computer hacks

1323 Articles

computer hacks

Windows 3.1 Screensavers, Now On Twitter

September 23, 2019 by 14 Comments

Back in the early dawn of the GUI age, cathode ray tubes were the dominant display technology for the personal computer. In order to avoid burn-in of static display elements, screensavers were devised to help prevent this problem. Out of love for the software of yesteryear, [Greg Kennedy] has put together a bot that posts Windows 3.1 screensavers on Twitter.

A Perl script runs the show in this case. Screensavers are packed into “units”, which are loaded by the script. A basic Windows 3.1 environment is then configured, and loaded into a specially patched DOSBOX that allows automated demo recording in a headless environment. Once up and running, video is recorded of the desktop and subsequent triggering of the screensaver. After a couple of minutes, the recording is stopped, and FFMPEG is used to transcode the video into a Twitter-suitable format. It’s then a simple job of Tweeting the video using the standard API.

It’s a fun project that makes sharing old screensavers easy. Be sure to check out the Twitter feed @dot_scr. If you’re addicted to the vintage aesthetic, try this Apple ][ screensaver hack on your Linux boxen. Video after the break.

Continue reading “Windows 3.1 Screensavers, Now On Twitter”

An Arduino Enhances This 7400 CPU

September 22, 2019 by 10 Comments

How quickly could you make an entire computer from 74 series logic, from scratch? [Richard Grafton had only 30 days until the UK’s Retro Computer Festival and set out to design and build his Cambridge-1 computer in that time. The result is a machine spread across several breadboards, with neatly placed wiring and unexpectedly an Arduino Micro sitting in the corner. Isn’t the little Italian board a cheat? Not so, he says, because instead of being part of the computer itself it serves as a program loader to make putting software onto the machine from a PC as easy as possible.

The machine itself is simple enough, a 4-bit design with 8-bit data and address busses. There are only 16 instructions, and the clock speed is a relatively pedestrian 40Hz. This does, however, allow the many blinkenlights to show the machine’s state in a more visible manner. There’s a video which we’ve placed below the break, and if you have further questions you might like to look at the GitHub repository.

We like the Cambridge-1, and we see no problem with the Arduino being part of it. It doesn’t take away from the 74-driven nature of the machine. Instead, it enhances the usefulness of the device by facilitating coding on it. We’ve had huge quantities of TTL computers here over the years so it’s difficult to pick one to send you towards, however you may want to consider the 7400 as the original in the series.

Continue reading “An Arduino Enhances This 7400 CPU”

Upping The Story-Telling Game With Dialog And The Å-Machine

September 16, 2019 by 5 Comments

During the decades since Infocom released their interactive story game Zork to world-wide acclaim for microcomputers, the genre of interactive fiction (IF) is still immensely popular, with a surprising number of modern IF works targeting Infocom’s original Z-Machine runtime for 8-bit micocomputers. We’ve seen a number of improved runtimes and languages for the platform over the years, with [Linus Åkesson]’s Dialog language a newcomer.

Covering the technical details about the language in this thread at IntFiction, the interesting aspect about this language is that while it has a compiler that compiles it to Z-code for the Z-Machine, [Linus] has also implemented a new runtime, called the ‘Å-Machine‘, since ‘Å’ follows ‘Z’ in the alphabet (if you’re Swedish, that is). This runtime should allow for larger stories and other features that make better use of more resources, while still allowing smaller stories to work on old hardware. Unfortunately the only Å-Machine implementation at this point is written in JavaScript, which is not known to work particularly well on Commodore 64 or even Amiga 500 systems.

As for Dialog itself, its documentation provides a detailed overview of the language’s capabilities, which claims to be inspired by both Inform 7 and Prolog. Its goals are to be easy to follow, with a minimal number of language concepts, and high performance. As the documentation notes, many Z-Machine based stories exist today that are unplayable on vintage hardware due to lack of optimization.

We covered Zork and the Z-Machine a while ago in some detail. We think it’s great to see that there’s still so much interest in the platform. Maybe someone will write an Å-Machine implementation for a Commodore or MSX system one of these days to see how it compares to Infocom’s Z-Machine. Here’s to another few decades of the Zork-legacy.

