USB HID And Run Exposes Yet Another BadUSB Surface

April 4, 2024 by Arya Voronova 19 Comments

You might think you understand the concept of BadUSB attacks and know how to defend it, because all you’ve seen is opening a terminal window. Turns out there’s still more attack surface to cover, as [piraija] tells us in their USB-HID-and-run publication. If your system doesn’t do scrupulous HID device filtering, you might just be vulnerable to a kind of BadUSB attack you haven’t seen yet, rumoured to have been the pathway a few ATMs got hacked – simply closing the usual BadUSB routes won’t do.

The culprit is the Consumer Control specification – an obscure part of HID standard that defines media buttons, specifically, the “launch browser” and “open calculator” kinds of buttons you see on some keyboards, that operating systems, surprisingly, tend to support. If the underlying OS you’re using for kiosk purposes isn’t configured to ignore these buttons, they provide any attacker with unexpected pathways to bypass your kiosk environment, and it works astonishingly well.

[piraija] tells us that this attack provides us with plenty of opportunities, having tested it on a number of devices in the wild. For your own tests, the writeup has Arduino example code you can upload onto any USB-enabled microcontroller, and for better equipped hackers out there, we’re even getting a Flipper Zero application you can employ instead. While we’ve seen some doubts that USB devices can be a proper attack vector, modern operating systems are more complex and bloated than even meets the eye, often for hardly any reason – for example, if you’re on Windows 10 or 11, press Ctrl+Shift+Alt+Win+L and behold. And, of course, you can make a hostile USB implant small enough that you can build them into a charger or a USB-C dock.

USB image: Inductiveload, Public domain.

3D Navigator For Blender

April 4, 2024 by Al Williams 14 Comments

If you work with high-end CAD workstations, you may have encountered a SpaceMouse or similar devices. Sort of a mouse with an extra dimension, they aren’t cheap. So [meisterodin1981] decided to build a do-it-yourself version for use with Blender. You can check it out in the video below.

The device uses an MPU6050 accelerometer and a spring. It also has some buttons for special features. The device uses a Teensy 2, although any controller that can provide an HID device could probably do the job. Of course, a nice 3D printed case is part of the design. A printed pair of plates holds a 3D printer bed spring to provide the device’s Z-axis movement. The wires to the encoder are routed through the center of the spring, so neatness counts.

We’ve seen other 3D mice like the Orbion. Your other option is to pick up the old-fashioned serial port versions and convert them. Until you can do your designs in virtual reality, these mice are just the ticket.

Continue reading “3D Navigator For Blender” →

OSHW Framework Laptop Expansion Hides Dongles

April 1, 2024 by Tom Nardi 16 Comments

If you’ve got a wireless keyboard or mouse, you’ve probably got a receiver dongle of some sort tucked away in one of your machine’s USB ports. While modern technology has allowed manufacturers to shrink them down to the point that they’re barely larger than the USB connector itself, they still stick out enough to occasionally get caught on things. Plus, let’s be honest, they’re kind of ugly.

For owners of the Framework laptop, there’s now a solution: the DongleHider+ by [LeoDJ]. This clever open source hardware project is designed to bring these little receivers, such as the Logitech Unifying Dongle, into one of the Framework’s Expansion bays. The custom PCB is designed with a large notch taken out to fit the dongle’s PCB, all you need to do is solder it in with four pieces of stiff wire.

Continue reading “OSHW Framework Laptop Expansion Hides Dongles” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Pickle Pi

March 25, 2024 by Kristina Panos 1 Comment

The unstoppable [jefmer] wrote in to alert me to Pickle Pi, their latest Keebin’-friendly creation. Why “Pickle Pi”? Well, the Pi part should be obvious, but the rest comes from the Gherkin 30% ortholinear keyboard [jefmer] built with Gateron Yellows and, unfortunately, second-choice XDA keycaps, as the first batch were stolen off of the porch.

If you’re wondering where the rest of the keys are, they are accessible by holding various keys rather than tapping them. Shift is Shift when ~~tapped~~ held, but becomes Enter when tapped. [jefmer] wrote out their entire project description on the thing in order to break in the Gherkin.

