This Week In Security: EvilVideo, Crowdstrike, And InSecure Boot

July 26, 2024 by 12 Comments

First up this week is the story of EvilVideo, a clever telegram exploit that disguises an APK as a video file. The earliest record we have of this exploit is on June 6th when it was advertised on a hacking forum.

Researchers at ESET discovered a demo of the exploit, and were able to disclose it to Telegram on June 26th. It was finally patched on July 11. While it was advertised as a “one-click” exploit, that’s being a bit generous, as the ESET demo video shows. But it was a clever exploit. The central trick is that an APK file can be sent in a Telegram chat, and it displays what looks like a video preview. Tap the “video” file to watch it, and Telegram prompts you to play it with an external player. But it turns out the external player in this case is Android itself, which prompts the target to install the APK. Sneaky.

Continue reading “This Week In Security: EvilVideo, Crowdstrike, And InSecure Boot”

Digitally Reading A Micrometer’s Output

July 17, 2024 by 11 Comments

If you’re instrumenting your machine tools, or if you’re just curious, you might want to get granular access to the output of a digital micrometer or the like. [Tommy] set his mind to figuring out the communications protocol of the ClockWise Tools dial indicator for this very purpose. And he succeeded!

Work began by finding the clock and signal lines for the gauge. With those identified, and the signals up on an AD2 logic analyzer, it was determined that once every 40 milliseconds, the device sent a data burst of six nibbles separated by 1.58 milliseconds apiece. The device communicates the absolute position of the gauge, and the data can be readily decoded with the aid of an op-amp to help boost up the 1.5-volt logic to a more reasonable level for a modern commodity microcontroller like the Arduino Nano. From there, the information can be trucked over serial to a PC, or you can do just about anything else with it besides.

We’ve seen similar hacks performed on calipers before, too, making automated measurements a breeze. If you’re working on something that needs precise measurements down to the, well… micrometer… this project might be just the thing you’re looking for.

This Week In Security: Blast-RADIUS, Gitlab, And Plormbing

July 12, 2024 by 6 Comments

The RADIUS authentication scheme, short for “Remote Authentication Dial-In User Service”, has been widely deployed for user authentication in all sorts of scenarios. It’s a bit odd, in that individual users authenticate to a “RADIUS Client”, sometimes called a Network Access Server (NAS). In response to an authentication request, a NAS packages up the authentication details, and sends it to a central RADIUS server for verification. The server then sends back a judgement on the authentication request, and if successful the user is authenticated to the NAS/client.

The scheme was updated to its current form in 1994, back when MD5 was considered a cryptographically good hash. It’s been demonstrated that MD5 has problems, most notably a chosen-prefix collision attack demonstrated in 2007. The basis of this collision attack is that given two arbitrary messages, it is possible to find a pair of values that, when appended to the end of those messages, result in matching md5 hashes for each combined message. It turns out this is directly applicable to RADIUS.
Continue reading “This Week In Security: Blast-RADIUS, Gitlab, And Plormbing”

This Week In Security: Hide Yo SSH, Polyfill, And Packing It Up

July 5, 2024 by 9 Comments

The big news this week was that OpenSSH has an unauthorized Remote Code Execution exploit. Or more precisely, it had one that was fixed in 2006, that was unintentionally re-introduced in version 8.5p1 from 2021. The flaw is a signal handler race condition, where async-unsafe code gets called from within the SIGALARM handler. What does that mean?
Continue reading “This Week In Security: Hide Yo SSH, Polyfill, And Packing It Up”

Hosting Your Own PixMob Party Made Easy

June 28, 2024 by 10 Comments

Over the last few years, it’s been increasingly common for concertgoers to be handed a light-up bracelet from PixMob that synchronizes with the others in the crowd to turn the entire audience into a music visualizer. They’re a clever way of enhancing the concert experience, but unfortunately, they don’t do anything once you leave the show. Or at least, that used to be the case.

We’ve seen efforts to reverse engineer the IR (and occasionally radio) signals that drive these PixMob devices, but since we checked in last it seems like things have gotten a lot easier for the home gamer. [David Pride] has recently posted a brief write-up that shows how quickly and easily it is to get these devices fired up using nothing more exotic than an Arduino, an IR LED, and an audio sensor module.

With the audio sensor module connected to the Arduino’s digital input and the IR LED wired to digital out, all you need to do is flash firmware to the board and start playing some beats. The source code [David] has provided is a a remixed version of what’s previously been published by [Carlos Ganoza], which, in this case, has been tweaked to make the lighting patterns less random.

Presumably, this is to make the devices behave more like they do during an actual concert, but since nobody at Hackaday is cool enough to have seen a live musical performance in the last decade, we’re not really sure. All we can say is that the effect looks pretty sweet in the demo video.

Back in 2019, we saw a teardown of an early PixMob device, and by 2022, the efforts to reverse engineer their IR control protocol were well underway. We’re glad to see things have progressed to the point that you can piece together a transmitter from what’s in the parts bin, as it means at least some of these devices will have a lifespan longer than a single concert.

Decoding Meshtastic With GNU Radio

June 26, 2024 by 21 Comments

Meshtastic is a way to build mesh networks using LoRa that is independent of cell towers, hot spots or traditional repeaters. It stands to reason that with an SDR and GNU Radio, you could send and receive Meshtastic messages. That’s exactly what [Josh Conway] built, and you can see a video about the project, Meshtastic_SDR, below. The video is from [cemaxecuter], who puts the library through its paces.

For hardware, the video uses a Canary I as well as the WarDragon software-defined radio kit which is an Airspy R2 and a mini PC running Dragon OS — a Linux distribution aimed at SDR work —  in a rugged case. GNU Radio, of course, uses flows which are really just Python modules strung together with a GUI.

Continue reading “Decoding Meshtastic With GNU Radio”

screenshot of the code defining a hid descriptor by using essentially macros for common descriptor types

Coupling STM32 And Linux? Consider HID Over I2C

June 26, 2024 by 25 Comments

If you’re pairing a tiny Linux computer to a few peripherals — perhaps you’re building a reasonably custom Pi-powered device — it’s rightfully tempting to use something like an STM32 for all your low-level tasks, from power management to reading keyboard events.

Now, in case you were wondering how to tie the two together, consider HID over I2C, it’s a standardized protocol with wide software and peripheral support, easily implementable and low-power. What’s more, [benedekkupper] gives you an example STM32 project with a detailed explanation on how you too can benefit from the protocol.

There are several cool things about this project. For a start, its code is generic enough that it will port across the entire STM32 lineup nicely. Just change the pin definitions as needed, compile it, flash it onto your devboard and experiment away. Need to change the descriptors? The hid-rdf library used lets you define a custom descriptor super easily, none of that building a descriptor from scratch stuff, and it even does compile-time verification of the descriptor!

The project has been tested with a Raspberry Pi 400, and [benedekkupper] links a tutorial on quickly adding your I2C-HID device on an Linux platform; all you need is DeviceTree support. Wondering what’s possible with HID? We’ve seen hackers play with HID aplenty here, and hacking on the HID standard isn’t just for building keyboards. It can let you automate your smartphone, reuse a laptop touchpad or even a sizeable Wacom input surface, liberate extra buttons on gamepads, or build your own touchscreen display.