This Week In Security: ACME.sh, Leaking LEDs, And Android Apps

June 16, 2023 by 3 Comments

Let’s Encrypt has made an enormous difference to the landscape of the web. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. This pseudo-CA only supports acme.sh, and now we know why. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. Oof.

The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. So, just a good community member offering a service that ACME doesn’t quite support, right?

Well, maybe not so innocent. The way it appears this works, is that the end user sends a certificate request to HiCA. HiCA takes that information, and initiates a certificate request off to SSL.com. SSL.com sends back a challenge, and HiCA embeds that challenge in the RCE and sends it to the end user. The end user’s machine triggers the RCE, which pushes the challenge token to the well-known location, and bypasses the ACME protection against exactly this sort of CA-in-the-middle situation.

The last piece of the authentication process is that the signing server reaches out over HTTP to the domain being signed, and looks for the token to be there. Once found, it sends the signed certificates to HiCA, who then forward them on to the end user. And that’s the problem. HiCA has access to the key of every SSL cert they handled. This doesn’t allow encryption, but these keys could be used to impersonate or even launch MitM attacks against those domains. There’s no evidence that HiCA was actually capturing or using those keys, but this company was abusing an RCE to put itself in the position to have that ability.

The takeaway is twofold. First, as an end user, only use reputable CAs. And second, ACME clients need to be hardened against potentially malicious CAs. The fact that HiCA only supported the one ACME client was what led to this discovery, and should have been a warning flag to anyone using the service. Continue reading “This Week In Security: ACME.sh, Leaking LEDs, And Android Apps”

Persistence Pays In TI-99/4A Cassette Tape Data Recovery

June 16, 2023 by 11 Comments

In the three or four decades since storing programs on audio cassettes has been relevant, a lot of irreplaceable personal computing history has been lost to the ravages of time and the sub-optimal conditions in the attics and basements where tapes have been stored. Luckily, over that time we’ve developed a lot of tools and techniques that might make it possible to recover some of these ancient treasures. But as [Noel] shows us, recovering data from cassette tapes is a tricky business.

His case study for the video below is a tape from a TI-99/4A that won’t load. A quick look in Audacity at the audio waveform seems to show the problem — an area of severely attenuated signal. Unfortunately, no amount of boosting and filtering did the trick, so [Noel] had to dig a bit deeper. It turns out that the TI tape interface standard, with its redundant data structure, was somewhat to blame for the inability to read this particular tape. As [Noel] explains, each 64-bit data record is recorded to tape twice, along with a header and a checksum. If neither record decodes correctly, then tape playback just stops.

Luckily, someone who had already run into this problem spun up a Windows program to help. CS1er — our guess would be “Ceaser” — takes WAV file input and loads each record, simply flagging the bad ones instead of just bailing out. [Noel] used the program to analyze multiple recordings of the same data and eventually got enough good records to reassemble the original program, a game called Dogfight — or was it Gogfight? Either way, he managed to get most of the data off the tape, and since it was a BASIC program, it was pretty easy to figure out the missing bytes by inspection.

[Noel]’s experience will no doubt be music to the ears of the TI aficionados out there. Of which we’ve seen plenty, from the TI-99 demoscene to running Java on one, and whatever this magnificent thing is.

Continue reading “Persistence Pays In TI-99/4A Cassette Tape Data Recovery”

These Illusions Celebrate Exploiting Human Senses

June 16, 2023 by 7 Comments

Illusions are perceptual experiences that do not match physical reality, and the 2023 Illusion of the Year contest produced a variety of nifty ones that are worth checking out. A video for each is embedded below the break, but we’ll briefly explain each as well.

Some of the visual illusions play with perspective. One such example happens to be the contest winner: Platform 9 3/4 has a LEGO car appear to drive directly through a wall. It happens so quickly it’s difficult to say what happened at all!

Another good one is the Tower of Cubes, which appears as two stacks of normal-looking hollow cubes, but some of the cubes are in fact truly bizarre shapes when seen from the side. This is a bit reminiscent of the ambiguous cylinder illusion by Japanese mathematician and artist [Kokichi Sugihara].

Cornelia is representative of the hollow face illusion, in which a concave face is perceived as a normal convex one. (Interestingly this illusion is used to help diagnose schizophrenia, as sufferers overwhelmingly fail to perceive the illusion.)

The Accelerando Illusion is similar to (but differs from) an auditory effect known as the Risset Rhythm by composer Jean-Claude Risset. It exploits ambiguities in sound to create a dense musical arrangement that sounds as though it is constantly increasing in tempo.

The Buddha’s Ear Illusion creates the illusion of feeling as though one’s earlobe is being stretched out to an absurd length, and brings to mind the broader concept of body transfer illusion.

While it didn’t appear into the contest, we just can’t resist bringing up the Thermal Grill Illusion, in which one perceives a painful burning sensation from touching a set of alternating hot and cold elements. Even though the temperatures of the individual elements are actually quite mild, the temperature differential plays strange tricks on perception.

