This Week In Security: Putty Keys, Libarchive, And Palo Alto

April 19, 2024 by Jonathan Bennett 3 Comments

It may be time to rotate some keys. The venerable PuTTY was updated to 0.81 this week, and the major fix was a change to how ecdsa-sha2-nistp521 signatures are generated. The problem was reported on the oss-security mailing list, and it’s quite serious, though thankfully with a somewhat narrow coverage.

The PuTTY page on the vulnerability has the full details. To understand what’s going on, we need to briefly cover ECDSA, nonces, and elliptic curve crypto. All cryptography depends on one-way functions. In the case of RSA, it’s multiplying large primes together. The multiplication is easy, but given just the final result, it’s extremely difficult to find the two factors. DSA uses a similar problem, the discrete logarithm problem: raising a number to a given exponent, then doing modulo division.

Yet another cryptography primitive is the elliptic curve, which uses point multiplication as the one-way function. I’ve described it as a mathematical pinball, bouncing around inside the curve. It’s reasonably easy to compute the final point, but essentially impossible to trace the path back to the origin. Formally this is the Elliptic Curve Discrete Logarithm Problem, and it’s not considered to be quantum-resistant, either.

One of the complete schemes is ECDSA, which combines the DSA scheme with Elliptic Curves. Part of this calculation uses a nonce, denoted “k”, a number that is only used once. In ECDSA, k must be kept secret, and any repetition of different messages with the same nonce can lead to rapid exposure of the secret key.

And now we get to PuTTY, which was written for Windows back before that OS had any good cryptographic randomness routines. As we’ve already mentioned, re-use of k, the nonce, is disastrous for DSA. So, PuTTY did something clever, and took the private key and the contents of the message to be signed, hashed those values together using SHA-512, then used modulo division to reduce the bit-length to what was needed for the given k value. The problem is the 521-bit ECDSA, which takes a 521-bit k. That’s even shorter than the output of a SHA-512, so the resulting k value always started with nine 0 bits. Continue reading “This Week In Security: Putty Keys, Libarchive, And Palo Alto” →

Human-Interfacing Devices: HID Over I2C

April 17, 2024 by Arya Voronova 11 Comments

In the previous two HID articles, we talked about stealing HID descriptors, learned about a number of cool tools you can use for HID hacking on Linux, and created a touchscreen device. This time, let’s talk about an underappreciated HID standard, but one that you might be using right now as you’re reading this article – I2C-HID, or HID over I2C.

HID as a protocol can be tunneled over many different channels. If you’ve used a Bluetooth keyboard, for instance, you’ve used tunneled HID. For about ten years now, I2C-HID has been heavily present in laptop space, it was initially used in touchpads, later in touchscreens, and now also in sensor hubs. Yes, you can expose sensor data over HID, and if you have a clamshell (foldable) laptop, that’s how the rotation-determining accelerometer exposes its data to your OS.

This capacitive touchscreen controller is not I2C-HID, even though it is I2C. By [Raymond Spekking], CC-BY-SA 4.0

Not every I2C-connected input device is I2C-HID. For instance, if you’ve seen older tablets with I2C-connected touchscreens, don’t get your hopes up, as they likely don’t use HID – it’s just a complex-ish I2C device, with enough proprietary registers and commands to drive you crazy even if your logic analysis skills are on point. I2C-HID is nowhere near that, and it’s also way better than PS/2 we used before – an x86-only interface with limited capabilities, already almost extinct from even x86 boards, and further threatened in this increasingly RISCy world. I2C-HID is low-power, especially compared to USB, as capable as HID goes, compatible with existing HID software, and ubiquitous enough that you surely already have an I2C port available on your SBC.

In modern world of input devices, I2C-HID is spreading, and the coolest thing is that it’s standardized. The standardization means a lot of great things for us hackers. For one, unlike all of those I2C touchscreen controllers, HID-I2C devices are easier to reuse; as much as information on them might be lacking at the moment, that’s what we’re combating right now as we speak! If you are using a recent laptop, the touchpad is most likely I2C-HID. Today, let’s take a look at converting one of those touchpads to USB HID.

