This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
This week, Jonathan Bennett and Rob Campbell talk with Alistair Woodman about FRRouting, the Internet routing suite that helps make all this possible. But also business, and how an open source project turns the corner into a successful way to support programmers.
Continue reading “FLOSS Weekly Episode 814: The Banksy Situation”
A bit ago, I’ve told you about how the Sony Vaio motherboard replacement started, and all the tricks I used to make it succeed on the first try. How do you plan out the board, what are good things to keep in mind while you’re sourcing parts, and how do you ensure you finish the design? This time, I want to tell you my insights about what it takes for your new board revision to stay on your desk until completion, whether it’s helping it not burn up, or making sure the bringup process is doable.
Power was generally comfortable to design, but I did have to keep some power budgets in mind. A good exercise for safeguarding your regulators is keeping a .txt file where you log consumers and their expected current consumption on each board power rail, making sure all of your power regulators, connectors, and tracks, can handle quite a bit more than that current. Guideline: increase current by 20%-50% when figuring out the specs for switching regulators and inductors, and, multiply by 10-20% when figuring out conversion losses going between downstream and upstream rails.
I did have a blunder in this department – not accounting for track current early on enough. I laid out the board using 0.5mm wide tracks for power – it looked spacious enough. Then, I put “0.5mm” into a track current calculator and saw a harrowing temperature increase for the currents I was expecting. At that point in routing, it took some time to shift tracks around to accomodate the trace width I actually needed, which is to say, I should’ve calculated it all way way earlier. Thankfully, things went well in the end.
This is Crater75, an almost completely from-scratch row-staggered wireless split board that [United_Parfait_6383] has been working on for a few months. Everything but the keycaps and switches is DIY.
I’m not sure what’s going on internally, but the two sides connect with magnets, and either side’s USB-C can be used to charge the board. Both sides have a 2100 mAh Li-Po battery, and the average current of the OLED displays is low enough that the board can run for months on a single charge.
The switches are Gateron low-profiles and are wearing keycaps recycled from a Keychron, which add to the professional finish. Speaking of, the enclosures were manufactured by JLC3DP using the Nylon Multi-Jet Fusion process, but [United_Parfait_6383] says the left side feels too light, so the next revision will likely be CNC’d aluminium. Be sure to check out this short video of Crater75 in action.
Continue reading “Keebin’ With Kristina: The One With The Copycat Keyboard”
We’re covering two weeks of news today, which is handy, because the week between Christmas and New Years is always a bit slow.
And up first is the inevitable problem with digital license plates. Unless very carefully designed to be bulletproof, they can be jailbroken, and the displayed number can be changed. And the Reviver plates were definitely not bulletproof, exposing a physical programming port on the back of the plate. While it’s not explicitly stated, we’re guessing that’s a JTAG port, given that the issue is considered unpatchable, and the port allows overwriting the firmware. That sort of attack can be hardened against with signed firmware, and using an MCU that enforces it.
This does invite comparisons to the James Bond revolving license plate — and that comparison does put the issue into context. It’s always been possible to swap license plates. If someone really wants to cause mischief, traditional plates can be stolen, or even faked. What a digital plate adds to the equation is the ability to switch plate numbers on the fly, without stopping or turning a screwdriver. Regardless, this seems like it will be an ongoing problem, as so many manufacturers struggle to create secure hardware.
There’s a clever attack, that uses Microsoft’s Remote Desktop Protocol (RDP), to give away way too much control over a desktop. That’s accomplished by sending the target a .rdp file that shares local resources like the clipboard, filesystem, and more. What’s new is that it seems this theoretical attack has now shown up in the wild.
