Generating A Lost Password By Traveling Back In Time

May 31, 2024 by 5 Comments

It’s probable that some of you reading this will have been approached in the past by people who’ve lost the password to their crypto wallets. They hear that you’re involved in some kind of “hacking”, and they cling to the forlorn hope that you might just be able to recover their lost wealth. For most of us there’s little chance we can help, but in [Joe Grand]’s case he has made it something of a specialism. He’s given an account of how he and a friend recovered a particularly difficult password.

The password in question had been generated by RoboForm, a long random string that was impossible for its owner to remember. The only chance of finding it lay in discovering a flaw in RoboForm, and that seemed hopeless until the discovery of a changelog reference to improving the random number generation of the software.

The video below details some of the detective work required to find the password, first reverse engineering an old version of RoboForm to find the flaw, and then the discovery that the random seed was derived from the system time. A range of passwords could be created for a given time frame, reducing the odds of finding the password considerably. The story is not without its twists, but it ends with the wallet’s owner rather theatrically being presented with a giant fake Bitcoin check.

Continue reading “Generating A Lost Password By Traveling Back In Time”

Hackaday Podcast Episode 273: A Tube Snoot, Dynamic Button Blobs, And Tokamaks Aren’t Whack

May 31, 2024 by 8 Comments

This week, it was Kristina’s turn in the hot seat with Editor-in-Chief Elliot Williams. First up in the news: Germany’s solar and wind power generation have resulted in excess energy, which some people think is bad. In Hackaday news, the entries in the 2024 Business Card Challenge are really stacking up.

Then it’s on to What’s That Sound, which Kristina provided this week and managed to stump Elliot. Can you get it? Can you figure it out? Can you guess what’s making that sound? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.

Then it’s on to the hacks, beginning with an improved spectrometer that wasn’t easy, and a rotary phone kitchen timer that kind of was. We’ll talk about badges turned invitations, reinventing rotary switches, and dynamic button blobs. Finally, we get the lowdown on the state of nuclear fusion, and posit why chatting online isn’t what it used to be.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 273: A Tube Snoot, Dynamic Button Blobs, And Tokamaks Aren’t Whack”

Schematic of the Pi Pico wireup, showing the various outputs that the firmware will generate on the GPIOs

A Scope Test Tool You Can Build With Just A Pico

May 31, 2024 by 24 Comments

Ever wanted to see how well your oscilloscope adheres to its stated capabilities? What if you buy a new scope and need a quick way to test it lest one of its channels its broken, like [Paul Wasserman] had happen to him? Now you only need a Pi Pico and a few extra components to make a scope test board with a large variety of signals it can output, thanks to [Paul]’s Sig Gen Pi Pico firmware.

description of the signals generated by the software, that can be read in detail on the project websiteDespite the name it’s not a signal generator as we know it, as it’s not flexible in the signals it generates. Instead, it creates a dozen signals at more or less the same time — from square waves of various frequencies and duty cycles, to a PWM-driven DAC driving eight different waveforms, to Manchester-encoded data I2C/SPI/UART transfers for all your protocol decoder testing.

Everything is open source under the BSD 3-Clause license, and there’s even two PDFs with documentation and a user manual, not to mention the waveform screenshots for your own reference.

It’s seriously impressive how many features [Paul] has fit into a single firmware. Thanks to his work, whenever you have some test equipment in need of being tested, just grab your Pico and a few passive components.

This Week In Security: Operation Endgame, Appliance Carnage, And Router Genocide

May 31, 2024 by 3 Comments

This week saw an impressive pair of takedowns pulled off by law enforcement agencies around the world. The first was the 911 S5 botnet, Which the FBI is calling “likely the world’s largest botnet ever”. Spreading via fake free VPN services, 911 was actually a massive proxy service for crooks. Most lately, this service was operating under the name “Cloud Router”. As of this week, the service is down, the web domain has been seized, and the alleged mastermind, YunHe Wang, is in custody.

The other takedown is interesting in its own right. Operation Endgame seems to be psychological warfare as well as actual arrests and seizures. The website features animated shorts, a big red countdown clock, and a promise that more is coming. The actual target was the ring that manage malware droppers — sort of middlemen between initial shellcode, and doing something useful with a compromised machine. This initial volley includes four arrests, 100+ servers disrupted, and 2,000+ domains seized.

