Barcodes That Hack Devices

February 17, 2016 by Elliot Williams 76 Comments

[virustracker] has been playing around with barcodes lately, and trying to use them as a vector to gain control of the system that’s reading them. It’s a promising attack — nobody expects a takeover via barcodes. The idea isn’t new, and in fact we’ve seen people trying to drop SQL attacks in barcodes long ago, but [virustracker] put a few different pieces together and came up with a viable attack.

The trick is that many POS terminals and barcode readers support command characters in their programming modes. Through use of these Advanced Data Formatting (ADF) modes, [virustracker] sends Windows-Key-r, and then cmd.exe, ftps a file down, and runs it. Whatever computer is on the other side of the barcode scanner has just been owned. ADF even supports a delay function to allow time for the command window to pop up before running the rest of the input.

The article details how they got their payload from requiring more than ten individual barcodes down to four. Still, it’s a suspicious-looking attack to try to pull off where other people (think cashiers) are looking. However, we have many automated machines in our everyday life that use barcodes. How many of these are vulnerable is an open question. [virustracker] suggests lottery machines, package-delivery automats, and even hospitals.

The defense is simple, and it’s the same as everywhere else: disable the debug and configuration modes in your production systems, and sanitize your input. Yes, even the barcodes.

Lego Gaming Computer Case

February 11, 2016 by Richard Baguley 37 Comments

Lego isn’t the first material that springs to mind when you think about building a new gaming computer case, but it does make sense when you think about it. It is easy to work with, can be easily reconfigured, and it’s pretty cheap. That’s the idea behind this very cool (no pun intended) gaming computer case build by [Mike Schropp]. Built around a Skylake i7 CPU and an NVidia 980 Ti graphics card, his build has an unusual X-shaped design that allows for plenty of airflow. The sides of the X hold the CPU cooler, the power supply, the hard drives and the graphics card cooler, so each of them has its own separate flow of cool air from the outside. That avoids the common problem of hot air from one component being passed over another, so it doesn’t get cooled properly. Critically for a gaming system, this design keeps all of the components much cooler than a more traditional case, which makes for more overclocking potential.

At the moment, [Mike] says he is struggling to keep up with the demand for people who want to buy custom versions of his build, but he is planning to release the details soon. “Initially that will probably be in the form of a DIY kit, where you can buy the plans with all the Lego bricks needed for the build, in a kit form” he told us. “Then you can add your own computer components to complete your build. At some point I’ll probably also just offer the plans themselves and allow the end-user to acquire the Lego bricks needed.”

Continue reading “Lego Gaming Computer Case” →

Calculator Built In Super Mario Level. Mamma Mia!

February 10, 2016 by Richard Baguley 19 Comments

Most people use the Super Mario Maker to, well, create Super Mario game levels. [Robin T] decided to try something a little different: building a working calculator. Several hundred hours later, he created the Cluttered Chaos Calculator, which definitely lives up to the name. What this Super Mario level contains is a 3-bit digital computer which can add two numbers between 0 and 7, all built from the various parts that the game offers. To use it, the player enters two numbers by jumping up in a grid, then they sit back and enjoy the ride as Mario is carried through the process, until it finally spits out the answer in a segment display.

It’s not going to be winning any supercomputer prizes, as it takes about two minutes to add the two digits. But it is still an incredibly impressive build, and shows what a dedicated hacker can do with a few simple tools and a spiny shell or two.

Continue reading “Calculator Built In Super Mario Level. Mamma Mia!” →

Thermaltake Gets On The 3D Printing Bandwagon

February 8, 2016 by Gerrit Coetzee 27 Comments

We’re interested by a move from Thermaltake, a manufacturer of computer cases, fans, and power supplies. Thermaltake has released a computer case designed to be modded by those with a 3D printer. They released a set of models that fits the new case. These are all hosted on a service much like Thingiverse. So if you want a single SSD or a whole rack, print the model. Watercooling? There’s a model for that. In concept, it’s very cool.