The attack campaign has been attributed to APT29, CozyBear, a threat actor believed to be associated with Russia’s Foreign Intelligence Service. This attribution tracks with the victims of choice, like government, research, and Ukrainian targets in particular. To escape detection, the malicious RDP endpoints are set up behind RDP proxies, running on services like AWS. The proxies and endpoints are accessed through TOR and other anonymous proxies. The .rdp files were spread via spear-phishing emails sent through compromised mail servers. The big push, with about 200 targets, was triggered on October 22nd. Researchers at TrendMicro believe this was the end of a targeted campaign. The idea being that at the end of the campaign, it no longer matters if the infrastructure and methods get discovered, so aim for maximum impact.
Here we learn that while McDonald’s USA dosn’t have a bug bounty program, McDonald’s India does — and that’s why researcher [Eaton Zveare] looked there. And found a series of Broken Object Level Authorization (BOLA) bugs. That’s a new term to this column, but a concept we’ve talked about before. BOLA vulnerabilities happen when a service validates a user’s authentication token, but doesn’t properly check that the user is authorized to access the specific resources requested.
In the McDonald’s case, any user of the web app is issued a guest JWT token, and that token is then valid to access any Order ID in the system. That allows some interesting fun, like leaving reviews on other users’ orders, accessing delivery maps, and getting copies of receipts. But things got really interesting when creating an account, and then ordering food. A hidden, incomplete password login page allowed breaking the normal user verification flow, and creating an account. Then after food is added to the cart, the cart can be updated to have a total price of a single rupee, about the value of a penny.
This research earned [Eaton] a $240 Amazon gift card, which seems a little stingy, but the intent behind the gesture is appreciated. The fixes landed just over 2 months after reported, and while [Eaton] notes that this is slower than some companies, it’s significantly faster than some of the less responsive vendors that we’ve seen.
The US Government has recently begun discussing a plan to ban TP-Link device purchases in the United States. The reported reason is that TP-Link devices have shipped with security problems. One notable example is a botnet that Microsoft has been tracking, that primarily consists of TP-Link devices.
This explanation rings rather hollow, particularly given the consistent security failings from multiple vendors that we’ve covered on this very column over the years. Where it begins to make more sense is when considered in light of the Chinese policy that all new vulnerabilities must first be reported to the Chinese government, and only then can fixes be rolled out. It suggests that the US Commerce Department suspects that TP-Link is still following this policy, even though it’s technically now a US company.
I’m no stranger to hacking TP-Link devices. Many years ago I wrote a simple attack to put the HTTPD daemon on TP-Link routers into debug mode, by setting the wifi network name. Because the name was used to build a command run with bash, it was possible to do command injection, build a script in the device’s /tmp space, and then execute that script. Getting to debug mode allowed upgrading to OpenWRT on the device. And that just happens to be my advice for anyone still using TP-Link hardware: install OpenWRT on it.
We have two separate instances of malware campaigns directly targeting developers. The first is malicious VSCode extensions being uploaded to the marketplace. These fakes are really compelling, too, with lots of installs, reviews, and links back to the real pages. These packages seem to be droppers for malware payloads, and seem to be targeting cryptocurrency users.
If malware in your VSCode extensions isn’t bad enough, OtterCookie is a campaign believed to come from North Korea, spreading via fake job interviews. The interview asks a candidate to run a Node.js project, or install an npm package as part of prep. Those are malicious packages, and data stealers are deployed upon launch. Stay frosty, even on the job hunt.
PHP has evolved over the years, but there are still a few quirks that might trip you up. One of the dangerous ones is tied up in $_SERVER['argv'], a quick way to test if PHP is being run from the command line, or on a server. Except, that relies on register_argc_argv set to off, otherwise query strings are enough to fool a naive application into thinking it’s running on the command line. And that’s exactly the footgun that caught Craft CMS with CVE-2024-56145.
Australia may know something we don’t, setting 2030 as the target for retiring cryptography primitives that aren’t quantum resistant. That’s RSA, Elliptic-curve, and even SHA-256. It’s a bit impractical to think that those algorithms will be completely phased out by then, but it’s an interesting development to watch.
