GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room

August 26, 2023 by Jenny List 115 Comments

International cybercrime, as portrayed by the movies and mass media, is a high-stakes game of shadowy government agencies and state-sponsored hacking groups. Hollywood casting will wheel out a character in a black hoodie and shades, probably carrying a metallic briefcase as they board an executive jet.

These things aren’t supposed to happen in a cheap hotel room in your insignificant hometown, but the story of a British teen being nabbed leaking the closely guarded details of Grand Theft Auto 6 in a Travelodge room in Bicester, Oxfordshire brings the action from the global into the local for a Hackaday scribe. Bicester is a small town best known for a tacky outlet mall and as a commuter dormitory stop on the line to London Marylebone, it’s not exactly Vice City.

The teen in question is one [Arion Kurtaj], breathlessly reported by the BBC as part of the Lapsus$ gang, which is a sensationalist way of talking up a group of kids expert at computer infiltration but seemingly inept at being criminals. After compromising British telcos he was exposed by another group and nabbed by the authorities, before being moved to the hotel for his own safety.

Here the story becomes more interesting for Hackaday readers, because though denied access to a computer he purchased an Amazon Fire stick presumably at the Argos in the Sainsburys next door, and plugged it into the Travelodge TV. Using this he was able to access cloud services, we’re guessing a virtual Linux environment or similar, before continuing to compromise further organisations including Rockstar Games to leak that GTA 6 footage. He’s yet to be sentenced, but we’re guessing that he’ll continue to spend some time at His Majesty’s pleasure.

The moment of excitement in one’s hometown and the sensationalist reporting aside, we can’t help feeling sad that a teen with that level of talent evidently wasn’t given the support and encouragement by Oxfordshire’s education system necessary to put it to better use. Let’s hope when he’s older and wiser the teenage conviction won’t prevent him from having a useful career in the field.

Kitchen Steganography With Turmeric

August 26, 2023 by Al Williams 12 Comments

It is a classic rite of passage for nerdy kids to write secret messages using lemon juice. If you somehow missed that, you can’t see the writing until you heat the paper up with, say, an old-fashioned light bulb. If you were a true budding spy, you’d write a boring normal letter with wide spacing and then fill in the blanks between the lines with your important secrets written in juice. This is a form of steganography — encoding secret messages by hiding them in plain sight. [Randomona] shares a different technique that seems to be way cooler than lemon juice using, of all things, turmeric. This isn’t like the invisible ink of our childhood.

That’s probably a good thing. We doubt an LED bulb makes enough heat to develop our old secret messages. [Ranomona’s] ink doesn’t use heat, but it uses a developer. That means you must make two preparations: the ink and the developer. The results are amazing, though, as shown in the video below.

Continue reading “Kitchen Steganography With Turmeric” →

Impulse Buying A 3040 CNC Machine, What Could Go Wrong?

August 26, 2023 by Donald Papp 46 Comments

[joekutz] made an impulse purchase of a CNC machine. It was a 3040 CNC that looked reasonably complete and had an attractive price, what could possibly go wrong? As it happens, [joekutz] really didn’t know what he was in for. Sometimes the price is good, but you pay in other ways. But where some would see defeat, [joekutz] sees an opportunity to document the restoration.

Dial indicators are useful tools for measuring how straight some parts aren’t.

The 3040 are relatively cheap and simple CNC machines that have been available from a variety of overseas retailers for years. They have 30 cm by 40 cm beds (hence the name) and while there are many variations, they all work about the same. [joekutz] expected that getting his up and running and converted to open source would be a fun weekend project, but it ended up taking far longer than that. In fact, it turns out that the machine was damaged in surprising and unexpected ways.

[joekutz] has a series of videos demonstrating the process of diagnosing and repairing the various things wrong with this device. In the first video, he dismantles the machine and discusses the next steps. In the second video, he takes some time to repair some dial indicators that will be critical for measuring the various things wrong with the CNC parts. Video number three delves into finding out the horrible things wrong with the machine, and the fourth is where repairs begin, including bending shafts and sanding blocks back into service.

Those videos are embedded below, and while the machine isn’t quite restored yet, progress is promising. We’ve seen easy and effective upgrades for such CNC machines before, but if you happen to be in more of a repair and restore situation, give [joekutz]’s work a look because it might just save you some time and frustration.

Continue reading “Impulse Buying A 3040 CNC Machine, What Could Go Wrong?” →

How Do They Do That?

August 26, 2023 by Elliot Williams 20 Comments

Last week’s Chaos Communication Camp is kinda a big deal: 6,000 hackers all out in a field all need power, food, drink, networking, and of course, sewage in the middle of nowhere. Oh yeah, plus video services on multiple simultaneous stages, custom phone infrastructure, a postal service, and even a diesel train. How is that even possible to run with only volunteers? How do they even know how to run something this scale?

My wife asked me this question while we were driving up to Berlin, and the answer is of course the same as it is to “Excuse me, can you tell me how to get to Carnegie Hall?” Practice.

But it’s not just practice. It’s also passing down the lessons learned to the next generation, making procedures that are not 100% dependent on the people doing the jobs, but can be passed on to the next volunteer willing to pick up the torch.

