This Week In Security: PunkBuster, NAT, NAS And MP3s

October 2, 2020 by 4 Comments

Ah, the ever-present PDF, and our love-hate relationship with the format. We’ve lost count of how many vulnerabilities have been fixed in PDF software, but it’s been a bunch over the years. This week, we’re reminded that Adobe isn’t the only player in PDF-land, as Foxit released a round of updates, and there were a couple serious problems fixed. Among the vulnerabilities, a handful could lead to RCE, so if you use or support Foxit users, be sure to go get them updated.

PunkBuster

Remember PunkBuster? It’s one of the original anti-cheat solutions, from way back in 2000. The now-classic Return to Castle Wolfenstein was the first game to support PunkBuster to prevent cheating. It’s not the latest or greatest, but PunkBuster is still running on a bunch of game servers even today. [Daniel Prizmant] and [Mauricio Sandt] decided to do a deep dive project on PunkBuster, and happened to find an arbitrary file-write vulnerability, that could easily compromise a PB enabled server.

One of the functions of PunkBuster is a remote screenshot capture. If a server admin thinks a player is behaving strangely, a screenshot request is sent. I assume this targets so-called wallhack cheats — making textures transparent, so the player can see through walls. The problem is that the server logic that handles the incoming image has a loophole. If the filename ends in .png as expected, some traversal attack checks are done, and the png file is saved to the server. However, if the incoming file isn’t a png, no transversal detection is done, and the file is naively written to disk. This weakness, combined with the stateless nature of screenshot requests, means that any connected client can write any file to any location on the server at any time. To their credit, even Balance, the creators of PunkBuster, quickly acknowledged the issue, and have released an update to fix it.

Continue reading “This Week In Security: PunkBuster, NAT, NAS And MP3s”

Bullet Time On A Budget With The Raspberry Pi

October 2, 2020 by 24 Comments

Bullet time became the hottest new cinema effect after it burst on the scene in The Matrix (1999). Back then, the cutting edge special effects required serious hardware and serious processing power to do the job. These days, of course, things have moved along somewhat. [Eric Paré] is no stranger to a high-end setup, but wanted to see what could be done at the lower end of the market. (Video, embedded below.)

Rather then relying on a bank of expensive DSLRs, [Eric] decided to try building a bullet-time camera rig out of 15 Raspberry Pis, and the standard Raspberry Pi Camera. Whereas just one camera in one of his professional setups may cost well over $1000, this entire rig was likely built for less than that in its entirety.

Initial results were jerky and unappealing, but [Eric] persevered. One of the biggest problems was inaccuracy in the camera assemblies, as they were stuck on with thermal paste. With some custom mods and tweaks, [Eric] was eventually able to get things to a passable state. It also has the benefit, compared to a DSLR rig, that the cameras can be mounted much more closely together due to their small size.

Work is already underway to upgrade the rig to the new Raspberry Pi HQ Camera, which we’ve discussed before.

Continue reading “Bullet Time On A Budget With The Raspberry Pi”

Advanced Model Rocket Flight Computer Reaching For The Stars

October 2, 2020 by 16 Comments

When you’re building and launching a variety of advanced model rockets like [Joe Barnard], you don’t want to spend time building (and debugging) specialized flight computers for every rocket configuration. This challenge has led him to create AVA (All Vehicle Avionics), an impressive model rocket flight computer that he intends to use on all his future rockets.

All of [Joe]’s rockets feature active stabilization and guidance, and comprehensive telemetry using a variety of sensors. On the board there are three separate microcontrollers connected over I2C or SPI, each with its own micro USB port. The two smaller microcontrollers are both ATSAMD21s, also used on the Arduino Zero. The first is used for GPS and inertial navigation, and uses data from onboard and external sensors like the two IMUs (one is a backup), GPS and barometer to estimate the rocket’s position, velocity and attitude, The second is for telemetry, and it handles all external communications via a Bluetooth modem or long range 900 Mhz radio. The main processor (MPU) is a NXP MK20DX256 (also used on the Teensy 3.2), which receives data from the other microcontrollers and handles all the real-time operations and control outputs.

AVA’s predecessors

[Joe] gives a very detailed overview on the board, it’s capabilities, and the reasoning behind some of his design choices in the video after the break. Most of the sensors and microcontrollers were selected partly because of his experience with them. All three microcontrollers have Arduino bootloaders, also due to familiarity with the framework. AVA is the 12th in the line of flight computers [Joe] has built, and it is clear that a lot of work and hard-earned experience went into the design. Continue reading “Advanced Model Rocket Flight Computer Reaching For The Stars”

Cube64 Puts The Good Controllers On The GoldenEye Console

October 1, 2020 by 7 Comments

The Nintendo 64 was lauded for bringing quality 3D graphics and analog stick controls to the console realm, way back in 1996. Unfortunately, those analog sticks were never very good; if you’ve ever played four player Mario Kart 64, you know how it feels to be stuck with that controller. For a superior experience, consider building an adapter and upgrading to the GameCube controller instead.

