks. It turns out there are several strange radio bands that don’t require a license, and we discuss this weekend’s broadcast where you can listen in. It’s unlikely you’ve ever seen the website check-box abused quite like this: it’s the display for playing Doom! Just when you thought you’d seen all the ESP32’s tricks it gets turned into a clock styled after Out Run. Mike geeks out over how pianos work, we’re both excited to have Jeremy Fielding giving a Keynote talk at Remoticon, and we wrap things up with a chat about traffic rules in space.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (50 MB)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 141: LowFER Badges, Outrun Clocks, Dichroic Lamps, And Piano Action”

This Week In Security: Argentina, MysterySnail, And L0phtcrack

October 22, 2021 by 43 Comments

The government of Argentina has a national ID card system, and as a result maintains a database containing data on every citizen in the country. What could possibly go wrong? Predictably, an attacker has managed to gain access to the database, and is offering the entire dataset for sale. The Argentinian government has claimed that this wasn’t a mass breach, and only a handful of credentials were accessed. This seems to be incorrect, as the seller was able to provide the details of an arbitrary citizen to the journalists investigating the story.

Patch Tuesday

Microsoft has released their monthly round of patches for October, and there are a couple doozies. CVE-2021-40486 is an RCE in Microsoft Word, and this flaw can trigger via the preview pane. CVE-2021-38672 and CVE-2021-40461 are both RCE vulnerabilities in Hyper-V. And finally, CVE-2021-40449 is a privilege upgrade actively being used in the wild, more on that in a moment. Oh, and you thought the Print Nightmare was over? CVE-2021-36970 is yet another print spooler vulnerability. The unfortunate thing about the list of Microsoft vulnerabilities is that there is hardly any information available about them.

On the other hand, Apple just patched CVE-2021-30883, a 0-day that’s being actively exploited in iOS. With the release of the fix, [Saar Amar] has put together a very nice explanation of the bug with PoC. It’s a simple integer overflow when allocating a buffer, leading to an arbitrary memory write. This one is particularly nasty, because it’s not gated behind any permissions, and can be triggered from within app sandboxes. It’s being used in the wild already, so go update your iOS devices now.

MysterySnail

Snail” by Ilweranta, CC BY 2.0

Kaspersky brings us a report on a CVE-2021-40449 being used in the wild. It’s part of an attack they’re calling MysterySnail, and seems to originate from IronHusky out of China. The vulnerability is a use-after-free, and is triggered by making a the ResetDC API call that calls its own callback. This layer of recursive execution results in an object being freed before the outer execution has finished with it.

Since the object can now be re-allocated and controlled by the attacker code, the malformed object allows the attacker to run their code in kernel space, achieving privilege escalation. This campaign then does some data gathering and installs a Remote Access Trojan. Several Indicators of Compromise are listed as part of the write-up.

Off to the Races

Google’s Project Zero is back with a clever Linux Kernel hack, an escalation of privilege triggered by a race condition in the pseudoterminal device. Usually abbreviated PTY, this kernel device can be connected to userspace applications on both ends, making for some interesting interactions. Each end has a struct that reflects the status of the connection. The problem is that TIOCSPGRP, used to set the process group that should be associated with the terminal, doesn’t properly lock the terminal’s internal state.

As a result, calling this function on both sides at the same time is a race condition, where the reference count can be corrupted. Once the reference count is untrustworthy, the whole object can be freed, with a dangling pointer left in the kernel. From there, it’s a typical use-after-free bug. The post has some useful thoughts about hardening a system against this style of attack, and the bug was fixed December 2020.

AI vs Pseudorandom Numbers

[Mostafa Hassan] of the NCC Group is doing some particularly fascinating research, using machine learning to test pseudorandom number generators. In the first installment, he managed to break the very simple xorshift128 algorithm. Part two tackles the Mersenne Twister, which also falls to the neural network. Do note that neither of these are considered cryptographic number generators, so it isn’t too surprising that a ML model can determine their internal state. What will be most interesting is the post to come, when he tackles other algorithms thought to be secure. Watch for that one in a future article.

L0phtcrack Becomes Open Source

The l0pht crew, back thenIn a surprise to me, the L0phtcrack tool has been released as open source. L0phtcrack is the password cracking/auditing tool created by [Mudge] and company at L0pht Heavy Industries, about a billion years ago. Ownership passed to @stake, which was purchased by Symantec in 2004. Due to export regulations, Symantec stopped selling the program, and it was reacquired by the original L0pht team.

In April 2020, Terahash announced that they had purchased rights to the program, and began selling and supporting it as a part of their offerings. Terahash primarily builds GPU based cracking hardware, and has been hit exceptionally hard by the chip shortage. As a result of Terahash entering bankruptcy protection, the L0phtcrack ownership has reverted back to L0pht, and version 7.2.0 has been released as Open Source.

An Open Source Game Boy Printer That Doesn’t Print

October 22, 2021 by 11 Comments

While we’ll admit seeing your Game Boy Camera shots come out on a little slip of thermal paper was pretty neat back in 1998, anyone who’s still using the Game Boy Printer these days is probably more interested in getting their images in digital form. Which is why the open source NeoGB Printer is so exciting.

A collaborative effort between [Rafael Zenaro], [Raphaël BOICHOT], and [Brian Khuu], the project combines an ESP32 development board and some common components with their GPLv3 firmware to fully emulate the Game Boy Printer hardware. Once plugged into your Game Boy, any of the 110 titles that support Nintendo’s paper-pushing peripheral will recognize the NeoGB Printer as the real deal and happily send along the image.

But rather than committing it to paper, the NeoGB Printer saves the image to an SD card. From there, you can put the card in your computer and do whatever you wish with the captured files. Incidentally, it turns out there’s already a commercial gadget on the market that does something very similar, but this DIY approach comes well under its $99 USD price tag. In fact, if you’ve got a Game Boy Link Cable you don’t mind cutting up, you’ve probably got everything you need to pull this off in the parts bin right now.

We particularly like how the team has went out of their way to support different hardware configurations for the NeoGB Printer. If you want to go all out and add status LEDs and an OLED display, go for it. But if you just plan on using the thing once to grab a copy of the Pokémon diploma you earned 20 years ago, then you can skip the bells and whistles.

If you’re only worried about getting your snaps out of the Game Boy Camera, we’ve covered projects that will extract them directly from the cartridge. But this approach certainly has its appeal, as works with a much wider variety of games. We’re glad this project exists, as it means a whole new generation can explore all the wacky ways developers came up with to utilize the Game Boy Printer back in the day.

New Part Day: Raspberry Pi LEGO HAT

October 21, 2021 by 18 Comments

The Raspberry Pi Foundation have been busy little bees for the last couple of years producing their own silicon, new boards and now in collaboration with the LEGO Education team a new HAT to connect to the LEGO SPIKE education platform. This new HAT board will work with every Raspberry Pi board with a 40-pin GPIO header.

Based on the RPI2040 microcontroller, it makes an interesting detour away from dumb slave boards, although it looks like the firmware is closed (for now) so you’ll have to make do with the pre-baked capabilities and talk to it with the supplied python library.

According to the documentation, the communication between the Pi and the RPI2040 nestled beneath the HAT PCB is plaintext-over-serial, freeing up the majority of the GPIO pins for other uses. The board uses a surface mount pass-through type header which allows pins from the Pi to protrude through the PCB, allowing stacking more HATs on top. Curiously they decided to mount the PCB with active parts facing down, giving a flat rear surface to park things on. We suspect that decision was made to improve access to the LPF2 connectors, especially if they were surface mount parts.

Continue reading “New Part Day: Raspberry Pi LEGO HAT”