This Week In Security: Macstealer, 3CX Carnage, And Github’s Lost Key

There’s a naming overload here, as two bits of security news this week are using the “MacStealer” moniker. We’re first going to talk about the WiFi vulnerability, also known as Framing Frames (pdf). The WPA encryption schemes introduced pairwise encryption, ensuring that not even other authenticated users can sniff each others’ traffic. At least that’s the idea, but this attack finds a couple techniques to bypass that protection.

A bit more background, there are a couple ways that packets can be delayed at the sender side. One of those is the power-save message, that signals the access point that the given client is going into a low power state. “Hold my calls, I’m going to sleep.” That message is a single bit in a frame header. And notably, that bit isn’t covered by WPA encryption or verification. An attacker can send a message, spoof a victim’s MAC address, and the access point marks that client as being in power-save mode.

This observation leads to a question: What happens when the encryption details change between the packet joining the queue, and actually transmitting? Turns out, the specifications on WiFi encryption don’t spell it out, and some implementations do the last thing you’d want, like sending the packets in the clear. Whoops. This behavior was the case in the Linux kernel through version 5.5.0, but starting with 5.6.0, the buffered packets were simply dropped when the encryption key was unavailable. Continue reading “This Week In Security: Macstealer, 3CX Carnage, And Github’s Lost Key”

Jac Goudsmit and Ralf Porankiewicz at Supercon 2022

2022 Supercon: Jac And Ralf Explore The Secrets Of The Digital Compact Cassette

During the 1990s, music was almost invariably stored on CDs or cassette tapes. When the new millennium came around, physical formats became obsolete as music moved first to MP3 files, and later to network streams. But a few years before that big transition, there were several attempts at replacing the aging cassette and CD formats with something more modern. You might remember the likes of MiniDisc and Super Audio CD, but there were a few other contenders around.

The Digital Compact Cassette, or DCC, was one such format. Released by Philips in 1992 as a replacement for the analog audio cassette, it failed to gain traction in the market and disappeared before most people had even heard of it. Not so for [Jac Goudsmit] and [Ralf Porankiewicz] however, who have spent years researching all aspects of the DCC system and shared some of the results in their 2022 Supercon talk.

[Ralf] is the curator of the DCC Museum in Cathedral City, California, which owns examples of all DCC equipment ever released, as well as several devices that never made it to market. He also aims to document the history of audio recording and DCC’s contribution to it, which goes further than you might think. For example, the audio compression format used in the DCC system, called PASC, was an early version of what would later become MP3 – though most histories of audio compression ignore this fact.

[Jac], for his part, made an extensive study of all the technical features of the DCC format. He has written numerous articles about his findings, first in the DCC FAQ and later by maintaining the relevant Wikipedia articles. He is running several projects aimed at keeping the format alive, often in collaboration with the DCC Museum.

[Jac] and [Ralf] begin their talk with a brief introduction to the system and its media. DCC players were designed to be compatible with analog audio cassettes, so DCC cartridges are the same basic size, though with a different type of tape inside. Playback devices contain a complex set of magnetic heads to read either the analog signals from classic tapes, or the digital data stored on DCCs.

One unique feature of DCC is Interactive Text Transfer Service, or ITTS, which is a separate data area on the tape that can hold additional information like song lyrics or even simple animations. It was intended to be displayed on players that supported it, but no such devices were ever released. Luckily, [Jac] and [Ralf] managed to find a rare ITTS decoder system used in a tape mastering facility, and were able to reveal the contents of this “secret track”, which is present on all prerecorded tapes, for the first time.

User-recorded tapes never had any ITTS data, and differed from prerecorded ones in several other ways, too. The most obvious difference was that professionally-made tapes could be indexed by song title, while home-made ones could only jump to track numbers. [Jac] and [Ralf] are however working to enable all the professional features on home-made tapes as well, through a number of software and hardware projects.

