Logic Analyzers: Capabilities And Limitations

September 12, 2023 by Arya Voronova 12 Comments

Last time, we’ve used a logic analyzer to investigate the ID_SD and ID_SC pins on a Raspberry Pi, which turned out to be regular I2C, and then we hacked hotplug into the Raspberry Pi camera code with an external MCU. Such an exercise makes logic analyzers look easy, and that’s because they are! If you have a logic analyzer, you’ll find that a whole bunch of hacks become available to you.

In this article, let’s figure out places where you can use a logic analyzer, and places where you can’t. We’ll start with the first limitation of logic analyzers – capture speed. For instance, here’s a cool thing you can buy on Aliexpress – a wristband from TTGO that looks like a usual fitness tracker, but has an ESP32 in it, together with an IMU, an RTC, and an IPS screen! The seller also has an FFC-connectable devboard for programming this wristband over UART, plus vibromotor and heartrate sensor expansion modules.

You can run C, MicroPython, Rust, JavaScript, or whatever else – just remember to bring your own power saving, because the battery is super small. I intended to run MicroPython on it, however, and have stumbled upon a problem – the ST7735-controller display just wouldn’t work with the st7735.py library I found; my image would be misaligned and inverted.

The specifications didn’t provide much other than “ST7735, 80×160”. Recap – the original code uses an Arduino (C++) ST7735 library and works well, and we have a MicroPython ST7735 library that doesn’t. In addition to that, I was having trouble getting a generic Arduino ST7735 library to work, too. Usually, such a problem is caused by the initialization commands being slightly different, and the reason for that is simple – ST7735 is just the name of the controller IC used on the LCD panel.

Each display in existence has specifics that go beyond the controller – the pixels of the panel could be wired up to the controller in a bunch of different ways, with varying offsets and connection types, and the panel might need different LCD charge pump requirements – say, depending on the panel’s properties, you might need to write 0x10 into a certain register of the ST7735, or you will need 0x40. Get one or more of these registers wrong, and you’ll end up with a misaligned image on your display at best, or no output at worst. Continue reading “Logic Analyzers: Capabilities And Limitations” →

An array of 2D barcodes stored on a ceramic medium. Each 2D barcode is 25 micrometers wide.

Cerabyte: One Terabyte Per Square Centimeter

September 8, 2023 by Julian Scheffers 45 Comments

Most of us will at one point have run out of storage and either had to buy a larger driver or delete some of those precious files. This problem can happen to data centers, too, with the ever-increasing amount of data stored on servers across the world. [Cerabyte] aims to fix this, with their ceramic-based media promising 1 TB/cm² of areal density.

To put into perspective just how much better this density is, we can compare it against SSDs and hard drives. At the time of writing, the densest SSD (NAND flash storage) is claimed to be 0.1825 TB/cm² and the densest hard drive is claimed to be 0.1705 TB/cm², which means 5.48 times and 5.87 times more dense respectively. The density improvement doesn’t end there — both an SSD and a single HDD platter might be a couple millimeters tall, while a [Cerabyte] layer claims to be merely 50 atoms tall.

[Cerabyte] aims to create 10 PB (10,000 TB) and later 1 EB (1,000,000 TB) racks with their technology, a feat difficult to achieve with mere hard drives. The ceramic-based media is written to using lasers and read from with a microscope, though throughput is limited to a “mere” 1 GB/s, which means filling that one rack could take as long as 110 days. Despite the relatively slow access times, we think this new storage technology is impressive, assuming [Cerabyte] succeeds.

Do you need so much storage that even [Cerabyte] can’t satisfy your needs? Simply use YouTube as infinite storage!

Will RadioShack Return?

September 8, 2023 by Al Williams 145 Comments

We suspect that if you want to write a blockbuster movie or novel, the wrong approach is to go to a studio or publisher and say, “I have this totally new idea that is like nothing you’ve ever seen before…” Even Star Trek was pitched to the network as “Wagon Train to the stars.” People with big money tend to want to bet on things that have succeeded before, which is why so many movies are either remakes or Star Trek XXII: The Search for 4 PM Dinner Specials. Maybe that’s what the El Salvador-based Unicomer Group had in mind when they bought one of our favorite brands, RadioShack. They are reportedly planning a major comeback for the beleaguered brand both online and in the physical world.

In all fairness, the Shack may be better in our memories than in our realities. It was handy to stop off and pick up a coax connector, even if it cost three times the going rate for one. There was a time when RadioShack offered reasonable parts for projects, and it seems like near the end, they tried to hit that target again, but for many years, you could not find the typical parts for a modern project there anyway. However, Unicomer isn’t just a random group of investors.

