C64 Runs On STM32F429 Discovery

November 18, 2020 by 23 Comments

There have been various reincarnations of the Commodore C64 over the years, and [Dave Van Wagner] has created one that can run on an STM32F429ZI Discovery development board. These dev boards have been around quite a few years and feature a 2.4 inch color TFT LCD in addition to the typical I/O circuitry, and are a pretty good value — [Dave] says they currently sell for under $30 through distribution.

The project began earlier this year when [Dave] set out to write a command line program in C# that emulated C64 Basic. He had written a 6502 emulator many years earlier, but had not tested it. [Dave] went on a programming binge in March and got it up and running over a very long weekend. He subsequently decided to add support for VIC-20, TED, and PET as well.

Even though [Dave] says C# is a beautiful language, he subsequently ported the program into C (an ugly language?) in order to run on the Discovery board, swapping the command line terminal interface for real LCD video and a USB keyboard. There’s also an Arduino version (terminal interface only). It runs about 15% slower than a real C64, and there are some limitations still like no SID. But overall, this is a great project and a low-cost way to emulate a C64 in an embedded format. If you want to explore further, here is the Mbed project for the STM32F429, and you can find the Arduino and C# versions on his GitHub page. You may remember [Dave] from the C128 video hack we wrote about last year.

This Week In Security: Discord, Chromium, And WordPress Forced Updates

October 30, 2020 by 42 Comments

[Masato Kinugawa] found a series of bugs that, when strung together, allowed remote code execution in the Discord desktop app. Discord’s desktop application is an Electron powered app, meaning it’s a web page rendered on a bundled light-weight browser. Building your desktop apps on JavaScript certainly makes life easier for developers, but it also means that you inherit all the problems from running a browser and JS. There’s a joke in there about finally achieving full-stack JavaScript.

The big security problem with Electron is that a simple Cross Site Scripting (XSS) bug is suddenly running in the context of the desktop, instead of the browser. Yes, there is a sandboxing option, but that has to be manually enabled.

And that brings us to the first bug. Neither the sandbox nor the contextIsolation options were set, and so both defaulted to false. What does this setting allow an attacker to do? Because the front-end and back-end JavaScript runs in the same context, it’s possible for an XSS attack to override JS functions. If those functions are then called by the back-end, they have full access to Node.js functions, including exec(), at which point the escape is complete.

Now that we know how to escape Electron’s web browser, what can we use for an XSS attack? The answer is automatic iframe embeds. For an example, just take a look at the exploit demo below. On the back-end, all I have to do is paste in the YouTube link, and the WordPress editor does its magic, automatically embedding the video in an iframe. Discord does the same thing for a handful of different services, one being Sketchfab.

This brings us to vulnerability #2. Sketchfab embeds have an XSS vulnerability. A specially crafted sketchfab file can run some JS whenever a user interacts with the embedded player, which can be shoehorned into discord. We’re almost there, but there is still a problem remaining. This code is running in the context of an iframe, not the primary thread, so we still can’t override functions for a full escape. To actually get a full RCE, we need to trigger a navigation to a malicious URL in the primary pageview, and not just the iframe. There’s already code to prevent an iframe from redirecting the top page, so this RCE is a bust, right?

Enter bug #3. If the top page and the iframe are on different domains, the code preventing navigation never fires. In this case, JavaScript running in an iframe can redirect the top page to a malicious site, which can then override core JS functions, leading to a full escape to RCE.

It’s a very clever chaining of vulnerabilities, from the Discord app, to an XSS in Sketchfab, to a bug within Electron itself. While this particular example required interacting with the embedded iframe, it’s quite possible that another vulnerable service has an XSS bug that doesn’t require interaction. In any case, if you use Discord on the desktop, make sure the app is up to date. And then, enjoy the demo of the attack, embedded below.

Continue reading “This Week In Security: Discord, Chromium, And WordPress Forced Updates”

Cheap And Effective Mosquito Trap Looks Like A Disco

August 3, 2020 by 34 Comments

Words cannot quite articulate the collective loathing humankind has for mosquitoes, and rightfully so! These parasite peddling, blood sucking little critters are responsible for a great deal of human suffering. Mosquito-borne diseases such as malaria still account for a significant proportion of human mortality, especially in under-developed parts of the world . So it’s no wonder that people try to reduce their numbers; see this latest $40 mosquito trap by [jacobsk]. (Video, embedded below.)

The idea is critically simple, opening up the potential for widespread deployment. The base and body of the trap are made out of three five-gallon buckets with a mini desk fan sandwiched in between, providing suction into the main trap bin. An opening is cut in the top bucket as a point of entry, and an old school incandescent blacklight is mounted in the centre, with just enough IR and UV output to entice these little vermin, who will definitely regret mistaking it for a black-light rave.

[jacobsk] also does a very good job of showing every step of its construction in his videos. Whilst this solution is purposefully low tech, check out this admittedly overcooked way of killing mosquitoes, with a laser turret.

