GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

April 24, 2020 by 31 Comments

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers using software-defined radio (SDR) dongles. Most readers can safely skip ahead a bit to section 9, which gets into the process they used to sniff for potentially compromising RF leaks from an air-gapped test computer. After finding a few weak signals in the gigahertz range and dismissing them as attack vectors due to their limited penetration potential, they settled in on the GPU card, a Radeon Pro WX3100, and specifically on the power management features of its ATI chipset.

With a GPU benchmarking program running, they switched the graphics card shader clock between its two lowest power settings, which produced a strong signal on the SDR waterfall at 428 MHz. They were able to receive this signal up to 50 feet (15 meters) away, perhaps to the annoyance of nearby hams as this is plunk in the middle of the 70-cm band. This is theoretically enough to exfiltrate data, but at a painfully low bitrate. So they improved the exploit by forcing the CPU driver to vary the shader clock frequency in one megahertz steps, allowing them to implement higher throughput encoding schemes. You can hear the change in signal caused by different graphics being displayed in the video below; one doesn’t need much imagination to see how malware could leverage this to exfiltrate pretty much anything on the computer.

It’s a fascinating hack, and hats off to [Davidov] and [Oldenburg] for revealing this weakness. We’ll have to throw this on the pile with all the other side-channel attacks [Samy Kamkar] covered in his 2019 Supercon talk.

Continue reading “GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC”

A CR2032 Battery Eliminator

April 24, 2020 by 26 Comments

Back when batteries were expensive and low-capacity, it was common to buy a “battery eliminator” that could substitute for common battery configurations. [David Watts] must remember those, because he decided to make an eliminator for all the CR2032 battery-driven gear he has. He got some brass blanks about the size of the battery, and you can see the results on the video below.

His first attempt seemed to work fairly well, a sandwich of two brass disks, each with a Velcro spacer and wires soldered on to connect to a power supply. The fake battery looks as though it might be a little thick, but it did work once the battery holder was persuaded to accept it.

Continue reading “A CR2032 Battery Eliminator”

Queue Up Your Tracks With A Well Placed Hexagon

April 24, 2020 by 11 Comments

Besides a few stalwart holdouts, most of us have have switched over listening to music in digital form, often via an online stream. As long as no data caps stand in your way, it’s a quick and easy way to listen to your favorite artists or discover new ones. But there’s something visceral about act of loading a piece of physical media into a player that can’t be replicated by just clicking or tapping on a screen.

Which is why [InfiniteVideo] put together this RFID playlist launcher peripheral. There’s an important distinction to be made here, as this device isn’t actually playing or even storing audio. A nearby Raspberry running Volumio handles the actual playback. This device is just an RFID reader with some clever tokens that the listener can use to select their favorite artists and albums with physical tokens. It’s certainly not a new concept, but we think the nuances of this particular build warrant a closer look.

The “player” consists of a ESP8266 with a MFRC522 RFID reader wired directly to the GPIO pins. The pair are housed in a rather large 3D printed enclosure, which at first might seem a bit excessive. But it turns out that [InfiniteVideo] is actually trying to replicate a crowd sourced project called Qleek which is based around a similarly chunky reader.

Likewise, the hexagon tiles are also lifted from the Qleek concept. But rather than being made out of wood as in the original, [InfiniteVideo] is printing those as well. Halfway during the process, the print is paused and an RFID sticker is placed in the middle of the hexagon. Once resumed, the RFID tag becomes permanently embedded in the tile with no visible seams to reveal how the trick was pulled off. With the addition of a suitable label, each printed hexagon gets associated with the desired album or artist in software.

This project is notable for its convenience and visual flair, but using RFID tags for media identification can also be a practical choice. It can be used as an assistive technology, or as a way for young children to easily interact with devices.

Core Devs Say A Fond But Firm Farewell To Python 2

April 24, 2020 by 34 Comments

Saying that it was finally time for the community to bid a “fond but firm farewell to Python 2”, core developer Benjamin Peterson marked the release of Python 2.7.18 on April 20th; officially ending support for the 2.x branch of the popular programming language. It was hardly a snap decision. Python 3.0 was released all the way back in December 2008, and it was never a secret that the newer branch was not only incompatible with the earlier version, but that it would eventually superseded it to become the standard.

