When Is A Typewriter A Printer? When It Has A Parallel Port

December 14, 2023 by 13 Comments

If you want to talk to a typewriter using something other than your fingers on the keys, you could do a lot worse than to pick up a specimen featuring a Centronics parallel port. That’s what happened to [mlupo], who came across an old Swintec 1146 CMP and decided to hack it into an art installation.

At the push of a giant, clicky button, the typewriter now spits out family stories. This is all thanks to an Adafruit KB2040 keyboard driver being used in a new, exciting way — as a printer driver.

More specifically, the CircuitPython program running on the KB2040 takes in a text file and then sends the data one character at a time until a newline is reached. At that point, the typewriter sends a busy signal and the characters are typed.

As soon as the typewriter is no longer occupied, the data stream picks back up until the next newline or until the file is completely typed out.

Once [mlupo] figured out enough of the parallel port protocol, they were able to build a custom breakout board with the KB2040, a female parallel port, and a row of LEDs for debugging that [mlupo] kept because they look cool.

The KB2040 sets the values high on a series of the parallel port’s data pins, along with the port’s STROBE pin, which pulls low when data is ready. During each STROBE cycle, the high and low pins are read by the Swintec as a binary character.

Of course, you can always use the power of Pi to build your own modern typewriter.

Thanks to [foamyguy] for the tip!

DIY Walkie-Talkie With ESP32 And ESP-NOW

December 8, 2023 by 15 Comments

In a recent article in Elektor magazine, [Clemens Valens] describes the construction and software for an ESP32 walkie-talkie system that uses ESP-NOW for the wireless connection between units, along with a low-cost condenser microphone with a transistor-based preamplifier and an LM386 op-amp for the speaker circuit. In the ESP32 module the built-in DAC and ADC are used for audio in and output, which provide just about enough resolution for voice communication.

So why use ESP-NOW rather than WiFi or Bluetooth? Mostly because of range, power usage and convenience with no SSIDs and passwords to bother with.

The DIY Walkie-Talkie circuit diagram. (Credit: Clemens Valens, Elektor magazine)
The DIY Walkie-Talkie circuit diagram. (Credit: Clemens Valens, Elektor magazine)

ESP-NOW is Espressif’s own network protocol that uses the same underlying hardware as 2.4 GHz WiFi and Bluetooth, but focuses on more basic direct and mesh-style communication. It can be considered to be somewhat like low-level UDP with MAC address instead of IP address, which makes it useful for fire-and-forget traffic such as from IoT devices.

In the past, we’ve seen ESP-NOW control everything from fake security cameras to CNC machines. In fact, we’ve even seen it used in another walkie-talkie a couple years back.

Pico-WSPR-tx Does It In Software

December 3, 2023 by 38 Comments

What do you need to make a radio transmitter? There are builds that work with just a couple of transistors. But how about a GPS-disciplined small signal beacon? You can actually get the job done for less than the cost of a fancy hamburger, thanks to [RPiks]’s pico-WSPR-tx and the Weak Signal Propagation Reporter Network (WSPR).

WSPR is a digital protocol where a beacon encodes its callsign, location, and transmitting power, and then sends it out to a network of receiving stations worldwide. The idea is to use the data coming from the beacons to determine whether radio propagation conditions are good or not; if you hear a quiet signal from afar, they’re good in that direction. [RPiks]’s beacon design simply includes a Raspberry Pi Pico and a GPS receiver. Everything else is software.

Of course, this means that it’s using the Pico’s GPIO pins for transmission. Maybe you want to add some filtering to take off the rough square-wave edges, and/or maybe you want to boost the power a little bit with an external amplifier. If so, check out our own $50 Ham column’s advice on the topic. But you don’t need to. Just a Pico and a GPS should get you working, if you want to test the WSPR waters.

This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints

December 1, 2023 by 18 Comments

We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active exploitation.

The problem is a library that can be convinced to call phpinfo() and include the results in the page response. That function reveals a lot of information about the system Owncloud is running on, including environment variables. In something like a Docker deployment, those environment variables may contain system secrets like admin username and password among others.

Now, there is a bit of a wrinkle here. There is a public exploit, and according to research done by Greynoise Labs, that exploit does not actually work against default installs. This seems to describe the active exploitation attempts, but the researcher that originally found the issue has stated that there is a non-public exploit that does work on default installs. Stay tuned for this other shoe to drop, and update your Owncloud installs if you have them. Continue reading “This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints”

Converting Bluetooth Sensors To Zigbee

November 29, 2023 by 19 Comments

With the increase in popularity of Internet of Things (IoT) devices and their need to communicate wirelessly,  there’s been a corresponding explosion of wireless protocols to chose from. Of course there’s Wi-Fi and Bluetooth, but for more specialized applications there are some other options like Z-Wave, LoRa, Sigfox, and Thread. There’s a decent amount of overlap in their capabilities too, so when [SHS] was investigating some low-cost Xiaomi sensors it was discovered that it is possible to convert them from their general purpose Bluetooth protocol over to the more IoT-specialized Zigbee protocol instead.