Continue reading “Cheap And Effective Mosquito Trap Looks Like A Disco”

The WISE In NEOWISE: How A Hibernating Satellite Awoke To Discover The Comet

July 22, 2020 by 8 Comments

Over the last few weeks the media has been full of talk about NEOWISE, one of the brightest and most spectacular comets to ever pass through our solar system that you can still see if you hurry. While the excitement over this interstellar traveler is more than justified, it’s also an excellent opportunity to celebrate the Wide-field Infrared Survey Explorer (WISE) space telescope it was named after. The discovery of this particular comet is just the latest triumph in the orbiting observatory’s incredible mission of discovery that’s spanned over a decade, with no signs of slowing down anytime soon.

In fact, WISE has been operational for so long now that its mission has evolved beyond its original scope. When it was launched in December 2009 from California’s Vandenberg Air Force Base, its primary mission was scheduled to be completed in less than a year. But like many NASA spacecraft that came before it, WISE achieved its original design goals and found itself ready for a new challenge. Though not before it spent almost three years in hibernation mode as the agency decided what to do with it.

Continue reading “The WISE In NEOWISE: How A Hibernating Satellite Awoke To Discover The Comet”

Hacking A Cheap Disco Light For UV Effects

June 15, 2020 by 21 Comments

Back in the early days of disco, filament bulbs were all the rage. Whether tungsten, halogen, or other obscure types, party lighting involved lots of watts and lots of heat. These days, the efficiency of LEDs makes everything a lot cheaper, lighter, and lower power. [Big Clive] decided to dive into a cheap moonflower-type disco light from China, replacing the insides along the way.

The final effect particularly shines when used on fluorescent materials.

The light originally consisted of an 8×8 grid of LEDs, driven by shift registers for a simple chase effect. Surprisingly, the power supply and other hardware inside seemed to at least make an attempt to meet UK regulations. However, [Big Clive] had other plans, whipping up a replacement PCB packing 64 UV LEDs. The video is informative, showing how with a few simple passive components, it’s easy to drive these LEDs from mains without excessive circuitry required to step down to more usual DC voltages.

The final result is a neat UV grid light that would look excellent through some fog on the dance floor. We’ve seen [Big Clive]’s teardowns before, too – like this nefarious CAN bus interceptor found in a Mercedes. Video after the break.

Continue reading “Hacking A Cheap Disco Light For UV Effects”

Chandrayaan-2 Found By Citizen Scientist; Reminds Us Of Pluto Discovery

December 6, 2019 by 40 Comments

What does Pluto — not the dog, but the non-Planet — have in common with the Vikram lunar lander launched by India? Both were found by making very tiny comparisons to photographs. You’d think landing something on the moon would be old hat by now, but it turns out only three countries have managed to do it. The Chandrayaan-2 mission would have made India the fourth country. But two miles above the surface, the craft left its planned trajectory and went radio silent.

India claimed it knew where the lander crashed but never revealed any pictures or actual coordinates. NASA’s Lunar Reconnaissance Orbiter took pictures several times of the landing area but didn’t see the expected scar like the one left by the doomed Israeli lander when it crashed in April. A lot of people started looking at the NASA pictures and one Indian computer programmer and mechanical engineer, Shanmuga Subramanian, seems to have been successful.

Continue reading “Chandrayaan-2 Found By Citizen Scientist; Reminds Us Of Pluto Discovery”

Review: OSEPP STEM Kit 1, A Beginner’s All-in-One Board Found In The Discount Aisle

September 26, 2019 by 11 Comments

As the name implies, the OSEP STEM board is an embedded project board primarily aimed at education. You use jumper wires to connect components and a visual block coding language to make it go.

I have fond memories of kits from companies like Radio Shack that had dozens of parts on a board, with spring terminals to connect them with jumper wires. Advertised with clickbait titles like “200 in 1”, you’d get a book showing how to wire the parts to make a radio, or an alarm, or a light blinker, or whatever.

The STEM Kit 1 is sort of a modern arduino-powered version of these kits. The board hosts a stand-alone Arduino UNO clone (included with the kit) and also has a host of things you might want to hook to it. Things like the speakers and stepper motors have drivers on board so you can easily drive them from the arduino. You get a bunch of jumper wires to make the connections, too. Most things that need to be connected to something permanently (like ground) are prewired on the PCB. The other connections use a single pin. You can see this arrangement with the three rotary pots which have a single pin next to the label (“POT1”, etc.).

I’m a sucker for a sale, so when I saw a local store had OSEPP’s STEM board for about $30, I had to pick one up. The suggested price for these boards is $150, but most of the time I see them listed for about $100. At the deeply discounted price I couldn’t resist checking it out.

So does an embedded many-in-one project kit like this one live up to that legacy? I spent some time with the board. Bottom line, if you can find a deal on the price I think it’s worth it. At full price, perhaps not. Join me after the break as I walk through what the OSEPP has to offer.

Continue reading “Review: OSEPP STEM Kit 1, A Beginner’s All-in-One Board Found In The Discount Aisle”