This Week In Security: Triangulation, ProxyCommand, And Barracuda

December 29, 2023 by Jonathan Bennett 6 Comments

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Kaspersky, which just happens to be headquartered in Moscow, that’s exactly what we have today. The name Operation Triangulation was picked, based off part of the device fingerprinting code that rendered a yellow triangle on an HTML canvas.

The entire talk is available, given this week at the 37th Chaos Communication Congress, 37c3. The exploit starts with an iMessage attachment, delivered silently, that exploits an undocumented TrueType font instruction. Looking at the source code implies that it was a copy-paste error where a programmer didn’t quite get the logic right for a pointer calculation. That vulnerability gives a memory write primitive that pivots into code execution. What’s particularly interesting is that Apple silently fixed this bug January 2023, and didn’t make any public statements. Presumably there were an uptick of crash logs that pointed to this problem, but didn’t conclusively show attempted exploitation.

The exploits then moves to using NSExpression as a next stage. NSExpression is an ugly way to write code, but it does allow the exploit chain to get to the next stage, running JavaScript as an application, without Just In Time compilation. The JS payload is quite a beast, weighing in at 11,000 lines of obfuscated code. It manages to call native APIs directly from JS, which then sets up a kernel exploit. This is multiple integer overflow flaws that result in essentially arbitrary system memory reads and writes. Continue reading “This Week In Security: Triangulation, ProxyCommand, And Barracuda” →

Linux Fu: Preprocessing Beyond Code

December 28, 2023 by Al Williams 15 Comments

If you glanced at the title and thought, “I don’t care — I don’t write C code,” then hang on a minute. While it is true that C has a preprocessor and you can notoriously do strange and — depending on your point of view — horrible or wonderful things with it, there are actually other options and you don’t have to use any of them with a C program. You can actually use the C preprocessor with almost any kind of text file. And it’s not the only preprocessor you can abuse this way. For example, the m4 preprocessor is wildly complex, vastly underused, and can handle C source code or anything else you care to send to it.

Definitions

I’ll define a preprocessor as a program that transforms its input file into an output file, reacting to commands that are probably embedded in the file itself. Most often, that output is then sent to some other program to do the “real” work. That covers cpp, the C preprocessor. It also covers things like sed. Honestly, you can easily create custom preprocessors using C, awk, Python, Perl, or any other programming language. There are many other standard programs that you could think of as preprocessors, for example, tr. However, one of the most powerful is made to preprocess complex input files called m4. For some reason — maybe because of its complexity — you don’t see much m4 in the wild.

Continue reading “Linux Fu: Preprocessing Beyond Code” →

FLOSS Weekly Episode 763: Fedora Fixes Everything

December 27, 2023 by Jonathan Bennett 18 Comments

This week Jonathan Bennett and Dan Lynch talk once again with Neal Gompa of Fedora, CentOS, openSUSE and more. This time the focus is Fedora, with sprinklings of Immutable Linux, KDE 6, and the new Linux stack of Pipewire, Portals, and Wayland. Neal gives us a rundown of what exactly makes Fedora Atomic so interesting, and why you probably don’t want it running on your desktop. But in a computer lab, or on a public machine? Fedora Atomic might be exactly what you need.

Up next there’s Pipewire, the userspace sound server that replaces Pulseaudio and Jack. Should we think of Pipewire as Jack 3.0? And what’s the secret to getting really reliable low-latency performance for Pipewire in Fedora? It might not be what you expect.

There’s a popular rant online, that Wayland breaks everything. And for years, that’s been a relatively accurate statement, in that Wayland hasn’t been ready for prime-time. Fedora 40 has gone all in on the belief that Wayland’s time has come, with KDE and Gnome no longer having an X11 native option. It’s Wayland all the way. And as one that has run Rawhide, I can say that the future there is bright. Literally, if you have an HDR capable monitor.

Continue reading “FLOSS Weekly Episode 763: Fedora Fixes Everything” →

Beyond The Basics: Exploring More Exotic Scope Trigger Modes

December 27, 2023 by Al Williams 2 Comments

Last time, we looked at some powerful trigger modes found on many modern scopes, including the Rigol DHO900 series we used as an example. Those triggers were mostly digital or, at least, threshold-based. This time, we’ll look at some more advanced analog triggers as well as a powerful digital trigger that can catch setup and hold violations. You can find the Raspberry Pi code to create the test waveforms online.

