This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!

July 9, 2021 by 29 Comments

For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.

Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild. Continue reading “This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!”

10 Gigabit Ethernet For The Pi

July 9, 2021 by 31 Comments

When people like Bell and Marconi invented telephones and radios, you have to wonder who they talked to for testing. After all, they had the first device. [Jeff] had a similar problem. He got a 10 gigabit network card working with the Raspberry Pi Compute Module. But he didn’t have any other fast devices to talk to. Simple, right? Just get a router and another network card. [Jeff] thought so too, but as you can see in the video below, it wasn’t quite that easy.

Granted, some — but not all — of the hold-ups were self-inflicted. For example, doing some metalwork to get some gear put in a 19-inch rack. However, some of the problems were unavoidable, such as the router that has 10 Gbps ports, but not enough throughput to actually move traffic at that speed. Recabling was also a big task.

Continue reading “10 Gigabit Ethernet For The Pi”

Zooming Through The Mandelbrot Set On An Atari

July 9, 2021 by 4 Comments

The Mandelbrot set, according to Wikipedia, is “the set of complex numbers c for which the function f_{c}(z)=z^{2}+c does not diverge.” Even if you don’t understand the mathematics behind it, you’ve likely seen the complicated fractal images generated by zooming in on the border of the Mandelbrot set. [Scott Williamson] not only got this set rendering on an Atari, but managed to create animated videos of the results. 

Emulators were key to the project’s success.

Doing the work was no mean feat. While it takes just 10 lines of Atari BASIC to render the set on an Atari 800, getting the animations made and into a modern video format took much effort. [Scott] used the Atari800Win-PLus emulator to zoom in on a variety of locations on the fractal curve and recorded the results over a weekend.

However, compositing the various frames into smooth-scrolling videos took more effort, with a Python script and ffmpeg required to stitch everything together into the results you see on YouTube. The final videos were combined with Atari chiptune music from [Adam Sporka] to help round out the presentation.

The result is reminiscent of an old-school demo, even if everything here was assembled slowly on modern computers from the raw Atari output. We’ve seen other great Mandelbrot feats before, too, like this real-time explorer built on an FPGA. Video after the break.

Continue reading “Zooming Through The Mandelbrot Set On An Atari”

DIY Forth On Arduino

July 8, 2021 by 32 Comments

On a recent rainy afternoon, [Thanassis Tsiodras] decided to build his own Forth for the Arduino to relieve the boredom. One week of intense hacking later, he called it done and released his project as MiniForth on GitHub. [Thanassis] says he was inspired by our series of Forth articles from a few years back, and his goal was to build a Forth interpreter / compiler from scratch, put it into a Blue Pill microcontroller. That accomplished, he naturally decides to squeeze it into an Arduino Uno with only 2K of RAM.

Even if you are ambivalent about the Forth language, [Thanissis]’s project has some great ideas to check out. For example, he’s a big proponent of Makefile automation for repetitive tasks, and the project’s Makefile targets implements almost every task needed for development, building and testing his code.

Some development and testing tasks are easier to perform on the host computer. To that end, [Thanassis] tests his programs locally using the simavr simulator. The code is also portable, and he can compile it locally on the host and debug it using GDB along with Valgrind and AddressSanitizer to check for memory issues. He chose to write the program in C++ using only zero-cost abstractions, but found that compiling with the ArduinoSTL was too slow and used too much memory. No problem, [Thanassis] writes his own minimalist STL and implements several memory-saving hacks. As a final test, the Makefile can also execute a test suite of Forth commands, including a FizzBuzz algorithm, to check the resulting implementation.

Here’s a short video of MiniForth in action, blinking an LED on an UNO, and the video below the break shows each of the various Makefile tasks in operation. If you want to learn more, check out Elliot Williams’s Forth series which inspired [Thanassis] and this 2017 article discussing several different Forth implementations. Have you ever built your own compiler? Let us know in the comments below.

Continue reading “DIY Forth On Arduino”

The Nuclear Powered Car From Ford

July 8, 2021 by 42 Comments

We think of electric cars as a new invention, but even Thomas Edison had one. It isn’t so much that the idea is new, but the practical realization for normal consumer vehicles is pretty recent. Even in 1958, Ford wanted an electric car. But not just a regular electric car. The Ford Nucleon would carry a small nuclear reactor and get 5,000 miles without a fillup.

Of course, the car was never actually built. Making a reactor small and safe enough to power a passenger car is something we can’t do even today. The real problem, according to experts, is not building a reactor small enough but in dealing with all the heat produced.

Continue reading “The Nuclear Powered Car From Ford”

Reverse Engineering A Very Cheap Fitness Band

July 8, 2021 by 10 Comments

With the rise of big-name smartwatches in the marketplace, there are also a smattering of lower-end offerings. The M6 fitness band is one of them, and [Raphael] set about hacking the cheap device with a custom firmware of his own creation.

The M6 band, which sells for around $6, appears to trade on name similarity to the more expensive (~$50) Xiaomi Mi Smart Band 6 fitness tracker. Upon disassembly, [Raphael] found that the system-on-chip running the show is a Telink TLSR8232. It’s paired with a 160×80 display, a small LiPo battery for power, and a vibration motor and what appears to be a fake heart rate sensor.

[Raphael] wanted to flash the SOC with a new firmware, and learned a lot from code for a similar part created by [atc1441]. It took some time to figure out how to program the chip using the somewhat oddball SWire interface, but [Raphael] persevered and eventually got things going after much research and experimentation.

From there, it was yet further work to figure out how to read the capacitive button input as well as how to drive the screen, but [Raphael] succeeded in the end. The final result was whipping up a firmware that allowed him to read Bluetooth Low Energy soil moisture sensors he has installed in his plants at home.

It’s not [Raphael], aka [rbaron]’s first bite at the cherry; we’ve featured his efforts in hacking similar fitness bands before! Video after the break.

Continue reading “Reverse Engineering A Very Cheap Fitness Band”

Hacked On SO-DIMM Slot Was Worth A Shot

July 8, 2021 by 33 Comments

Finding unpopulated pads on a circuit board is often a sign that the device in question has some untapped potential. These blank spots on the board could be left over from features or capabilities that were deleted from the design, or perhaps even represent an optional upgrade that wasn’t installed on this particular specimen. So we certainly understand why [d0rk] was fascinated by the empty SO-DIMM footprint he recently found on a laptop’s motherboard.

The budget Celeron machine shipped with 4 GB of RAM installed in its single socket, a situation [d0rk] hoped he could improve upon with the addition of a second module. But could it really be as simple as pulling the socket from a dead motherboard and soldering it into place? Would other components need to be added to the board? Could the BIOS cope with the unexpected upgrade? There was only one way to find out…

Room to grow

At first, it seemed like the patient didn’t survive the operation. But a close look uncovered that the power button had actually gotten damaged somewhere along the line. Once [d0rk] fixed that the machine started up, but unfortunately the operating system didn’t see the extra RAM module. Even after upgrading the BIOS, the computer remained oblivious to the additional memory.

When he went back in to inspect his solder work for shorts or bad joints, disaster struck. For reasons that aren’t immediately clear, the computer no longer starts. Even after pulling the transplanted SO-DIMM slot off the board entirely, [d0rk] says it won’t make it through the self-test. Obviously a disappointing conclusion, but we respect the effort he put into the attempt.

While this memory upgrade didn’t go according to plan, we’ve seen enough success stories over the years to balance it out. From old wireless routers to cutting-edge video cards, plenty of gadgets have received a memory boost courtesy of a soldering iron and a steady hand.

[Thanks to Timothy for the tip.]