This Week In Security: Huawei Gets The Banhammer, Lastpass, And Old Code Breaking

December 2, 2022 by 37 Comments

While many of us were enjoying some time off for Thanksgiving, the US government took drastic action against Huawei and four other Chinese companies. The hardest hit are Huawei and ZTE, as the ban prevents any new products from being approved for the US market. The other three companies are Dahua and Hikvision, which make video surveillance equipment, and Hytera, which makes radio systems. FCC Commissioner Brendan Carr noted the seriousness of the decision.

[As] a result of our order, no new Huawei or ZTE equipment can be approved. And no new Dahua, Hikvision, or Hytera gear can be approved unless they assure the FCC that their gear won’t be used for public safety, security of government facilities, & other national security purposes.

There is even the potential that previously approved equipment could have its authorization pulled. The raw FCC documents are available, if you really wish to wade through them. What’s notable is that two diametrically opposed US administrations have both pushed for this ban. It would surely be interesting to get a look at the classified reports detailing what was actually found. Maybe in another decade or two, we can make a Freedom of Information Act request and finally get the full story.

Continue reading “This Week In Security: Huawei Gets The Banhammer, Lastpass, And Old Code Breaking”

side by side, showing hardware experiments with capacitor gating through FETs, an initial revision of the modchip board with some fixes, and a newer, final, clean revision.

A Modchip To Root Starlink User Terminals Through Voltage Glitching

November 28, 2022 by 36 Comments

A modchip is a small PCB that mounts directly on a larger board, tapping into points on that board to make it do something it wasn’t meant to do. We’ve typically seen modchips used with gaming consoles of yore, bypassing DRM protections in a way that a software hacks couldn’t quite do. As software complexity and therefore attack surface increased on newer consoles, software hacks have taken the stage. However, on more integrated pieces of hardware, we’ll still want to return to the old methods – and that’s what this modchip-based hack of a Starlink terminal brings us.

[Lennert Wouters]’ team has been poking and prodding at the Starlink User Terminal, trying to get root access, and needed to bypass the ARM Trusted Firmware boot-time integrity checks. The terminal’s PCB is satellite-dish-sized, so things like laser fault injection are hard to set up – hence, they went the voltage injection route. Much poking and prodding later, they developed a way to reliably glitch the CPU into verifying a faulty firmware, and got to a root shell – the journey described in a BlackHat talk embedded below. Continue reading “A Modchip To Root Starlink User Terminals Through Voltage Glitching”

Amateur Rocketry Hack Chat

November 28, 2022 by 12 Comments

Join us on Wednesday, November 30 at noon Pacific for the Amateur Rocketry Hack Chat with Kip Daugirdas!

This might be going out on a limb, but it seems like most of us probably fooled around with model rockets when we were younger. Those fantastic Estes kits were great fun to put together, and launching them was always a big neighborhood event, and one of the few that could make even the coolest of the cool kids pay attention to the nerds, if only for a little while. Launch day had it all — a slight element of danger, the rotten egg stink of spent propellant, a rocket gently floating back to Earth from a dizzying height of 100 meters, and the inevitable tree-climbing party to retrieve a lost rocket.

join-hack-chatBut while model rocketry is fun, it doesn’t scale up very well. If you want to reach the edge of space, you’re going to need to make the leap across the border to amateur rocketry. That’s where the big kids play, with real engineering needed to produce and control the forces required to reach altitudes of 100 km or more. Kip Daugirdas has made that leap, building rockets capable of almost getting to the Kármán line. It’s not easy — there was plenty of design work, static engine testing, and loads of test flights leading up to it, and surely more to come. Kip will stop by the Hack Chat to help us understand what’s needed to press the edge of space, and hopefully share his plans for going all the way.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, November 30 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

A 12" LCD screen sits between speakers (on lower half of bezel) and joycon controllers are attached on the upper half of the bezel.

Portable Monitor Extension For Nintendo Switch

November 16, 2022 by 7 Comments

Handheld consoles are always a tradeoff between portability and screen real estate. [Pavlo Khmel] felt that the Nintendo Switch erred too much on the side of portability, and built an extension to embiggen his Switch. (YouTube)

[Khmel] repurposed a Dell XPS 12 LCD panel for the heart of this hack and attached it to an LCD controller board to serve as an external monitor for the Switch. A 3D printed enclosure envelops the screen and also contains a battery, speakers, and a dock for the console. Along the top edges, metal rails let you slide in the official Joy-Cons or any number of third party controllers, even those that require a power connection from the Switch.

