cons

1308 Articles

SUPERCON 2022: Kuba Tyszko Cracks Encrypted Software

February 21, 2023 by 5 Comments

[Kuba Tyszko] like many of us, has been hacking things from a young age. An early attempt at hacking around with grandpa’s tractor might have been swiftly quashed by his father, but likely this was not the last such incident. With a more recent interest in cracking encrypted applications, [Kuba] gives us some insights into some of the tools at your disposal for reading out the encrypted secrets of applications that have something worth hiding.  (Slides here, PDF.)

There may be all sorts of reasons for such applications to have an encrypted portion, and that’s not really the focus. One such application that [Kuba] describes was a pre-trained machine-learning model written in the R scripting language. If you’re not familiar with R, it is commonly used for ‘data science’ type tasks and has a big fan base. It’s worth checking out. Anyway, the application binary took two command line arguments, one was the encrypted blob of the model, and the second was the path to the test data set for model verification.

The first thing [Kuba] suggests is to disable network access, just in case the application wants to ‘dial home.’ We don’t want that. The application was intended for Linux, so the first port of call was to see what libraries it was linked against using the ldd command. This indicated that it was linked against OpenSSL, so that was a likely candidate for encryption support. Next up, running objdump gave some clues as to the various components of the binary. It was determined that it was doing something with 256-bit AES encryption. Now after applying a little experience (or educated guesswork, if you prefer), the likely scenario is that the binary yanks the private key from somewhere within itself reads the encrypted blob file, and passes this over to libssl. Then the plaintext R script is passed off to the R runtime, the model executes against the test data, and results are collated.

[Kuba]’s first attack method was to grab the OpenSSL source code and drop in some strategic printf() function calls into the target functions. Next, using the LD_PRELOAD ‘trick’ the standard system OpenSSL library was substituted with the ‘fake’ version with the trojan printfs. The result of this was the decryption function gleefully sending the plaintext R script direct to the terminal. No need to even locate the private key!

Continue reading “SUPERCON 2022: Kuba Tyszko Cracks Encrypted Software”

Matt Venn speaking at Supercon 2022

Supercon 2022: Matt Venn’s Tiny Tapeout Brings Chip Design To The Masses

February 14, 2023 by 23 Comments

Not that long ago, rolling your own printed circuit boards was difficult, time-consuming and expensive. But thanks to an army of cheap, online manufacturing services as well as high-quality free design software, any hobbyist can now make boards to rival those made by pros. A similar shift might be underway when it comes to chip design: affordable manufacturing options and a set of free software tools are slowly bringing custom chips into the realm of hackers and hobbyists. One of those working hard to democratize chip design is Matt Venn, who’s been telling us all about his current big project, called Tiny Tapeout, in his talk at Remoticon 2022.

Matt’s quest to bring IC design to the masses started in 2020, when the first open-source compatible Process Design Kit (PDK) was released to the public. A PDK is a collection of files, normally only available under strict non-disclosure agreements, that describe all the features of a specific chip manufacturing process and enable you to make a design. With this free PDK in hand and a rag-tag collection of free software tools, Matt set out to design his first chip, a VGA clock, which he taped out (released to manufacturing) in July 2020. Continue reading “Supercon 2022: Matt Venn’s Tiny Tapeout Brings Chip Design To The Masses”

Thor does battle with a man shooting lasers from his hands

Hackaday Berlin: In Praise Of Lightning Talks

February 11, 2023 by 9 Comments

We’re in full-on prep mode for our first event in Europe in four years: Hackaday Berlin. And while we’ve got a great slate of speakers lined up, and to be announced soon, I’m personally most excited for the lightning talks.

Why? Because the lightning talks give you all, the attendees, the chance to get up and let everyone know what you’re up to. They’re longer than an elevator pitch, so you have time to at least start to explain the most interesting detail or two, but they’re not long enough that you can cover every aspect of a project. And that’s the trick!

By being short enough that you couldn’t possibly cover everything, you don’t need to worry about covering everything. Just go for the highlights. And because you left a lot of the interesting details back, everyone in the audience is going to want to bend your ear about it for the rest of the conference. It’s like the ultimate icebreaker.

For the audience? Lightning talks, when they’re good, are like a fountain of non-stop great ideas and inspiration. And if you happen on that just doesn’t tickle your hacker-bone, it’s probably over in another five minutes, so no worries.

We didn’t have time to run a full-on call for proposals for Berlin, but we’re hoping that you’ll ride the lightning. We’d all love to hear what you’ve got to say!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Come Join Us For Hackaday Berlin!

February 7, 2023 by 54 Comments

It’s been far too long since we’ve had an event in Europe, and we’re going to fix that right now. Hackaday Berlin 2023 will be a day-long conference full of great talks, badge hacking, music, art, madness, and gathering with your favorite hackers on Saturday, March 25.

