A Real All-In-One Printer Should Have A Computer In It, Too

August 16, 2019 by 14 Comments

With printers generally being cheaper to replace than re-ink, there are plenty of cast-offs around to play with. They’re a great source for parts, but they’re also tempting targets for repurposing for entirely new uses. Sure, you could make a printer into a planter, but slightly more useful is this computer built into a printer that still prints.

This build is [Mason Stooksbury]’s earlier and admittedly useless laptop-in-a-printer build, which we covered a few months back. It’s easy to see where he got his inspiration, since the donor printer’s flip-up lid is a natural for mounting a display, and the capacious, glass-topped scanner bed made a great place to show off the hybrid machine’s guts. But having a printer that doesn’t print didn’t sit well with [Mason], so Comprinter II was born. This one follows the same basic approach, with a Toshiba Netbook stuffed into an H-P ENVY all-in-one. The laptop’s screen was liberated and installed in the printer’s lid, the motherboard went into the scanner bay along with a fair number of LEDs. This killed the scanner but left the printer operational, after relocating a power brick that was causing a paper jam error.

[Mason]’s Comprinter II might not be the next must-have item, but it certainly outranks the original Comprinter on the utility spectrum. Uselessness has a charm of its own, though; from a 3D-printed rotary dial number pad to a useless book scanner, keep the pointless projects coming, please.

Cramming Dual SIMs & A Micro SD Card Into Your Phone

August 16, 2019 by 22 Comments

There are plenty of dual SIM phones on the market these days, but most of them are a hamstrung by packaging issues. Despite their dual SIM capability, this usually comes at the expense of the microSD card slot. Of course, hackers don’t accept such nonsense, and [Tweepy] went about crafting a solution. Sadly the make and model of phone aren’t clear.

It’s a simple case of very carefully shaving both the microSD card and the nano-SIM down until both can fit in the card tray. The SIM is slimmed down with the application of a heat gun helping to remove its plastic backing, saving precious fractions of a millimeter. The SD card is then filed down to make just enough space for the SIM to fit in underneath. Thanks to the springiness of the contacts in the phone, it’s just barely possible to squeeze both in, along with some Kapton tape to hold everything in place.

Your mileage may vary, depending on the construction of your SD card. Overall though, it’s a tidy hack that should prove useful to anyone with a dual SIM phone and limited storage. We saw a similar hack a few years ago, too.

[Thanks to Timothy for the tip!]

You Need A Cyberdeck, This Board Will Help

August 16, 2019 by 8 Comments

In 1984, William Gibson’s novel Neuromancer helped kick off the cyberpunk genre that many hackers have been delighting in ever since. Years before Tim Berners-Lee created the World Wide Web, Gibson was imagining worldwide computer networks and omnipresent artificial intelligence. One of his most famous fictional creations is the cyberdeck, a powerful mobile computer that allowed its users to navigate the global net; though today we might just call them smartphones.

While we might have the functional equivalent in our pockets, hackers like [Tillo] have been working on building cyberdecks that look a bit more in line with what fans of Neuromancer imagined the hardware would be like. His project is hardly the first, but what’s particularly notable here is that he’s trying to make it easier for others to follow in his footsteps.

There’s a trend to base DIY cyberdecks on 1980s vintage computer hardware, with the logic being that it would be closer to what Gibson had in mind at the time. Equally important, the brutalist angular designs of some of those early computers not only look a lot cooler than anything we’ve got today, but offer cavernous internal volume ripe for a modern hardware transfusion. Often powered by the Raspberry Pi, featuring a relatively small LCD, and packed full of rechargeable batteries, these cyberdecks make mobile what was once anchored to a desk and television.

[Tillo] based his cyberdeck on what’s left of a Commodore C64c, reusing the original keyboard for that vintage feel. That meant he needed to adapt the keyboard to something the Raspberry Pi could understand, for which some commercially available options existed already. But why not take the idea farther for those looking to create their own C64c cyberdecks?

