This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label

January 10, 2025 by 3 Comments

The mad lads at watchTowr are back with their unique blend of zany humor and impressive security research. And this time, it’s the curious case of backdoors within popular backdoors, and the list of unclaimed domains that malicious software would just love to contact.

OK, that needs some explanation. We’re mainly talking about web shells here. Those are the bits of code that get uploaded to a web server, that provide remote access to the computer. The typical example is a web application that allows unrestricted uploads. If an attacker can upload a PHP file to a folder where .php files are used to serve web pages, accessing that endpoint runs the arbitrary PHP code. Upload a web shell, and accessing that endpoint gives a command line interface into the machine.

The quirk here is that most attackers don’t write their own tools. And often times those tools have special, undocumented features, like loading a zero-size image from a .ru domain. The webshell developer couldn’t be bothered to actually do the legwork of breaking into servers, so instead added this little dial-home feature, to report on where to find all those newly backdoored machines. Yes, many of the popular backdoors are themselves backdoored.

This brings us to what watchTowr researchers discovered — many of those backdoor domains were either never registered, or the registration has been allowed to expire. So they did what any team of researchers would do: Buy up all the available backdoor domains, set up a logging server, and just see what happens. And what happened was thousands of compromised machines checking in at these old domains. Among the 4000+ unique systems, there were a total of 4 .gov. domains from governments in Bangladesh, Nigeria, and China. It’s an interesting romp through old backdoors, and a good look at the state of still-compromised machines.

Continue reading “This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label”

RISC-V Microcontroller Lights Up Synth With LED Level Meter

January 10, 2025 by 8 Comments

The LM3914 LED bar graph driver was an amazing chip back in the day. Along with the LM3915, its logarithmic cousin, these chips gave a modern look to projects, allowing dancing LEDs to stand in for a moving coil meter. But time wore on and the chips got harder to find and even harder to fit into modern projects, what with their giant DIP-18 footprint. What’s to be done when a project cries out for bouncing LEDs? Simple — get a RISC-V microcontroller and roll your own LED audio level meter.

In fairness, “simple” isn’t exactly what comes to mind while reading [svofski]’s write-up of this project. It’s part of a larger build, a wavetable synth called “Pétomane Ringard” which just screams out for lots of blinky LEDs. [svofski] managed to squeeze 20 small SMD LEDs onto the board along with a CH32V003 microcontroller. The LEDs are charlieplexed, using five of the RISC-V chip’s six available GPIO lines, leaving one for the ADC input. That caused a bit of trouble with programming, since one of those pins is needed to connect to the programmer. This actually bricked the chip, thankfully only temporarily since there’s a way to glitch the chip back to life, but only after pulling it out of the circuit. [svofski] recommends adding a five-second delay loop to the initialization routine to allow time to recover if the microcontroller gets into an unprogrammable state. Good tip.

As for results, we think the level meter looks fantastic. [svofski] went for automated assembly of the 0402 LEDs, so the strip is straight and evenly spaced. The meter seems to be quite responsive, and the peak hold feature is a nice touch. It’s nice to know there’s a reasonable substitute for the LM391x chips, especially now that all the hard work has been done.
Continue reading “RISC-V Microcontroller Lights Up Synth With LED Level Meter”

A Low Effort, Low Energy Doorbell

January 10, 2025 by 19 Comments

Bluetooth is a good way to connect devices that are near each other. However, it can drain batteries which is one reason Bluetooth Low Energy — BLE — exists. [Drmph] shows how easy it is to deploy BLE to make, in this case, a doorbell. He even shows how you can refit an existing doorbell to use the newer technology.

Like many projects, this one started out of necessity. The existing wireless doorbell failed, but it was difficult to find a new unit with good review. Cheap doorbells tend to ring spuriously due to interference. BLE, of course, doesn’t have that problem. Common BLE modules make up the bulk of the project. It is easy enough to add your own style to the doorbell like a voice announcement or musical playback. The transmitter is little more than a switch, the module, a coin cell, and an LED.

It is, of course, possible to have a single receiver read multiple doorbells. For example, a front door and back door with different tones. The post shows how to make a remote monitor, too, if you need the bell to ring beyond the range of BLE.