But it doesn’t stop there. We’ll have a pre-event party Friday night, and then a bring-a-hack brunch on Sunday with further opportunities to show off whatever projects you’re bringing along, hack some more on the badge, wind down, and/or play together. So if your travel plans allow it, come in Friday mid-day and don’t schedule your return ticket until Sunday evening.

Cutting to the chase: early bird tickets are on sale right now, so go get one! But even if you miss out on those, and they’ll go like hotcakes, the regular tickets are well worth it. Everything is fully catered, the badge and the swag are phenomenal, and the talks will be first-rate.

Last time we were in Europe, the party went on until 2 AM!

Saturday’s main events will include a handful of fantastic invited guest talks, but also a few hours of Lightning Talks given by you – yes, you! If you’ve never attended a lightning talk, you get seven minutes to run through one of your favorite projects. We want to know what’s on your workbench right now, what new skills you’ve been teaching yourself, or the groundwork you’ve been laying for the next big project. It’s your chance to inspire everyone in the room – grab it.

Everyone asked us to do a second run of the 2022 Hackaday Supercon badge, and now we’ve got the perfect excuse! Designed by Voja Antonic, the badge is a standalone retrocomputer in the style of an Altair or similar, but it’s much more. Between blinking LEDs that display everything going on, down to the gates in the ALU, and a trimmed-down machine language, it’s an invitation to get deeply in touch with the machine. If you felt left out because you couldn’t travel to Pasadena last November, here’s your second chance.

And then there’s the crowd. Hackaday really is a global community of hackers, and Hackaday events tend to bring out the best. Even if you’re not planning to give a lightning talk (and you should!) be prepared to talk about what you’re doing, because everyone else there is just as interested in cool projects as you are. Hackaday Berlin will be a great opportunity to connect and reconnect with new and old friends alike. Come join us!

We’ll be following up with a speaker announcement next week, but if you have any questions, let us know in the comments below. Otherwise, we’ll see you in Berlin.

Supercon 2022: Sophy Wong Is Making An Impact With Artistic Wearables

January 25, 2023 by 5 Comments

Prolific designer and maker Sophy Wong is always looking toward the future, and that goes for everything from the costume pieces she makes to the idea of making itself. In her excellent and highly-visual Supercon talk, Sophy explores both, and gives the viewer a window on her evolved-and-evolving design philosophy.

You likely know Sophy as That Maker Who 3D Prints On Fabric, a label she is quick to dismiss, pointing animatedly toward the seminal work of one David Shorey, who also happened to be at Supercon 2022. As Sophy explains, the process begins by modeling disconnected bodies to be printed, then printing the first layer and pausing the print. At this point, a piece of nylon mesh is inserted, and the print is resumed. The result is that the mesh is trapped between the first and second layers, and the bodies are now connected by a common thread. Carefully remove the sandwich from the print bed and you have a highly-flexible, mesmerizing piece of material that almost acts like chain maille.

Continue reading “Supercon 2022: Sophy Wong Is Making An Impact With Artistic Wearables”

Supercon 2022: All Aboard The SS MAPR With Sherry Chen

January 17, 2023 by 8 Comments

How do you figure out what is in a moving body of water over a mile wide? For those in charge of assessing the water quality of the Delaware river, this is a real problem. Collecting the data required to evaluate the water quality was expensive and time-consuming, taking over six years. Even then, the data was relatively sparse, with just a few water quality stations and only one surface sample for every six miles of river.

Sherry Chen, Quinn Wu, Vanessa Howell, Eunice Lee, Mia Mansour, and Frank Fan teamed up to create a solution, and the SS MAPR was the result. At Hackaday Supercon 2022, Sherry outlined the mission, why it was necessary, and their journey toward an autonomous robot boat. What follows is a fantastic guide and story of a massive project coming together. There are plans, evaluations, and tests for each component.

Sherry and the team first started by defining what was needed. It needed to be cheap, easy to use, and able to sample from various depths in a well-confined bounding box. It needed to run for four hours, be operated by a single person, and take ten samples across a 1-mile (2 km) section of the river. Some of the commercial solutions were evaluated, but they found none of them met the requirements, even ignoring their high costs. They selected a multi-hull style boat with off-the-shelf pontoons for stability and cost reasons.
Continue reading “Supercon 2022: All Aboard The SS MAPR With Sherry Chen”

Supercon 2022: Samy Kamkar’s Glowing Breath

January 10, 2023 by 6 Comments

Sometimes the journey itself is the destination. This one started when [Samy] was 10 and his mom bought a computer. He logged on to IRC to talk with people about the X-Files and was WinNuked. Because of that experience, modulo a life of hacking and poking and playing, the talk ends with a wearable flex-PCB Tesla coil driving essentially a neon sign made from an ampule of [Samy]’s own breath around his neck. Got that? Buckle up, it’s a rollercoaster.

Continue reading “Supercon 2022: Samy Kamkar’s Glowing Breath”