A Hackable Platform

Continue reading “Human-Interfacing Devices: HID Over I2C” →

Fail Of The Week: Can An Ultrasonic Cleaner Remove Bubbles From Resin?

April 16, 2024 by Donald Papp 23 Comments

[Wendy] asked a very good question. Could putting liquid resin into an ultrasonic cleaner help degas it? Would it help remove bubbles, resulting in a cleaner pour and nicer end product? What we love is that she tried it out and shared her results. She purchased an ultrasonic cleaner and proceeded to mix two batches of clear resin, giving one an ultrasonic treatment and leaving the other untouched as a control.

Sadly, the test piece had considerably *more* surface bubbles than the untreated control, as well as a slight discoloration.

The results were interesting and unexpected. Initially, the resin in the ultrasonic bath showed visible bubbles rising to the surface which seemed promising. Unfortunately, this did not lead to fewer bubbles in the end product.

[Wendy]’s measurements suggest that the main result of putting resin in an ultrasonic bath was an increase in its temperature. Overheating the resin appears to have led to increased off-gassing and bubble formation prior to and during curing, which made for poor end results. The untreated resin by contrast cured with better color and much higher clarity. If you would like to skip directly to the results of the two batches, it’s right here at 9:15 in.

Does this mean it’s a total dead end? Maybe, but even if the initial results weren’t promising, it’s a pretty interesting experiment and we’re delighted to see [Wendy] walk through it. Do you think there’s any way to use the ultrasonic cleaner in a better or different way? If so, let us know in the comments.

This isn’t the first time people have tried to degas epoxy resin by thinking outside the box. We’ve covered a very cheap method that offered surprising results, as well as a way use a modified paint tank in lieu of purpose-made hardware.

Linux Fu: Stupid Systemd Tricks

April 16, 2024 by Al Williams 15 Comments

Last time, I gave a whirlwind introduction to a very small slice of systemd. If you aren’t comfortable with systemd services, timers, and mounts, you might want to read that now. Otherwise, press on to see a few interesting uses for custom systemd units, including running a few things on a schedule and automatically mounting a Raspberry Pi Zero.

Can you do every one of these things in a different way? Of course you can. I’m not debating the relative merits of using or not using systemd. However, unless you totally control your own environment, good chance you are going to have to interact with systemd at some point.

Stupid Trick #1: Update Your IP Address

A few years ago, I talked about updating your remote DNS server with your public IP address. This lets you refer to a hostname like snoopy.hackaday.com and get back to your computer that often changes IP addresses. Sure, you can get services to do that for you, but you must either pay or agree to read ads on their site to keep your hostname going. This is all under your control. In the original post, I suggested using cron or NetworkManager to run the update script. I also hinted you could do it with systemd, but I didn’t tell you how. Let’s fix that.

Continue reading “Linux Fu: Stupid Systemd Tricks” →

Retrotechtacular: The Other Kind Of Fallout Show

April 16, 2024 by Dan Maloney 28 Comments

Thanks to the newly released Amazon Prime series, not to mention nearly 30 years as a wildly successful gaming franchise, Fallout is very much in the zeitgeist these days. But before all that, small-F fallout was on the minds of people living in countries on both sides of the Iron Curtain who would have to deal with the aftermath of a nuclear exchange.

“Uwaga! Pył promieniotwórczy“ (“Beware! Radioactive Dust”) is a 1965 Polish civil defense film from film studio Wytwórnia Filmów Oświatowych. While the Cold War turning hot was not likely to leave any corner of the planet unscathed, Poland was certainly destined to bear the early brunt of a nuclear exchange between the superpowers, and it was clear that the powers that be wanted to equip any surviving Polish people with the tools needed to deal with their sudden change in circumstances.

The film, narrated in Polish but with subtitles in English, seems mainly aimed at rural populations and is mercifully free of the details of both fallout formation and the potential effects of contact with radioactive dust, save for a couple of shots of what looks like a pretty mild case of cutaneous radiation syndrome.

Defense against fallout seems focused on not inhaling radioactive dust with either respirators or expedient facemasks, and keeping particles outside the house by wearing raincoats and boots, which can be easily cleaned with water. The fact that nowhere in the film is it mentioned that getting fallout on your clothes or in your lungs could be largely avoided by not going outside is telling; farmers really can’t keep things running from the basement.

