Tool Demagnetizers And The Magnetic Stray Field

February 23, 2024 by 9 Comments

If you’ve ever found yourself wondering how those tool magnetizer/demagnetizer gadgets worked, [Electromagnetic Videos] has produced a pretty succinct and informative video on the subject.

The magnetizer/demagnetizer gadget after meeting its demise at a cutting disc. (Credit: Electromagnetic Videos, YouTube)
The magnetizer/demagnetizer gadget after meeting its demise at a cutting disc. (Credit: Electromagnetic Videos, YouTube)

While the magnetizing step is quite straightforward and can be demonstrated even by just putting any old magnet against the screwdriver’s metal, it is the demagnetization step that doesn’t make intuitively sense, as the field lines of the magnets are supposed to align the (usually ferromagnetic) material’s magnetic dipole moments and thus create an ordered magnetic field within the screwdriver.

This is only part of the story, however, as the magnetic field outside of a magnet is termed the demagnetizing field (also ‘stray field’). A property of this field is that it acts upon the magnetization of e.g. ferromagnetic material in a way that reduces its magnetic moment, effectively ‘scrambling’ any existing magnetization.

By repeatedly moving a metal tool through this stray field, each time further and further away from the magnet, the magnetic moment reduces until any magnetization has effectively vanished. It is the kind of simple demonstration of magnetism that really should be part of any physics class thanks to its myriad of real-world uses, as this one toolbox gadget shows.

Continue reading “Tool Demagnetizers And The Magnetic Stray Field”

This Week In Security: Wyze, ScreenConnect, And Untrustworthy Job Postings

February 23, 2024 by 7 Comments

For a smart home company with an emphasis on cloud-connected cameras, what could possibly be worse than accidentally showing active cameras to the wrong users? Doing it again, to far more users, less than 6 months after the previous incident.

The setup for this breach was an AWS problem, that caused a Wyze system outage last Friday morning. As the system was restored, the load spiked and a caching library took the brunt of the unintentional DDoS. This library apparently has a fail state of serving images and videos to the wrong users. An official report from Wyze mentions that this library had been recently added, and that the number of thumbnails shown to unauthorized users was around 13,000. Eek. There’s a reason we recommend picking one of the Open Source NVR systems here at Hackaday.

ScreenConnect Exploit in the Wild

A pair of vulnerabilities in ConnectWise ScreenConnect were announced this week, Proof of Concepts were released, and are already being used in active exploitation. The vulnerabilities are a CVSS 10.0 authentication bypass and a CVSS 8.4 path traversal bypass.

Huntress has a guide out, detailing how embarrassingly easy the vulnerabilities are to exploit. The authentication bypass is a result of a .Net quirk, that adding an additional directory on the end of a .aspx URL doesn’t actually change the destination, but is captured as PathInfo. This allows a bypass of the protections against re-running the initial setup wizard: hostname/SetupWizard.aspx/literallyanything

The second vulnerability triggers during extension unpack, as the unzipping process doesn’t prevent path traversal. The most interesting part is that the unzip happens before the extension installation finishes. So an attacker can compromise the box, cancel the install, and leave very little trace of exploitation. Continue reading “This Week In Security: Wyze, ScreenConnect, And Untrustworthy Job Postings”

Your Noisy Fingerprints Vulnerable To New Side-Channel Attack

February 23, 2024 by 28 Comments

Here’s a warning we never thought we’d have to give: when you’re in an audio or video call on your phone, avoid the temptation to doomscroll or use an app that requires a lot of swiping. Doing so just might save you from getting your identity stolen through the most improbable vector imaginable — by listening to the sound your fingerprints make on the phone’s screen (PDF).

Now, we love a good side-channel attack as much as anyone, and we’ve covered a lot of them over the years. But things like exfiltrating data by blinking hard drive lights or turning GPUs into radio transmitters always seemed a little far-fetched to be the basis of a field-practical exploit. But PrintListener, as [Man Zhou] et al dub their experimental system, seems much more feasible, even if it requires a ton of complex math and some AI help. At the heart of the attack are the nearly imperceptible sounds caused by friction between a user’s fingerprints and the glass screen on the phone. These sounds are recorded along with whatever else is going on at the time, such as a video conference or an online gaming session. The recordings are preprocessed to remove background noise and subjected to spectral analysis, which is sensitive enough to detect the whorls, loops, and arches of the unsuspecting user’s finger.

Once fingerprint patterns have been extracted, they’re used to synthesize a set of five similar fingerprints using MasterPrint, a generative adversarial network (GAN). MasterPrint can generate fingerprints that can unlock phones all by itself, but seeding the process with patterns from a specific user increases the odds of success. The researchers claim they can defeat Automatic Fingerprint Identification System (AFIS) readers between 9% and 30% of the time using PrintListener — not fabulous performance, but still pretty scary given how new this is.

