cons

1351 Articles

Hands-On: BornHack 2020 Badge Has 9×32 Of Bling Fed By CircuitPython

August 27, 2020 by 4 Comments

Despite widespread pandemic cancellations, BornHack still happened this year and they even managed to once again bring an electronic badge to all attendees. If you missed it, I’ve already published an overview of the hacker camp itself. Today let’s dig into the 2020 BornHack badge!

Designed by Thomas Flummer and manufactured in Denmark, it takes the form of a PCB in the shape of a roughly 60 degree circular arc with most of its top side taken up by a 9 by 32 array of SMD LEDs. There is the usual 4-way button array and space for an SAO connector on the rest of the front face, while on the rear are a set of GPIO pads and a pair of AA battery holders for power. Connectivity is via USB-C and infra-red, and usefully there is also a power on/off switch.

At the heart of its hardware is a SAMD21G18A ARM Cortex M0+ microcontroller which is perhaps not the most exciting of chips, but the hardware becomes more interesting with the LED drivers. A pair of the IS31FL3731 chips (you may recognise from Brian Benchoff’s Mr. Robot badge) each drive half of the Charliplexed LED array. These versatile chips take the bother of scanning the LED matrix away from the microcontroller with their own internal frame registers fed from an I2C interface. This choice both makes the best use of the relatively meagre microcontroller in this application, and opens the way for the software choice. This badge runs Adafruit’s CircuitPython, and can thus be programmed over the USB connection in the same way as any other CircuitPython board. To test this I put aside my GNU/Linux laptop, and picked up something considerably less versatile to test its ease of use: a Chromebook.


# configure I2C
i2c = busio.I2C(board.SCL, board.SDA)

# turn on LED drivers
sdb = DigitalInOut(board.SDB)
sdb.direction = Direction.OUTPUT
sdb.value = True

# set up the two LED drivers
display = adafruit_is31fl3731.Matrix(i2c, address=0x74)
display2 = adafruit_is31fl3731.Matrix(i2c, address=0x77)

text_to_show = "BornHack 2020 - make clean"

CircuitPython devices mount as a disk drive in which can be found a Python file that can be edited with the code of your choice. The BornHack badge ships with code to display a BornHack banner text, which serves as a quick introduction to the capabilities of its display. It’s noticeable that the text scrolling performance leaves something to be desired, but this microcontroller is hardly one of the more powerful supported by the CircuitPython platform. The Chromebook was happily able to edit the code, though viewing the Python serial console necessitated diving into its Linux virtual machine.

The BornHack badge then, an attractive design that fulfils the aim of being capable and easy to program through its use of the popular CircuitPython platform, and through its decent sized LED matrix and available GPIOs with the chance of seeing a use beyond the camp as a general purpose display/experimentation platform. It may not be the most powerful of badges, but it does its job well. In particular it has achieved the feat missed by so many others, of arriving at the camp fully assembled and with working hardware and software. You can see more about it in Thomas’ badge presentation at the camp (cut from a stream, talk begins at 5:27) which we’ve placed below the break.

We look forward to seeing its influence upon other similar badges. Meanwhile if you are interested, you can compare it with the 2019 BornHack badge which we reviewed last year.

Continue reading “Hands-On: BornHack 2020 Badge Has 9×32 Of Bling Fed By CircuitPython”

Running A Successful Hacker Camp In A Pandemic: BornHack 2020

August 24, 2020 by 10 Comments

You could say 2020 is The Year That Didn’t Happen, or perhaps even The Year That Everything Happened Online. All the international cons and camps have been cancelled, and we’ve spent our time instead seeing our friends in Jitsi, or Zoom.

But there was one camp that wasn’t cancelled. The yearly Danish hacker camp BornHack has gone ahead this year with significantly reduced numbers and amid social distancing, turning it from what is normally one of the smaller and more intimate events into the only real-world event of 2020.

I bought my ticket early in the year and long before COVID-19 became a global pandemic, so on a sunny day in August I found myself in my car with my friend Dani from FizzPop hackerspace in Birmingham taking the ferry for the long drive through the Netherlands and Germany to Denmark.

Continue reading “Running A Successful Hacker Camp In A Pandemic: BornHack 2020”

Breaking Smartphone NFC Firmware: The Gory Details

August 23, 2020 by 2 Comments

Near-field Communication (NFC) has been around a while and is used for example in access control, small data exchange, and of course in mobile payment systems. With such sensitive application areas, security is naturally a crucial element of the protocol, and therefore any lower-level access is usually heavily restricted and guarded.

This hardware is especially well-guarded in phones, and rooting your Android device won’t be of much help here. Well, that was of course only until [Christopher Wade] took a deep look into that subject, which he presented in his NFC firmware hacking talk at for this year’s DEF CON.

But before you cry out “duplicate!” in the comments now, [Jonathan Bennett] has indeed mentioned the talk in a recent This Week In Security article, but [Christopher] has since written up the content of his talk in a blog post that we thought deserves some additional attention.

To recap: [Christopher] took a rooted Samsung S6 and searched for vulnerabilities in the NFC chip’s safe firmware update process, in hopes to run a custom firmware image on it. Obviously, this wouldn’t be worth mentioning twice if he hadn’t succeeded, and he goes at serious length into describing how he got there. Picking a brain like his by reading up on the process he went through — from reverse engineering the firmware to actually exploiting a weakness that let him run his own code — is always fascinating and downright fun. And if you’re someone who prefers the code to do the talking, the exploits are on GitHub.

Naturally, [Christopher] disclosed his findings to Samsung, but the exploited vulnerability — and therefore the ability to reproduce this — has of course been out there for a long time already. Sure, you can use a Proxmark device to attack NFC, or the hardware we saw a few DEF CONs back, but a regular-looking phone will certainly raise a lot less suspicion at the checkout counter, and might open whole new possibilities for penetration testers. But then again, sometimes a regular app will be enough, as we’ve seen in this NFC vending machine hack.