Continue reading “Will RadioShack Return?” →

This Week In Security: LastPass Shoe Drops, Keys Lost, And Train Whistles Attack

September 8, 2023 by Jonathan Bennett 8 Comments

There has been a rash of cryptocurrency thefts targeting some unexpected victims. Over $35 million has been drained from just over 150 individuals, and the list reads like a who’s-who of the least likely to fall for the normal crypto scams. There is a pattern that has been noticed, that almost all of them had a seed phrase stored in LastPass this past November when the entire LastPass database was breached.

The bulletproof security of the LastPass system depends in part on the rate limiting of authenticating with the LastPass web service. Additionally, accounts created before security improvements in 2018 may have had master passwords shorter than 12 characters, and the hash iterations on those accounts may have been set distressingly low. Since attackers have had unrestricted access to the database, they’ve been able to run offline attacks against accounts with very low iterations, and apparently that approach has been successful.

Microsoft’s Signing Key

You may remember a story from a couple months ago, where Microsoft found the Chinese threat group, Storm-0558, forging authentication tokens using a stolen signing key. There was a big open question at that point, as to how exactly an outside group managed to access such a signing key.

This week we finally get the answer. A crash log from 2021 unintentionally included the key, and Microsoft’s automated redaction system didn’t catch it. That crash dump was brought into development systems, and an engineer’s account was later accessed by Storm-0558. That key should not have worked for enterprise accounts, but a bug in a Microsoft key validation allowed the consumer systems key to work for enterprise accounts. Those issues have been fixed, but after quite a wild ride. Continue reading “This Week In Security: LastPass Shoe Drops, Keys Lost, And Train Whistles Attack” →

Labor Day BBQs May Feature NYPD

September 1, 2023 by Kristina Panos 53 Comments

Planning to host a large backyard wingding in the NYC metro area this weekend? Be sure to watch the skies for uninvited guests. That’s right, the NYPD are deploying drones over “large” Labor Day events and yes, even private barbecues. The strategy was announced during a briefing about J’ouvert — that’s a yearly Caribbean festival that marks the end of slavery. It generally brings crowds of thousands and draws a strong police presence to Brooklyn.

While this particular invasion may come as a bit of a shock, this certainly isn’t the first time the NYPD has deployed drones in the name of public safety or in response to emergencies. Data shows they have used them 124 times this year, which is up a staggering 31 times from the four events in 2022.

As you may have guessed, this has invited backlash from privacy and civil liberties advocates. One pointed out that this action “flies in the face of the POST Act,” a city law that requires the NYPD to provide transparency about their various surveillance tactics. The advocates cite the fact that regulations have not kept up with the proliferation of technology.

No matter what happens in the future with regulations, the NYPD can always crash large parties the old fashioned way. Usually, the neighbors will complain at some point, unless they were all invited.

Photo via Unsplash.

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

September 1, 2023 by Jonathan Bennett 6 Comments

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned this a 9.8. There’s no way you can squint at this bug hard enough to legitimately rank it that severe. At the time of writing, the NVD lists this as “UNDERGOING REANALYSIS”.
Continue reading “This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack” →

The McDonald’s Ice Cream Machine Saga And Calls For Right To Repair

August 30, 2023 by Maya Posch 45 Comments

The inside of a Taylor C709 ice cream machine, as seen from the back with the cover on the electronics removed. (Credit: iFixit) — The inside of a Taylor C709 ice cream machine, as seen from the back with the cover over the electronics removed. (Credit: iFixit)

Raising a likely somewhat contentious topic, iFixit and Public Knowledge have challenged the manufacturer behind McDonald’s ice cream machines to make them easy to diagnose and repair. This is a subject that’s probably familiar to anyone who is vaguely familiar with US news and the importance of ice cream at McDonald’s locations to the point that a live tracker was set up so that furtive customers can catch a glimpse at said tracker before finding themselves staring in dismay at an ‘Out of Order’ sign on one of these Taylor ice cream machines.

The story is more complex than just a machine being “broken”, however. The maintenance contracts are lucrative, the instruction manual is long, and the error codes are cryptic. When you add to that the complexity of cleaning and maintaining the machines, it’s tempting to just claim the machine is out of order. These Taylor machines (the C602 and the C709 from the iFixit video) are a bit more complex than your usual ice cream maker in that they also have a pasteurization element that’s supposed to keep already poured mix safe to use the next day.

Continue reading “The McDonald’s Ice Cream Machine Saga And Calls For Right To Repair” →