A Double Shot Of Vintage Computing This Weekend

Going anywhere interesting this weekend? No, of course you aren’t. None of us are. So why not tune your computer or smartphone to the online stream of one of the virtual Vintage Computer Festivals that will be taking place between October 10th and 11th. Granted only one of them is in English, but we’ve often thought of blinky lights as something of a universal language anyway.

Vintage Computer Festival East, which normally would have happened in the Spring, has finally decided that 2020 is a wash for any in-person meetings and has decided to switch over to virtual. Interestingly, it sounds like they’ll be live streaming at least some of the exhibitor tables from the InfoAge museum in New Jersey where the physical event would have been held. So from an attendee perspective, the virtual event should be a bit closer to the real thing than if everyone had to figure out their own streaming setups from home. Presentations will run from 9:00 AM to 6:00 PM Eastern on both days.

On the other side of the globe, Vintage Computing Festival Berlin will be broadcasting their own exhibitions, workshops, and lectures. In an interesting use of the virtual format, they’ll be giving viewers an intimate look at vintage computers and technology that’s held in private collections, museums, or otherwise inaccessible storage and research facilities. Content will be streaming from 10:00 AM to 8:00 PM CEST on both days, with a musical performance overnight.

While there’s an understandable tendency to bemoan the trend of moving events online in the face of COVID-19, there are certainly situations where the format can actually bring you more content than you’d have access to otherwise. Especially when they end up being free, as is the case with both of these Festivals. We’re still eagerly awaiting the point where we can get back to attending these events in person, but we certainly aren’t complaining when so many incredible people are willing to put on these presentations without seeing a dime.

Something To Look Forward To: MCH2021 Call For Participation

As we stare dejectedly at our screens and consider what might have been during the 2020 summer that didn’t quite happen, here’s a little something to look forward to in a future where the COVID-19 pandemic will with any luck be much less of a threat. We have have had precious little in the way of events in 2020, but the call for participation has been announced for one of the largest planned for 2021. MCH2021 will be big European summer camp of next year, and is scheduled for the 6th to the 10th of August at Scoutinglandgoed Zeewolde in the Netherlands province of Flevoland. It will be the latest in a long line of such events going back to 1989, and with such a track record we know it’s going to be a good one.

We know that among our community are many people who’ll be interested in going to MCH, and that each and every one of you will have some fascinating insights that others would love to hear about. The challenge of the MCH orga is to bestow upon you the courage to stand up in front of your peers and talk about it, and from our experience here at Hackaday we’d say that an event such as this one makes for a very good place to give speaking a try. As always they’re interested in all the cool stuff that comes from our diverse community, but to help you along they’ve suggested a theme. Recent events have it’s fair to say presented a challenge to the world, and in that light they state that “we are especially looking for content that is about our ability to recover from extreme events of whatever nature”. We look forward to seeing you there.

Hands-On: BornHack 2020 Badge Has 9×32 Of Bling Fed By CircuitPython

Despite widespread pandemic cancellations, BornHack still happened this year and they even managed to once again bring an electronic badge to all attendees. If you missed it, I’ve already published an overview of the hacker camp itself. Today let’s dig into the 2020 BornHack badge!

Designed by Thomas Flummer and manufactured in Denmark, it takes the form of a PCB in the shape of a roughly 60 degree circular arc with most of its top side taken up by a 9 by 32 array of SMD LEDs. There is the usual 4-way button array and space for an SAO connector on the rest of the front face, while on the rear are a set of GPIO pads and a pair of AA battery holders for power. Connectivity is via USB-C and infra-red, and usefully there is also a power on/off switch.

At the heart of its hardware is a SAMD21G18A ARM Cortex M0+ microcontroller which is perhaps not the most exciting of chips, but the hardware becomes more interesting with the LED drivers. A pair of the IS31FL3731 chips (you may recognise from Brian Benchoff’s Mr. Robot badge) each drive half of the Charliplexed LED array. These versatile chips take the bother of scanning the LED matrix away from the microcontroller with their own internal frame registers fed from an I2C interface. This choice both makes the best use of the relatively meagre microcontroller in this application, and opens the way for the software choice. This badge runs Adafruit’s CircuitPython, and can thus be programmed over the USB connection in the same way as any other CircuitPython board. To test this I put aside my GNU/Linux laptop, and picked up something considerably less versatile to test its ease of use: a Chromebook.


