20 GHz LNB Testing And Teardown

December 27, 2024 by 10 Comments

Many things have combined to make very high-frequency RF gear much more common, cheaper, and better performing. Case in point: [dereksgc] is tearing apart a 20 GHz low-noise block (LNB). An LNB is a downconverter, and this one is used for some Irish satellite TV services.

The scale of everything matters when your wavelength is only 15 mm. The PCB is small and neatly laid out. There are two waveguides printed on the board, each feeding essentially identical parts of the PCB. Printed filters use little patterns on the board that have particular inductance and capacitance — no need for any components. Try doing that at 2 MHz!

The LNB is a single-band unit, so it only needs to worry about the two polarizations. However, [dereksgc] shows that some have multiple bands, which makes everything more complex. He also mentions that this LNB doesn’t use a PLL, and he’d like to find a replacement at this frequency that is a bit more modern.

After the teardown, it is time to test the device to see how it works. If you want to experiment at this frequency, you need special techniques. For example, we’ve seen people try to push solderless breadboards this high (spoiler: it isn’t easy). Maybe that’s why many people settle for modifying existing LNBs like this one.

Continue reading “20 GHz LNB Testing And Teardown”

Do You Know Vail Code?

December 27, 2024 by 27 Comments
Alfred Vail (public domain)

We talk about Morse code, named after its inventor, Samuel Morse. However, maybe we should call it Vail code after Alfred Vail, who may be its real inventor. Haven’t heard of him? You aren’t alone. Yet he was behind the first telegraph key and improved other parts of the fledgling telegraph system.

The story starts in 1837 when Vail visited his old school, New York University, and attended one of Morse’s early telegraph experiments. His family owned Speedwell Ironworks, and he was an experienced machinist. Sensing an opportunity, he arranged with Morse to take a 25% interest in the technology, and in return, Vail would produce the necessary devices at the Ironworks. Vail split his interest with his brother George.

By 1838, a two-mile cable carried a signal from the Speedwell Ironworks. Morse and Vail demonstrated the system to President Van Buren and members of Congress. In 1844, Congress awarded Morse $30,000 to build a line from Washington to Baltimore. That was the same year Morse sent the famous message “What Hath God Wrought?” Who received and responded to that message? Alfred Vail.

The Original Telegraph

Telegraphs were first proposed in the late 1700s, using 26 wires, one for each letter of the alphabet. Later improvements by Wheatstone and Cooke reduced the number of wires to five, but that still wasn’t very practical.

Samuel Morse, an artist by trade, was convinced he could reduce the number of wires to one. By 1832, he had a crude prototype using a homemade battery and a relatively weak Sturgeon electromagnet.

Continue reading “Do You Know Vail Code?”

desk with a hand holding a Lego unit

LDU Decoded: The Untold Tale Of LEGO Dimensions

December 27, 2024 by 11 Comments

LEGO bricks might look simplistic, but did you know there’s an actual science behind their sizes? Enter LDUs — LEGO Draw Units — the minuscule measurement standard that allows those tiny interlocking pieces to fit together seamlessly. In a recent video [Brick Sculpt] breaks down this fascinating topic.

So, what is an LDU precisely? It’s the smallest incremental size used to define LEGO’s dimensions. For context, a standard LEGO brick is 20 LDUs wide, and a single plate is 8 LDUs tall. Intriguingly, through clever combinations of headlight bricks, jumper plates, and even rare Minifig neck brackets, builders can achieve offsets as tiny as 1 LDU! That’s the secret sauce behind those impossibly detailed LEGO creations.

We already knew that LEGO is far more than a toy, but this solidifies that theory. It’s a means of constructing for anyone with an open mind – on its own scale. The video below explains in detail how to achieve every dimension possible. If that inspires you to build anything, dive into these articles and see if you can build upon this discovery!

Continue reading “LDU Decoded: The Untold Tale Of LEGO Dimensions”

This Week In Security: License Plates, TP-Link, And Attacking Devs

December 27, 2024 by 22 Comments

We’re covering two weeks of news today, which is handy, because the week between Christmas and New Years is always a bit slow.

And up first is the inevitable problem with digital license plates. Unless very carefully designed to be bulletproof, they can be jailbroken, and the displayed number can be changed. And the Reviver plates were definitely not bulletproof, exposing a physical programming port on the back of the plate. While it’s not explicitly stated, we’re guessing that’s a JTAG port, given that the issue is considered unpatchable, and the port allows overwriting the firmware. That sort of attack can be hardened against with signed firmware, and using an MCU that enforces it.

