Easily Bypass Laptop Fingerprint Sensors And Windows Hello

November 27, 2023 by 30 Comments

The fun part of security audits is that everybody knows that they’re a good thing, and also that they’re rarely performed prior to another range of products being shoved into the market. This would definitely seem to be the case with fingerprint sensors as found on a range of laptops that are advertised as being compatible with Windows Hello. It all began when Microsoft’s Offensive Research and Security Engineering (MORSE) asked the friendly people over at Blackwing Intelligence to take a poke at a few of these laptops, only for them to subsequently blow gaping holes in the security of the three laptops they examined.

In the article by [Jesse D’Aguanno] and [Timo Teräs] the basic system and steps they took to defeat it are described. The primary components are the fingerprint sensor and Microsoft’s Secure Device Connection Protocol (SDCP), with the latter tasked with securing the (USB) connection between the sensor and the host. Theoretically the sensitive fingerprint-related data stays on the sensor with all matching performed there (Match on Chip, MoC) as required by the Windows Hello standard, and SDCP keeping prying eyes at bay.

Interestingly, the three laptops examined (Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X) all featured different sensor brands (Goodix, Synaptics and ELAN), with different security implementations. The first used an MoC with SDCP, but security was much weaker under Linux, which allowed for a fake user to be enrolled. The Synaptics implementation used a secure TLS connection that used part of the information on the laptop’s model sticker as the key, and the ELAN version didn’t even bother with security but responded merrily to basic USB queries.

To say that this is a humiliating result for these companies is an understatement, and demonstrates that nobody in his right mind should use fingerprint- or similar scanners like this for access to personal or business information.

Thinkpad IBM Laptop Case

November 22, 2023 by 7 Comments

Once upon a time, laptops and other computer hardware often came with a fancy leather case for protection. That’s not really the case anymore, but it was in the golden era of the IBM ThinkPad. [polymatt] found a rare example, but wanted another one, so he decided to try and replicate it from scratch.

Leathercraft was a new discipline for [polymatt], and so the whole build was a learning experience. He started out by measuring the existing design and creating a diagram to guide his own work. He then traced the design on to a large piece of quality leather, carefully rounding the edges and adding a plastic stiffening plates to support the laptop where needed. Additional layers of leather were added to seal these in, and the leather was formed over guides to take the right shape. A slight misstep resulted in the case being too long, but a cut-and-shut job rectified the problem.

The finished result is a clean, impressive thing. Throughout the build, [polymatt] showed a certain mastery of the leatherworking tools that belied his lack of experience, too. The project should serve as a great inspiration to any other aspiring crafters who have contemplated creating their own custom leather goods for protecting their electronics. Video after the break.

Continue reading “Thinkpad IBM Laptop Case”

How Framework Laptop Broke The Hacker Ceiling

October 30, 2023 by 24 Comments

We’ve been keeping an eye on the Framework laptop over the past two years – back in 2021, they announced a vision for a repairable and hacker-friendly laptop based on the x86 architecture. They’re not claiming to be either open-source or libre hardware, but despite that, they have very much delivered on repairability and fostered a hacker community around the laptop, while sticking to pretty ambitious standards for building upgradable hardware that lasts.

I’ve long had a passion for laptop hardware, and when Hackaday covered Framework announcing the motherboards-for-makers program, I submitted my application, then dove into the ecosystem and started poking at the hardware internals every now and then. A year has passed since then, and I’ve been using a Framework as a daily driver, reading the forums on the regular, hanging out in the Discord server, and even developed a few Framework accessories along the way. I’d like to talk about what I’ve seen unfold in this ecosystem, both from Framework and the hackers that joined their effort, because I feel like we have something to learn from it.

If you have a hacker mindset, you might be wondering – just how much is there to hack on? And, if you have a business mindset, you might be wondering – how much can a consumer-oriented tech company achieve by creating a hacker-friendly environment? Today, I’d like to give you some insights and show cool things I’ve seen happen as an involved observer, as well as highlight the path that Framework is embarking upon with its new Framework 16.

Continue reading “How Framework Laptop Broke The Hacker Ceiling”

An ESP32 Dev Board As A Framework Laptop Module

July 1, 2023 by 17 Comments

The Framework laptop will no doubt already have caught the eye of more than one Hackaday reader, as a machine designed for upgrade and expansion by its users. One of its key features is a system of expansion modules. The modules are USB-C devices in a form factor that slides into the expansion bays on the Framework Laptop. Framework encourages the development of new modules, which is something [Spacehuhn] has taken on with an ESP32-S3 development board.

The board itself is what you’d expect, the ESP is joined by a multicolor LED and one of those Stemma/Quiik connectors for expansion. The case is handily provided by Framework themselves, and all the files for the ESP32 module can be found in a GitHub repository. We’re guessing it will find application in experimenting with WiFi networks rather than as a standalone microcontroller. Either way, it shows the route for any Framework owners into making their own add-ons. Take a look, we’ve placed the video below the break.