These combination temperature and humidity sensors have already been explored by [Aaron Christophel] who found that it’s possible to flash these devices with custom firmware. With that background, converting them from Bluetooth to Zigbee is not a huge leap. All that’s needed is the Zigbee firmware from [Ivan Belokobylskiy] aka [devbis] and to follow the steps put together by [SHS] which include a process for flashing the firmware using an over-the-air update and another using UART if the wireless updates go awry. Then it’s just a short process to pair the new Zigbee device to the network and the sensor is back up and running.

Converting from one wireless protocol to another might not seem that necessary, but using Bluetooth as an IoT network often requires proxy nodes as support devices, whereas Zigbee can communicate directly from the sensor to a hub like Home Assistant. Other Zigbee devices themselves can also act as a mesh network of sorts without needing proxy nodes. The only downside of this upgrade is that once the Bluetooth firmware has been replaced, the devices no longer has any Bluetooth functionality.

Thanks to [RoganDawes] for the tip!

Easily Bypass Laptop Fingerprint Sensors And Windows Hello

November 27, 2023 by 30 Comments

The fun part of security audits is that everybody knows that they’re a good thing, and also that they’re rarely performed prior to another range of products being shoved into the market. This would definitely seem to be the case with fingerprint sensors as found on a range of laptops that are advertised as being compatible with Windows Hello. It all began when Microsoft’s Offensive Research and Security Engineering (MORSE) asked the friendly people over at Blackwing Intelligence to take a poke at a few of these laptops, only for them to subsequently blow gaping holes in the security of the three laptops they examined.

In the article by [Jesse D’Aguanno] and [Timo Teräs] the basic system and steps they took to defeat it are described. The primary components are the fingerprint sensor and Microsoft’s Secure Device Connection Protocol (SDCP), with the latter tasked with securing the (USB) connection between the sensor and the host. Theoretically the sensitive fingerprint-related data stays on the sensor with all matching performed there (Match on Chip, MoC) as required by the Windows Hello standard, and SDCP keeping prying eyes at bay.

Interestingly, the three laptops examined (Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X) all featured different sensor brands (Goodix, Synaptics and ELAN), with different security implementations. The first used an MoC with SDCP, but security was much weaker under Linux, which allowed for a fake user to be enrolled. The Synaptics implementation used a secure TLS connection that used part of the information on the laptop’s model sticker as the key, and the ELAN version didn’t even bother with security but responded merrily to basic USB queries.

To say that this is a humiliating result for these companies is an understatement, and demonstrates that nobody in his right mind should use fingerprint- or similar scanners like this for access to personal or business information.

Voice-Over-LTE: The Reason Why Your Phone May Soon Stop Working

November 27, 2023 by 45 Comments

Although wireless standards like 3G, 4G, and 5G are mostly associated with mobile internet, they also include a phone (voice) component. Up till 4G this was done using traditional circuit-switched telephony service, but with this fourth generation the entire standard instead moved to a packet-switched version akin to Voice-over-IP, called VoLTE (voice-over-LTE). Even so, a particular phone can choose to use a 4G modem, yet still use 3G-style phone connections. Until the 3G network is shutdown, that is. This is the crux of [Hugh Jeffreys]’s latest video.

In order to make a VoLTE phone call, your phone, your provider, the receiving phone and the intermediate network providers must all support the protocol. Even some newer phones like the Samsung Galaxy J3 (2016) do not support this. For other phones you have to turn the feature on yourself, if it is available. As [Hugh] points out in the video, there’s no easy way to know whether an Android phone supports it, which is likely to lead to chaos as more and more 3G networks in Australia and elsewhere are turned off, especially in regions where people use phones for longer than a few years.

The cessation of such basic functionality is why in most countries 2G networks remain active, as they are being used by emergency services and others for whom service interruptions can literally cost lives, as well as countless feature phones and Internet of Things devices. For some phones without VoLTE, falling back to 2G might therefore still be an option if they support this. With the spotty support, lack of transparency and random shutdowns, things may however get rather frustrating for some the coming years.

Continue reading “Voice-Over-LTE: The Reason Why Your Phone May Soon Stop Working”