Hackaday Podcast Episode 265: Behind The Epic SSH Hack, 1980s Cyber Butler, The Story Of Season 7

This week, Editor-in-Chief Elliot Williams and Kristina Panos convened once again to give the lowdown on this week’s best hacks. First up in the news — it’s giga-sunset time for Gigaset IoT devices, which simultaneously became paperweights on March 29th. And all that Flipper Zero panic? It has spread to Australia, but still remains exactly that: panic.

Then it’s on to What’s That Sound. Kristina failed again, although she was in the right neighborhood. Can you get it? Can you figure it out? Can you guess what’s making that sound? If you can, and your number comes up, you get a special Hackaday Podcast t-shirt.

Then it’s on to the hacks, beginning with the terrifying news of an xz backdoor. From there, we marvel at a 1980s ‘butler in a box’ — a voice-activated home automation system — and at the idea of LoRa transmissions without a radio. Finally, we discuss why you don’t want to piss off Trekkies, and whether AI has any place in tech support.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Continue reading “Hackaday Podcast Episode 265: Behind The Epic SSH Hack, 1980s Cyber Butler, The Story Of Season 7”

The I2C extender board on a white background, fully assembled, with two connectors and two indicator LEDs

Extenders And Translators For Your I2C Toolkit

If you’ve ever been laying out a network I2C devices inside a project box or throughout your robot’s body, you’ll probably know that I2C is not without its pitfalls. But for many of those pitfalls, there’s a handy chip you can use. [Roman Dvořák] from ThunderFly has experienced it on their drone building journeys, and that’s why they bring us two wonderful open source hardware boards: an I2C bus extender, and an I2C address translator.

The first board, an I2C bus extender, is based around the TCA4307 chip, and not only it lets you extend the bus further than it would normally go, it would also protect you. When the bus capacity is no longer handleable by your devices, or a particular misbehaving device gets the bus stuck, this chip will take care of it and dissipate your troubles. It will even let you know when your bus is wired up correctly, with a handy shine-through LED!

The second board is an I2C address translator. We’ve covered them before, but in short, address translators let you avoid I2C address conflicts while using multiple devices that share the same address. This particular module uses the LTC4317 chip, a common choice for such translation, and the board leaves no feature unimplemented. In the README, there’s quite a few pictures with examples of where this sensor proves mighty useful, too!

It appears that ThunderFly open sources a lot of their designs on GitHub, an effort that we salute. The designs are great to learn from, but if you’re just looking for turn-key hardware, you can get both of these boards from their Tindie store. The cables they use have locking connectors, but as long as the pinout matches, you should be able to solder a JST-SH socket and add these modules to your QWIIC toolkit.

This Week In Security: XZ, ATT, And Letters Of Marque

The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, and we have a much better idea of what the injected payload does.

One of the first findings to note is that the backdoor doesn’t allow a user to log in over SSH. Instead, when an SSH request is signed with the right authentication key, one of the certificate fields is decoded and executed via a system() call. And this makes perfect sense. An SSH login leaves an audit trail, while this backdoor is obviously intended to be silent and secret.

It’s interesting to note that this code made use of both autotools macros, and the GNU ifunc, or Indirect FUNCtions. That’s the nifty feature where a binary can include different versions of a function, each optimized for a different processor instruction set. The right version of the function gets called at runtime. Or in this case, the malicious version of that function gets hooked in to execution by a malicious library. Continue reading “This Week In Security: XZ, ATT, And Letters Of Marque”

An image of the surface of Europa. The top half of the sphere is illuminated with the bottom half dark. The surface is traced with lineae, long lines across its surface of various hues of grey, white, and brown. The surface is a brown-grey, somewhat like Earth's Moon with the highest brightness areas appearing white.

Europa Clipper Asks Big Questions Of The Jovian Moon

Are we alone? While we certainly have lots of strange lifeforms to choose from as companions here on our blue marble, we have yet to know if there’s anything else alive out there in the vastness of space. One of the most promising places to look in our own solar neighborhood is Europa.

People in bunny suits swarm underneath the main section of the Europa Clipper. It is predominantly white, with various tubes and structures of silver metal protruding and many pieces of yellow kapton tape are visible. A large orange module is strapped to the side around the middle of the semi-cylindrical craft. Several other dark orange metallic plates that are much smaller adorn various pieces of the craft. It looks both chonky and delicate at the same time. Underneath its icy surface, Europa appears to have a sea that contains twice as much water as we have here on Earth. Launching later this year and arriving in 2030, NASA’s Europa Clipper will provide us with our most up-close-and-personal look at the Jovian Moon yet. In conjunction with observations from the ESA’s Jupiter Icy Moons Explorer (JUICE), scientists hope to gain enough new data to see if the conditions are right for life.