A video of each of the contest’s entries is embedded below, and they all explain exactly what’s going on for each one, so take a few minutes and give them a watch. Do you have a favorite illusion of your own? Share it in the comments!

Continue reading “These Illusions Celebrate Exploiting Human Senses”

Hack Club OnBoard

Hack Club Grants Encourage Open Source PCB Designs By Teens

June 15, 2023 by 6 Comments

[Hack Club] is a nonprofit network of coder and maker clubs for teenage high school students around the world. With an impressive reach boasting clubs in about 400 schools, they serve approximately 10,000 students. Their OnBoard program asserts, “Circuit boards are magical. You design one, we’ll print it!”

Any teenage high school student can apply for a [Hack Club] OnBoard Grant to have their Printed Circuit Board design fabricated into real hardware.  The process starts by designing a PCB using any tool that can generate Gerber files. The student then publishes their design on GitHub and submits the Gerber files to a PCB manufacturer.

A screenshot from the board house showing the completed design upload and production cost is the main requirement of the grant application.  If approved, the grant provides up to $100 to cover PCB manufacturing costs.

OnBoard encourages collaboration, community, and friends. Designers can share their projects and progress with [Hack Club] teens around the world. Those who are working on, or have completed, their own circuit board designs can share support and encouragement with their peers.

Example hardware projects from [Hack Club] include Sprig, an open-source handheld game console based on the Raspberry Pi Pico microcontroller.  Teen makers can explore the example OnBoard projects and then it’s… three, two, one, go!

The Fake Moon Landing Quarantine

June 15, 2023 by 43 Comments

We aren’t much into theories denying the moon landing around here, but [Dagomar Degroot], an associate professor at Georgetown University, asserts that the Apollo 11 quarantine efforts were bogus. Realistically, we think today that the chance of infection from the moon, of all places, is low. So claiming it was successful is like paying for a service that prevents elephants from falling through your chimney. Sure, it worked — there hasn’t been a single elephant!

According to [Degroot], the priority was to protect the astronauts and the mission, and most of the engineering money and effort went towards that risk reduction. The — admittedly low — danger of some alien plague wiping out life on Earth wasn’t given the same priority.

Continue reading “The Fake Moon Landing Quarantine”

Ferrofluid Drum Synth Dances To The Beat

June 15, 2023 by 17 Comments

[Love Hultén]’s work often incorporates reactive sound elements, and his Ferrofluid drum synth is no exception. Sadly there are no real build details but have no fear: we’ve gathered plenty of DIY insights when it comes to ferrofluid-based projects.

Ferrofluid isn’t easy to work with, but there are plenty of DIY resources to make things easier.

First of all, ferrofluid is shockingly expensive stuff. But if you can get your hands on some old VHS tapes and acetone, you can make your own. Second, working with ferrofluid to make reactive elements is harder than it may look. Particularly, making the stuff dance to sound beats isn’t as simple as putting a container of the stuff in front of a speaker coil, but people have discovered a few ways that work more reliably than others.

[Love Hultén]’s drum synth was inspired by this custom Bluetooth speaker with dancing ferrofluid by [Dakd Jung], which drives an electromagnetic coil with frequencies selected from the audio with an MSGEQ7 equalizer. That way, only frequencies that work best for moving the fluid in interesting ways get used for the visualization. The MSGEQ7 spectrum analyzer chip is very useful for music-driven projects, as demonstrated by these sound-reactive LED shades which illustrate the audio element nicely.

The coils that create the electromagnetic field causing ferrofluid to move can take different forms, but two very interesting ones are this 12-layer PCB coil and for more intricate displays, there’s a 12×21 coil array that creates a dot-matrix-like display.

We have one last tip to share about enclosures. Some readers may have noticed that this drum synth project is housed in what looks like a piece of painted lumber. Wood is certainly a versatile material for making custom shapes, and for lettering and labels it turns out that toner transfer works just as well on wood as it does for making custom PCBs.

Continue reading “Ferrofluid Drum Synth Dances To The Beat”

Retrotechtacular: Circuit Potting, And PCBs The Hard Way

June 15, 2023 by 8 Comments

There was a time when the very idea of building a complex circuit with the intention of destroying it would have been anathema to any electrical engineer. The work put into designing a circuit, procuring the components, and assembling it, generally with point-to-point wiring and an extravagant amount of manual labor, only to blow it up? Heresy!

But, such are the demands of national defense, and as weapons morphed into “weapon systems” after World War II, the need arose for electronics that were not only cheap enough to blow up but also tough enough to survive the often rough ride before the final bang. The short film below, simply titled Potted and Printed Circuits, details the state of the art in miniaturization and modularization of electronics, circa 1952. It was produced by the Telecommunications Research Establishment (TRE), the main electronics R&D entity in the UK during the war which was responsible for inventions such as radar, radio navigation, and jamming technology.

Continue reading “Retrotechtacular: Circuit Potting, And PCBs The Hard Way”