Atomic Pi Gets A 3D-Printed Mac Makeover

September 15, 2019 by 6 Comments

The Atomic Pi is a pretty impressive piece of kit for the price, but it’s not exactly a turn-key kind of product. Even to a greater extent than what you might normally expect with a “dev” board like this, the user is responsible for putting together the rest of the pieces required to actually utilize it. But with this design by [Renri Nakano], you can turn the Atomic Pi into something that’s dangerously close to being a practical computer, and a trendy one at that.

Inspired by the 2019 Apple Mac Pro “Cheese Grater”, this 3D printable enclosure for the Atomic Pi is equal parts form and function. It integrates the necessary power supply to get things up and running without the need for the official breakout board or power module, which is good, since at the time of this writing they don’t seem to be available anyway. Plus it has a cool looking power button, so that’s got to count for something.

There’s also an integrated USB hub to give the Atomic Pi a bit more expandability, and a short HDMI extension cable that puts a video port on the back of the case. [Renri] even thought to leave an opening so you could run the wires for your wireless antennas.

At this point, we’ve seen several projects that mimic the unique case design of the 2019 Mac Pro. The level commitment ranges from recreating the design in CAD and milling it out of aluminum to just sticking a Raspberry Pi inside of a literal cheese grater from the kitchen. Naturally we enjoy a well executed Internet meme as much as the next hacker, but all the same, we were glad to see [Renri] put in the effort to make sure this case was more than just a pretty face.

[Thanks to baldpower for the tip.]

Cheese Grater Now Grates Cheese

September 9, 2019 by 11 Comments

If you’ve been using Apple products since before they were cool, you might remember the Power Mac G5. This was a time before Apple was using Intel processors, so compatibility issues were high and Apple’s number of users was pretty low. They were still popular in some areas but didn’t have the wide appeal they have now. The high quality of the drilled aluminum design lived on into the Intel era and gained more popularity, but the case was still colloquially known as the “Cheese Grater”. Despite not originally being able to grate cheese though, this Power Mac actually does grate cheese.

Ungrated cheese is placed in the CD drive slot where it passes through a series of 3D printed gears which grate the cheese into small chunks. The cheese grating drive is automatically started when it detects cheese via a Raspberry Pi. The Pi 4 also functions as a working desktop computer within the old G5 case, complete with custom-built I/O ports for HDMI that integrate with the case to make it look like original hardware.

Funnily enough, the Pi 4 has more computing power and memory than Apple’s flagship Mac at the time, and consumes about 100 times less power. It’s a functional build that elaborates on an in-joke in the hardware community, which we can all appreciate. Perhaps the next build should be something that uses the blue smoke for a productive purpose. Meanwhile, regular readers will remember that this isn’t the first Apple related cheese grating episode we’ve shown you.

Continue reading “Cheese Grater Now Grates Cheese”

This Week In Security: Mass IPhone Compromise, More VPN Vulns, Telegram Leaking Data, And The Hack Of @Jack

September 6, 2019 by 15 Comments

In a very mobile-centric installment, we’re starting with the story of a long-running iPhone exploitation campaign. It’s being reported that this campaign was being run by the Chinese government. Attack attribution is decidedly non-trivial, so let’s be cautious and say that these attacks were probably Chinese operations.

In any case, Google’s Project Zero was the first to notice and disclose the malicious sites and attacks. There were five separate vulnerability chains, targeting iOS versions 10 through 12, with at least one previously unknown 0-day vulnerability in use. The Project Zero write-up is particularly detailed, and really documents the exploits.

The payload as investigated by Project Zero doesn’t permanently install any malware on the device, so if you suspect you could have been compromised, a reboot is sufficient to clear you device.

This attack is novel in how sophisticated it is, while simultaneously being almost entirely non-targeted. The malicious code would run on the device of any iOS user who visited the hosting site. The 0-day vulnerability used in this attack would have a potential value of over a million dollars, and these high value attacks have historically been more targeted against similarly high-value targets. While the websites used in the attack have not been disclosed, the sites themselves were apparently targeted at certain ethnic and religious groups inside China.

Once a device was infected, the payload would upload photos, messages, contacts, and even live GPS information to the command & control infrastructure. It also seems that Android and Windows devices were similarly targeted in the same attack.