This does invite comparisons to the James Bond revolving license plate — and that comparison does put the issue into context. It’s always been possible to swap license plates. If someone really wants to cause mischief, traditional plates can be stolen, or even faked. What a digital plate adds to the equation is the ability to switch plate numbers on the fly, without stopping or turning a screwdriver. Regardless, this seems like it will be an ongoing problem, as so many manufacturers struggle to create secure hardware.

Malicious RDP

There’s a clever attack, that uses Microsoft’s Remote Desktop Protocol (RDP), to give away way too much control over a desktop. That’s accomplished by sending the target a .rdp file that shares local resources like the clipboard, filesystem, and more. What’s new is that it seems this theoretical attack has now shown up in the wild.

The attack campaign has been attributed to APT29, CozyBear, a threat actor believed to be associated with Russia’s Foreign Intelligence Service. This attribution tracks with the victims of choice, like government, research, and Ukrainian targets in particular. To escape detection, the malicious RDP endpoints are set up behind RDP proxies, running on services like AWS. The proxies and endpoints are accessed through TOR and other anonymous proxies. The .rdp files were spread via spear-phishing emails sent through compromised mail servers. The big push, with about 200 targets, was triggered on October 22nd. Researchers at TrendMicro believe this was the end of a targeted campaign. The idea being that at the end of the campaign, it no longer matters if the infrastructure and methods get discovered, so aim for maximum impact.

Free* Mcdonalds?

Here we learn that while McDonald’s USA dosn’t have a bug bounty program, McDonald’s India does — and that’s why researcher [Eaton Zveare] looked there. And found a series of Broken Object Level Authorization (BOLA) bugs. That’s a new term to this column, but a concept we’ve talked about before. BOLA vulnerabilities happen when a service validates a user’s authentication token, but doesn’t properly check that the user is authorized to access the specific resources requested.

In the McDonald’s case, any user of the web app is issued a guest JWT token, and that token is then valid to access any Order ID in the system. That allows some interesting fun, like leaving reviews on other users’ orders, accessing delivery maps, and getting copies of receipts. But things got really interesting when creating an account, and then ordering food. A hidden, incomplete password login page allowed breaking the normal user verification flow, and creating an account. Then after food is added to the cart, the cart can be updated to have a total price of a single rupee, about the value of a penny.

This research earned [Eaton] a $240 Amazon gift card, which seems a little stingy, but the intent behind the gesture is appreciated. The fixes landed just over 2 months after reported, and while [Eaton] notes that this is slower than some companies, it’s significantly faster than some of the less responsive vendors that we’ve seen.

Banning TP-Link

The US Government has recently begun discussing a plan to ban TP-Link device purchases in the United States. The reported reason is that TP-Link devices have shipped with security problems. One notable example is a botnet that Microsoft has been tracking, that primarily consists of TP-Link devices.

This explanation rings rather hollow, particularly given the consistent security failings from multiple vendors that we’ve covered on this very column over the years. Where it begins to make more sense is when considered in light of the Chinese policy that all new vulnerabilities must first be reported to the Chinese government, and only then can fixes be rolled out. It suggests that the US Commerce Department suspects that TP-Link is still following this policy, even though it’s technically now a US company.

I’m no stranger to hacking TP-Link devices. Many years ago I wrote a simple attack to put the HTTPD daemon on TP-Link routers into debug mode, by setting the wifi network name. Because the name was used to build a command run with bash, it was possible to do command injection, build a script in the device’s /tmp space, and then execute that script. Getting to debug mode allowed upgrading to OpenWRT on the device. And that just happens to be my advice for anyone still using TP-Link hardware: install OpenWRT on it.

Developers Beware

We have two separate instances of malware campaigns directly targeting developers. The first is malicious VSCode extensions being uploaded to the marketplace. These fakes are really compelling, too, with lots of installs, reviews, and links back to the real pages. These packages seem to be droppers for malware payloads, and seem to be targeting cryptocurrency users.

If malware in your VSCode extensions isn’t bad enough, OtterCookie is a campaign believed to come from North Korea, spreading via fake job interviews. The interview asks a candidate to run a Node.js project, or install an npm package as part of prep. Those are malicious packages, and data stealers are deployed upon launch. Stay frosty, even on the job hunt.

Bits and Bytes

PHP has evolved over the years, but there are still a few quirks that might trip you up. One of the dangerous ones is tied up in $_SERVER['argv'], a quick way to test if PHP is being run from the command line, or on a server. Except, that relies on register_argc_argv set to off, otherwise query strings are enough to fool a naive application into thinking it’s running on the command line. And that’s exactly the footgun that caught Craft CMS with CVE-2024-56145.