In addition to software, you’ll need to add some simple components to generate the analog waveform. In particular, pin 21 of the Pi connects to 2uF capacitor through a 10K resistor. The other side of the capacitor connects to ground. In addition, pin 22 connects directly to the capacitor, bypassing the 10K resistor. This allows us to discharge the capacitor quickly. The exact values are not especially important.

Runt Triggers

A runt pulse is one that doesn’t have the same voltage magnitude as surrounding pulses. Sometimes, this is due to a bus contention, for example. Imagine if you have some square waves that go from 0 to 5V. But, every so often, one pulse doesn’t make it to 5V. Instead, it stops at 3V.

Continue reading “Beyond The Basics: Exploring More Exotic Scope Trigger Modes” →

Hackaday Links: December 24, 2023

December 24, 2023 by Dan Maloney 10 Comments

Back near the beginning of the current Solar Cycle 25, we penned an article on what the whole deal is with solar cycles, and what could potentially lie in store for us as the eleven-year cycle of sunspot population developed. Although it doesn’t really come across in the article, we remember being somewhat pessimistic about things, thinking that Solar Cycle 25 would be somewhat of a bust in terms of increased solar activity, given that the new cycle was occurring along with other, longer-period cycles that tend to decrease solar output. Well, looks like we couldn’t have gotten that more wrong if we tried, since the Sun lashed out with a class X solar flare last week that really lit things up. The outburst came from a specific sunspot, number 3514, and clocked in at X2.8, the most powerful flare since just before the end of the previous solar cycle. To put that into perspective, X-class flares have a peak X-ray flux of 10^-4 watts/m², which when you think about it is a lot of energy. The flare resulted in a strong radio blackout; pretty much everything below 30 MHz was unusable for a while.

Continue reading “Hackaday Links: December 24, 2023” →

Hardware: It’s Made Of Software!

December 23, 2023 by Elliot Williams 17 Comments

We had the opportunity to add a new feature to our lineup: the FLOSS Weekly podcast. It’s a very long running series that covers the goings on in the free, libre, and open-source software world. It’s been co-hosted by our own [Jonathan Bennett] for quite a while now, and when This Week in Tech announced that they wanted to cancel it, [Jonathan] asked if he could keep it running over here at Hackaday.

Hackaday is hardware, though. Why would we be hosting a podcast on open software? It’s no secret that a bunch of us are open-source software fans in general here at Hackaday, but take a quick inventory of the various open projects that you use to make and hack your hardware. We use open-source compilers, libraries, and flashing tools to handle the firmware we write on open-source text editors. Heck, half of the time we even program microcontrollers in the open-source MicroPython. We design PCBs in the open-source KiCAD, do CAD/CAM in FreeCAD, and don’t even get me started in the open-source software and firmware underlying the entire 3D printing ecology. Reverse engineering? Free software, from Wireshark straight through to Ghidra.

All of this is to say, that even while we’re making or breaking hardware, we’re using open-source software to do it. So, if you’re interested in peeking behind the curtain, give the FLOSS Weekly a listen.

Hackaday Podcast Episode 249: Data By Laser And Parachute, Bluetooth Hacks, Google’s Gotta Google

December 22, 2023 by Tom Nardi 6 Comments

‘Twas the podcast before Christmas, and all through the house, the best hacks of the week are dancing around Elliot and Tom’s heads like sugar-plums. Whatever that means.

I’d just like to interject for a moment. What you’re referring to as Christmas is, in fact, Happy/Holidays.

Before settling their brains in for a long winter’s nap, they’ll talk about the open source software podcast that now calls Hackaday home, the latest firmware developments for Google’s Stadia controller, high-definition cat videos from space, and upgrades for the surprisingly old-school battery tech that powers the Toyota Prius.

Out on the lawn, expect a clatter about the the state-of-the-art in DIY camera technology, the acoustic properties of hot chocolate, and a storage media from the 1990s that even Al Williams had never heard of.

Finally, after tearing open the shutters and throwing up the sash, the episode wraps up with a discussion about wiring techniques that let you leave the soldering iron at home, and the newest chapter in the long history of transferring data via parachute. Miniature sleigh and eight tiny reindeer sold separately.