The most basic software needed is an encoder and decoder for the PASC format, which [Jac] developed from existing MP1 sofware. But to explore some of the more obscure hardware features, he had to reverse-engineer several different DCC players. This led him to discover many interesting half-finished features: the ITTS data sector is one example, but he also found out that some players send ready-to-use VU meter data to their front panel, even though they are unable to display that information.

[Jac] was also one of the first people to buy the DCC-175 portable DCC player when it was released in 1995. This was the only DCC player ever sold with a computer interface, allowing direct transfer of digital audio between a computer and a DCC tape. The parallel port interface and its accompanying Windows 9x software are completely obsolete and unusable with modern PCs, so [Jac] is working on directly accessing the data from the DCC-175 through a custom cable. He’s making good progress: he already figured out the electrical interface and wrote some software that enables him to control the tape recorder directly.

We can’t help but be impressed by the amount of effort both [Jac] and [Ralf] have put into understanding and documenting all the intricacies of a long-obsolete audio format. Thanks to their efforts, we can still appreciate the impressive technology behind DCC – even if it never came close to replacing its analog cousin.

Continue reading “2022 Supercon: Jac And Ralf Explore The Secrets Of The Digital Compact Cassette”

Linux Fu: Gum Up Your Script

We often write quick bash scripts and judging by the comments, half of us use bash or a similar shell to pop out quick, useful scripts, and half of us think that’s an abomination, and you should only use bash for your command line and resort to something more like a traditional language to do anything else. If you’re in the former camp, you’re probably cursing your allegiance when you need to make your bash scripts more interactive.

Gum can help. It’s a utility that can handle your script input and output with a little flair while requiring almost no effort on your part.

The command looks simple, but it has twelve subcommands, each with myriad options. But you can break down the functions into a few simple categories. The input commands let you prompt for a line of input or a bunch of lines of input. You can also create a pick list or a yes/no type of prompt. There’s also a file picker and a filter, sort of like fzf.

Continue reading “Linux Fu: Gum Up Your Script”

The 2023 Hackaday Prize Is Ten, First Challenge Is Educational

If you were anywhere near Hackaday over the weekend, you certainly noticed that we launched the tenth annual Hackaday Prize! In celebration of the milestone, we picked from our favorite challenges of years past and came up with four of our favorite, and even one new one just to keep you on your toes. But the first challenge round is running right now, so get your hacking motors turning.

Re-engineering Education

The first challenge this year showcases educational projects, but broadly construed. Hackers tend to learn best by doing. In the Re-engineering Education challenge, we want you to help give others a chance to learn new skills. Whether you’re building a DIY radio kit, a breadboard-it-yourself computer, or even a demonstrator robot arm, if it helps pass on your hard-earned skills, we want you to enter it here.

It’s fresh on my mind because we were just playing with one this weekend, but [deshipu]’s Fluffbug robot project is a great inspiration for non-traditional education. What better way to discover the intricacies of four-legged walking machine gaits than to have one to play with on your desktop? It’s not going to take over the world, but if you can make it walk, you’ve learned something.

More obviously educational is [Joan Horvath]’s Hacker Calculus, an entry in last year’s Prize. The connections between a function’s height, and the area or volume that it integrates up to can be awfully abstract. Printing out 3D models of the resulting shapes can really help to bring the point home. Or maybe you could really drive home the speed of a comet in its orbit with a physical model? They’ve got you covered, but also ideas for generating your own plastic math toys.

When we think educational computer builds, the amazing reproduction of the WDC-1 “Working Digital Computer” by [Michael Gardi] springs instantly to mind, but perhaps it goes too far down the rabbit hole. Just another rung up on the complexity ladder gets you the Blinking Computer by [Tony Robinson]. Or if you want to figure out how an almost-commercial Z80 computer works from the ground up, consider the Baffa 2.

So what skills do you have that you want to teach other hackers? Can you embody that in a project?

All the Challenges

If you don’t have education in your sights, have a look at the rest of the 2023 Hackaday Prize Challenge rounds. We’re sure you’ll find something you like.

