Side-Channel Attack Turns Power Supply Into Speakers

May 11, 2020 by 12 Comments

If you work in a secure facility, the chances are pretty good that any computer there is going to be stripped to the minimum complement of peripherals. After all, the fewer parts that a computer has, the fewer things that can be turned into air-gap breaching transducers, right? So no printers, no cameras, no microphones, and certainly no speakers.

Unfortunately, deleting such peripherals does you little good when [Mordechai Guri] is able to turn a computer power supply into a speaker that can exfiltrate data from air-gapped machines. In an arXiv paper (PDF link), [Guri] describes a side-channel attack of considerable deviousness and some complexity that he calls POWER-SUPPLaY. It’s a two-pronged attack with both a transmitter and receiver exploit needed to pull it off. The transmitter malware, delivered via standard methods, runs on the air-gapped machine, and controls the workload of the CPU. These changes in power usage result in vibrations in the switch-mode power supply common to most PCs, particularly in the transformers and capacitors. The resulting audio frequency signals are picked up by a malware-infected receiver on a smartphone, presumably carried by someone into the vicinity of the air-gapped machine. The data is picked up by the phone’s microphone, buffered, and exfiltrated to the attacker at a later time.

Yes, it’s complicated, requiring two exploits to install all the pieces, but under the right conditions it could be feasible. And who’s to say that the receiver malware couldn’t be replaced with the old potato chip bag exploit? Either way, we’re glad [Mordechai] and his fellow security researchers are out there finding the weak spots and challenging assumptions of what’s safe and what’s vulnerable.

Continue reading “Side-Channel Attack Turns Power Supply Into Speakers”

Open Source Pick And Place Has A $450 BOM Cost

May 11, 2020 by 49 Comments

Give your grizzled and cramped hands a break from stuffing boards with surface mount components. This is the job of pick and place machine, and over the years these tools of the trade for Printed Circuit Board Assembly (PCBA) have gotten closer to reality for the home shop; with some models diving below the $10,000 mark. But if you’re not doing it professionally, those are still unobtanium.

The cost of this one, on the other hand, could be explained away as a project in itself. You’re not buying a $450 shop tool, you’re purchasing materials to chase the fever dream of building an open source pick and place machine. There are two major parts here, an X/Y/Z machine tool that can also rotate the vacuum-based parts picker, and the feeders that reel out components to be placed. All of this is working, but there’s still a long road to travel before it becomes a set and forget machine.

The rubber hits the road in two ways with pick and place machines: the feeders, and the optical placement. The feeders are where [Stephen Hawes] has done a ton of work, all shown in his video series that began back in January. The stackup of PCBs and 3D-prints hangs on the front rail of the gantry assembly, is adjustable for tape widths, and uses an interesting PCB encoder wheel and worm-gear for fine-tuning the feed. [Stephen’s] main controller board, a RAMPS shield for and Arduino Mega that runs a customized version of Marlin, can work with up to 32 of these feeders.

So far it doesn’t look like he’s tackled a vision system, although the Bill of Materials does include  “Downwards Camera”, confirming this is a planned feature. Vision is crucial in commercial offerings, with at least one downward camera for precise board positioning, and often an up-facing camera as well to ensure component position and orientation (if not multiple cameras for each purpose). Without these, the machine would be dead reckoning and that can lead to drift over the size of the board and the duration of the placement run as well as axial misalignment. Adding vision shouldn’t be a ground-up effort though, as [Stephen] chose to use OpenPnP to drive the machine and that project already has vision support. This will be much simpler to add when compared to the complexity of the feeders.

[Stephen] admits that much work still needs to be done and he would love to have help dialing in the performance of the feeder design, and fleshing out features on the road to perfection. Although we suspect that as in the early days of bootstrapping 3D printers, a project like this can never be truly finished. At least it’ll make his next run of LED glowties a lot easier to fabricate.

Continue reading “Open Source Pick And Place Has A $450 BOM Cost”

Teardown: Generation NEX

May 11, 2020 by 13 Comments

Today if you wanted a little gadget to sit on your shelf and let you play classic games from the early console era, you’d likely reach for the Raspberry Pi. With slick emulator front-ends like RetroPie and DIY kits available on Amazon, you don’t even need to be a technical wizard or veteran penguin wrangler to set it up. If you can follow an online tutorial, you can easily cram the last few decades of gaming into a cheap and convenient package.

