This Arduino Debugger Uses The CH552

September 11, 2023 by 16 Comments

One of the things missing from the “classic” Arduino experience is debugging. That’s a shame, too, because the chips used have that capability. However, the latest IDE has the ability to work with external debuggers and if you want to get started with a classic ATMega Arduino, [deqing] shows you how to get started with a cheap CH552 8-bit USB microcontroller board as the debugging dongle.

The CH552 board in question is a good choice, primarily because it is dirt cheap. There are design files on GitHub (and the firmware), but you could probably pull the same trick with any of the available CH552 breakout boards.

Continue reading “This Arduino Debugger Uses The CH552”

Cheap LCD Uses USB Serial

September 11, 2023 by 19 Comments

Browsing the Asian marketplaces online is always an experience. Sometimes, you see things at ridiculously low prices. Other times, you see things and wonder who is buying them and why — a shrimp pillow? But sometimes, you see something that probably could have a more useful purpose than the proposed use case.

That’s the case with the glut of “smart displays” you can find at very low prices. Ostensibly, these are being sold as system monitors. A business-card-sized LCD hooks up via USB and shows your CPU speed, temperature, and so on. Of course, this requires sketchy Windows software. I don’t run Windows, and if I did, I wouldn’t be keen to put some strange service on just so I could see tiny displays of my system information. But a 3.5-inch IPS LCD screen for $15 or less probably has some other uses. But how to drive it? Turns out, it is easier than you think and the hardware looks reasonably hackable, too.

Like a lot of this cheap stuff, these screens are sold under a variety of names, and apparently, there are some subtle differences. Two of the main makers of these screens are Turing and XuanFang, although you rarely see those names in the online listings. As you might expect, though, someone has reverse-engineered the protocol, and there is Python software that will replace the stock Windows software the devices use. Even better, there is an example of using the library for your own purposes.

Continue reading “Cheap LCD Uses USB Serial”

2023 Cyberdeck Challenge: The Best Decks On The Net

September 7, 2023 by 2 Comments

It was an easy decision to run a Cyberdeck Challenge in 2023 — after all, it was far and away one of our most popular contests from last year. But what was much harder was sorting out the incredible array of bespoke computers that readers have been sending in for the last few months.

Our judges have painstakingly whittled down the list of entries to get our top three winners, each of which will be awarded $150 in credit from the good folks over at DigiKey. But there were simply too many fantastic custom computers in the running to let everyone else go home empty-handed, so we’ve decided to also break out some $50 Tindie gift cards for the decks that best exemplified this year’s special categories.

Without further ado, let’s take a tour through the judge’s top picks for this year’s Cyberdeck Challenge!

Continue reading “2023 Cyberdeck Challenge: The Best Decks On The Net”

Streaming Video From An ESP32

September 5, 2023 by 11 Comments

The ESP32, while first thought to be little more than a way of adding wireless capabilities to other microcontrollers, has quickly replaced many of them with its ability to be programmed as its own platform rather than simply an accessory. This also paved the way for accessories of its own, such as various sensors and even a camera. This guide goes over taking the input from the camera and streaming it out over the network to multiple browsers.

On the server side of things, the ESP32 and its attached camera are set up with MQTT, a lightweight communications protocol which uses a publish/subscribe model to send information. The ESP32 is configured to publish its images only, but not subscribe to any other nodes. On the client side, the browser runs a JavaScript program which is able to gather these images and stitch them together into a video.

This can be quite a bit of data to send out over the ESP32’s compact hardware, so there are some tips and tricks for getting more out of these little devices, including using an external antenna for better Wi-Fi signal, or omitting it entirely in favor of Ethernet. As far as getting a lot out of a tiny microcontroller, though, leveraging MQTT really helps the ESP32 go a long way. These chips have come along way since they were first introduced; they’re powerful enough to act as 8-bit gaming consoles too.

Thanks to [Surfskidude] for the tip!

The ‘Scope Of This Kickstarter? Ten Years.

September 4, 2023 by 18 Comments

It may have taken ten years to come through on this particular Kickstarter, but a promise is a promise. In late August 2023, backers who had since likely forgotten all about the project started receiving their oscilloscope watches from creator [Gabriel Anzziani]. Whatever the reason(s) for the delay, the watch looks great, and is miles ahead of the prototype pictures.

As you may have guessed, it functions as both a watch and an oscilloscope. The watch has 12- and 24-hour modes as well as an alarm and calendar, and the ‘scope has all the features of the Xprotolab dev board, which [Gabriel] also created: ‘scope, waveform generator, logic analyzer, protocol sniffer, and frequency counter.

Internally, it has an 8-bit Xmega microcontroller which features an internal PDI, and the display is a 1.28″ E ink display. When we covered this ten years ago, the screen was the type of Sharp LCD featured in the Pebble watch. [Gabriel]’s ‘scope watch features eight buttons around the edge which are user-programmable. One of [Gabriel]’s goals was for people to make their own apps.

Of course, the Kickstarter rewards are no longer available, but if you want to build your own small, digital ‘scope, check out this DIY STM32 project.

Image via the Company Formerly Known As Twitter

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

September 1, 2023 by 6 Comments

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned this a 9.8. There’s no way you can squint at this bug hard enough to legitimately rank it that severe. At the time of writing, the NVD lists this as “UNDERGOING REANALYSIS”.
Continue reading “This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack”

Diving Into Starlink’s User Terminal Firmware

August 31, 2023 by 7 Comments

The average Starlink user probably doesn’t spend a lot of time thinking about their hardware after getting the dish aligned and wiring run. To security researchers, however, it’s another fascinating device to tinker with as they reverse-engineer the firmware and try to both find out what makes it tick, as well as how to break it. This is essentially the subject of [Carlo Ramponi]’s article over at Quarkslab as he digs into the firmware architecture and potential weaknesses in its internal communication.

The user terminal hardware itself is a quite standard AArch64 ARM-based SoC, along with the proprietary communication interface, all of which is controlled by the Linux-based firmware. Dumping the firmware itself was made easy thanks to existing work by researchers at the KU Leuven, involving dumping the contents of the onboard eMMC storage. After this the firmware architecture could be analyzed, which turned out to consist out of mostly C++-based binaries, but with a single big binary for the user front-end written in Go.

Communication between these processes is handled through a custom inter-process protocol called ‘Slate Sharing’, all of which is coordinated via the core User Terminal Control process. It are these Slate IPC messages which form the most likely attack surface for a fuzzing attack, with the SoftwareUpdateRequest command being an interesting target as it would seem to not require authentication since it doesn’t address a specific user. This work is part of [Carlo]’s master’s thesis, and should form the basis of further research on the Starlink User Terminal firmware.