He’s currently working on a new PCB specifically designed for retrofitting one of these classic machines with a Raspberry Pi. The board includes niceties like a USB hub, and should fill out some of those gaping holes left in the case once you remove the original electronics. [Tillo] has already sent the first version of his open source board out for fabrication, so hopefully we’ll get an update soon.

In the meantime, you might want to check out some of the other fantastic cyberdeck builds we’ve covered over the last couple of years.

The HackadayPrize2019 is Sponsored by:

Hands-On: Queercon 16 Hardware Badge Shows Off Custom Membrane Keyboard

August 16, 2019 by 11 Comments

Year over year, the Queercon badge is consistently impressive. I think what’s most impressive about these badges is that they seemingly throw out all design ideas from the previous year and start anew, yet manage to discover a unique and addictive aesthetic every single time.

This year, there are two hardware badges produced by the team composed of Evan Mackay, George Louthan, Tara Scape, and Subterfuge. The one shown here is nicknamed the “Q” badge for its resemblance to the letter. Both get you into the conference, both are electronically interactive, but this one is like a control panel for an alternate reality game (ARG) that encourages interactivity and meaningful conversations. The other badge is the “C” badge. It’s more passive, yet acts as a key in the ARG — you cannot progress by interacting with only one type of badge, you must work with people sporting both badge types so that Queercon attendees who didn’t purchase the Q badge still get in on the fun.

The most striking feature on this badge is a custom membrane keyboard tailored to playing the interactive game across all badges at the conference. But I find that the eInk screen, RJ12 jack for connectivity, and the LED and bezel arrangements all came together for a perfect balance of function and art. Join me after the break for a closer look at what makes this hardware so special.

Continue reading “Hands-On: Queercon 16 Hardware Badge Shows Off Custom Membrane Keyboard”

Hackaday Podcast 031: Holonomic Drives, Badges Of DEF CON, We Don’t Do On-Chip Debugging, And Small Run Manufacturing Snafus

August 16, 2019 by 2 Comments

Mike Szczys and Kerry Scharfglass recorded this week’s podcast live from DEF CON. Among the many topics of discussion, we explore some of the more interesting ways to move a robot. From BB-8 to Holonomic Drives, Kerry’s hoping to have a proof of concept in time for Supercon. Are you using On-Chip Debugging with your projects? Neither are we, but maybe we should. The same goes for dynamic memory allocation; but when you have overpowered micros such as the chip on the Teensy 4.0, why do you need to? We close this week’s show with a few interviews with badge makers who rolled out a few hundred of their design and encountered manufacturing problems along the way. It wouldn’t be engineering without problems to solve.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 031: Holonomic Drives, Badges Of DEF CON, We Don’t Do On-Chip Debugging, And Small Run Manufacturing Snafus”

Broken HP-48 Calculator Reborn As Bluetooth Keyboard

August 16, 2019 by 8 Comments

Considering their hardware specification, graphing calculators surely feel like an anachronism in 2019. There are plenty of apps and other software available for that nowadays, and despite all preaching by our teachers, we actually do carry calculators with us every day. On the other hand, never underestimate the power of muscle memory when using physical knobs and buttons instead of touch screen or mouse input. [epostkastl] combined the best of both worlds and turned his broken HP-48 into a Bluetooth LE keyboard to get the real feel with its emulated counterpart.

Initially implemented as USB device, [epostkastl] opted for a wireless version this time, and connected an nRF52 based Adafruit Feather board to the HP-48’s conveniently exposed button matrix pins. For the software emulation side, he uses the Emu48, an open source HP calculator emulator for Windows and Android. The great thing about Emu84 is that it supports fully customizable mappings of regular keyboard events to the emulated buttons, so you can easily map, say, the cosine button to the [C] key. The rest is straight forward: scanning the button matrix detects button presses, maps them to a key event, and sends it as a BLE HID event to the receiving side running Emu84.

