Lowering JavaScript Timer Resolution Thwarts Meltdown And Spectre

January 6, 2018 by 35 Comments

The computer security vulnerabilities Meltdown and Spectre can infer protected information based on subtle differences in hardware behavior. It takes less time to access data that has been cached versus data that needs to be retrieved from memory, and precisely measuring time difference is a critical part of these attacks.

Our web browsers present a huge potential surface for attack as JavaScript is ubiquitous on the modern web. Executing JavaScript code will definitely involve the processor cache and a high-resolution timer is accessible via browser performance API.

Web browsers can’t change processor cache behavior, but they could take away malicious code’s ability to exploit them. Browser makers are intentionally degrading time measurement capability in the API to make attacks more difficult. These changes are being rolled out for Google Chrome, Mozilla Firefox, Microsoft Edge and Internet Explorer. Apple has announced Safari updates in the near future that is likely to follow suit.

After these changes, the time stamp returned by performance.now will be less precise due to lower resolution. Some browsers are going a step further and degrade the accuracy by adding a random jitter. There will also be degradation or outright disabling of other features that can be used to infer data, such as SharedArrayBuffer.

These changes will have no impact for vast majority of users. The performance API are used by developers to debug sluggish code, the actual run speed is unaffected. Other features like SharedArrayBuffer are relatively new and their absence would go largely unnoticed. Unfortunately, web developers will have a harder time tracking down slow code under these changes.

Browser makers are calling this a temporary measure for now, but we won’t be surprised if they become permanent. It is a relatively simple change that blunts the immediate impact of Meltdown/Spectre and it would also mitigate yet-to-be-discovered timing attacks of the future. If browser makers offer a “debug mode” to restore high precision timers, developers could activate it just for their performance tuning work and everyone should be happy.

This is just one part of the shock wave Meltdown/Spectre has sent through the computer industry. We have broader coverage of the issue here.

Learn To Reverse Engineer X86_64 Binaries

January 6, 2018 by 16 Comments

Opening up things, see how they work, and make them do what you want are just the basic needs of the average hacker. In some cases, a screwdriver and multimeter will do the job, but in other cases a binary blob of random software is all we have to work with. Trying to understand an unknown binary executable is an exciting way to discover a system’s internal functionality.

While the basic principles of software reverse engineering are universal across most platforms, the details can naturally vary for different architectures. In the case of the x86 architecture, [Leonora Tindall] felt that most tutorials on the subject focus mostly on 32-bit and not so much on the 64-bit specifics. Determined to change that, she ended up with an extensive introduction tutorial for reverse engineering x86_64 binaries starting at the very basics, then gradually moving forward using crackme examples. Covering simple string analysis and digging through disassembled binaries to circumvent fictional security, the tutorial later introduces the Radare2 framework.

All example source code is provided in the accompanying GitHub repository, although it is advised to avoid looking at them to keep it more interesting and challenging. And in case you are looking for more challenges later on, or generally prefer a closer connection to the hardware, these MSP430 based capture the flag online challenges might be worth to look at next.

Tearing Down A Darkroom Relic For Buried Treasure

January 6, 2018 by 10 Comments

If your goal is to harvest unique parts from defunct devices, the further back in time you go, the better the pickings stand to be. At least that’s what [Kerry Wong] discovered during his tear-down of a darkroom color analyzer from the early 1980s.

For readers whose experience with photography has been solely digital, you need to understand that there once was a time when images were made with real cameras on real film, and serious amateurs and pros had darkrooms to process the film. Black and white processing was pretty straightforward in terms of chemistry — it was just developer, stop, and fixing. Color processes were much trickier, and when it came to enlarging your film onto color photo paper, things could get really complicated. [Kerry]’s eBay find, a Besler PM1A color analyzer, was intended to help out in the color lab by balancing the mix of cyan, blue, and yellow components in the enlarger.

The instrument, which no doubt demanded a princely sum back in the day, is actually really simple, with the object of [Kerry]’s desire, a PM1A photomultiplier tube and its driver, being the only real find.  Still, it’s an interesting teardown, and we’re eager to see what [Kerry] makes of the gem. A muon detector, perhaps? An X-ray backscatter machine? Or perhaps repeating his old speed of light experiments is on the docket.

Continue reading “Tearing Down A Darkroom Relic For Buried Treasure”

Fallen Radiosonde Reborn As Active L-band Antenna

January 5, 2018 by 14 Comments

If your hobby is chasing radiosondes across vast stretches of open country, and if you get good enough at it, you’ll eventually end up with a collection of the telemetry packages that once went up on weather balloons to record the conditions aloft. Once you’ve torn one or two down though, the novelty must wear off, which is where this radiosonde conversion to an active L-band antenna comes from.