Given the massive amounts of radiation in the Jovian system, Europa Clipper will do 50 flybys of the moon over the course of four years to reduce damage to instruments as well as give it windows to transmit data back to Earth with less interference. With enough planning and luck, the mission could find promising sites for a future lander that might be able to better answer the question of if there actually is life on other worlds.

Some of the other moons around Jupiter could host life, like Io. Looking for life a little closer? How about on our nearest neighbor, Venus, or the ever popular Mars?

3M’s Floppy Disks: A Story Of Success And The Birth Of Imation

3M, or as it was officially called until 2002, the Minnesota Mining and Manufacturing Company is one of those odd-duck companies where if you ask what products they manufacture the answer is pretty close to a general ‘yes’. Throughout its 121 year history, it’s moved from producing sandpaper to also producing adhesives, laminates, personal protective equipment, as well as a nearly infinite list of further products which at one point in time included a magnetic storage range of products. How this latter came to be is the subject of an article by [Ernie Smith], focusing on floppy disk storage.

Although 3M was not the one to invent floppy disks or magnetic storage, their expertise in making small grains of material stick in an organized fashion on a wide range of materials came in handy. This first allowed 3M to make a name for itself with its Scotch magnetic (reel-to-reel) tape, followed by 3M moving into the floppy disk market by 1973. Over the years following this introduction, 3M storage media came to be known as highly reliable, but as the 1990s saw the magnetic storage market mature and stagnate, 3M management saw the writing on the wall and spun this division off into a new company: Imation.

While the floppy disk isn’t quite dead yet, at this point in time Imation and its main competitors like Memorex are now mostly just a fading memory — while 3M is still plowing ahead, creating new divisions and divesting as opportunities arise.

The assembled PCB on red foam, with both a USB-C connector and the ASM2464PD chip visible

Finally Taming Thunderbolt With Third-Party Chips

Thunderbolt has always been a functionally proprietary technology, held secret by Intel until “opening” the standard in a way that evidently wasn’t enough for anyone to meaningfully join in. At least, until last year, when we saw announcements about ASMedia developing two chips for Thunderbolt use. Now, we are starting to see glimmers of open source, letting us tinker with PCIe at prices lower than $100 per endpoint.

In particular, this board from [Picomicro] uses the ASM2464PD — a chipset that supports TB3/4/USB4, and gives you a 4x PCIe link. Harnessing the 40 Gbps power to wire up an NVMe SSD, this board shows us it’s very much possible to design a fully functional ASM2464PD board without the blessing of Intel. With minimal footprint that barely extends beyond the 2230 SSD it’s designed for, curved trace layout, and a CNC-milled case, this board sets a high standard for a DIY Thunderbolt implementation.

The main problem is that this project is not open-source – all we get is pretty pictures and a bit of technical info. Thankfully, we’ve also seen [WifiCable] take up the mantle of making this chip actually hobbyist-available – she’s created a symbol, fit a footprint, and made an example board in KiCad retracing [Picomicro]’s steps in a friendly fashion. The board is currently incomplete because it needs someone to buy an ASM2464PD enclosure on Aliexpress and reverse-engineer the missing circuitry, but if open-source Thunderbolt devices are on your wish list, this is as close as you get today – maybe you’ll be able to make an eGPU adapter, even. In the meantime, if you don’t want to develop hardware but want to take advantage of Thunderbolt, you can build 10 Gbps point-to-point networks.

TOMOS Moped Becomes Electric Beast

The TOMOS 50cc moped, a small motorcycle produced in Yugoslavia and the Netherlands, has for decades been a common sight on European roads and provided the first taste of transport independence for countless youngsters. Unfortunately the company went bankrupt a few years ago, but there are still plenty of them about, and it’s one of these that [Doctor D.S.] gives an electric conversion in the video below the break.

The electronics are a standard 5 kW off-the-shelf Chinese kit, but in this they aren’t the star of the show so much as the work on the bike. As with any old moped it’s a bit ropey, and he strips it down and reconditions every part of it alongside his work fabricating brackets, a battery box, and a seat. It’s a long video, but it’s one of those workshop sequences that you can become engrossed in.

The result appears to be a very practical, powerful (for a moped) and rideable bike, and it’s one we’d have for buzzing around town any day. We’d like to take a look at that battery box and seat combo on the interests of safety, but otherwise it’s pretty spot-on. Sit back and enjoy a bit of quality workshop video!

If you’re hungry for more, this is by no means the first road bike electric conversion we’ve brought you.

Continue reading “TOMOS Moped Becomes Electric Beast”