This Week In Security: TPM And BootGuard, Drones, And Coverups

May 12, 2023 by 17 Comments

Full disk encryption is the go-to solution for hardening a laptop against the worst-case scenario of physical access. One way that encryption can be managed is through a Trusted Platform Module (TPM), a chip on the motherboard that manages the disk encryption key, and only hands it over for boot after the user has authenticated. We’ve seen some clever tricks deployed against these discrete TPMs, like sniffing the data going over the physical traces. So in theory, an integrated TPM might be more secure. Such a technique does exist, going by the name fTPM, or firmware TPM. It uses a Trusted Execution Environment, a TEE, to store and run the TPM code. And there’s another clever attack against that concept (PDF).

It’s chip glitching via a voltage fault. This particular attack works against AMD processors, and the voltage fault is triggered by injecting commands into the Serial Voltage Identification Interface 2.0 (SVI2). Dropping the voltage momentarily to the AMD Secure Processor (AMD-SP) can cause a key verification step to succeed even against an untrusted key, bypassing the need for an AMD Root Key (ARK) signed board firmware. That’s not a simple process, and pulling it off takes about $200 of gear, and about 3 hours. This exposes the CPU-unique seed, the board NVRAM, and all the protected TPM objects.

So how bad is this in the real world? If your disk encryption only relies on an fTPM, it’s pretty bad. The attack exposes that key and breaks encryption. For something like BitLocker that can also use a PIN, it’s a bit better, though to really offer more resistance, that needs to be a really long PIN: a 10 digit PIN falls to a GPU in just 4 minutes, in this scenario where it can be attacked offline. There is an obscure way to enable an “enhanced PIN”, a password, which makes that offline attack impractical with a secure password.

And if hardware glitching a computer seems to complicated, why not just use the leaked MSI keys? Now to be fair, this only seems to allow a bypass of Intel’s BootGuard, but it’s still a blow. MSI suffered a ransomware-style breach in March, but rather than encrypt data, the attackers simply threatened to release the copied data to the world. MSI apparently refused to pay up, and source code and signing keys are now floating in the dark corners of the Internet. There have been suggestions that this leak impacts the entire line of Intel processors, but it seems likely that MSI only had their own signing keys to lose. But that’s plenty bad, given the lack of a revocation system or automatic update procedure for MSI firmware. Continue reading “This Week In Security: TPM And BootGuard, Drones, And Coverups”

Tricorder Tutorial Isn’t Just For Starfleet Cadets

May 12, 2023 by 30 Comments

For many of us, the most difficult aspect of a project comes when it’s time to document the thing. Did you take enough pictures? Did you remember all the little details that it took to put it together? Should you explain those handful of oddball quirks, even though you’re probably the only person in the world that knows how to trigger them?

Well, we can’t speak to how difficult it was for [Mangy_Dog] to put together this training video for his incredible Star Trek: Voyager tricorder replica, but we certainly approve of the final product. Presented with a faux-VHS intro that makes it feel like something that would have been shown to cast members during the legendary run the franchise had in the 1990s, the video covers the use and operation of this phenomenal prop in exquisite detail.

Replaceable batteries are standard again in the 2370s.

Now to be fair, [Mangy_Dog] has sold a few of his replicas to other Trek aficionados, and we’re willing to bet they went for a pretty penny. As such, maybe it’s not a huge surprise he’d need to put together a comprehensive guide on how to operate the device’s varied functions. Had this been a personal project there wouldn’t have been the need to record such a detailed walk-through of how it all works — so in that regard, we’re fortunate.

One of the most interesting things demonstrated in this video is how well [Mangy_Dog] managed to implement mundane features such as brightness and volume control without compromising the look of the prop itself. Rather than adding some incongruous switches or sliders, holding down various touch-sensitive buttons on the device brings up hidden menus that let you adjust system parameters. The project was impressive enough from the existing images and videos, but seeing just how deep the attention to detail goes is really a treat.

Previously we took a look at some of the work that [Mangy_Dog] has put into these gorgeous props, which (unsurprisingly) have taken years to develop. While they might not be able to contact an orbiting starship or diagnose somebody’s illness from across the room, it’s probably fair to say these are the most realistic tricorders ever produced — officially or otherwise.

Continue reading “Tricorder Tutorial Isn’t Just For Starfleet Cadets”

Laser Projector Built From An Old Hard Drive

May 12, 2023 by 41 Comments

Spinning hard drives are being phased out of most consumer-grade computers in favor of faster technology like solid-state drives and their various interfaces. But there’s still millions of them in circulation that will eventually get pulled from service — so what do we do with them? If you’ve got one that would otherwise be going in the garbage, they can be turned into some other interesting devices like this laser text projector.

Even the slowest drives spin at around 5000 RPM, which is perfect for this type of application. The device works by mounting twelve mirrors, each at a slightly different angle, on a drum which is spun by the drive’s motor. Bouncing a laser off of the spinning drum results in a projection of twelve horizontal lines. By rapidly switching the laser on and off depending on which mirror it’s pointing at, the length of each line can be controlled.

Thanks to persistence of vision, that allows you to show text on the surface that the laser is projected on. At speeds this high, it took [Ben] of Ben Makes Everything quite a few iterations to get it to a usable space. From sensors that were too slow to lasers not bright enough to 3D prints that were not accurate enough, he goes through the design of his build and the process in excellent detail.