We’re not certain how to feel about this. Our initial impression was that if Thermaltake is going to launch a case around 3D printing, they should at lease tune their printer and get some nice prints before they take the press photos. On our second pass we became intrigued. Is this a manufacturer cutting costs, crowd-sourcing design and engineering talent for free, or empowering the user? Arguably, a computer case is a great test bed for this kind of interaction.

Despite out skepticism, we’d like to see more manufacturers take this kind of contributing interest in 3d printing. If only to see where it goes. What other products do you think would benefit from this kind of, print the product you actually want model?

Balancing D-Pad Gets You In The Game

February 6, 2016 by James Hobson 14 Comments

Inspired by TRON, [lasttraveler] decided to try his hand at building a Balance Board — basically a giant joystick pad you can stand on to control.

Constructed of solid wood, the switches are actually very simple — he’s just using tin foil to make the contacts. By opening up the sacrificial keyboard, he’s taken the up/down/left/right keys and wired the contacts directly to the four tin foil pads. A recess in the bottom of the board allows the rest of the keyboard to remain intact — in case he ever wants to take it apart again. Or add new buttons!

Wooden crossbeams in the shape of an X allow the board to balance in the middle without touching any of the contacts — but as soon as you lean the connections are made and you’re off to the races!

Now strap on a VR headset and play some TRON! Though if you want even more accurate control you might want to pick up a cheap Wii balance board instead.

[via r/DIY]

Flip Your Desktop Over To Boot Linux

February 1, 2016 by Gerrit Coetzee 27 Comments

[Andy France] built his computer into a Windows XP box. (Yes, this is from the past.) He needed to run windows most of the time, but it was nice to boot into Linux every now and then. That’s where the problem lay. If he was running Linux on his Windows XP case mod, he’d get made fun of. The only solution was to make a Linux sleeve for his computer. He would slide the sleeve over the case whenever he ran Linux, and hide his shame from wandering eyes. Once his plan was fully formed, he went an extra step and modified the computer so that if the sleeve was on, it would automatically boot Linux, and if it was off it would boot Windows.

The Linux sleeve could only slide on if the computer was flipped upside down. So he needed to detect when it was in this state. To do this he wired a switch into one of the com ports of his computer, and attached it to the top of the case mod. He modified the assembly code in the MBR to read the state of the switch. When the Linux sleeve is on (and therefore the computer is flipped over) it boots Linux. When the sleeve is off, Windows. Neat. It would be cool to put a small computer in a cube and have it boot different operating systems with this trick. Or maybe a computer that boots into guest mode in one orientation, and the full system in another.

Continue reading “Flip Your Desktop Over To Boot Linux” →

Fingerprint Scanner For Laptop And Raspberry Pi (or Giving The Finger To Your Computer)

January 29, 2016 by Rud Merriam 28 Comments

We’ve got two hacks in one from [Serge Rabyking] on fingerprint scanning. Just before leaving on a trip he bought a laptop on the cheap. He didn’t pay much attention to the features and was disappointed it didn’t have a fingerprint scanner. Working in Linux he uses sudo a lot and typing the password is a hassle. Previously he just swiped his finger on the scanner and execution continued.

He found a cheap replacement fingerprint scanner on hacker’s heaven, also known as eBay. It had four wires attached to a 16 pin connector. Investigation on the scanner end showed the outer pair were power and ground which made [Serge] suspect it was a USB device. Wiring up a USB connector and trying it the device was recognized but with a lot of errors. He swapped the signal lines and everything was perfect. He had sudo at his finger tip.

Next he wonder if it would work with a Raspberry Pi. He installed the necessary fingerprint scanning software, ran the enrollment for a finger, and it, not terribly surprisingly, worked.

On Linux the command fprintd-enroll reads and stores the fingerprint information. By default it scans and saves the right index finger but all ten fingers can be scanned and stored. Use libpam-fprintd to enable account login using a finger. Anyone know how you can trigger other events using a different finger? A quick search didn’t turn up any results.

In true hacker style, [Serge] created his own fingerprint reader from a replacement part. But you can jump start your finger usage by purchasing one of many inexpensive available readers.