Tired Of Regular Keebs? Might Be Time To Split

No matter how much geek cred your old vintage keyboard pulls, it’s not worth suffering through wrist pain or any other discomfort while using it. Especially now, when there are so many points of entry into the rabbit hole world of DIY mechanical keebs.

Once the wrist pain started, [Ben Congdon] switched from a big old Apple keeb to a Kinesis Freestyle — it’s basically a regular keyboard, but in two halves that can be placed far enough apart that [Ben]’s wrists are straight while typing. Comfortable as that split rectangle may be, it’s just not that cool looking, and he was ready to build something new, as long as it had enough keys.

[Ben] settled on building a Keebio Sinc, a new board which comes mostly soldered already and supports a handful of layouts. In the spirit of leaving doors open, [Ben] soldered in hot-swap sockets instead of permanently attaching the key switches to the PCB. This way, those Gateron reds can be easily switched out for something else, for instance should [Ben] want to try a little tactility down the road.

We think the Sinc is a cool offering precisely because it is such a full keyboard. Not everyone is ready to jump into 60% layouts or thumb clusters, and it’s nice to have options. This is entry-level ergo and DIY all at once. What’s not to like? Even if you want to go for something small and ortholinear, there are options. Here’s a build we saw recently that starts with a breakaway PCB that lets you choose between small and smaller.

Via reddit

HAWT Wind Turbine Is Mostly 3D Printed

Wind turbines are a great source of renewable energy, and a great DIY project, too. They can be built with all kinds of materials and the barrier for entry is low for the beginner. [Fab] has built just such a device, taking advantage of modern construction techniques, and dubbed it the WinDIY.

The WinDIY design is mostly 3D printed, with a familiar three-bladed design. The diameter of the rotor is 1.2 m, meaning that braking and regulating the turbine is required for safety in high winds. [Fab] is aiming to achieve this control with a combination of mechanical and electronic braking, as well as variable-pitch blades. The benefit of 3D printing the design is it allows iterations to be made quickly, particularly of parts with complex geometries that would be too time-consuming or expensive to machine otherwise.

[Fab]’s writeup goes into great detail on topics like the design of the pitch control systems and other minutae, which should serve as a great reference for anyone else working on a similar project. If you’re looking for something with more of a sci-fi future vibe, consider attempting a vertical-axis build instead.

Hands-On: AND!XOR Unofficial DC28 Badge Embraces The Acrylic Stackup

Still hot from the solder party, a new AND!XOR badge just landed on my desk courtesy of the hacking crew that has been living the #badgelife for the past five years. Originally based on the Futurama character Bender, the design has morphed to the point that it’s no longer recognizable as a descendant of that belligerent robot. Instead we have a skeletal midget whose face is half covered by a gear-themed mask.

Continue reading “Hands-On: AND!XOR Unofficial DC28 Badge Embraces The Acrylic Stackup”

Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack

This year, at DEF CON 28 DEF CON Safe Mode, security researchers [Jiska Classen] and [Francesco Gringoli] gave a talk about inter-chip privilege escalation using wireless coexistence mechanisms. The title is catchy, sure, but what exactly is this about?

To understand this security flaw, or group of security flaws, we first need to know what wireless coexistence mechanisms are. Modern devices can support cellular and non-cellular wireless communications standards at the same time (LTE, WiFi, Bluetooth). Given the desired miniaturization of our devices, the different subsystems that support these communication technologies must reside in very close physical proximity within the device (in-device coexistence). The resulting high level of reciprocal leakage can at times cause considerable interference.

There are several scenarios where interference can occur, the main ones are:

  • Two radio systems occupy neighboring frequencies and carrier leakage occurs
  • The harmonics of one transmitter fall on frequencies used by another system
  • Two radio systems share the same frequencies

To tackle these kind of problems, manufacturers had to implement strategies so that the devices wireless chips can coexist (sometimes even sharing the same antenna) and reduce interference to a minimum. They are called coexistence mechanisms and enable high-performance communication on intersecting frequency bands and thus, they are essential to any modern mobile device. Despite open solutions exist, such as the Mobile Wireless Standards, the manufacturers usually implement proprietary solutions.