The brains of this acrylic sandwich tablet is a Pi Zero 2, with a Pro Micro for the keyboard controller. Although programs like Ghostwriter and Thonny work fine, Chromium is “painfully slow” due to the RAM limitations of the Pi Zero 2. On the upside, battery life is 7-8 hours depending on usage. Even so, [jefmer] might replace it with a Pi 4 — the current battery pack won’t support a Pi 5.
Continue reading “Keebin’ With Kristina: The One With The Pickle Pi” →

New Pens For Old Plotters

March 23, 2024 by Jenny List 16 Comments

Finding consumables is an ever-present problem facing anyone working with old computer hardware. Many of these devices ceased manufacture decades ago and what old stock remains is invariably degraded by time. [Retrohax] has encountered it with the pens for an Atari plotter, a machine that uses an ALPS mechanism that appears in more than one 1980s machine. The original pens had dried out beyond the ability to refill, so he takes us through the process of finding replacements.

Sadly there are no equivalent modern pens ripe for modification, so whatever replacement he used would have to involve a little lateral thinking. He thought salvation was at hand in the form of multicolor ballpoint refills of the type where the ink is in an easily cuttable plastic tube. [Retrohax] and was able to make a 3D-printed holder for a cut-down ballpoint refill. Sadly the pressure required for a good line from a ballpoint was much higher than the original pens, so he was back to square one. Then he happened upon gel pens and tried the same trick with a gel pen refill. This gave instant success and should provide a valid technique for more than just this ALPS mechanism.

If you haven’t got a classic plotter to hand, never fear. You can have a go at making your own.

Wico Boss Joystick Modded To Use Cherry MX Keyboard Switches

March 22, 2024 by Lewin Day 5 Comments

The Wico Boss joystick was one of the better designs of the 1980s. Yours truly had one, and put it through many brutal hours of Amiga-based gameplay. [Drygol] was recently asked if he could alter some of these sticks to be even clickier than stock, and jumped at the change to do some modding.

[Drygol]’s idea was to swap out the original microswitches in the sticks for keyboard switches instead. In particular, the idea was to use the Cherry MX Blues which have a particularly nice click to them. But this wasn’t just going to be a straight swap. Instead, since the hardware was retro and preservation was desired, the modification had to be reversible.

The result was a drop-in 3D-printed bracket that holds four Cherry switches around the joystick’s central bauble. Thus, when the stick is moved, it actuates the keyboard switches with a satisfying click. A 12mm tactile switch was also installed in the base to be activated by the fire button. Then, it was a simple matter of tidying up some of the sticks during reassembly and wiring up the original cables to the new switches.

It’s a neat way to give an old-fashioned digital joystick a new lease on life. This would be a particularly great mod for tired sticks with worn out microswitches, too. Hilarious archaic marketing video after the break. They really are whacko for Wico.

Continue reading “Wico Boss Joystick Modded To Use Cherry MX Keyboard Switches” →

Keebin’ With Kristina: The One With The Offset-Stem Keycaps

March 18, 2024 by Kristina Panos 3 Comments

Love it or hate it, I think this is a really cool idea. [Leo_keeb] has designed a new set of keycaps for the Happy Hacking Keyboard (HHKB). The keycaps’ stems are offset to the left or right in order to turn this once-staggered keyboard into an ortholinear object.

So, how do they feel? There is a slight wobble to them, according to [Leo_keeb] — it’s a bit like pressing the left or right side of Tab. But the actuation is smooth, they say.

As you can see, these resin keycaps weren’t designed with the typical Cherry MX profile in mind, they are made for the Topre capacitive key switches of the HHKB. (No, those aren’t weird rubber domes.)

When I asked about sharing the STLs, [Leo_keeb] advised me that they might be willing to release STLs for Cherry MX switches in the US layout if there is enough interest.

Continue reading “Keebin’ With Kristina: The One With The Offset-Stem Keycaps” →