A fun, simple, and useful project. Of course, the cool doorbells now have video. Just be careful not to get carried away.

It’s IP, Over TOSLINK!

January 9, 2025 by 19 Comments

At the recent 38C3 conference in Germany, someone gave a talk about sending TOSLINK digital audio over fiber optic networks rather than the very low-end short distance fibre you’ll find behind your CD player. This gave [Manawyrm] some ideas, so of course the IP-over TOSLINK network was born.

TOSLINK is in effect I2S digital audio as light, so it carries two 44.1 kilosamples per second 16-bit data streams over a synchronous serial connection. At 1544 Kbps, this is coincidentally about the same as a T1 leased line. The synchronous serial link of a TOSLINK connection is close enough to the High-Level Data Link Control, or HDLC, protocol used in some networking applications, and as luck would have it she had some experience in using PPP over HDLC. She could configure her software from that to use a pair of cheap USB sound cards with TOSLINK ports, and achieve a surprisingly respectable 1.47 Mbit/s.

We like this hack, though we can see it’s not entirely useful and we think few applications will be found for it. But she did it because it was there, and that’s the essence of this game. Now all that needs to happen is for someone to use it in conjunction with the original TOSLINK-over network fiber, for a network-over-TOSLINK-over-network abomination.

Engineering Lessons From The Super-Kamiokande Neutrino Observatory Failure

January 9, 2025 by 48 Comments

Every engineer is going to have a bad day, but only an unlucky few will have a day so bad that it registers on a seismometer.

We’ve always had a morbid fascination with engineering mega-failures, few of which escape our attention. But we’d never heard of the Super-Kamiokande neutrino detector implosion until stumbling upon [Alexander the OK]’s video of the 2001 event. The first half of the video below describes neutrinos in some detail and the engineering problems related to detecting and studying a particle so elusive that it can pass through the entire planet without hitting anything. The Super-Kamiokande detector was built to solve that problem, courtesy of an enormous tank of ultrapure water buried 1,000 meters inside a mountain in Japan and lined with over 10,000 supersized photomultiplier tubes to detect the faint pulses of Chernkov radiation emitted on the rare occasion that a neutrino interacts with a water molecule.

Continue reading “Engineering Lessons From The Super-Kamiokande Neutrino Observatory Failure”

Sheet Metal Forming With 3D Printed Dies

January 9, 2025 by 16 Comments

Sheet metal is very easy to form, including the pressing in of intricate shapes with dies and a hydraulic press, but the dies themselves are slightly harder to come by. What if we could 3D print custom dies to stamp logos and more into sheet metal? This is the premise of a recent video by the Stick Shift Garage channel on YouTube in which dies are printed in PLA+ (solid infill) and used to stamp 1 and 2 mm thick sheet metal with the channel’s logo.

As can be observed in the video, the results aren’t bad at all after a couple of tweaks and adjustments to the pressure, but of course there is room for improvement. Some helpful commentators suggest improving the dies with properly rounded edges on the die’s shape and paying attention to K-factors and kin so as not to overstress or tear the sheet metal. In terms of die longevity, the PLA+ dies began to wear out after about a dozen tries but not the point of failure. Here other filament types might work even better, maybe even to the point of competing with a CNCed metal die.

Considering that this was a first attempt without a lot of pre-existing knowledge it went pretty well, and a future video was promised in which improvements will be shown off.

Continue reading “Sheet Metal Forming With 3D Printed Dies”

Toner Transfer, But Not For PCBs

January 9, 2025 by 16 Comments

It is old news that you can print PCB artwork on glossy paper and use a clothes iron to transfer the toner to a copper board, which will resist etchant. But [Squalius] shows us how to do a similar trick with 3D prints in a recent video, which you can see below.

The example used is a QR code, although you can use anything you can print in a mirror image. Of course, heat from a clothes iron isn’t going to be compatible with your 3D-printed plastic. The trick is to use some acrylic medium on the part, place the print face down, and apply more medium to the back of the paper.

Continue reading “Toner Transfer, But Not For PCBs”