As it happens, we recently discussed the details of radiosondes, so if you need a primer on these devices, check that out. But as Australian ham [Mark (VK5QI)] explains, radiosondes are a suite of weather instruments crammed into a lightweight package with a GPS receiver and a small transmitter. Lofted beneath a weather balloon into the stratosphere, a radiosonde transmits a wealth of data back to the ground before returning on a parachute after the balloon bursts. [Mark] had his eyes on the nice quadrifilar helical antenna used by the Vaisla R92 radiosonde’s GPS receiver, with the aim of repurposing them. He had a lot of components to remove while still retaining the low-noise amplifier (LNA), but in the end managed to get a working antenna with 40 dB gain in the L-band, and with the help of an RTL-SDR dongle he picked up solid signals from Iridium satellites.

Want to score your own radiosonde to play with? First, you have to know how to listen in so you can find them. Or, you know – there’s always eBay.

[via RTL-SDR.com]

Bark Back IoT Pet Monitor

January 5, 2018 by 6 Comments

Does your pet get distressed when you’re not home? Or, perhaps their good behaviour slips when you’re not around and they cause a ruckus for the neighbours. Well, [jenfoxbot] has just such a dog, so she built a ‘bark back’ IoT pet monitor to keep an eye on him while she’s out.

The brains and backbone of the pet monitor is the ever-popular Raspberry Pi 3. A Sparkfun MEMS microphone breakout board listens for any unruly behaviour, with an MCP3002 analog to digital converter chip reading the mic input. Some trial-and-error coding allowed her to set a noise threshold that — once exceeded — will trigger an audio file, shushing her dog. It also logs events and uploads any status updates to a CloudMQTT server to be monitored while away from home. Her Imgur build album can be found here, and the GitHub project page is here if you want to build your own!

Check out the demo video after the break, that was probably confusing for her good dog, Marley.

Continue reading “Bark Back IoT Pet Monitor”

Power Your Guitar Pedals With Drill Batteries

January 5, 2018 by 23 Comments

Guitar pedals are a great way to experiment with the sound of your instrument. However, they require electricity, and when you’re using more than a couple, it can get messy. Some will run on batteries, while others are thirstier for more current and will only work with a plugback. There are a great many solutions out there, but most people with more than a few pedals to power will end up going to some kind of mains powered solution. [Don] is here to show us that it’s not the only way.

Mains power is great for some things, but where pedals are concerned, it’s not always perfect. There are issues with noise, both from cheap power supplies and poorly designed pedals, and it means you’re always hunting for a power socket, which is limiting for buskers.

[Don] realised that the common drill battery is a compact source of clean, DC power, and decided to use that to power his rig. By slapping together a drill battery with a pre-assembled buck converter and a 3D printed adapter, he was able to build a portable power supply for his pedals. Thanks to the fact that the vast majority of pedals use 9V DC with the same input jack design, it’s a cinch to wire up. With an appropriately sized buck converter, a drill battery could supply even a hefty pedalboard for a significant period of time.

Overall, it’s a great hack that solves a problem faced by many performing musicians. We’ve seen our fair share of guitar pedals around Hackaday – perhaps you’d like to see how one makes it from concept to production?

Continue reading “Power Your Guitar Pedals With Drill Batteries”

ATtiny Chip Abused In RFID Application

January 5, 2018 by 21 Comments

One of Atmel’s smallest microcontrollers, the ATtiny, is among the most inexpensive and reliable chips around for small applications. It’s also one of the most popular. If you don’t need more than a few inputs or outputs, there’s nothing better. As a show of its ability to thrive under adverse conditions, [Trammell Hudson] was able to shoehorn an ATtiny into an RFID circuit in a way that tests the limits of the chip design.

The RFID circuit only uses two of the ATtiny’s pins and neither of which is the ground or power pin. The ATtiny is equipped with protective diodes on its input pins, and if you apply an AC waveform to the input pins, the chip is able to use the leakage current to power itself. Once that little hurdle is crossed, the ATtiny can do the rest of its job handling the RFID circuitry.

This project takes a deep dive into the internals of the ATtiny. If you’ve ever wondered what was going on inside of everyone’s favorite tiny microcontroller, or if you’re looking for an RFID circuit that keeps parts counts to an absolute minimum, this is the project for you.  The ATtiny is more than just a rugged, well-designed chip, though. It’s capable of a lot more than such a small chip should be able to.

Thanks to [adnidor] for the tip!