Cube64 is a project that allows GameCube controllers to work with the original Nintendo 64 hardware. Using a PIC18F14K22 in its DIY version, or a PIC18F24Q10 in the SMD version, it’s the product of much work by [scanlime] and [darthcloud] to reverse engineer the N64 and GC controller protocols. The GameCube’s many buttons and sticks allow for easy mapping to the N64’s original button layout, and the hardware provides plenty of calibration options and maps to get things working exactly the way you like for the game you’re playing.

Given that original N64 controllers are getting hard to come by, a GameCube upgrade is a great way to go. They’ll likely be in production for years yet, thanks to the commercial influence of Super Smash Bros. Of course, the two consoles have been fine friends for years, as evidenced by this mashup console we featured back in the distant, peaceful past of 2013.

Should You Build For Windows, Mac, IOS, Android, Or Linux? Yes!

October 1, 2020 by 36 Comments

The holy grail of computer languages is to write code once and have it deploy effortlessly everywhere. Java likes to take credit for the idea, but UCSD P-Code was way before that and you could argue that mainframes had I/O abstraction like Fortran unit numbers even earlier. More modern efforts include Qt, GTK, and other things. Naturally, all of these fall short in some way. Now Google enters the fray with Flutter.

Flutter isn’t new, but in the past, it only handled Android and iOS. Now it can target desktop platforms and can even produce JavaScript. We haven’t played with the system enough to say how successful it is, but you can try it in your browser if you want some first-hand experience.

Continue reading “Should You Build For Windows, Mac, IOS, Android, Or Linux? Yes!”

Reel In The Years With A Cassette Player Synth

October 1, 2020 by 9 Comments

Variable-speed playback cassette players were already the cool kids on the block. How else are you going to have any fun with magnetic tape without ripping out the tape head and running it manually over those silky brown strips? Sure, you can change the playback speed on most players as long as you can get to the trim pot. But true variable-speed players make better synths, because it’s so much easier to change the speed. You can make music from anything you can record on tape, including monotony.

[schollz] made a tape synth with not much more than a variable-speed playback cassette player, an Arduino, a DAC, and a couple of wires to hook it all up. Here’s how it works: [schollz] records a long, single note on a tape, then uses that recording to play different notes by altering the playback speed with voltages from a MIDI synth.

To go from synth to synth, [schollz] stood up a server that translates MIDI voltages to serial and sends them to the Arduino. Then the DAC converts them to analog signals for the tape player. All the code is available on the project site, and [schollz] will even show you where to add Vin and and a line in to the tape player. Check out the demo after the break.

There’s more than one way to hack a cassette player. You can also force them to play full-motion, color video.

Continue reading “Reel In The Years With A Cassette Player Synth”

Teaching A Pocket Logic Analyzer (Many) New Tricks

October 1, 2020 by 8 Comments

A few years ago, low-cost pocket digital oscilloscopes aimed at the hacker and maker crowd started hitting the market and gained quite a following. While few would consider them to be a replacement for a proper bench scope, they’re cheap and convenient enough that it’s hard to complain. Manufacturers are apparently looking to expand on the concept, as we’re now seeing similarly priced and sized logic analyzers pop up from the usual sources.

[Gabriel Valky] got his hands on a sub-$100 USD model known as the LA104, and decided that the stock software didn’t quite deliver. So he started a project to create a new open source firmware for the affordable gadget that greatly expands its core functionalities. The code has even been ported to a few of those digital oscilloscopes, as it turns out (perhaps unsurprisingly) that they aren’t too far removed internally.

Controlling addressable LEDs with the LA104.

In the video after the break, [Gabriel] shows off some impressive radio tricks by adding a small CC1101 transceiver to the mix. This allows his modified LA104 to scan for and decode popular RF protocols in the 300 – 900 MHz range. His software even allows for the received packets to be modified and re-transmitted, which he demonstrates by pushing a fake temperature signal into a wireless weather station.

But that’s just the beginning. A perusal of the GitHub page for his replacement firmware shows just how many features have already been packed into this project. For example it can be used to control WS2812 LED strips, generate arbitrary PWM signals, log data from temperature sensors, interface with MIDI devices, and scan for I2C devices. Many of these functions can be controlled on the computer by utilizing a modern browser and WebUSB.

The replacement firmware that [Gabriel] has come up with for the LA104 is really an incredible accomplishment, and elevates an already intriguing piece of kit. Being able to pack all of these functions into something small and cheap enough you can toss into a bag is a very compelling prospect for hackers on the go.

Continue reading “Teaching A Pocket Logic Analyzer (Many) New Tricks”