Continue reading “Breaking Smartphone NFC Firmware: The Gory Details”

Eavesdropping On Satellites For Fun And Profit

August 20, 2020 by 8 Comments

Geosynchronous satellites, girdling the Earth from their perches 36,000 km above the equator, are remarkably useful devices. Depending on where they’re parked, they command views of perhaps a third of the globe at a time, making them perfect communications relays. But as [James Pavur] points out in his DEF CON Safe Mode talk, “Whispers Among the Stars”, geosynchronous satellite communication links are often far from secure.

[James], a D. Phil. student in Systems Security at Oxford University, relates that his exploits rely on the wide areas covered by the downlink signals from the satellites, coupled with security as an afterthought, if it was even thought of at all by satellite service providers. This lackadaisical approach let him use little more than a regular digital satellite TV dish and a tuner card for a PC — off-the-shelf stuff that you’d really have to try hard to spend more than $300 on — to tap into sensitive information.

While decoding the digital signals from satellites into something parseable can be done with commercial applications, [James] and his colleagues built a custom tool, GSExtract, to pull data from the often noisy signals coming down from on high. The setup returned an amazing bounty of information, like maritime operators relaying the passport information of crew members from ship to shore, point-of-sale terminal information from cruise ships in the Mediterranean, and in-flight entertainment systems in jet airliners. The last example proved particularly alarming, as it revealed an exploitable connection between the systems dedicated to keeping passengers content and those in the cockpit, which clearly should not be the case.

We found [James’] insights on these weaknesses in satellite communications fascinating, and it’s well worth the 45 minutes to watch the video below and perhaps try these exploits, which amount to side-channel attacks, for yourself.

Continue reading “Eavesdropping On Satellites For Fun And Profit”

HOPE 2020 Delivers Historic Marathon Of Hacking

August 11, 2020 by 1 Comment

Anyone who’s ever attended a hacker conference knows that the talks and workshops are only part of the reason that people travel from all over the country (and indeed, the world) to be there. The social and extracurricular aspects of these events are just as important as the scheduled content, if not more so. After all, you can always watch the recorded version of any presentation you missed when you get back home; but there’s only a relatively short window for drinking Club-Mate, driving a Segway at unreasonable speeds, and hanging out with other people in the community.

So I don’t mind admitting that I was extremely skeptical when it was announced that the Hackers On Planet Earth (HOPE) conference was going virtual due to the COVID-19 pandemic. Especially since the decision came just a few months before the event was set to kick off in New York. Trying to recreate the experience of a large scale hacker con as an online-only event is hard enough, but doing it on such short notice seemed like a recipe for disaster. Particularly for an event like HOPE that had always crammed the historic Hotel Pennsylvania to the rafters (and sometimes, above) with content and activities.

Which is not to say they didn’t have some interesting ideas. Since so many people were stuck at home anyway, they decided there wasn’t much point limiting HOPE to a single weekend. For 2020, the event would instead run for nine continuous days. Prerecorded talks and interactive workshops would start at 9 AM Eastern and run right up until the wee hours of the morning, often concluding with a live musical performance.

As founder Emmanuel Goldstein described it, the idea was to turn this year’s HOPE into a 24 hour hacker television channel that could beam a diverse array of ideas and opinions into homes all over the planet. Rather than pretending that the classic hacker convention experience could be fully replicated online, they would fully embrace the possibilities offered by the Internet and create something completely different. But could they pull it off?

Continue reading “HOPE 2020 Delivers Historic Marathon Of Hacking”

Hands-On: Internet Of Batteries Quantum Badge Brings Badgelife Add-Ons The Power And Internet They Crave

August 9, 2020 by 13 Comments

Our friends in the Whiskey Pirates crew sent me the unofficial DEF CON badge they built this year. The Internet of Batteries QUANTUM provides power and connectivity to the all-important add-on badges of DC28. The front of the badge is absolutely gorgeous to the point I don’t really want to solder on my add-on headers and disrupt that aesthetic.

The gold-plated copper makes for a uniformed and reflective contrast to the red solder mask which occupies the majority of the front. Here we see the great attention to detail that [TrueControl] includes in his badges. The white stripe of silk screen separating the two colors is covered by some black detailing tape that looks much better than the white.

The antenna of the ESP32 module poking out the underside of the gold cover end of the badge gets its own rectangle of the holographic sticker material, the same as the sheet of stickers that was included in the box. Both decals are small details that make a huge difference to your eye.

The line of nine RGB LEDs have black bezels which goes along with the black stripe motif and underscores the typography of the badge name. These lights are hosted on a daughter board soldered to the underside of the badge with a slot for the LEDs to pass through. They are addressed in a 2×15 matrix that is scanned on the low side by the PSoC5 that drives the badge. This low-res image shows that daughter board before the lithium cell is placed.

Continue reading “Hands-On: Internet Of Batteries Quantum Badge Brings Badgelife Add-Ons The Power And Internet They Crave”

Hands-On: AND!XOR Unofficial DC28 Badge Embraces The Acrylic Stackup

August 7, 2020 by 1 Comment

Still hot from the solder party, a new AND!XOR badge just landed on my desk courtesy of the hacking crew that has been living the #badgelife for the past five years. Originally based on the Futurama character Bender, the design has morphed to the point that it’s no longer recognizable as a descendant of that belligerent robot. Instead we have a skeletal midget whose face is half covered by a gear-themed mask.

Continue reading “Hands-On: AND!XOR Unofficial DC28 Badge Embraces The Acrylic Stackup”