As you might expect we’ve given a lot of coverage to the Framework laptop since its launch, in particular, our colleague [Arya Voronova] is a fan and has shown us many alternative uses for the parts.

Continue reading “An ESP32 Dev Board As A Framework Laptop Module”

E-Bike Battery Tapped For Off-Grid Laptop Power

May 2, 2023 by 12 Comments

If you’ve travelling via bike, you’ll know there’s a certain advantage to packing light. But what if you need to take your beefy desktop-replacement laptop with you on one of these trips? These power hungry machines can’t go far without their chargers (or a place to plug them in), which generally makes them poor traveling companions.

Luckily, [transistor-man] came up with a solution to this particular problem by reusing his e-bike’s battery pack as a mobile power source for his Lenovo laptop. The energy demands of this particular computer are too high for USB-C Power Delivery, and as such, he had to hack up a way to feed it 20 volts DC via its proprietary square power connector. His bike’s battery puts out between 30 and 42 VDC depending on charge, so at least on paper, it should work out fine. Continue reading “E-Bike Battery Tapped For Off-Grid Laptop Power”

Disabling Intel’s Backdoors On Modern Laptops

April 12, 2023 by 32 Comments

Despite some companies making strides with ARM, for the most part, the desktop and laptop space is still dominated by x86 machines. For all their advantages, they have a glaring flaw for anyone concerned with privacy or security in the form of a hardware backdoor that can access virtually any part of the computer even with the power off. AMD calls their system the Platform Security Processor (PSP) and Intel’s is known as the Intel Management Engine (IME).

To fully disable these co-processors a computer from before 2008 is required, but if you need more modern hardware than that which still respects your privacy and security concerns you’ll need to either buy an ARM device, or disable the IME like NovaCustom has managed to do with their NS51 series laptop.

NovaCustom specializes in building custom laptops with customizations for various components and specifications to fit their needs, including options for the CPU, GPU, RAM, storage, keyboard layout, and other considerations. They favor Coreboot as a bootloader which already goes a long way to eliminating proprietary closed-source software at a fundamental level, but not all Coreboot machines have the IME completely disabled. There are two ways to do this, the HECI method which is better than nothing but not fully trusted, and the HAP bit, which completely disables the IME. NovaCustom is using the HAP bit approach to disable the IME, meaning that although it’s not completely eliminated from the computer, it is turned off in a way that’s at least good enough for computers that the NSA uses.

There are a lot of new computer manufacturers building conscientious hardware nowadays, but (with the notable exception of System76) the IME and PSP seem to be largely ignored by most computing companies we’d otherwise expect to care about an option like this. It’s certainly still an area of concern considering how much power the IME and PSP are given over their host computers, and we have seen even mainline manufacturers sometimes offer systems with the IME disabled. The only other options to solve this problem are based around specific motherboards for 8th and 9th generation Intel desktops, or you can go way back to hardware from 2008 and install libreboot to eliminate, rather than disable, the IME.

Thanks to [Maik] for the tip!

An expansion board with two 8-bit ISA slots plugged into a Sharp laptop

New Expansion Module Brings Standard Slots To Ancient Laptop

April 4, 2023 by 10 Comments

Upgrading and repairing vintage laptops is often a challenge — even if their basic hardware is compatible with ordinary PCs, they often use nonstandard components and connectors due to space constraints. The Sharp PC-4600 series from the late 1980s is a case in point: although it comes with standard serial and parallel ports, the only other external interface is a mysterious connector labelled EXPBUS on the back of the case. [Steven George] has been diving into the details of this port and managed to design a module to turn it into a pair of standard ISA ports.

Apparently, no peripherals were ever released for the EXPBUS port, so reverse-engineering an existing module was out of the question. [Steven] did stumble upon a service manual for the PC-4600 however, and as it turned out, the connector carried all the signals present in an 8-bit ISA bus. Turning it into something useful was simply a matter of designing an adapter board with the EXPBUS connector on one side and regular ISA slots on the other.

An expansion board plugged into a laptop, carrying two ISA cardsThe board also has an external power connector, to avoid overloading the laptop’s internal power supply, as well as a couple of buffer capacitors to smooth out the power rails. [Steven] tested the expansion board with a network adapter and a sound card, and it appears to be functioning well. It should be noted that only the +5 V power rail is available by default, so if any cards need +12 V or any negative rail, those should be provided externally.

Gerber files for this project are available on [Steven]’s website, so if you’ve got one of these machines lying around, now might be the time to upgrade it. This isn’t the first expansion for the PC-4600 series that [Steven] developed, either: he also designed an external floppy drive adapter that should ease data transfer with other PCs.

It’s great to see how the hacker community keeps classic portables like this one alive: one day it might also need a broken screen replaced or a dodgy power supply repaired.