Breaking Smartphone NFC Firmware: The Gory Details

August 23, 2020 by 2 Comments

Near-field Communication (NFC) has been around a while and is used for example in access control, small data exchange, and of course in mobile payment systems. With such sensitive application areas, security is naturally a crucial element of the protocol, and therefore any lower-level access is usually heavily restricted and guarded.

This hardware is especially well-guarded in phones, and rooting your Android device won’t be of much help here. Well, that was of course only until [Christopher Wade] took a deep look into that subject, which he presented in his NFC firmware hacking talk at for this year’s DEF CON.

But before you cry out “duplicate!” in the comments now, [Jonathan Bennett] has indeed mentioned the talk in a recent This Week In Security article, but [Christopher] has since written up the content of his talk in a blog post that we thought deserves some additional attention.

To recap: [Christopher] took a rooted Samsung S6 and searched for vulnerabilities in the NFC chip’s safe firmware update process, in hopes to run a custom firmware image on it. Obviously, this wouldn’t be worth mentioning twice if he hadn’t succeeded, and he goes at serious length into describing how he got there. Picking a brain like his by reading up on the process he went through — from reverse engineering the firmware to actually exploiting a weakness that let him run his own code — is always fascinating and downright fun. And if you’re someone who prefers the code to do the talking, the exploits are on GitHub.

Naturally, [Christopher] disclosed his findings to Samsung, but the exploited vulnerability — and therefore the ability to reproduce this — has of course been out there for a long time already. Sure, you can use a Proxmark device to attack NFC, or the hardware we saw a few DEF CONs back, but a regular-looking phone will certainly raise a lot less suspicion at the checkout counter, and might open whole new possibilities for penetration testers. But then again, sometimes a regular app will be enough, as we’ve seen in this NFC vending machine hack.

Continue reading “Breaking Smartphone NFC Firmware: The Gory Details”

Graphene Prints More Smoothly Under The Influence Of Alcohol

August 22, 2020 by 10 Comments

If you’ve ever sloshed coffee out of your mug and watched the tiny particles scurry to the edges of the puddle, then you’ve witnessed a genuine mystery of fluid mechanics called the coffee ring effect. The same phenomenon happens with spilled wine, and with functional inks like graphene.

Graphene and other 2D crystals print much better under the influence of alcohol.

The coffee ring effect makes it difficult to print graphene and similar materials onto silicon wafers, plastics, and other hard surfaces because of this drying problem. There are already a few commercial options that can be used to combat the coffee ring effect, but they’re all polymers and surfactants that negatively affect the electronic properties of graphene.

Recently, a group of researchers discovered that alcohol is the ideal solution. In the case of spilled graphene, the particles fleeing for the edges are naturally spherical. By adding a mixture of isopropyl and 2-butanol alcohol, they get flattened into a pancake shape, resulting in smoother deformation during the drying process and an easier printing process with better results.

Graphene is quite interesting by nature, and has many uses. It can shift from an insulator to a superconductor with the right temperature changes, and it can desalinate sea water for drinking.

Facing The Coronavirus

August 22, 2020 by 1 Comment

Some of us are oblivious to how often we touch our faces. The current finding is we reach for our eyes, nose, or mouth every three to four minutes. Twenty times per hour is an awful lot of poking, picking, itching, and prodding when we’re supposed to keep our hands away from glands that can transmit and receive disease. To curb this habit and enter the 2020 Hackaday Prize, [Lloyd lobo] built a proof-of-concept device that sounds the alarm when you reach for your face.

We see an Arduino Uno connected to the classic HC-SR04 ultrasonic distance sensor, an LED, and we have to assume a USB battery pack. [Lloyd] recommends the smaller Nano, we might reach for the postage-stamp models and swap the ultrasonic module out for the much smaller laser time of flight sensor. At its soul, this is an intruder alarm. Instead of keeping siblings out of your room, you will be keeping your hands out of the area below the bill of the hat where the sensor is mounted. If you regularly lift a coffee cup to your lips, it might chastise you, and if you chew sunflower seeds, you might establish a tempo. *crunch* *chip* *beep* *crunch* *chip* *beep*

We have reviewed technology to improve our habits like a bracelet that keeps a tally, and maybe there is a book that will help shirk some suboptimal behaviors.

Continue reading “Facing The Coronavirus”

FBI Reports On Linux Drovorub Malware

August 22, 2020 by 26 Comments

The FBI and the NSA released a report on the Russian-based malware that attacks Linux known as Drovorub (PDF) and it is an interesting read. Drovorub uses a kernel module rootkit and allows a remote attacker to control your computer, transfer files, and forward ports. And the kernel module takes extraordinary steps to avoid detection while doing it.

What is perhaps most interesting though, is that the agencies did the leg work to track the malware to its source: the GRU — Russian intelligence. The name Drovorub translates into “woodcutter” and is apparently the name the GRU uses for the program.