But things were a bit different back in 2005. There weren’t a lot of options for playing old games on the big screen, and what was out there tended to be less than ideal. You could hack an original Xbox or gut an old laptop to make an emulation box that could comfortably blend in with your DVD player, but that wasn’t exactly in everyone’s wheelhouse. Besides, what if you had the original cartridges and just wanted to play them on a slightly more modern system?

I’m willing to bet whoever wrote this owns a katana.

Enter Messiah, and their Generation NEX console. As you might have gathered from their ever-so-humble name, Messiah claimed their re-imagined version of the Nintendo Entertainment System would “Bring Gaming Back to Life” by playing the original cartridges with enhanced audio and visual clarity. It also featured integrated support for wireless controllers, which at the time was only just becoming the standard on contemporary consoles. According to the manufacturer, the Generation NEX used custom hardware based on the “NES algorithm” that offered nearly 100% game compatibility.

Unfortunately, the system was a complete bomb. Despite Messiah’s claims, the Generation NEX ended up being yet another “NES-on-a-chip” (NOAC) clone, and a pretty poor one at that. Reviewers at the time reported compatibility issues with many popular titles, despite the fact that they were listed as working on Messiah’s website. The touted audio and video improvements were nowhere to be found, and in fact many users claimed the original NES looked and sounded better in side-by-side comparisons.

It didn’t matter how slick the console looked or how convenient the wireless controllers were; if the games themselves didn’t play well, the system was doomed. Predictably the company folded not long after, leaving owners stuck with the over-priced and under-performing consoles. Realistically, most of them ended up in landfills. Today we’ll take a look inside a relatively rare survivor and see just what nostalgic gamers got for their money in 2005.

Continue reading “Teardown: Generation NEX”

New Teensy 4.1 Arrives With 100 Mbps Ethernet, High-Speed USB, 8 MB Flash

May 11, 2020 by 83 Comments

It was only last August that PJRC released Teensy 4.0. At that time, the 4.0 became the fastest microcontroller development board on the planet, a title it still holds as of this writing — or, well, not exactly. Today the Teensy 4.1 has been released, and using the same 600 MHz ARM Cortex M7 under the hood, is now also the fastest microcontroller board. What the 4.1 brings to the table is more peripherals, memory, and GPIOs. While Teensy 4.0 used the same small form factor as the 3.2, Teensy 4.1 uses the larger board size of the 3.5/3.6 to expose the extra goodies.

The now slightly older Teensy 4.0 — released on August 7th of last year — is priced at $19.95, with the new 4.1 version offered at $26.85. It seems that the 4.1 isn’t intended as a replacement for the 4.0, as they serve different segments of the market. If you’re looking for an ultra-fast affordable microcontroller board that lives up to its Teensy name, the 4.0 fits the bill. On the other hand, if you need the additional peripherals broken out and can afford the space of the larger board, the not-as-teensy-sized 4.1 is for you. How big is it? The sample board I measured was 61 x 18 mm (2.4 x 0. 7″), not counting the small protrusion of the micro-usb jack on one end.

Let’s have a look at all the fun stuff PJRC was able to pack into this space. Continue reading “New Teensy 4.1 Arrives With 100 Mbps Ethernet, High-Speed USB, 8 MB Flash”

Pentesting Hack Chat This Wednesday

May 11, 2020 by 3 Comments

Join us on Wednesday, May 13 at noon Pacific for the Pentesting Hack Chat with Eric Escobar!

Ask anyone in this community to name their dream jobs and chances are pretty good that penetration tester will be somewhere on the shortlist. Pentesters are allowed — nay, encouraged — to break into secure systems, to test the limits and find weak points that malicious hackers can use to gain access. The challenge of hacking and the thrill of potentially getting caught combined with no chance of prosecution? And you get paid for it? Sounds good to us!