And then I was interviewing [Jens Ohlig] and [Mitch Altman] about the early days of the second wave hackerspaces in America for the podcast. (Some great interviews – go check it out!) The central story there is essentially the same: the critical missing ingredient that lead to the blossoming of US hackerspaces was simply a set of instructions and design principles – drawing on the experience of established hackerspaces.

Sharing information is a fundamental cornerstone of the hacker ethic, and it gives the next hacker a leg up. Contributes to the global hive mind. And it makes things possible that would otherwise seem impossible. Pushing the hacker state-of-the-art is what Hackaday is all about, and we’re used to thinking of it in terms of a particular microcontroller library, but seeing how the same sharing makes impossible logistics possible was inspirational. Don’t be afraid to start small and iterate – and take good notes.

2023 Cyberdeck Challenge: KOAT0 Portable Terminal

August 26, 2023 by Jenny List 16 Comments

We’ve had cyberdecks as part of the scenery for long enough now that there are a series of common elements that appear across many different builds. The Raspberry Pi, for instance, or the mechanical keyboard, with a 3D printed body. [RobsonCuto]’s KOAT0 Portable Terminal has some of those in a particularly slim and neat design. The orange and grey color scheme is great really pops. Where this deck really shines though, is the display. He’s eschewed LCDs or OLEDs, even CRTs, and gone for an unusual choice in a dot-matrix VFD.

The VFD in question is commonly available on AliExpress where it appears to be used for displaying Chinese characters. It’s not an obvious choice for a cyberdeck, so once the tidy-looking case is complete the real challenge in this project becomes how to drive it from the Pi. To that end, he appears to have some kind of text output working but still needs to complete a framebuffer driver. We applaud the effort and we really like the display. We’re curious as to how its meager resolution might best be used in a Linux device.

All in all, this is a ‘deck we’d be happy to use ourselves if it were an option. We particularly like the on-the-arm style of use, and we’re pretty sure it’s the first time we’ve seen one of these displays on these pages.

Microsoft Discontinues Kinect, Again

August 26, 2023 by Donald Papp 17 Comments

The Kinect is a depth-sensing camera peripheral originally designed as a accessory for the Xbox gaming console, and it quickly found its way into hobbyist and research projects. After a second version, Microsoft abandoned the idea of using it as a motion sensor for gaming and it was discontinued. The technology did however end up evolving as a sensor into what eventually became the Azure Kinect DK (spelling out ‘developer kit’ presumably made the name too long.) Sadly, it also has now been discontinued.

The original Kinect was a pretty neat piece of hardware for the price, and a few years ago we noted that the newest version was considerably smaller and more capable. It had a depth sensor with selectable field of view for different applications, a high-resolution RGB video camera that integrated with the depth stream, integrated IMU and microphone array, and it worked to leverage machine learning for better processing and easy integration with Azure. It even provided a simple way to sync multiple units together for unified processing of a scene.

In many ways the Kinect gave us all a glimpse of the future because at the time, a depth-sensing camera with a synchronized video stream was just not a normal thing to get one’s hands on. It was also one of the first consumer hardware items to contain a microphone array, which allowed it to better record voices, localize them, and isolate them from other noise sources in a room. It led to many, many projects and we hope there are still more to come, because Microsoft might not be making them anymore, but they are licensing out the technology to companies who want to build similar devices.

Bypassing Bitlocker With A Logic Analzyer

August 25, 2023 by Dave Rowntree 27 Comments

Security Engineer [Guillaume Quéré] spends the day penetration testing systems for their employer and has pointed out and successfully exploited a rather obvious weakness in the BitLocker full volume encryption system, which as the linked article says, allows one to simply sniff the traffic between the discrete TPM chip and CPU via an SPI bus. The way Bitlocker works is to use a private key stored in the TPM chip to encrypt the full volume key that in turn was used to encrypt the volume data. This is all done by low-level device drivers in the Windows kernel and is transparent to the user.

TPM chip pins too small? Just find something else on the bus!

The whole point of BitLocker was to prevent access to data on the secured volume in the event of a physical device theft or loss. Simply pulling the drive and dropping it into a non-secured machine or some other adaptor would not provide any data without the key stored by the TPM. However, since that key must pass as plaintext from the TPM to the CPU during the boot sequence, [Guillaume] shows that it is quite straightforward — with very low-cost tools and free software — to simply locate and sniff out this TPM-to-CPU transaction and decode the datastream and locate the key. Using little more than a cheapo logic analyser hooked up to some conveniently large pins on a nearby flash chip (because the SCK, MISO, and MOSI pins are shared with the TPM) the simple TIS was decoded enough to lock onto the bytes of the TPM frame. This could then be decoded with a TPM stream decoder web app, courtesy of the TPM2-software community group. The command to look for is the TPM_CC.Unseal which is the request from the CPU to the TPM to send over that key we’re interested in. After that just grabbing and decoding the TPM response frame will immediately reveal the goods.

Continue reading “Bypassing Bitlocker With A Logic Analzyer” →