A look inside the code shows it is pretty mundane. There’s a server with a JSON configuration file and a MySQL backend. It looks like any other garden-variety piece of code. To bootstrap the client, a hardcoded configuration allows the program to make contact with the server and then creates a configuration file that the kernel module actively hides. Interestingly, part of the configuration is a UUID that contains the MAC address of the server computer.

The rootkit won’t persist if you have UEFI boot fully enabled (although many Linux computers turn UEFI signing off rather than work through the steps to install an OS with it enabled). The malware is easy to spot if you dump raw information from the network, but the kernel module makes it hard to find on the local machine. It hooks many kernel functions so it can hide processes from both the ps command and the /proc filesystem. Other hooks remove file names from directory listings and also hides sockets. The paper describes how to identify the malware and they are especially interested in detection at scale — that is, if you have 1,000 Linux PCs on a network, how do you find which ones have this infection?

This is a modern spy story, but not quite what we’ve come to expect in Bond movies. “Well, Moneypenny, it appears Spectre is using the POCO library to generate UUIDs,” is hard to work into a trailer. We prefer the old days when high-tech spying meant nonlinear junction detectors, hacking Selectrics, moon probe heists, and passive bugging.

Mini Marble-Powered Synth Pays Homage To Its Bigger Cousins

August 22, 2020 by 8 Comments

If imitation is the sincerest form of flattery, what then are we to make of something that shares only a few of the original’s design elements, operates in a completely different way, and has been scaled down to a fifth its size? Still seems like flattery to us.

Despite the changes, it’s clear where [Love Hultén] took inspiration for his miniature Marble Machine XS. Readers will no doubt see in it elements from [Martin Molin]’s original Marble Machine, the fantastic plywood and Lego musical contraption, along with his new Marble Machine X, the construction of which never seems to end. Like the originals, [Love]’s miniature version uses a lot of steel balls, albeit considerably scaled down, and it still uses a programming drum to determine where and when to drop them. But rather than strike real traditional instruments, the falling balls strike synthesizer keys, triggering a range of sounds through its built-in speaker. The whole thing is powered by a small electric motor rather than being hand-cranked and is small enough to sit on a desktop, a decided advantage over the mammoth machines to which it pays homage.

We have to say that as much as we love the hacksmanship of the original Marble Machine and the craftsmanship of its successor, the look and feel of [Love]’s machine just blows us away. We’re not sure what materials he used, but the whole hammertone paint scheme and Meccano look is a feast for nostalgic eyes.

Continue reading “Mini Marble-Powered Synth Pays Homage To Its Bigger Cousins”

Manual Larson Scanner Invites You To Crank It

August 22, 2020 by 12 Comments

Hasselhoff make Larson Scanners famous. That’s the name for the scanning red lights on the front of KITT, the hero car from the popular 1980s TV series Knight Rider. Despite serving a solely aesthetic role, they remain a fun and popular LED project to this day. Putting a new twist on the old concept, [Pete Prodoehl] whipped up a Larson Scanner that you crank to operate.

Built out of LEGO, the project relies on a hand crank to work. The crank turns a drum, onto which is placed several strips of conductive Maker Tape – a steel/nylon material which we’ve looked at before. Strips of tape running side-by-side are bridge by segments of tape on the drum as it turns. The LEDs are switched on in the requisite pattern of a traditional Larson scanner.

The project has inspired further possibilities, such as using similar techniques to produce an electronic music box or player piano that will change tempo as the user changes the speed with the crank. [Pete] notes that turning the crank is an inherently enjoyable experience, and given the wonder inherent in hand-cranked musical projects like Marble Machine X, we can’t wait to see where this one goes next. Video after the break.

Continue reading “Manual Larson Scanner Invites You To Crank It”

Seeing The Skill Is Better Than Seeing The Project

August 22, 2020 by 12 Comments

Pulling off a flashy project that gets the viral-media hug of widespread approval feels great. Getting there is no easy path to walk and often times the craft that went into a finished project doesn’t even take the back seat but gets no mention at all. Often I find I’m more impressed by — or a least my attention is more strongly captured by — the skills put on display as prominently as the finished build.

Case-in-point this week comes from the model railroad work of [Diorama111]. Seeing an OLED screen in the nose of an HO scale locomotive just like the real-life version is impressive, but how many people missed the one-off soldering masterpiece that went into this one? You’ll marvel at the SMD techniques used with through-hole protoboard on this one.

Occasionally we do get to look over the shoulder of the master as decades of skills are shared for the purpose of passing them on. So was the case back in May when we watched as [Leo] walked through his tips and tricks for prototyping at the electronics bench. This included a lot of non-obvious but clever stuff; tips on working with copper tape for solder buses, using Teflon tubing with bare wire instead of stripping PVC-insulated wire, and a deep dive into copper clad prototyping.

So remember all of us hardware geeks when you look to tell the story of your project. We want to know how it was done at least as much as what was done. There was a time when electronic designers were a separate work group from electronic technicians (and wow, those technicians were in a league of their own). These days we all have that technician hat hanging on our workbenches and I’m always interested in packing in yet another unlearnt skill. Throw us a bone!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!