This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking

April 14, 2023 by Jonathan Bennett 9 Comments

You may not be familiar with the Microsoft Message Queuing (MSMQ) service, a store and forward sort of inter-process and inter-system communication service. MSMQ has become something of a legacy product, but is still available as an optional component in Windows. And in addition to other enterprise software solutions, Microsoft Exchange turns the service on by default. That’s why it’s a bit spooky that there’s a one packet Remote Code Execution (RCE) vulnerability that was just patched in the service.

CVE-2023-21554, also known as QueueJumper, is this unauthenticated RCE with a CVSS score of 9.8. It requires sending a packet to the service on TCP port 1801. The Check Point Research team scanned for listening MSMQ endpoints on the public Internet, and found approximately 360,000 of them. And no doubt far more are listening on internal networks. A one packet exploit is a prime example of a wormable problem, and now that the story has broken, and the patch is available, expect a rapid reverse engineering. Beware, the queue jumpers are coming.

JavaScript VM Escape

The VM2 library is a rather important JavaScript package that sandboxes code, letting a project run untrusted code securely. Or, that’s the idea. CVE-2023-29017 is an example of how hard sandboxing is to get right. It’s another CVSS 9.8 vulnerability, and this one allows a sandbox escape and code execution.

This one now has public Proof of Concept code, and this package has over 16 million monthly installs, so the attack surface is potentially pretty wide. The flaw is fixed in version 3.9.15. Continue reading “This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking” →

Tinkercad Gets A Move On

April 13, 2023 by Al Williams 22 Comments

Going to the movies is an experience. But how popular do you think they’d be if you went in, bought your popcorn, picked your seat, and the curtain would rise on a large still photograph? Probably not a great business model. If a picture is worth 1,000 words, then a video is worth at least a million, and that’s why we thought it was awesome that Tinkercad now has a physics simulator built right in.

Look for this icon on the top right toolbar.

It all starts with your 3D model or models, of course. Then there’s an apple icon. (Like Newton, not like Steve Jobs.) Once you click it, you are in simulation mode. You can select objects and make them fixed or movable. You can change the material of each part, too, which varies its friction, density, and mass. There is a play button at the bottom. Press it, and you’ll see what happens. You can also share and you have the option of making an MP4 video like the ones below.

We, of course, couldn’t resist. We started with a half-sphere and made it larger. We also rotated it so the flat side was up. We then made a copy that would become the inside of our bowl. Using the ruler tool, we shaved about 2 mm off the length and width (X and Y) of the inner sphere. We also moved it 2 mm up without changing the size.

Using the alignment tools, you can then center the inner piece in the X and Y axis. Change the inner color to a hole and group the objects. This forms a simple bowl shape. Then we moved the workplane to a random part of the inner surface of our bowl and dropped a sphere. Nothing complicated.

Continue reading “Tinkercad Gets A Move On” →

Signed Distance Functions: Modeling In Math

April 12, 2023 by Matthew Carlson 13 Comments

What if instead of defining a mesh as a series of vertices and edges in a 3D space, you could describe it as a single function? The easiest function would return the signed distance to the closest point (negative meaning you were inside the object). That’s precisely what a signed distance function (SDF) is. A signed distance field (also SDF) is just a voxel grid where the SDF is sampled at each point on the grid. First, we’ll discuss SDFs in 2D and then jump to 3D.

SDFs in 2D

A signed distance function in 2D is more straightforward to reason about so we’ll cover it first. Additionally, it is helpful for font rendering in specific scenarios. [Vassilis] of [Render Diagrams] has a beautiful demo on two-dimensional SDFs that covers the basics. The naive technique for rendering is to create a grid and calculate the distance at each point in the grid. If the distance is greater than the size of the grid cell, the pixel is not colored in. Negative values mean the pixel is colored in as the center of the pixel is inside the shape. By increasing the size of the grid, you can get better approximations of the actual shape of the SDF. So, why use this over a more traditional vector approach? The advantage is that the shape is represented by a single formula calculated at many points. Most modern computers are extraordinarily good at calculating the same thing thousands of times with slightly different parameters, often using the GPU. GLyphy is an SDF-based text renderer that uses OpenGL ES2 as a shader, as discussed at Linux conf in 2014 . Freetype even merged an SDF renderer written by [Anuj Verma] back in 2020. Continue reading “Signed Distance Functions: Modeling In Math” →

A Miniature MNT For Every Pocket

April 11, 2023 by Kerry Scharfglass 35 Comments

Last time Hackaday went hands on with a product from German company MNT, it was the Reform laptop; a full size computer with a full feature set and fully open source design. Now they’re back with the same value proposition and feature set crammed into a much more adorable (and colorful!) package with the MNT Pocket Reform. If you want the big Reform’s open source philosophy in a body fit for a coat pocket, this might be the computing device for you.