The arrests happened in Armenia and Ukraine. The messaging around this really seems to be aimed at the rest of the gang that’s out of reach of law enforcement for now. Those criminals may still be anonymous, or operating in places like Russia and China. The unmistakable message is that this operation is coming for the rest of them sooner or later. Continue reading “This Week In Security: Operation Endgame, Appliance Carnage, And Router Genocide”

Tell Time And Predict The Heavens With This Astronomical Timepiece

May 31, 2024 by 2 Comments

Looking for a new project, or just want to admire some serious mechanical intricacy? Check out [illusionmanager]’s Astronomical Clock which not only tells time, but shows the the positions of the planets in our solar system, the times of sunrise and sunset, the phases of the moon, and more — including solar and lunar eclipses.

One might assume that the inside of the Astronomical Clock is stuffed with a considerable number of custom gears, but this is not so. The clock’s workings rely on a series of tabs on movable rings that interact with each other to allow careful positioning of each element. After all, intricate results don’t necessarily require complex gearing. The astrolabe, for example, did its work with only a few moving parts.

The Astronomical Clock’s mechanical elements are driven by a single stepper motor, and the only gear is the one that interfaces the motor shaft to the rest of the device. An ESP32-C3 microcontroller takes care of everything else, and every day it updates the position of each element as well as displaying the correct time on the large dial on the base.

The video below shows the clock in operation. Curious its inner workings? You can see the entire construction process from beginning to end, too.

Continue reading “Tell Time And Predict The Heavens With This Astronomical Timepiece”

Screenshot of the Kaby Lake CPU pinout next to the Coffee Lake CPU pinout, showing just how few differences there are

Intel’s Anti-Upgrade Tricks Defeated With Kapton Tape

May 31, 2024 by 60 Comments

If you own an Intel motherboard with a Z170 or Z270 chipset, you might believe that it only supports CPUs up to Intel’s 7th generation, known as Kaby Lake. Even the CPU socket’s pinout is different in the next generation — we are told, it will fit the same socket, but it won’t boot. So if you want a newer CPU, you’ll have to buy a new motherboard while you’re at it. Or do you?

Turns out, the difference in the socket is just a few pins here and there, and you can make a 8th or 9th generation Coffee Lake CPU work on your Z170/270 board if you apply a few Kapton tape fixes and mod your BIOS, in a process you can find as “Coffee Mod”. You can even preserve compatibility with the 6th/7th generation CPUs after doing this mod, should you ever need to go back to an older chip. Contrasting this to AMD’s high degree of CPU support on even old Ryzen motherboards, it’s as if Intel introduced this incompatibility intentionally.

There’s been a number of posts on various PC forums and YouTube videos, going through the process and showing off the tools used to modify the BIOS. Some mods are exceptionally easy to apply. For example, if you have the Asus Maximus VIII Ranger motherboard, a single jumper wire between two pads next to the EC will enable support without Kapton tape, a mod that likely could be figured out for other similar motherboards as well. There’s a few aspects to keep in mind, like making sure your board’s VRMs are good enough for the new chip, and a little more patching might be needed for hyper-threading, but nothing too involved.

Between money-grab features like this that hamper even the simplest of upgrades and increase e-waste, fun vulnerabilities, and inability to sort out problems like stability power consumption issues, it’s reassuring to see users take back control over their platforms wherever possible, and brings us back to the days of modding Xeon CPUs to fit into 775 sockets.

Don’t get too excited though, as projects like Intel BootGuard are bound to hamper mods like this on newer generations by introducing digital signing for BIOS images, flying under the banner of user security yet again. Alas, it appears way more likely that Intel’s financial security is the culprit.

Continue reading “Intel’s Anti-Upgrade Tricks Defeated With Kapton Tape”

Noodles Time Themselves While Cooking

May 30, 2024 by 24 Comments

Despite the name, so-called “instant” noodles still need to sit for a few minutes before they’re actually ready to eat. Most people would likely use a simple kitchen timer to let them know when it’s time to chow down, but this unique mechanical timer uses the weight of the noodles themselves to power a timing mechanism.

The timer acts in much the same way that a pendulum clock would, in that a weight provides the energy to drive the clock’s mechanism which releases that energy in discrete steps. Besides a few metal parts and some magnets, the majority of the clock is 3D printed with a small platform on the side where the noodles rest. As the platform falls the weight drives the clock mechanism which will finally alert the user when they finish their descent three minutes later with the help of a small bell. There’s even an analog display which shows the number of minutes remaining before the noodles are ready to eat.

As far as single-purpose kitchen appliances go, this is one that we might find ourselves sacrificing some counter space for not only for the usefulness but also for the aesthetic appeal of the visible clock movements and high-quality design. It could even go beside the automatic ramen cooker for when we’re too busy (or lazy) to even boil the water for instant noodles ourselves.

Continue reading “Noodles Time Themselves While Cooking”