Fuzzing is a deep subject, and the discovery of 29 new vulnerabilities found in GStreamer is evidence that there’s still plenty to discover. This wasn’t coverage-guided fuzzing, where the fuzzer mutates the fuzzing input to maximize. Instead, this work uses a custom corpus generator, where the generator is aware of how valid MP4 files are structured.
When ships moved from muscle- and wind power to burning coal and other fossil fuels for their propulsion, they also became significantly faster and larger. Today’s cargo ships and ferries have become the backbone of modern civilization, along with a range of boat types. Even though tugs and smaller pleasure vessels are a far cry from a multi-thousand ton cargo or cruise ship, one would be hard-pressed to convert these boats back to a pure muscle or wind-based version. In short, we won’t be going back to the Age of Sail, but at the same time the fossil fuel-burning engines in these boats and ship come with their own range of issues.
Even if factors like pollution and carbon emissions are not something which keep you up at night, fuel costs just might, with these and efficiency regulations increasing year over year. Taking a page from alternative propulsions with cars and trucks, the maritime industry has been considering a range of replacements for diesel and steam engines. Here battery-electric propulsion is somewhat of an odd duck, as it does not carry its own fuel and instead requires on-shore recharging stations. Yet if battery-electric vehicles (BEVs) can be made to work on land with accompanying low ‘refueling’ costs, why not ships and boats?
A recent study by Lawrence Berkeley National Laboratory (LBNL) researchers Hee Seung Moon et al. as published in Nature Energy claims that a significant part of US maritime traffic can be electrified this way. Yet as a theoretical model, how close does it hit to the harsh realities imposed by this physical world which we live in?
Continue reading “Battery-Electric Ships: Coming Soon To A Harbor Near You?”
To celebrate the twentieth anniversary of their Trinitron line of televisions, Sony launched the KX-45ED1. At forty three inches the screen on this particular model made it the largest tube television in the world, and it came with the kind of price tag that if you need to ask…you can’t afford it (likely around $100,000 USD today). Three decades later, only two of these mythical displays were thought to exist and [shank] chronicled his quest to acquire one of the last remaining “Big Boys” in the mini documentary below.
As it turns out, one of these gigantic tube televisions was located on the second floor of a restaurant in Japan still sitting in the same place it was installed in 1989. It hadn’t moved in the intervening decades, because the television and its specialized support stand weighed over 500 pounds. Having an object that heavy physically moved down a flight of stairs would seem to be the most formidable challenge for most, but compounding the issue for [shank] was that the building housing this colossal CRT was set to be permanently closed in less than a week.
With next to no time to arrange an international flight, [shank] utilized the power of internet to ask for help from anyone currently living near the “Big Boy” CRT’s soon-to-be final resting place. It just so happened that a fellow retro tech enthusiast based in Japan saw the post, and traveled over an hour by train at a moment’s notice to aid [shank]. The heartwarming story of total strangers united by a common interest of preserving a rare piece of tech history is certainly worth a watch. Let alone the goofy size comparison footage of the smallest CRT display sitting on top of the biggest one.
Continue reading “Retrotechtacular: Quest For The “Big Boy” CRT Finds New Home In Mini Doc”
One of the most annoying things about keyboard and mouse input has got to be the need to constantly switch between the two. Ever wish there was a single solution that combined them with elegance? Then you should definitely check out [lemosbor]’s Lapa keyboard, where the right half includes a mouse sensor.
Let me just say that I love the look of this keyboard, and I don’t normally like black and brown together. But that oak — that oak is classy, and it looks good with the resin-and-varnish case. If you can handle a 36-key board — I myself cannot — then this would probably be a game changer. There are even slots for your palms to breathe.
Unfortunately it’s not open source, but a girl can dream, right? In the reddit post, [lemosbor] says that they would be interested in selling the next version, provided it’s the final one.
Continue reading “Keebin’ With Kristina: The One With The Keyboard-Mouse”
