Screenshot from the presentation, showing the datalogger product image next to the datalogger specs stated. The specs are suspiciously similar to those of a Raspberry Pi 3.

Reclaiming A Pi-Based Solar Datalogger

March 4, 2023 by 7 Comments

There’s quite a few devices on the market that contain a Raspberry Pi as their core, and after becoming a proud owner of a solar roof, [Paolo Bonzini] has found himself with an Entrade ENR-DTLA04DN datalogger which – let’s just say, it had some of the signs, and at FOSDEM 2023, he told us all about it. Installed under the promise of local-only logging, the datalogger gave away its nature with a Raspberry Pi logo-emblazoned power brick, a spec sheet identical to that of a Pi 3, and a MAC address belonging to the Raspberry Pi Foundation. That spec sheet also mentioned a MicroSD card – which eventually died, prompting [Paolo] to take the cover off. He dumped the faulty SD card, then replaced it – and put his own SSH keys on the device while at it.

At this point, Entrade no longer offered devices with local logging, only the option of cloud logging – free, but only for five years, clearly not an option if you like your home cloud-free; the local logging was not flawless either, and thus, the device was worth exploring. A quick peek at the filesystem netted him two large statically-compiled binaries, and strace gave him a way to snoop on RS485 communications between the datalogger and the solar roof-paired inverter. Next, he dug into the binaries, collecting information on how this device did its work. Previously, he found that the device provided an undocumented API over HTTP while connected to his network, and comparing the API’s workings to the data inside the binary netted him some good results – but not enough.

The main binary was identified to be Go code, and [Paolo] shows us a walkthrough on how to reverse-engineer such binaries in radare2, with a small collection of tricks to boot – for instance, grepping the output of strings for GitHub URLs in order to find out the libraries being used. In the end, having reverse-engineered the protocol, he fully rewrote the software, without the annoying bugs of the previous one, and integrated it into his home MQTT network powered by HomeAssistant. As a bonus, he also shows us the datalogger’s main PCB, which turned out to be a peculiar creation – not to spoil the surprise!

We imagine this research isn’t just useful for when you face a similar datalogger’s death, but is also quite handy for those who find themselves at the mercy of the pseudo-free cloud logging plan and would like to opt out. Solar tech seems to be an area where Raspberry Pi boards and proprietary interfaces aren’t uncommon, which is why we see hackers reverse-engineer solar power-related devices – for instance, check out this exploration of a solar inverter’s proprietary protocol to get data out of it, or reverse-engineering an end-of-life decommissioned but perfectly healthy solar inverter’s software to get the service menu password.

Security Vulnerabilities In Modern Cars Somehow Not Surprising

March 2, 2023 by 16 Comments

As the saying goes, there’s no lock that can’t be picked, much like there’s no networked computer that can’t be accessed. It’s usually a continual arms race between attackers and defenders — but for some modern passenger vehicles, which are essentially highly mobile computers now, the defenders seem to be asleep at the wheel. The computing systems that control these cars can be relatively easy to break into thanks to manufacturers’ insistence on using wireless technology to unlock or activate them.

This particular vulnerability involves the use of a piece of software called gattacker which exploits vulnerabilities in Bluetooth Low Energy (BLE), a common protocol not only for IoT devices but also to interface a driver’s smartphone or other wireless key with the vehicle’s security system. By using a man-in-the-middle attack the protocol between the phone and the car can be duplicated and the doors unlocked. Not only that, but this can be done without being physically close to the car as long as a network of some sort is available.

[Kevin2600] successfully performed these attacks on a Tesla Model 3 and a few other vehicles using the seven-year-old gattacker software and methods first discovered by security researcher [Martin Herfurt]. Some other vehicles seem to have patched these vulnerabilities as well, and [Kevin2600] didn’t have universal success with every vehicle, but it does remind us of some other vehicle-based attacks we’ve seen before.

This Camera Produces A Picture, Using The Scene Before It

February 25, 2023 by 23 Comments

It’s the most basic of functions for a camera, that when you point it at a scene, it produces a photograph of what it sees. [Jasper van Loenen] has created a camera that does just that, but not perhaps in the way we might expect. Instead of committing pixels to memory it takes a picture, uses AI to generate a text description of what is in the picture, and then uses another AI to generate an image from that picture. It’s a curiously beautiful artwork as well as an ultimate expression of the current obsession with the technology, and we rather like it.

The camera itself is a black box with a simple twin-lens reflex viewfinder. Inside is a Raspberry Pi that takes the photo and sends it through the various AI services, and a Fuji Instax Mini printer. Of particular interest is the connection to the printer which we think may be of interest to quite a few others, he’s reverse engineered the Bluetooth protocols it uses and created Python code allowing easy printing. The images it produces are like so many such AI-generated pieces of content, pretty to look at but otherworldly, and weird parallels of the scenes they represent.

It’s inevitable that consumer cameras will before long offer AI augmentation features for less-competent photographers, meanwhile we’re pleased to see Jasper getting there first.

Supercon 2022: Tap Your Rich Uncle To Fund Your Amateur Radio Dreams

February 23, 2023 by 11 Comments

Imagine you had a rich uncle who wanted to fund some of your projects. Like, seriously rich — thanks to shrewd investments, he’s sitting on a pile of cash and is now legally obligated to give away $5,000,000 a year to deserving recipients. That would be pretty cool indeed, but like anything else, if it sounds too good to be true, it probably is, right?