But migrating the incredible amount of Python code in the wild over to the latest and greatest was easier said than done. Millions upon millions of lines of code used in everything from Linux distributions to virtually every major web service needed to be reviewed and migrated over to Python 3. In many cases the changes were relatively minor, but when code is being used in mission critical applications, even the smallest of changes are often avoided unless it’s absolutely necessary. The voluntary migration took far longer than expected, and the end-of-life (EOL) for Python 2 was pushed back by years to accommodate developers who hadn’t made the necessary changes yet.

Given the somewhat fluid nature of the Python 2 EOL date, it seems fitting that this last final release would come several months after the “official” January 2020 deadline. The intention was for it to coincide with PyCon 2020, but just like so many of the events planned for the first half of the year, the in-person conference had to be canceled in favor of a virtual one due to the COVID-19 epidemic. That might have stymied the celebration somewhat, but the release of Python 2.7.18 will still be looked on as a special moment for everyone involved.

Continue reading “Core Devs Say A Fond But Firm Farewell To Python 2”

Hackaday Podcast 064: The COBOL Cabal, The Demoscene Bytes, And The BTLE Cure

April 24, 2020 by 4 Comments

Hackaday editors Elliot Williams and Mike Szczys pan for gold in a week packed with technological treasure. The big news is Apple/Google are working on contact tracing using BTLE. From adoption, to privacy, to efficacy, there’s a lot to unpack here and many of the details have yet to take shape. Of course the episode also overflows with great hacks like broken-inductor bike chain sensors, parabolic basketball backboards, bizarre hose clamp tools, iron-on eTextile trials, and hot AM radio towers. We finish up discussing the greatest typing device that wasn’t, and the coming and going of the COBOL crisis.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 064: The COBOL Cabal, The Demoscene Bytes, And The BTLE Cure”

Build The Baddest Keypad On The Block With LEGO

April 24, 2020 by 1 Comment

Like so many of us, [EducatedAce] has been quelling the quarantine blues by resurrecting old projects and finding new challenges to fill the days. He’s just finished building this blocky macro keypad to hold a bunch of shortcuts for Photoshop, thus continuing and compounding the creative spree.

[EducatedAce] already had everything on hand except the Arduino Micro. Instead of standard key switches, this macro block uses 16 of the loudest, crunchiest tactile buttons out there — those big ones with the yellow stems that sound like small staplers.

And don’t worry — no LEGO or LEGO accessories were harmed in the making of this macro pad — the base plate and switch plate are 3D printed. [EducatedAce] has the STL files posted along with great build instructions if you want to wire one up for yourself.

This is a great project because it’s sturdy, it gets the job done without a lot of expense, and still looks like something you’d want on your desk. [EducatedAce] plans to rebuild it with uniformly colored bricks, but we think it looks great as-is, especially with those vented 1×2 pieces. If it were ours, we might use a different color for each row or column to help keep the shortcuts straight.

What? You’ve never printed your own interlocking building blocks before? Well, don’t limit yourself to 1:1 scale, otherwise the minifigs have won. Build a go-kart big enough for humans!

This Week In Security: Nintendo Accounts, Pernicious Android Malware, And An IOS 0-day

April 24, 2020 by 8 Comments

A rash of Nintendo account compromises has made the news over the last week. Nintendo’s official response was that they were investigating, and recommended everyone enabled two factor authentication on their accounts.

[Dan Goodin] over at Ars Technica has a canny guess: The compromised accounts were each linked to an old Nintendo Network ID (NNID). This is essentially a legacy Nintendo account — one made in the Wii U and 3DS era. Since they’re linked, access via the NNID exposes the entire account. Resetting the primary account password doesn’t change the NNID credentials, but turning on two factor authentication does seem to close the loophole. There hasn’t yet been official confirmation that NNIDs are responsible, but it seems to fit the situation. It’s an interesting problem, where a legacy account can lead to further compromise.

Just Can’t Lose You: xHelper

xHelper, an Android malware, just won’t say goodbye. xHelper looks like a cleaner application, but once installed it begins rather stubbornly installing itself via the Triada trojan. The process begins with rooting the phone, and then remounting /system as writable. Binaries are installed and startup scripts are tampered with, and then the mount command itself is compromised, preventing a user from following the same steps to remove the malware. Additionally, if the device has previously been rooted, the superuser binary is removed. This combination of techniques means that the infection will survive a factory reset. The only way to remove xHelper is to flash a clean Android image, fully wiping /system in the process. Continue reading “This Week In Security: Nintendo Accounts, Pernicious Android Malware, And An IOS 0-day”