In today’s installment of Betteridge’s law enforcement, here’s an evil USB-C dock proof-of-concept by [Lachlan Davidson] from [Aura Division]. We’ve seen malicious USB devices aplenty, from cables and chargers to flash drives and even suspicious USB fans. But a dock, however, is new. The gist is simple — you take a stock dock, find a Pi Zero W and wire it up to a USB 2.0 port tapped somewhere inside the dock. Finding a Pi Zero is unquestionably the hardest part in this endeavor — on the software side, everything is ready for you, just flash an SD card with a pre-cooked malicious image and go!
On the surface level, this might seem like a cookie-cutter malicious USB attack. However, there’s a non-technical element to it; USB-C docks are becoming more and more popular, and with the unique level of convenience they provide, the “plug it in” temptation is much higher than with other devices. For instance, in shared workspaces, having a USB-C cable with charging and sometimes even a second monitor is becoming a norm. If you use USB-C day-to-day, the convenience of just plugging a USB-C cable into your laptop becomes too good to pass up on.
This hack doesn’t exactly use any USB-C specific technical features, like Power Delivery (PD) – it’s more about exploiting the convenience factor of USB-C that incentivizes you to plug a USB-C cable in, amplifying an old attack. Now, BadUSB with its keystroke injection is no longer the limit — with a Thunderbolt-capable USB-C dock, you can connect a PCIe device to it internally and even get access to a laptop’s RAM contents. Of course, fearing USB-C cables is not a viable approach, so perhaps it’s time for us to start protecting from BadUSB attacks on the software side.
Six degrees of freedom (6DoF) controllers are used for manipulating an object in a CAD or 3d modeling program and are often called spacemice. You can twist it, push it, and even bop it. Most work with optical encoders, shining an LED through a slit to some form of photodetector on the other side. [Matthew Schubert] wanted to make his own spacemouse, but had some new ideas of how to go about it. His two-part project, dubbed haptic, focuses on measuring the forces, not the displacement.
He decided to try thick-film resistors as strain gauges and revisit load cells and proper strain gauges later. The actual structure quickly converged on the Stewart Platform, formed from three custom PCBs. A base to sit on, a knob for the top, and a middle board designed to take the strain with SMD resistors. A Teensy 3.2 talks to the ADS131M06 ADC and streams 4k samples per second to the host computer via serial. For prototyping, the calculations were done on the PC. Continue reading “Haptick: The Strain Gauge Based 6DoF Controller”→
The work-from-home revolution enabled many workers to break free from the shackles of the office. Some employers didn’t like the loss of perceived control though, and saddled workers with all kinds of odious spyware to monitor their computer activity. Often, this involves monitoring mouse movement to determine if workers are slacking off or not. Mouse jigglers aim to fool these systems, and the MAUS from [MAKERSUN99] is one you can build yourself.
The MAUS is not a mechanical system that moves a real-life mouse on your desk. Instead, it directly injects emulated mouse movements via USB. It runs on an ATtiny85, which is able to spit out USB HID commands with the help of the V-USB software USB implementation. Along with the microcontroller, MAUS also features a red LED and a WS2812B RGB LED for user feedback. It’s also available on Tindie if your boss has you so busy that you don’t have time to build one.
When thinking about a perfect keyboard, some of us have a veritable laundry list: split, hot-swapping, wireless, 3d printed, encoders, and a custom layout. The Aloidia keyboard by [Nguyen Vincent] has all that and more.
One of the first things to notice is a row of solar panels on the top, which trickle charge the keyboard. The keyboard uses 65uA in idle and 30uA when in a deep sleep. With the solar panels providing anywhere between 600-1200uAh a day, the battery should last a year and a half under even harsh conditions. The encoders were specially chosen to reduce pull-up power consumption. Given the focus on power and the lack of wires between the halves, you might wonder how the connection to the computer is handled. Does one-half handle the connection and use more power? The answer is that both talk to a dongle based around an nRF52840. This lets the keyboard halves idle most of the time and enables the dongle to handle the expensive communications to the host PC.
Instead of an e-paper screen in the top left, [Nguyen] placed a Sharp memory display. The 3D-printed case is stunning, with no visible screws on the top and tenting feet on the bottom. The two halves snap together very satisfactorily with the power of magnets (the printed palm rests also magnetically attach). Overall it is an incredibly well-thought-out keyboard with all sorts of bells and whistles.
Thumbs Up! comes in both monoblock and full split versions, but both are designed for Kailh chocs. Fans of the Kinesis Advantage will dig the key wells and possibly the thumb cluster, which in this case is raised up a bit from the mainlands. I’m pretty fond of the naked PCB approach to keyboard building, especially when they’re stacked and look as good as these do.
While the full split only comes in RP2040 (not that there’s anything wrong with that), the monoblock split is available in Pro Micro, ATmega Mini, and RP2040 versions. You can find the STL for the tilt stand and other goodies on Thingiverse.
The first mice simply transferred the rotation of the ball through rollers to switches or optical sensors which passed pulse trains to the host computer. From the relative phase of these pulse trains the computer could work out what direction the mouse was going, as well as how far it had moved through counting the pulses. Since this was the simplest mouse interface, many of the 16-bit era machines used these signals. The PC meanwhile lacked such a port, so companies such as Microsoft had to place a microcontroller in the mouse to do the position sensing, and send the result over a serial interface. This evolved over time into the USB HID mouse interface you are probably using today.
Unfortunately for owners of quadrature mouse driven machines, real quadrature mice are a little thin on the ground these days, thus the adapter is a seriously useful device. At its heart is an STM32 microcontroller, and it’s been through a few updates and now supports mouse wheels. Your Amiga has been waiting for this!
Repetitive strain injuries (RSI) can be a real pain. You’ve got a shiny new laptop, and everything’s going smoothly, but suddenly you can’t use it without agonizing (as in typing-speed reducing) pain caused by years of keyboard bashing or just plain bad posture. All of us hacker types will likely have or will experience this at some point, and luckily there are many potential solutions.
[Zihao Wang] writes to show us kseqi, another chord-like textual input method, with a focus on the input sequences, as opposed to any particular mechanical arrangement of keys. The idea is to make use of two sets of independent inputs, where the sequence of actuation codes for the keystrokes to be emitted into the application.
An example interface would be to arrange two sets of five keys as the input mechanism. One can arrange characters in a matrix. The left key is pressed and held first which selects a column (1 out of 5) then the right key is pressed to select a row, and thus a character. Next, you release in the same order, left, then right, to send the character.
Swapping left and right allows a different set of characters. In this simple scheme, fifty characters can be coded. Check out this web assembly demo for how this operates. Swapping out the physical inputs for a pair of joysticks is another option, which may be better for some folks with specific physical difficulties, or maybe because it just looks fun. As [Zihao] mentions in the write-up, the sequence order can be changed to code for other character sets, so this simple scheme can handle many more character codings than this simple example. All you have to do is remember them. Interested parties may want also wish to dig into the kseqi Rust crate for information.