Professional pentesting is not all cops-and-robbers fun, of course. Pentesters have to stay abreast of the latest vulnerabilities and know what weaknesses are likely to exist at a given facility so they know what to target. There are endless hours of research, often laborious social engineering, and weeks of preparation before actually attempting to penetrate a client site. The attack could be as complex as deploying wireless pentesting assets via FedEx, or as simple as sprinkling thumb drives in the parking lot. But when it comes, a pentest often reveals just how little return companies are getting on their security investment.

As a consultant for a security firm, Eric Escobar gets to challenge companies on a daily basis. He’s also a regular on the con circuit, participating in challenges like Wireless CTF at DEF CON… until he won too many times. Now he helps design and execute the challenges, helping to share his knowledge with other aspiring pentesters. And he’ll stop by the Hack Chat to do the same with us, and tell us all about the business of keeping other businesses in business.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 13 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Pentesting Hack Chat This Wednesday”

A More Open Raspberry Pi Camera Stack With Libcamera

May 11, 2020 by 15 Comments

As open as the Raspberry Pi Foundation has been about their beloved products, they would be the first to admit there’s always more work to be done: Getting a Pi up and running still requires many closed proprietary components. But the foundation works to chip away at it bit by bit, and one of the latest steps is the release of a camera stack built on libcamera.

Most Linux applications interact with the camera via V4L2 or a similar API. These established interfaces were designed back when camera control was limited and consisted of a few simple hardware settings. Today we have far more sophisticated computational techniques for digital photography and video. Algorithms have outgrown dedicated hardware, transforming into software modules that take advantage of CPU and/or GPU processing. In practice, this trend meant bigger and bigger opaque monolithic pieces of proprietary code. Every one a mix of “secret sauce” algorithms commingling with common overhead code wastefully duplicated for each new blob.

We expect camera makers will continue to devise proprietary specialties as they seek a competitive advantage. Fortunately, some of them see benefit in an open-source framework to help break up those monoliths into more manageable pieces, letting them focus on just their own specialized parts. Leveraging something like libcamera for the remainder can reduce their software development workload, leading to faster time to market, lower support cost, and associated benefits to the bottom line that motivates adoption by corporations.

But like every new interface design borne of a grandiose vision, there’s a chicken-and-egg problem. Application developers won’t consume it if there’s no hardware, and hardware manufacturers won’t implement it if no applications use it. For the consumer side, libcamera has modules to interop with V4L2 and other popular interfaces. For the hardware side, it would be useful to have a company with wide reach who believes it is useful to open what they can and isolate the pieces they can’t. This is where the Raspberry Pi foundation found a fit.

The initial release doesn’t support their new High-Quality Camera Module though that is promised soon. In the short term, there is still a lot of work to be done, but we are excited about the long term possibilities. If libcamera can indeed lower the barrier to entry, it would encourage innovation and expanding the set of cameras beyond the officially supported list. We certainly have no shortage of offbeat camera sensor ideas around here, from a 1-kilopixel camera sensor to a decapped DRAM chip.

[via Hackster.io]

Making A Gorgeously-Twisty Sculpture, Using Only Flat Pieces

May 11, 2020 by 2 Comments
Closeup of unique pieces that make up the final scuplture.

The sculpture shown here is called Puzzle Cell Complex and was created by [Nervous System] as an art piece intended to be collaboratively constructed by conference attendees. The sculpture consists of sixty-nine unique flat panel pieces, each made from wood, which are then connected together without the need for tools by using plastic rivets. Everything fits into a suitcase and assembly documentation is a single page of simple instructions. The result is the wonderfully-curved gyroid pattern you see here.

The sculpture has numerous layers of design, not the least of which was determining how to make such an organically-curved shape using only flat panels. The five-foot assembled sculpture has a compelling shape, which results from the sixty-nine individual panels and how they fit together. These individual panel shapes have each been designed using a technique called variational surface cutting to minimize distortion, resulting in their meandering, puzzle-piece-like outlines. Each panel also has its own unique pattern of cutouts within itself, which makes the panels lighter and easier to bend without sacrificing strength. The short video embedded below shows the finished sculpture in all its glory.

Continue reading “Making A Gorgeously-Twisty Sculpture, Using Only Flat Pieces”