After solving all of the problems including building his own constant-current laser power supply, and burning up a few laser diodes in the process, [Ben] has a laser projector capable of displaying readable text at a great distance which is also portable, running on a 12 V power supply. There are some possible areas of improvement that he notes as well, such as an unbalanced 3D printed part causing a bit of a wobble and the Arduino controller not being fast enough for more text. But it’s an impressive project nonetheless, similar to a two-mirror version we saw some time ago but with the ability to display text as well.

Continue reading “Laser Projector Built From An Old Hard Drive”

A 4-Player Arcade Hidden Inside A Coffee Table

May 11, 2023 by 3 Comments

[Ed] from 50% Awesome on YouTube wanted to build a retro gaming system with a decent screen size, but doesn’t have a great deal of space to site it in, so a good compromise was to make a piece of useful furniture and hide all the fun parts inside.

Building an arcade machine usually involves a lot of wiring

This video two-part build log shows a lot of woodwork, with a lot of mistakes (happy accidents, that are totally fine) made along the way, so you do need to repeat them. Essentially it’s a simple maple-veneered plywood box, with a thick lid section hosting the display and some repositioned speakers. This display is taken from a standard LG TV with the control PCB ripped out. The power button/IR PCB was prised out of the bezel, to be relocated, as were the two downwards-facing speakers. The whole collection of parts was attached to a front panel, with copious hot glue, we just hope the heavy TV panel was firmly held in there by other means!

Continue reading “A 4-Player Arcade Hidden Inside A Coffee Table”

Reverse Engineering An Oil Burner Comms Board, With A Few Lucky Breaks

May 11, 2023 by 3 Comments

Here’s a question for you: How do you reverse engineer a circuit when you don’t even have it in hand? It’s an interesting problem, and it adds a level of difficulty to the already iffy proposition that reverse engineering generally presents. And yet, not only did [themole] find a way to replicate a comms board for his oil burner, he extended and enhanced the circuit for integration into his home automation network.

By way of backstory, [themole] has a wonky Buderus oil burner, which occasionally goes into safety mode and shuts down. With one too many cold showers as a result, he looked for ways to communicate with the burner controller. Luckily, Buderus sells just the thing — a serial port module that plugs into a spare slot in the controller. Unluckily, the board costs a bundle, and that’s even if you can find it. So armed with nothing but photos of the front and back of the board, the finding of which was a true stroke of luck, he set about figuring out the circuit.

With only a dozen components or so and a couple of connectors, the OEM board gave up its secrets pretty easily; it’s really just a level shifter to make the boiler talk RS-232. But that’s a little passé these days, and [the78mole] was more interested in a WiFi connection. So his version of the card includes an ESP32 module, which handles wireless duties as well as the logic needed to talk to the burner using the Buderus proprietary protocol. The module plugs right into the burner controller and connects it to ESPHome, so no more cold showers for [themole].

We thought this one was pretty cool, especially the way [themole] used the online photos of the board to not only trace the circuit but to get accurate — mostly — measurements of the board using an online measuring tool. That’s a tip we’ll keep in our back pocket.

Thanks to [Jieffe] for the tip.

Converting On-Grid Electronics To Off-Grid

May 11, 2023 by 54 Comments

Husband and wife team [Jason & Kara] hail from Canada, and in 2018, after building their own camper, sold up their remaining earthly goods and headed south. If you’re not aware of them, they documented their journey on their YouTube channel, showing many interesting skills and hacks along the way. The video we’re highlighting today shows a myriad of ways to power all the DC-consuming gadgets this they lug along with them.

LiFePO4 batteries are far superior to lead acid for mobile solar installations.

Their heavily modded F-550 truck houses 12kWh of LiFePO4 batteries and a 1.5kW retractable solar array, with a hefty inverter generating the needed AC power. They weren’t too happy with the conversion losses from piles of wall warts that all drained a little power, knowing that the inverter that fed them was also not 100% efficient. For example, a typical laptop power brick gets really hot in a short time, and that heat is waste. They decided to run as much as possible direct from the battery bank, through different DC-DC converter modules in an attempt to streamline the losses a little. Obviously, these are also not 100%

Home, sorry, truck automation system

efficient, but keeping the load off the inverter (and thus reducing dependency upon it, in the event of another failure) should help stem the losses a little. After all as [Jason] says, Watts saved are Watts earned, and all the little lossy loads add up to a considerable parasitic drain.

One illustration of this is their Starlink satellite internet system consumes about 60W when running from the inverter, but only 28W when running direct from DC. Over the course of 24 hours, that’s not far off 1kWh of savings, and if the sun isn’t shining, then that 12kWh battery isn’t going to stretch as far.

There are far too many hacks, tips, and illustrations of neat space and power-saving solutions everywhere, to write here. Those interested in self-build campers or hacking a commercial unit may pick up a trick or two.

Continue reading “Converting On-Grid Electronics To Off-Grid”

FNIRSI Vs Rigol: An Alternate View

May 11, 2023 by 31 Comments

We’ve heard of the FNIRSI 1014D scope, but we’ve had the impression that it might not be a great scope, although it is economical. [Learn Electronics Repair] had heard from another YouTuber that it was “a piece of junk.” However, he wanted to look at it compared to another inexpensive scope, the Rigol DS1052E. His results were different from what we usually hear. To be clear, he didn’t think it was a perfect scope, but he did find it very usable for his purpose.

The 46-minute-long video does more than just a casual look. He uses both scopes in some real-world measurements. If you are in the market for a scope in this price range, it is worth the time to watch.

Continue reading “FNIRSI Vs Rigol: An Alternate View”