# configure I2C
i2c = busio.I2C(board.SCL, board.SDA)

# turn on LED drivers
sdb = DigitalInOut(board.SDB)
sdb.direction = Direction.OUTPUT
sdb.value = True

# set up the two LED drivers
display = adafruit_is31fl3731.Matrix(i2c, address=0x74)
display2 = adafruit_is31fl3731.Matrix(i2c, address=0x77)

text_to_show = "BornHack 2020 - make clean"

CircuitPython devices mount as a disk drive in which can be found a Python file that can be edited with the code of your choice. The BornHack badge ships with code to display a BornHack banner text, which serves as a quick introduction to the capabilities of its display. It’s noticeable that the text scrolling performance leaves something to be desired, but this microcontroller is hardly one of the more powerful supported by the CircuitPython platform. The Chromebook was happily able to edit the code, though viewing the Python serial console necessitated diving into its Linux virtual machine.

The BornHack badge then, an attractive design that fulfils the aim of being capable and easy to program through its use of the popular CircuitPython platform, and through its decent sized LED matrix and available GPIOs with the chance of seeing a use beyond the camp as a general purpose display/experimentation platform. It may not be the most powerful of badges, but it does its job well. In particular it has achieved the feat missed by so many others, of arriving at the camp fully assembled and with working hardware and software. You can see more about it in Thomas’ badge presentation at the camp (cut from a stream, talk begins at 5:27) which we’ve placed below the break.

We look forward to seeing its influence upon other similar badges. Meanwhile if you are interested, you can compare it with the 2019 BornHack badge which we reviewed last year.

Continue reading “Hands-On: BornHack 2020 Badge Has 9×32 Of Bling Fed By CircuitPython”

Running A Successful Hacker Camp In A Pandemic: BornHack 2020

You could say 2020 is The Year That Didn’t Happen, or perhaps even The Year That Everything Happened Online. All the international cons and camps have been cancelled, and we’ve spent our time instead seeing our friends in Jitsi, or Zoom.

But there was one camp that wasn’t cancelled. The yearly Danish hacker camp BornHack has gone ahead this year with significantly reduced numbers and amid social distancing, turning it from what is normally one of the smaller and more intimate events into the only real-world event of 2020.

I bought my ticket early in the year and long before COVID-19 became a global pandemic, so on a sunny day in August I found myself in my car with my friend Dani from FizzPop hackerspace in Birmingham taking the ferry for the long drive through the Netherlands and Germany to Denmark.

Continue reading “Running A Successful Hacker Camp In A Pandemic: BornHack 2020”

Breaking Smartphone NFC Firmware: The Gory Details

Near-field Communication (NFC) has been around a while and is used for example in access control, small data exchange, and of course in mobile payment systems. With such sensitive application areas, security is naturally a crucial element of the protocol, and therefore any lower-level access is usually heavily restricted and guarded.

This hardware is especially well-guarded in phones, and rooting your Android device won’t be of much help here. Well, that was of course only until [Christopher Wade] took a deep look into that subject, which he presented in his NFC firmware hacking talk at for this year’s DEF CON.

But before you cry out “duplicate!” in the comments now, [Jonathan Bennett] has indeed mentioned the talk in a recent This Week In Security article, but [Christopher] has since written up the content of his talk in a blog post that we thought deserves some additional attention.

To recap: [Christopher] took a rooted Samsung S6 and searched for vulnerabilities in the NFC chip’s safe firmware update process, in hopes to run a custom firmware image on it. Obviously, this wouldn’t be worth mentioning twice if he hadn’t succeeded, and he goes at serious length into describing how he got there. Picking a brain like his by reading up on the process he went through — from reverse engineering the firmware to actually exploiting a weakness that let him run his own code — is always fascinating and downright fun. And if you’re someone who prefers the code to do the talking, the exploits are on GitHub.

