This Week In Security: Tegra Bootjacking, Leaking SSH, And StrandHogg

December 6, 2019 by Jonathan Bennett 9 Comments

CVE-2019-5700 is a vulnerability in the Nvidia Tegra bootloader, discovered by [Ryan Grachek], and breaking first here at Hackaday. To understand the vulnerability, one first has to understand a bit about the Tegra boot process. When the device is powered on, a irom firmware loads the next stage of the boot process from the device’s flash memory, and validates the signature on that binary. As an aside, we’ve covered a similar vulnerability in that irom code called selfblow.

On Tegra T4 devices, irom loads a single bootloader.bin, which in turn boots the system image. The K1 boot stack uses an additional bootloader stage, nvtboot, which loads the secure OS kernel before handing control to bootloader.bin. Later devices add additional stages, but that isn’t important for understanding this. The vulnerability uses an Android boot image, and the magic happens in the header. Part of this boot image is an optional second stage bootloader, which is very rarely used in practice. The header of this boot image specifies the size in bytes of each element, as well as what memory location to load that element to. What [Ryan] realized is that while it’s usually ignored, the information about the second stage bootloader is honored by the official Nvidia bootloader.bin, but neither the size nor memory location are sanity checked. The images are copied to their final position before the cryptographic verification happens. As a result, an Android image can overwrite the running bootloader code. Continue reading “This Week In Security: Tegra Bootjacking, Leaking SSH, And StrandHogg” →

Updating To Windows 10 For Fun And Profit: Make Those OEM Keys Go Further

December 5, 2019 by Jonathan Bennett 215 Comments

Microsoft seems to have an every-other-version curse. We’re not sure how much of this is confirmation bias, but consider the track record of releases. Windows 95 was game-changing, Windows 98 famously crashed during live demo. Windows 2000 was amazing, Windows ME has been nicknamed the “Mistake Edition”. XP was the workhorse of the world for years and years, and Vista was… well, it was Vista. Windows 7 is the current reigning champion of desktop installs, and Windows 8 was the version that put a touchscreen interface on desktops. The “curse” is probably an example of finding patterns just because we’re looking for them, but the stats do show a large crowd clinging to Windows 7.

Windows 10 made a name for itself by automatically installing itself on Windows 7 and Windows 8 computers, much to the annoyance of many unexpecting “victims” of that free upgrade. Several years have gone by, Windows 10 has gotten better, and support for Windows 7 ends in January. If you’re tied to the Windows ecosystem, it’s time to upgrade to Windows 10. It’s too bad you missed out on the free upgrade to Windows 10, right?

About that… It’s probably an unintended side effect, but all valid Windows 7 and Windows 8 keys are also valid Windows 10 keys. Activation is potentially another issue, but we’ll get to that later.

Continue reading “Updating To Windows 10 For Fun And Profit: Make Those OEM Keys Go Further” →

Line Printer Does Its Best Teletype Impression

December 3, 2019 by Tom Nardi 22 Comments

Back in the early days of computing, user terminals utilized line printers for output. Naturally this took an incredible amount of paper, but it came with the advantage of creating a hard copy of everything you did. Plus it was easy to annotate the terminal output with nothing more exotic than a ballpoint pen. But once CRT displays became more common, these paper terminals (also known as teleprinters, or teletypes) quickly fell out of style.

A fan of nostalgic hacks, [Drew DeVault] recently tried to recreate the old-school teletype experience with (somewhat) more modern hardware. He picked up an Epson LX-350 line printer, and with a relatively small amount of custom code, he was able to create a fairly close approximation of what it would have been like to use one of these terminals. He’s published all the source code, so if you’ve got an old line printer and a Linux box, you too can learn what it was like to measure your work day in reams of paper.

This is made possible by the fact that the modern Linux virtual terminal is simply a userspace emulation of those physical terminals of yore. [Drew] just need to write some code that would essentially spawn a shell on the Linux USB line printer device, plus sprinkle in some quality of life improvements such as using Epson’s proprietary ANSI escape sequences to feed the paper out far enough so the user can see what it says before pulling it back in to write the next interactive line.

Of course, the experience isn’t perfect as the printer naturally doesn’t have a keyboard attached to it. If you’re looking for something a bit more authentic, you could always convert an old electric typewriter into a modern-ish teletype.

A Python Serial Terminal To Get You Out Of A Jam

November 28, 2019 by Tom Nardi 21 Comments

When fiddling around with old computers, you can occasionally find yourself in a sticky situation. What may be a simple task with today’s hardware and software can be nearly impossible given the limited resources available to machines with 20 or 30 years on the clock. That’s where [bison] recently found himself when he needed to configure a device over serial, but didn’t have any way of installing the appropriate terminal emulator on his Fujitsu Lifebook C34S.