To enter, simply set up a project on Hackaday.io. When the challenge is running, you’ll be able to enter. Full rules over at the 2023 Hackaday Prize landing page.

Challenge Date The Details
Re-engineering Education March 25 – April 25 Educational projects of all stripes welcome. If the goal is to teach, enter it here.
Assistive Tech April 25 – May 30 The Assistive Tech challenge calls for projects that help people with disabilities to learn, work, move around, and simply live their lives to the fullest.
Green Hacks May 30 – July 4 Help reduce our impact on the planet. Do more with less, or help clean up the mess.
Gearing Up July 4 – August 8 Hackers build their own tools. What have you made that makes your making easier? Share it with us.
Wildcard August 8 – September 12 This is where anything goes. The wildcard challenge lets your projects speak for themselves.

Continue reading “The 2023 Hackaday Prize Is Ten, First Challenge Is Educational”

Hackaday Berlin Was Bonkers

In celebration of the tenth running of the Hackaday Prize, we had a fantastic weekend event in Berlin. This was a great opportunity for all of the European Hackaday community to get together for a few days of great talks, fun show-and-tells, and above all good old fashioned sitting together and brainstorming. Of course there was the badge, and the location – a gigantic hackerspace in Berlin called MotionLab – even had a monstrous laser-eye octopus suspended from a gantry overhead. Everyone who came brought something to share or to show. You couldn’t ask for more.

Unfortunately, we weren’t able to record the talks, so we’ll run down the highlights for you here. [Jenny List] is writing up a bunch of the badge hacks as we speak, so we’ll skip that for now. For the full experience, you just had to be there, but we’ll share with you what pictures we got. Enjoy!

Continue reading “Hackaday Berlin Was Bonkers”

Hackaday Links Column Banner

Hackaday Links: March 26, 2023

Sad news in the tech world this week as Intel co-founder Gordon Moore passed away in Hawaii at the age of 94. Along with Robert Noyce in 1968, Moore founded NM Electronics, the company that would later go on to become Intel Corporation and give the world the first commercially available microprocessor, the 4004, in 1971. The four-bit microprocessor would be joined a few years later by the 8008 and 8080, chips that paved the way for the PC revolution to come. Surprisingly, Moore was not an electrical engineer but a chemist, earning his Ph.D. from the California Institute of Technology in 1954 before his postdoctoral research at the prestigious Applied Physics Lab at Johns Hopkins. He briefly worked alongside Nobel laureate and transistor co-inventor William Shockley before jumping ship with Noyce and others to found Fairchild Semiconductor, which is where he made the observation that integrated circuit component density doubled roughly every two years. This calculation would go on to be known as “Moore’s Law.”

Continue reading “Hackaday Links: March 26, 2023”

Hackaday Podcast 211: Pocket Sundial, Origami Llama, PCB Spacemouse

This week, Editor-in-Chief Elliot Williams and Contributor Emeritus Kristina Panos chewed the fat about the coolest hacks of the previous week. But first, a bit of news — our Low Power Challenge fizzled out this week, and boy did we have a lot of entries at the last minute. We love to see it though, and we’re going to get judging ASAP.

Don’t forget, this weekend is Hackaday Berlin! Livestreaming for this one may be iffy, but we’ll have the talks up for you eventually, so don’t fret too much if you can’t make it in the flesh this time.

Kristina definitely got What’s That Sound this week, but her answer will of course be bleeped out. Then it’s on to the hacks, beginning with a 6-DoF controller that does everything in interesting ways and a printed shredder that eats like a goat. From there we cover bolt dispensers, coffee grinders with Bluetooth weighing, camera calibration, and a $50 pen plotter that’s definitely a hack. Finally, we discuss the virtues of physicality when it comes to SIM cards and recorded music.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in  the comments!

And/or download it and listen offline.

Continue reading “Hackaday Podcast 211: Pocket Sundial, Origami Llama, PCB Spacemouse”