Naturally, [Christopher] disclosed his findings to Samsung, but the exploited vulnerability — and therefore the ability to reproduce this — has of course been out there for a long time already. Sure, you can use a Proxmark device to attack NFC, or the hardware we saw a few DEF CONs back, but a regular-looking phone will certainly raise a lot less suspicion at the checkout counter, and might open whole new possibilities for penetration testers. But then again, sometimes a regular app will be enough, as we’ve seen in this NFC vending machine hack.

Continue reading “Breaking Smartphone NFC Firmware: The Gory Details”

Eavesdropping On Satellites For Fun And Profit

Geosynchronous satellites, girdling the Earth from their perches 36,000 km above the equator, are remarkably useful devices. Depending on where they’re parked, they command views of perhaps a third of the globe at a time, making them perfect communications relays. But as [James Pavur] points out in his DEF CON Safe Mode talk, “Whispers Among the Stars”, geosynchronous satellite communication links are often far from secure.

[James], a D. Phil. student in Systems Security at Oxford University, relates that his exploits rely on the wide areas covered by the downlink signals from the satellites, coupled with security as an afterthought, if it was even thought of at all by satellite service providers. This lackadaisical approach let him use little more than a regular digital satellite TV dish and a tuner card for a PC — off-the-shelf stuff that you’d really have to try hard to spend more than $300 on — to tap into sensitive information.

While decoding the digital signals from satellites into something parseable can be done with commercial applications, [James] and his colleagues built a custom tool, GSExtract, to pull data from the often noisy signals coming down from on high. The setup returned an amazing bounty of information, like maritime operators relaying the passport information of crew members from ship to shore, point-of-sale terminal information from cruise ships in the Mediterranean, and in-flight entertainment systems in jet airliners. The last example proved particularly alarming, as it revealed an exploitable connection between the systems dedicated to keeping passengers content and those in the cockpit, which clearly should not be the case.

We found [James’] insights on these weaknesses in satellite communications fascinating, and it’s well worth the 45 minutes to watch the video below and perhaps try these exploits, which amount to side-channel attacks, for yourself.

Continue reading “Eavesdropping On Satellites For Fun And Profit”

HOPE 2020 Delivers Historic Marathon Of Hacking

Anyone who’s ever attended a hacker conference knows that the talks and workshops are only part of the reason that people travel from all over the country (and indeed, the world) to be there. The social and extracurricular aspects of these events are just as important as the scheduled content, if not more so. After all, you can always watch the recorded version of any presentation you missed when you get back home; but there’s only a relatively short window for drinking Club-Mate, driving a Segway at unreasonable speeds, and hanging out with other people in the community.

So I don’t mind admitting that I was extremely skeptical when it was announced that the Hackers On Planet Earth (HOPE) conference was going virtual due to the COVID-19 pandemic. Especially since the decision came just a few months before the event was set to kick off in New York. Trying to recreate the experience of a large scale hacker con as an online-only event is hard enough, but doing it on such short notice seemed like a recipe for disaster. Particularly for an event like HOPE that had always crammed the historic Hotel Pennsylvania to the rafters (and sometimes, above) with content and activities.

Which is not to say they didn’t have some interesting ideas. Since so many people were stuck at home anyway, they decided there wasn’t much point limiting HOPE to a single weekend. For 2020, the event would instead run for nine continuous days. Prerecorded talks and interactive workshops would start at 9 AM Eastern and run right up until the wee hours of the morning, often concluding with a live musical performance.

As founder Emmanuel Goldstein described it, the idea was to turn this year’s HOPE into a 24 hour hacker television channel that could beam a diverse array of ideas and opinions into homes all over the planet. Rather than pretending that the classic hacker convention experience could be fully replicated online, they would fully embrace the possibilities offered by the Internet and create something completely different. But could they pull it off?

Continue reading “HOPE 2020 Delivers Historic Marathon Of Hacking”