Telegram Leaking Phone Numbers

“By default, your number is only visible to people who you’ve added to your address book as contacts.” Telegram, best known for encrypted messages, also allows for anonymous communication. Protesters in Hong Kong are using that feature to organize anonymously, through Telegram’s public group messaging. However, a data leak was recently discovered, exposing the phone numbers of members of these public groups. As you can imagine, protesters very much want to avoid being personally identified. The leak is based on a feature — Telegram wants to automatically connect you to other Telegram users whom you already know.

By default, your number is only visible to people who you’ve added to your address book as contacts.

Telegram is based on telephone numbers. When a new user creates an account, they are prompted to upload their contact list. If one of the uploaded contacts has a number already in the Telegram system, those accounts are automatically connected, causing the telephone numbers to become visible to each other. See the problem? An attacker can load a device with several thousand phone numbers, connect it to the Telegram system, and enter one of the target groups. If there is a collision between the pre-loaded contacts and the members of the group, the number is outed. With sufficient resources, this attack could even be automated, allowing for a very large information gathering campaign.

In this case, it seems such a campaign was carried out, targeting the Hong Kong protesters. One can’t help but think of the first story we covered, and wonder if the contact data from compromised devices was used to partially seed the search pool for this effort.

The Hack of @Jack

You may have seen that Twitter’s CEO, Jack [@Jack] Dorsey’s Twitter account was hacked, and a series of unsavory tweets were sent from that account. This seems to be a continuing campaign by [chucklingSquad], who have also targeted other high profile accounts. How did they manage to bypass two factor authentication and a strong password? Cloudhopper. Acquired by Twitter in 2010, Cloudhopper is the service that automatically posts a user’s SMS messages to Twitter.

Rather than a username and password, or security token, the user is secured only by their cell phone number. Enter the port-out and SIM-swap scams. These are two similar techniques that can be used to steal a phone number. The port-out scam takes advantage of the legal requirement for portable phone numbers. In the port-out scam, the attacker claims to be switching to a new carrier. A SIM-swap scam is convincing a carrier he or she is switching to a new phone and new SIM card. It’s not clear which technique was used, but I suspect a port-out scam, as Dorsey hadn’t gotten his cell number back after several days, while a SIM swap scam can be resolved much more quickly.

Google’s Bug Bounty Expanded

In more positive news, Google has announced the expansion of their bounty programs. In effect, Google is now funding bug bounties for the most popular apps on the Play store, in addition to Google’s own code. This seems like a ripe opportunity for aspiring researchers, so go pick an app with over 100 million downloads, and dive in.

An odd coincidence, that 100 million number is approximately how many downloads CamScanner had when it was pulled from the Play store for malicious behavior. This seems to have been caused by a third party advertisement library.

Updates

Last week we talked about Devcore and their VPN Appliance research work. Since then, they have released part 3 of their report. Pulse Secure doesn’t have nearly as easily exploited vulnerabilities, but the Devcore team did find a pre-authentication vulnerability that allowed reading arbitraty data off the device filesystem. As a victory lap, they compromised one of Twitter’s vulnerable devices, reported it to Twitter’s bug bounty program, and took home the highest tier reward for their trouble.

Another World On The Apple II

August 26, 2019 by 11 Comments

What’s more fun than porting an old game released for an old system such as the Apple IIgs to its 10-year-older predecessor, the Apple II from 1977? Cue [Deater]’s port of the classic video game ‘Another World‘ to the original Apple II. As was fairly obvious from the onset, the main challenges were with the amount of RAM, as well as with the offered graphics resolutions.

Whereas the Apple II could address up to 48 kB of RAM, the 16-bit Apple IIgs with 65C816 processor could be upgraded to a maximum of 8 MB. The graphics modes offered by the latter also allowed ‘Another World’ to run at a highly playable 320×200, whereas the ported version is currently limited to the ‘low resolution’ mode at 40×48 pixels.

The game itself still needs a lot of work to add missing parts and fix bugs, but considering that it has been implemented in 6502 assembler from scratch, using just the gameplay of the IIgs version as reference, it’s most definitely an achievement which would have earned [Deater] a lot of respect back in the late ’80s as well.

Feel free to check out the Github page for this project, grab a floppy disk image from the project page and get playing. Don’t forget to check out the gameplay video linked after the break as well.

Continue reading “Another World On The Apple II”