Australia may know something we don’t, setting 2030 as the target for retiring cryptography primitives that aren’t quantum resistant. That’s RSA, Elliptic-curve, and even SHA-256. It’s a bit impractical to think that those algorithms will be completely phased out by then, but it’s an interesting development to watch.

Fuzzing is a deep subject, and the discovery of 29 new vulnerabilities found in GStreamer is evidence that there’s still plenty to discover. This wasn’t coverage-guided fuzzing, where the fuzzer mutates the fuzzing input to maximize. Instead, this work uses a custom corpus generator, where the generator is aware of how valid MP4 files are structured.

Minecraft In…COBOL?

December 27, 2024 by 36 Comments

When you think of languages you might read about on Hackaday, COBOL probably isn’t one of them. The language is often considered mostly for business applications and legacy ones, at that. The thing is, there are a lot of legacy business applications out there, so there is still plenty of COBOL. Not only is it used, but it is still improved, too. So [Meyfa] wanted to set the record straight and created a Minecraft server called CobolCraft.

The system runs on GnuCOBOL and has only been tested on Linux. There are a few limitations, but nothing too serious. The most amazing thing? Apparently, [Meyfa] had no prior COBOL experience before starting this project!

Continue reading Minecraft In…COBOL?”

A woman in a dark green shirt and grey jeans holds a set of cinnamon pants. She is standing next to a burnt orange cushioned and backed-chair. The arm rests, legs, and outer circular rack are a blonde wood. It looks somewhat mid-century modern. A number of differently-colored clothes line the wall in the background.

Uncanny Valley Of Clean Conquered By Clever Chair

December 27, 2024 by 11 Comments

Do you ever have clothes that you only wore for a few hours, so you don’t want to wash them, but it still seems icky to put them back in the drawer or closet? What if you had a dedicated place to put them instead of on your floor or piled on a chair in the corner? [Simone Giertz] has a tidier solution for you.

On top of the quasi-dirty clothing conundrum, [Giertz]’s small space means she wanted to come up with a functional, yet attractive way to wrangle these clothes. By combining the time-honored tradition of hanging clothes on the back of a chair and the space-saving efficiency of a Lazy Susan, she was able to create a chair with a rotating rack to tuck the clothes out of the way when not wearing them.

The circular rack attached to the chair orbits around a circular seat and arm rests allowing clothes to be deposited on the chair from the front and conveniently pushed to the back so they remain out of sight and out of mind until you need them. The hardware chosen seems to be pretty strong as well given the number of items placed on the rail during the demonstration portion of the video. We also really like how [Giertz] challenged herself to “CAD celibacy” for the duration of the build to try to build it quick.

If you want to see some other clever furniture hacks, how about repurposing the seats from an old subway, or hacking IKEA furniture to be more accessible?

Continue reading “Uncanny Valley Of Clean Conquered By Clever Chair”

Blast Away The Flux — With Brake Cleaner?

December 26, 2024 by 74 Comments

Can you use brake cleaner for flux removal on PCBs? According to [Half Burnt Toast], yes you can. But should you? Well, that’s another matter.

In our experience, flux removal seems to be far more difficult than it should be. We’ve seen plenty of examples of a tiny drop of isopropyl alcohol and a bit of light agitation with a cotton swab being more than enough to loosen up even the nastiest baked-on flux. If we do the same thing, all we get is a gummy mess embedded with cotton fibers smeared all over the board. We might be doing something wrong, or perhaps using the wrong flux, but every time we get those results, we have to admit toying with the idea of more extreme measures.

The LED bar graphs were not a fan of the brake cleaner.

[Toast] went there, busting out a fresh can of brake cleaner and hosing down some of the crustier examples in his collection. The heady dry-cleaner aroma of perchloroethylene was soon in the air, and the powerful solvent along with the high-pressure aerosol blast seemed to work wonders on flux. The board substrate, the resist layer, and the silkscreen all seemed unaffected by the solvent, and the components were left mostly intact; one LED bar graph display did a little melty, though.

So it works, but you might want to think twice about it. The chlorinated formula he used for these tests is pretty strong stuff, and isn’t even available in a lot of places. Ironically, the more environmentally friendly stuff seems like it would be even worse, loaded as it is with acetone and toluene. Whichever formula you choose, proceed with caution and use the appropriate PPE.

What even is flux, and what makes it so hard to clean? Making your own might provide some answers.

Continue reading “Blast Away The Flux — With Brake Cleaner?”