Spectra

Spectra is a new attack class demonstrated in this DEF CON talk, which is focused on Broadcom and Cypress WiFi/Bluetooth combo chips. On a combo chip, WiFi and Bluetooth run on separate processing cores and coexistence information is directly exchanged between cores using the Serial Enhanced Coexistence Interface (SECI) and does not go through the underlying operating system.

Spectra class attacks exploit flaws in the interfaces between wireless cores in which one core can achieve denial of service (DoS), information disclosure and even code execution on another core. The reasoning here is, from an attacker perspective, to leverage a Bluetooth subsystem remote code execution (RCE) to perform WiFi RCE and maybe even LTE RCE. Keep in mind that this remote code execution is happening in these CPU core subsystems, and so can be completely invisible to the main device CPU and OS.

Join me below where the talk is embedded and where I will also dig into the denial of service, information disclosure, and code execution topics of the Spectra attack.

Continue reading “Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack”

Hackaday Podcast 079: Wobble Sphere, Pixelflut, Skeeter Traps, And Tracing Apps

Hackaday editors Mike Szczys and Elliot Williams gaze upon the most eye-popping projects from the past week. Who would have known that springy doorstops could be so artistic? Speaking of art, what happens if you give everyone on the network the chance to collectively paint using pixels? There as better way to catch a rat, and a dubious way to lure mosquitoes. We scratch our heads at sending code to the arctic, and Elliot takes a deep look at the contact tracing apps developed and in use throughout Europe.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 079: Wobble Sphere, Pixelflut, Skeeter Traps, And Tracing Apps”

This Week In Security: Garmin Ransomware, KeePass , And Twitter Warnings

On July 23, multiple services related to Garmin were taken offline, including their call center and aviation related services. Thanks to information leaked by Garmin employees, we know that this multi-day outage was caused by the Wastedlocker ransomware campaign. After four days, Garmin was able to start the process of restoring the services.

It’s reported that the requested ransom was an eye-watering $10 million. It’s suspected that Garmin actually paid the ransom. A leaked decryptor program confirms that they received the decryption key. The attack was apparently very widespread through Garmin’s network, as it seems that both workstations and public facing servers were impacted. Let’s hope Garmin learned their lesson, and are shoring up their security practices. Continue reading “This Week In Security: Garmin Ransomware, KeePass , And Twitter Warnings”

Odyssey Is A X86 Computer Packing An Arduino Along For The Trip

We love the simplicity of Arduino for focused tasks, we love how Raspberry Pi GPIO pins open a doorway to a wide world of peripherals, and we love the software ecosystem of Intel’s x86 instruction set. It’s great that some products manage to combine all of them together into a single compact package, and we welcome the recent addition of Seeed Studio’s Odyssey X86J4105.

[Ars Technica] recently looked one over and found it impressive from the perspective of a small networked computer, but they didn’t dig too deeply into the maker-friendly side of the product. We can look at the product documentation to see some interesting details. This board is larger than a Raspberry Pi, but its GPIO pins were laid out in exactly the same order as that on a Pi. Some HATs could plug right in, eliminating all the electrical integration leaving just the software issue of ARM vs x86. Tasks that are not suitable for CPU-controlled GPIO (such as generating reliable PWM) can be offloaded to an on-board Arduino-compatible microcontroller. It is built around the SAMD21 chip, similar to the Arduino MKR and Arduino Zero but the pinout does not appear to match any of the popular Arduino form factors.

The Odyssey is not the first x86 single board computer (SBC) to have GPIO pins and an onboard Arduino assistant. LattePanda for example has been executing that game plan (minus the Raspberry Pi pin layout) for the past few years. We’ve followed them since their Kickstarter origins and we’ve featured creative uses here and there. LattePanda’s current offerings are built around Intel CPUs ranging from Atom to Core m3. The Odyssey’s Celeron is roughly in the middle of that range, and the SAMD21 is more capable than the ATmega32U4 (Arduino Leonardo) on board a LattePanda. We always love seeing more options in a market for us to find the right tradeoff to match a given project, and we look forward to the epic journeys yet to come.