As this turns [epostkastl]’s HP-48 essentially into a regular wireless keyboard in a compact package — albeit with a layout that outshines every QWERTY vs Dvorak debate. It can of course also find alternative use cases, for examples as media center remote control, or a shortcut keyboard. After all, we’ve seen the latter one built as stomp boxes and from finger training devices before, so why not a calculator?

Continue reading “Broken HP-48 Calculator Reborn As Bluetooth Keyboard”

This Week In Security: Black Hat, DEF CON, And Patch Tuesday

August 16, 2019 by 11 Comments

Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.

First some light-hearted shenanigans. Obviously inspired by Little Bobby Tables, Droogie applied for the vanity plate “NULL”. A year went by without any problems, but soon enough it was time to renew his registration. The online registration form refused to acknowledge “NULL” as a valid license plate. The hilarity didn’t really start until he got a parking ticket, and received a bill for $12,000. It seems that the California parking ticket collection system can’t properly differentiate between “NULL” and a null value, and so every ticket without a license plate is now unintentionally linked to his plate.

In the comments on the Ars Technica article, it was suggested that “NULL” simply be added to the list of disallowed vanity plates. A savvy reader pointed out that the system that tracks disallowed plates would probably similarly choke on a “NULL” value.

Hacking an F-15

In a surprising move, Air Force officials brought samples of the Trusted Aircraft Information Download Station (TADS) from an F-15 to DEF CON. Researchers were apparently able to compromise those devices in a myriad of ways. This is a radical departure from the security-through-obscurity approach that has characterized the U.S. military for years.

Next year’s DEF CON involvement promises to be even better as the Air Force plans to bring researchers out to an actual aircraft, inviting them to compromise it in every way imaginable.

Patch Tuesday

Microsoft’s monthly dump of Windows security fixes landed this week, and it was a doozy. First up are a pair of remotely exploitable Remote Desktop vulnerabilities, CVE-2019-1222 and CVE-2019-1226. It’s been theorized that these bugs were found as part of an RDP code review launched in response to the BlueKeep vulnerability from earlier this year. The important difference here is that these bugs affect multiple versions of Windows, up to and including Windows 10.

What the CTF

Remember Tavis Ormandy and his Notepad attack? We finally have the rest of the story! Go read the whole thing, it’s a great tale of finding something strange, and then pulling it apart looking for vulnerabilities.

Microsoft Windows has a module, MSCTF, that is part of the Text Services Framework. What does the CTF acronym even stand for? That’s not clear. It seems that CTF is responsible for handling keyboard layouts, and translating keystrokes based on what keyboard type is selected. What is also clear is that every time an application builds a window, that application also connects to a CTF process. CTF has been a part of Microsoft’s code base since at least 2001, with relatively few code changes since then.

CTF doesn’t do any validation, so an attacker can connect to the CTF service and claim to be any process. Tavis discovered he could effectively attempt to call arbitrary function pointers of any program talking to the same CTF service. Due to some additional security measures built into modern Windows, the path to an actual compromise is rather convoluted, but by the end of the day, any CFT client can be compromised, including notepad.

The most interesting CFT client Tavis found was the login screen. The exploit he demos as part of the write-up is to lock the computer, and then compromise the login in order to spawn a process with system privileges.

The presence of this unknown service running on every Windows machine is just another reminder that operating systems should be open source.

Biostar 2

Biostar 2 is a centralized biometric access control system in use by thousands of organizations and many countries around the globe. A pair of Israeli security researchers discovered that the central database that controls the entire system was unencrypted and unsecured. 23 Gigabytes of security data was available, including over a million fingerprints. This data was stored in the clear, rather than properly hashed, so passwords and fingerprints were directly leaked as a result. This data seems to have been made available through an Elasticsearch instance that was directly exposed to the internet, and was found through port scanning.

If you have any exposure to Biostar 2 systems, you need to assume your data has been compromised. While passwords can be changed, fingerprints are forever. As biometric authentication becomes more widespread, this is an unexplored side effect.