Since the Switch sees this as being docked, it allows the console to run faster and at higher resolution than if it were in handheld mode. The extension lasts about 5 hours on battery power, and the Switch inside will still be fully charged if you don’t mind being constrained to its small screen while you charge it’s bigger-screened exoskeleton.

Need more portable goodness? Be sure to check out our other handheld and Nintendo Switch hacks.

Continue reading “Portable Monitor Extension For Nintendo Switch”

Roll The Radioactive Dice For Truly Random D&D Play

November 2, 2022 by 22 Comments

When you have a bunch of people gathered around a table for a “Dungeons & Dragons” session, you have to expect that things are not always going to go smoothly. After all, people who willingly create and immerse themselves in an alternate reality where one bad roll of the dice can lead to the virtual death of a character they’ve spent months or years with can be traumatic. And with that trauma comes the search for the guilty — it’s the dice! It’s always the dice!

Eliminating that excuse, or at least making it statistically implausible, is the idea behind this radioactively random dice roller. It comes to us from [Science Shack] and uses radioactive decay to generate truly random numbers, as opposed to the pseudorandom number generators baked into most microcontrollers. The design is based on [AlphaPhoenix]’s muon-powered RNG, but with a significant twist: rather than depending on background radiation, [Science Shack] brought the power of uranium to the party.

They obtained a sample of autunite, a weird-looking phosphate mineral that contains a decent amount of uranium, perfect for stimulating the Geiger counter built into the dice roller. Autunite also has the advantage of looking very cool under UV light, taking on a ghostly “fuel rod glow,” in the [Homer Simpson] sense. The decay-powered RNG at the heart of this build is used to simulate throws of every standard D&D die, from a D4 to a D100. The laser-cut hardboard case holds all the controls and displays, and also has some strategically placed openings to gaze upon its glowing guts.

We really like the design, but we have to quibble with the handling of the uranium ore; true, the specific activity of autunite is probably pretty low, but it seems like at least some gloves would have been in order.

Continue reading “Roll The Radioactive Dice For Truly Random D&D Play”

Cursive Out Loud: Dealing With Dragons

October 28, 2022 by 21 Comments

When we last left this broadening subject of handwriting, cursive, and moveable type, I was threatening to sing the praises of speech-to-text programs. To me, these seem like the summit of getting thoughts committed to what passes for paper these days.

A common thread in humanity’s tapestry is that we all walk around with so much going on in our heads, and no real chance to get it out stream-of-consciousness style without missing a word — until we start talking to each other. I don’t care what your English teacher told you — talking turns to writing quite easily; all it takes is a willingness to follow enough of the rules, and to record it all in a readable fashion.

But, alas! That suggests that linear thinking is not only possible, but that it’s easy and everyone else is already doing it. While that’s (usually) not true, simply thinking out loud can get you pretty far down the road in a lot of mental vehicles. You just have to record it all somehow. And if your end goal is to have the words typed out, why not skip the the voice recorder and go the speech-to-text route?

Continue reading “Cursive Out Loud: Dealing With Dragons”

2022 Supercon: Schedule Released, And [Odd Jayy]

October 26, 2022 by 14 Comments

It’s finally time! We’ve put together the 2022 Supercon Schedule, and you can check out all the talks, workshops, and events in one place – right now.

Badge hacking heating up (photo by @hackerwarehouse)

It all starts off with breakfast on Friday morning to power you up for a full day of badge hacking, workshops, and general mixing and mingling before the Friday night party. Fridays are significantly less formal, but swing by Supplyframe HQ any time to get registered, get your badge, and get a mellow head start on Supercon.

Saturday morning, the talks begin! After a brief introduction and welcome, keynote speaker Joe Grand takes the stage to kick things off. And from then on, it’s two tracks of talks on two stages until your brain explodes. Or at least until the Hackaday Prize Awards ceremony at 7:00 PM, followed by the awards after-party.

Pull yourself out of bed Sunday morning for another full day of stellar talks. And squeeze in some more last minute badge-hacking time somehow, because we close up Sunday evening with the always entertaining badge hacking contest and awards.

Jorvon [Odd Jayy] Moss to Speak

Plus, we’ve got one last bit of great news: Jorvon [Odd Jayy] Moss is giving a talk on his adventures in making companion robots, and his latest forays into adding more intelligence into his animatronic and artistic creations.

So if you haven’t bought your tickets yet, do it. ‘Nuff said. See you at Supercon!

And if you’re not able to make it live, all of the talks on the LACM Stage will be streamed live on our YouTube channel, and you can join in the discussion over at the Hackaday Discord server or on Hackaday.io’s Supercon Chat channel. And all the talks that we can’t stream, we’re recording for later release, so you can always catch up later.