A lot of time in this brief film is dedicated to preventing food and water from becoming contaminated, and cleaning it off if it does happen to get exposed. We thought the little tin enclosures over the wells were quite clever, as were the ways to transfer water from the well to the house without picking up any contamination. The pros and cons of different foods are covered too — basically, canned foods dobry, boxed foods zły. So, thumbs up for Cram, but you might want to skip the YumYum deviled eggs.

Dealing with the potential for a nuclear apocalypse is necessarily an unpleasant subject, and it’s easy to dismiss the advice of the filmmakers as quaint and outdated, or just an attempt to give the Polish people a sense of false hope. And that may well be, but then again, giving people solid, practical steps they can take will at least give them some agency, and that’s rarely a bad thing.

Continue reading “Retrotechtacular: The Other Kind Of Fallout Show” →

Logic Analyzers: Decoding And Monitoring

April 15, 2024 by Arya Voronova 7 Comments

Last time, we looked into using a logic analyzer to decode SPI signals of LCD displays, which can help us reuse LCD screens from proprietary systems, or port LCD driver code from one platform to another! If you are to do that, however, you might find a bottleneck – typically, you need to capture a whole bunch of data and then go through it, comparing bytes one by one, which is quite slow. If you have tinkered with Pulseview, you probably have already found an option to export decoded data – all you need to do is right-click on the decoder output and you’ll be presented with a bunch of options to export it. Here’s what you will find:

2521888-2521888 I²C: Address/data: Start 2521896-2521947 I²C: Address/data: Address write: 22 2521947-2521954 I²C: Address/data: Write 2521955-2521962 I²C: Address/data: ACK 2521962-2522020 I²C: Address/data: Data write: 01 2522021-2522028 I²C: Address/data: ACK 2522030-2522030 I²C: Address/data: Start repeat 2522038-2522089 I²C: Address/data: Address read: 22 2522089-2522096 I²C: Address/data: Read 2522096-2522103 I²C: Address/data: ACK 2522104-2522162 I²C: Address/data: Data read: 91 2522162-2522169 I²C: Address/data: NACK 2522172-2522172 I²C: Address/data: Stop

Whether on the screen or in an exported file, the decoder output is not terribly readable – depending on the kind of interface you’re sniffing, be it I2C, UART or SPI, you will get five to ten lines of decoder output for every byte transferred. If you’re getting large amounts of data from your logic analyzer and you want to actually understand what’s happening, this quickly will become a problem – not to mention that scrolling through the Pulseview window is not a comfortable experience.

The above output could look like this: 0x22: read 0x01 ( DEV_ID) = 0x91 (0b10010001). Yet, it doesn’t, and I want to show you how to correct this injustice. Today, we supercharge Pulseview with a few external scripts, and I’ll show you how to transfer large amounts of Sigrok decoder output data into beautiful human-readable transaction printouts. While we’re at it, let’s also check out commandline sigrok, avoiding the Pulseview UI altogether – with sigrok-cli, you can easily create a lightweight program that runs in the background and saves all captured data into a text file, or shows it on a screen in realtime! Continue reading “Logic Analyzers: Decoding And Monitoring” →

Hackaday Links: April 14, 2024

April 14, 2024 by Dan Maloney 10 Comments

The Great American Eclipse v2.0 has come and gone, sadly without our traveling to the path of totality as planned; family stuff. We did get a report from friends in Texas that it was just as spectacular there as expected, with the bonus of seeing a solar flare off the southwest limb of the disk at totality. Many people reported seeing the same thing, which makes us a bit jealous — OK, a lot jealous. Of course, this presented an opportunity to the “Well, ackchyually” crowd to point out that there were no solar flares or coronal mass ejections at the time, so what people saw wasn’t an exquisitely timed and well-positioned solar flare but rather a well-timed and exquisitely positioned solar prominence. Glad we cleared that up. Either way, people in the path of totality saw the Sun belching out gigatons of plasma while we had to settle for 27% totality.

Continue reading “Hackaday Links: April 14, 2024” →