ESP32 Oscilloscope Skips Screen For The Browser

February 23, 2024 by 29 Comments

An oscilloscope can be an expensive piece of equipment, but not every measurement needs four channels and gigahertz sampling rates. For plenty of home labs, old oscilloscopes with CRTs can be found on the used marketplace for a song that are still more than capable of getting the job done, but even these can be overpowered (not to mention extremely bulky). If you’re looking for something even cheaper, and quite a bit smaller, this ESP32 scope from [BojanJurca] might fit the bill.

The resulting device manages to keep costs extremely low, but not without a trade-off. For this piece of test equipment, sampling is done over the I2C bus on the ESP32, which can manage a little over 700 samples per second with support for two channels. With the ESP32 connected to a wireless network, the data it captures can be viewed from a browser in lieu of an attached screen, which also keeps the size of the device exceptionally small. While it’s not a speed demon, that’s more than fast enough to capture waveforms from plenty of devices or our own circuit prototypes in a form factor that can fit even the smallest spaces.

Of course for work on devices with faster switching times, it’s always good to keep a benchtop oscilloscope around. But as far as we can tell this one is the least expensive, smallest, and most capable we’ve come across that would work for plenty of troubleshooting or testing scenarios in a pinch. We’ve seen others based on slightly more powerful microcontrollers like this one based on the STM32 and this other built around the Wio Terminal with a SAMD51, both of which also include built-in screens.

The Latest Advancements In Portable N64 Modding

February 22, 2024 by 7 Comments

[Chris Downing] has been in the mod scene a long time, and his 5th GeN64 Portable is his most modern portable Nintendo 64 yet. The new build has an improved form factor, makes smart use of 3D printing and CNC cutting, efficiently uses PCBs to reduce wiring, and incorporates a battery level indicator. That last feature is a real quality of life improvement, nicely complementing the ability to charge over USB-C.

What’s interesting about builds like this is that it’s all about the execution. The basic parts required to mod a classic games console into a portable unit are pretty well understood, and off-the-shelf modules like button assemblies exist to make the job far easier than it was back in the day when all had to be done from scratch. We’ve admired [Chris Downing]’s previous builds, and what differentiates one mod from another really comes down to layout and execution, and that’s where the 5th GeN64 Portable shines. Continue reading “The Latest Advancements In Portable N64 Modding”

The ELIZA Archaeology Project: Uncovering The Original ELIZA

February 22, 2024 by 31 Comments

Since ELIZA was created by [Joseph Weizenbaum] in the 1960s, its success had led to many variations and ports being written over the intervening decades. The goal of the ELIZA Archaeology Project by Stanford, USC, Oxford and other university teams is to explore and uncover as much of this history as possible, starting with the original 1960s code. As noted in a recent blog post by [Anthony Hay], most of the intervening ‘ELIZA’ versions seem to have been more inspired by the original rather than accurate replicas or extensions of the original. This raises the question of what the original program really looked like, a question which wasn’t answered until 2020 when the original source code was rediscovered. Continue reading “The ELIZA Archaeology Project: Uncovering The Original ELIZA”

A man standing next to a log holds a wooden mallet and a grey froe with a wooden handle. The froe's long straight blade sits atop the end of the log. Several cuts radiate out from the center of the log going through the length of the wood.

Making Wooden Shingles With Hand Tools

February 22, 2024 by 23 Comments

While they have mostly been replaced with other roofing technologies, wooden shingles have a certain rustic charm. If you’re curious about how to make them by hand, [Harry Rogers] takes us through his friend [John] making some.

There are two primary means of splitting a log for making shingles (or shakes). The first is radial, like one would cut a pie, and the other is lateral, with all the cuts in the same orientation. Using a froe, the log is split in progressively smaller halves to control the way the grain splits down the length of the log and minimize waste. Larger logs result in less waste and lend themselves to the radial method, while smaller logs must be cut laterally. Laterally cut shingles have a higher propensity for warping and other issues, but will work when larger logs are not available.

Once the pieces are split out of the log, they are trimmed with an axe, including removing the outer sapwood which is the main attractant for bugs and other creatures that might try eating your roof. Once down to approximately the right dimensions, the shingle is then smoothed out on a shave horse with a draw knife. Interestingly, the hand-made shingles have a longer lifespan than those sawn since the process works more with the grain of the wood and introduces fewer opportunities for water to seep into the shingles.

If you’re looking for something more solarpunk and less cottagecore for your house, maybe try a green solar roof, and if you’ve got a glass roof, try cleaning it with the Grawler.

Continue reading “Making Wooden Shingles With Hand Tools”