His solution, since he had Python 2.6 installed on the Debian 6 machine, was to write his own minimal serial terminal emulator. He intended for the code to be as terse as possible so it could be quickly typed in, should anyone else ever find themselves in need of talking to a serial device on Linux but can’t get screen or minicom installed.

The code is very simple, and even if you never find yourself needing to fire up an impromptu terminal, it offers an interesting example of how straightforward serial communications really are. The code opens up the /dev/ttyS0 device for reading, and after appending the appropriate return character, pushes the user’s keyboard input into it. Keep looping around, and you’ve got yourself an interactive terminal.

With this program written, [bison] was able to connect the 266 MHz C34S to his Retro WiFi SI, a modem adapter that bridges the gap between a vintage computer and modern wireless network. Gadgets like these allow you to browse BBSes as the creator intended, and can be fashioned with nothing more exotic than an ESP8266 running some open source code.

The Golden Age Of Ever-Changing Computer Architecture

November 27, 2019 by Sharon Lin 32 Comments

Given the accuracy of Moore’s Law to the development of integrated circuits over the years, one would think that our present day period is no different from the past decades in terms of computer architecture design. However, during the 2017 ACM Turing Award acceptance speech, John L. Hennessy and David A. Patterson described the present as the “golden age of computer architecture”.

Compared to the early days of MS-DOS, when designing user- and kernel-space interactions was still an experiment in the works, it certainly feels like we’re no longer in the infancy of the field. Yet, as the pressure mounts for companies to acquire more computational resources for running expensive machine learning algorithms on massive swaths of data, smart computer architecture design may be just what the industry needs.

Moore’s law predicts the doubling of transistors in an IC, it doesn’t predict the path that IC design will take. When that observation was made in 1965 it was difficult or even impossible to envision where we are today, with tools and processes so closely linked and widely available that the way we conceive processor design is itself multiplying.

Continue reading “The Golden Age Of Ever-Changing Computer Architecture” →

This Week In Security: More WhatsApp, Nextcry, Hover To Crash, And Android Permissions Bypass

November 22, 2019 by Jonathan Bennett 7 Comments

There is another WhatsApp flaw, but instead of malicious GIFs, this time it’s malicious mp4 files. Facebook announced the vulnerability late last week. An update has been released, so first go make sure WhatsApp is updated. Facebook’s advisory is a bit light on the details, simply saying that a “stack-based buffer overflow” was possible as a result of “parsing the elementary stream metadata of an mp4 file”.

Shortly after the bug was announced, a GitHub repository popped up, with a claimed proof-of-concept mp4 file for CVE-2019-11931. (Thanks to [justtransit] on Reddit for the link.) I can’t easily test the PoC file, but we can take a look at it to see what the vulnerability is. What tools do we need to take a look? A hex editor is a good start. I’m using GHex, simply because it was available and easily installed on Fedora. Continue reading “This Week In Security: More WhatsApp, Nextcry, Hover To Crash, And Android Permissions Bypass” →

Building A Front Panel For The RC2014 Computer

November 21, 2019 by Tom Nardi 6 Comments

The RC2014 is a slick Z80 computer kit that’s graced these pages a number of times in the past. It allows anyone with a soldering iron and a USB-to-serial adapter to experience the thrill of early 1980s desktop computing. But what if you’re looking for an even more vintage experience? In that case, this custom RC2014 front panel from [James Stanley] might be just the thing to scratch that Altair itch.

The front panel allows you to view and alter the contents of memory with nothing more complex than toggle switches and LEDs, just like on the early microcomputers of the 1970s. If you’ve ever wanted to learn how a computer works on the most basic level, single-stepping through instructions and reading them out in binary is a great way to do it.

[James] says he was inspired to take on this project after reading a 1978 issue of Kilobaud Magazine (as one does), and seeing an article about building a homebrew Z80 machine with a front panel. Obviously he had to modify the approach a bit to mate up with this relatively modern variation on the venerable CPU, but the idea was essentially the same.

His documentation for the project is sure to be fascinating for anyone enamored with those iconic computers of yesteryear, but even readers with more modern sensibilities will likely find some interesting details. The way [James] coaxes the data and various status states out of the kit computer takes up the bulk of the write-up, but afterwards he talks about how he designed the PCB and wraps up with his tips for creating a professional looking front panel.

This isn’t the first time we’ve seen a modern Z80 computer kitted out with blinkenlights, but it’s certainly one of the most professional looking. If you combine the RC2014 kits available on Tindie with the details provided by [James], you’ll soon be learning the fine art of programming a computer with toggle switches.

Continue reading “Building A Front Panel For The RC2014 Computer” →