To refresh your memory, MNT is a company that specializes in open source hardware and the software to support it. They are probably best known for the Reform, their first laptop. Its marquis feature is a fully open design, from the mechanical components (designed with OSS tools) to the PCBAs (designed with KiCad) to the software (designed with, uh, software). When originally shipped that product packed a DIMM-style System On Module (SOM) with a default configuration containing a quad core NXP i.MX8M Quad and 4GB of RAM, as well as mini PCIe Card and M key m.2 2280 slots on the motherboard for storage and connectivity. That computer was designed to be easily serviceable and included a plethora of full sized ports along with easy to source cylindrical battery cells. The Pocket Reform takes the same intent and channels it into a much smaller package.

Continue reading “A Miniature MNT For Every Pocket” →

The Real John Wick-Style Bullet Proof Suit

April 10, 2023 by Al Williams 55 Comments

If you’ve seen the John Wick movies, you’ve probably had to suspend your disbelief about many things, but the bulletproof suits are perhaps the hardest thing to swallow. They look like stylish suits but are impervious to just about anything at any range. What’s more is when you are hit, they seem to absorb all impact with no effect on the wearer at all.

You can keep running, firing, or karate kicking while the suit takes all of the bullets. You can even pull your jacket up over your face if you want to protect that million-dollar smile. Physics, of course, tells us that a suit like this is pretty much impossible. Except that they actually exist. Granted, the real-life suits don’t have the magic physics-defying powers of Mr. Wick’s suit, but if you have the cash, you can get a smart-looking suit that protects you from getting killed by a bullet.

Real Life, Part I

In the movies, the suits supposedly have Kevlar in them just like a real piece of ballistic body armor. The problem is, Kevlar is bulky. However, most of the real body armor you see — like a vest on a SWAT team operative — is made from Kevlar or similar ballistic fibers like Twaron, Goldflex, or Dyneema. They also have plates made of metal or ceramic. Continue reading “The Real John Wick-Style Bullet Proof Suit” →

Share Your Projects: Take Pictures

April 7, 2023 by Arya Voronova 38 Comments

Information is diesel for a hacker’s engine, and it’s fascinating how much can happen when you share what you’re working on. It could be a pretty simple journey – say, you record a video showing you fixing your broken headphones, highlighting a particular trick that works well for you. Someone will see it as an entire collection of information – “if my headphones are broken, the process of fixing them looks like this, and these are the tools I might need”. For a newcomer, you might be leading them to an eye-opening discovery – “if my headphones are broken, it is possible to fix them”.

There’s a few hundred different ways that different hackers use for project information sharing – and my bet is that talking through them will help everyone involved share better and easier. Let’s start talking about pictures – perhaps, the most powerful tool in a hacker’s arsenal. I’ll tell you about all the picture-taking hacks and guidelines I’ve found, go into subjects like picture habits and simple tricks, and even tell you what makes Hackaday writers swoon!

To start with, here’s a picture of someone hotwiring a car. This one picture conveys an entire story, and a strong one.

Continue reading “Share Your Projects: Take Pictures” →

If They Fire The Nukes, Will They Even Work?

April 6, 2023 by Lewin Day 146 Comments

2022 was a harrowing year in a long line of harrowing years. A brutal war in Europe raised the prospect of nuclear war as the leaders behind the invasion rattled sabers and made thinly veiled threats to use weapons of mass destruction. And all this as we’re still working our way through the fallout of a global pandemic.

Those hot-headed threats raise an interesting question, however. Decades have passed since either Russia or the United States ran a live nuclear weapons test. Given that, would the nukes even work if they were fired in anger?

Continue reading “If They Fire The Nukes, Will They Even Work?” →