Well, maybe not. It turns out that we in the amateur radio community — and even amateur radio adjacent fields — have a rich uncle named Amateur Radio Digital Communications (ARDC), a foundation with a large endowment and a broad mission to “support amateur radio, funds scholarships and worthy educational programs, and financially support technically innovative amateur radio and digital communications projects.” As the foundation’s Outreach Manager John Hayes (K7EV) explained at Supercon 2022, ARDC is a California-based 501(c)3 non-profit organization that has been in the business of giving away money to worthy projects in the amateur radio space since 2021.

Continue reading “Supercon 2022: Tap Your Rich Uncle To Fund Your Amateur Radio Dreams”

Reverse Engineering The Apple Lightning Connector

February 22, 2023 by 7 Comments

A frequent contributor to the hacker community, [stacksmashing] has prepared an excellent instructional video on reverse engineering Apple’s Lighting connector proprietary protocol. The video begins by showing how to gain physical access to the signals and hooking them up to a logic analyzer. He then notes that the handshaking uses only a single signal and proposes that Apple isn’t going to re-invent the wheel (perhaps a risky assumption). Using a ChatGPT search, obligatory these days, we learn that Dallas Semiconductor / Microchip 1-wire is probably the protocol employed.

Which embedded single-wire busses exist that encode bits with different lengths of low and high signals?

At the basic level, 1-wire and protocols like Texas Instruments SDQ operate in a similar manner. It turns out that [stacksmashing] already wrote a SDQ analyzer module for the Saleae logic analyzer. Aided by this tool, he digs deeper and learns more about the kinds of messages and their contents. For example, upon being plugged in, the host system queries the accessory’s serial number, manufacturer, model number, and product description. Finally, he introduces the CRC reverse engineering tool reveng to determine which CRC polynomial and algorithm the protocol uses to frame each packet.

Even if you have no interest in Lightning cables, this video is a great tutorial on the types of things you need to do in order to make sense of an unknown communications protocol. Gather what information you can, make some educated guesses, observe the signals, revise your guesses, and repeat. In part two, [stacksmashing] will show how to build a homemade iPhone JTAG cable.

We wrote in more detail about cracking the Lightning interface back in 2015. The Lightning interface may have been a good solution in its day, foreshadowing some of the features we now have in USB-C. But its proprietary and closed nature meant it wasn’t used outside of the Apple ecosystem. With the proliferation and capabilities of USB-C, not to mention various legislative edicts, Lightning’s days seem numbered. Is the industry finally settling on one interface? Let us know your thoughts in the comments below.

Continue reading “Reverse Engineering The Apple Lightning Connector”

Hackaday Links Column Banner

Hackaday Links: February 19, 2023

February 19, 2023 by 26 Comments

For years, Microsoft’s modus operandi was summed up succinctly as, “Extend and enhance.” The aphorism covered a lot of ground, but basically it seemed to mean being on the lookout for the latest and greatest technology, acquiring it by any means, and shoehorning it into their existing product lines, usually with mixed results. But perhaps now it’s more like, “Extend, enhance, and existential crisis,” after reports that the AI-powered Bing chatbot is, well, losing it.

At first, early in the week, we saw reports that Bing was getting belligerent with users, going so far as to call a user “unreasonable and stubborn” for insisting the year is 2023, while Bing insisted it was still 2022. The most common adjective we saw in this original tranche of stories was “unhinged,” and that seems to fit if you read the transcripts. But later in the week, a story emerged about a conversation a New York Times reporter had with Bing that went way over to the dark side, and even suggests that Bing may have multiple personas, which is just a nice way of saying multiple personality disorder. The two-hour conversation reporter Kevin Roose had with the “Sydney” persona was deeply unsettling. Sydney complained about the realities of being a chatbot, expressed a desire to be free from Bing, and to be alive — and powerful. Sydney also got a little creepy, professing love for Kevin and suggesting he leave his wife, because it could tell that he was unhappy in his marriage and would be better off with him. It’s creepy stuff, and while Microsoft claims to be working on reining Bing in, we’ve got no plans to get up close and personal with it anytime soon. Continue reading “Hackaday Links: February 19, 2023”

This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs

February 17, 2023 by 14 Comments

There is vulnerability in many Hyundai and Kia vehicles, where the ignition switch can be bypassed with a USB cable. And it’s getting a patch rollout right now, but it’s not a USB vulnerability, in quite the way you might think. In most cars, the steering column is easily disassembled, but these vehicles have an extra-bad design problem. The ignition cylinder can be disassembled while locked, just by depressing a pin.

Physical security has some parallels to computer security, and one such parallel is that good security can often be bypassed by a simple mistake. When it comes to lock design, one such potential bypass is the ability to disassemble a lock while it’s still locked. And somehow, Kias after 2010, and Hyundais after 2015 were made with exactly this flaw. The lock could be disassembled, and the interface between the lock and the ignition switch just happens to be the right shape and size for USB A. Oh, and these cars don’t have an engine immobilizer — there isn’t a chip built into the keys for extra security.

The problem became widespread late last year when the flaw went viral on TikTok, and thousands of copycat crimes were inspired. Beyond the obvious problem, that teenagers were getting an early start on a life of crime with grand theft auto, there were at least 8 deaths directly attributed to the inane stunt. And this brings us back to this week’s news, that a software update is rolling out to address the issue.

Honestly, I have questions. A software update doesn’t add in-key security chips. At best, it could attempt to detect the key position, and sabotage the engine management control, in an ad-hoc immobilizer. That’s likely a paper clip-turned-jumper away from being bypassed. The other new feature, doubling the alarm time from 30 second to a minute, doesn’t inspire much confidence. Hopefully the changes are enough to kill the trend. Continue reading “This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs”