Peripherals Hacks

1490 Articles

Human-Interfacing Devices: HID Over I2C

April 17, 2024 by 22 Comments

In the previous two HID articles, we talked about stealing HID descriptors, learned about a number of cool tools you can use for HID hacking on Linux, and created a touchscreen device. This time, let’s talk about an underappreciated HID standard, but one that you might be using right now as you’re reading this article – I2C-HID, or HID over I2C.

HID as a protocol can be tunneled over many different channels. If you’ve used a Bluetooth keyboard, for instance, you’ve used tunneled HID. For about ten years now, I2C-HID has been heavily present in laptop space, it was initially used in touchpads, later in touchscreens, and now also in sensor hubs. Yes, you can expose sensor data over HID, and if you have a clamshell (foldable) laptop, that’s how the rotation-determining accelerometer exposes its data to your OS.

This capacitive touchscreen controller is not I2C-HID, even though it is I2C. By [Raymond Spekking], CC-BY-SA 4.0
Not every I2C-connected input device is I2C-HID. For instance, if you’ve seen older tablets with I2C-connected touchscreens, don’t get your hopes up, as they likely don’t use HID – it’s just a complex-ish I2C device, with enough proprietary registers and commands to drive you crazy even if your logic analysis skills are on point. I2C-HID is nowhere near that, and it’s also way better than PS/2 we used before – an x86-only interface with limited capabilities, already almost extinct from even x86 boards, and further threatened in this increasingly RISCy world. I2C-HID is low-power, especially compared to USB, as capable as HID goes, compatible with existing HID software, and ubiquitous enough that you surely already have an I2C port available on your SBC.

In modern world of input devices, I2C-HID is spreading, and the coolest thing is that it’s standardized. The standardization means a lot of great things for us hackers. For one, unlike all of those I2C touchscreen controllers, HID-I2C devices are easier to reuse; as much as information on them might be lacking at the moment, that’s what we’re combating right now as we speak! If you are using a recent laptop, the touchpad is most likely I2C-HID. Today, let’s take a look at converting one of those touchpads to USB HID.

A Hackable Platform

Continue reading “Human-Interfacing Devices: HID Over I2C”

Microsoft Killed My Favorite Keyboard, And I’m Mad About It

April 16, 2024 by 74 Comments

As a professional writer, I rack up thousands of words a day. Too many in fact, to the point where it hurts my brain. To ease this burden, I choose my tools carefully to minimize obstructions as the words pour from my mind, spilling through my fingers on their way to the screen.

That’s a long-winded way of saying I’m pretty persnickety about my keyboard. Now, I’ve found out my favorite model has been discontinued, and I’ll never again know the pleasure of typing on its delicate keys. And I’m mad about it. Real mad. Because I shouldn’t be in this position to begin with!

Continue reading “Microsoft Killed My Favorite Keyboard, And I’m Mad About It”

PicoNtrol Brings Modern Controllers To Atari 2600

April 13, 2024 by 11 Comments

While there’s an argument to be made that retro games should be experienced with whatever input device they were designed around, there’s no debating that modern game controllers are a lot more ergonomic and enjoyable to use than some of those early 8-bit entries.

Now, thanks to the PicoNtrol project from [Reogen], you can use the latest Xbox and PlayStation controllers with the Atari 2600 via Bluetooth. Looking a bit farther down the road the project is aiming to support the Nintendo Entertainment System, and there’s work being done to bring the Switch Pro Controller into the fold as well.

Continue reading “PicoNtrol Brings Modern Controllers To Atari 2600”

HDMI DDC Keypad Controls Monitor From Rack

April 12, 2024 by 22 Comments

Sometime last year, [Jon Petter Skagmo] bought a Dell U3421WE monitor. It’s really quite cool, with a KVM switch and picture-by-picture support for two inputs at the same time. The only downside is that control is limited to a tiny joystick hiding behind the bezel. It’s such a pain to use that [Jon] doesn’t even use all of the features available.

[Jon] tried ddcutil, but ultimately it didn’t work out. Enter the rack-mounted custom controller keyboard, a solution which gives [Jon] single keypress control of adjusting the brightness up and down, toggling picture-by-picture mode, changing source, and more.

How does it work? It uses the display data channel (DDC), which is an I²C bus on the monitor’s HDMI connector. More specifically, it has a PIC18 microcontroller sending those commands via eight Cherry MX-style blues.

Check this out — [Jon] isn’t even wasting one of the four monitor inputs because this build uses an HDMI through port. The finished build looks exquisite and fits right into the rack with its CNC-routed aluminium front panel. Be sure to check it out in action after the break.

Ever wonder how given keyboard registers the key you’re pressing? Here’s a brief history of keyboard encoding.

Continue reading “HDMI DDC Keypad Controls Monitor From Rack”

KanaChord Is A Macro Pad For Japanese Input

April 8, 2024 by 13 Comments

There are various situations that warrant additional keyboards on your desk, and inputting a second language is definitely a good one. That’s the idea behind KanaChord, which generates Unicode macros to render Japanese Kana characters using chords — pressing multiple keys at once as you would on a piano.

The Japanese writing system is made up of Kanji (Chinese characters), Hirigana, and Katakana. Without going into it too much, just know that Hirigana and Katakana are collectively known as the Kana, and there’s a table that lays out the pairing of vowels and consonants. To [Mac Cody], the layout of the Kana table inspired this chording keyboard.

Continue reading “KanaChord Is A Macro Pad For Japanese Input”

The assembled PCB on red foam, with both a USB-C connector and the ASM2464PD chip visible

Finally Taming Thunderbolt With Third-Party Chips

April 4, 2024 by 16 Comments

Thunderbolt has always been a functionally proprietary technology, held secret by Intel until “opening” the standard in a way that evidently wasn’t enough for anyone to meaningfully join in. At least, until last year, when we saw announcements about ASMedia developing two chips for Thunderbolt use. Now, we are starting to see glimmers of open source, letting us tinker with PCIe at prices lower than $100 per endpoint.

In particular, this board from [Picomicro] uses the ASM2464PD — a chipset that supports TB3/4/USB4, and gives you a 4x PCIe link. Harnessing the 40 Gbps power to wire up an NVMe SSD, this board shows us it’s very much possible to design a fully functional ASM2464PD board without the blessing of Intel. With minimal footprint that barely extends beyond the 2230 SSD it’s designed for, curved trace layout, and a CNC-milled case, this board sets a high standard for a DIY Thunderbolt implementation.

The main problem is that this project is not open-source – all we get is pretty pictures and a bit of technical info. Thankfully, we’ve also seen [WifiCable] take up the mantle of making this chip actually hobbyist-available – she’s created a symbol, fit a footprint, and made an example board in KiCad retracing [Picomicro]’s steps in a friendly fashion. The board is currently incomplete because it needs someone to buy an ASM2464PD enclosure on Aliexpress and reverse-engineer the missing circuitry, but if open-source Thunderbolt devices are on your wish list, this is as close as you get today – maybe you’ll be able to make an eGPU adapter, even. In the meantime, if you don’t want to develop hardware but want to take advantage of Thunderbolt, you can build 10 Gbps point-to-point networks.

USB HID And Run Exposes Yet Another BadUSB Surface

April 4, 2024 by 20 Comments

You might think you understand the concept of BadUSB attacks and know how to defend it, because all you’ve seen is opening a terminal window. Turns out there’s still more attack surface to cover, as [piraija] tells us in their USB-HID-and-run publication. If your system doesn’t do scrupulous HID device filtering, you might just be vulnerable to a kind of BadUSB attack you haven’t seen yet, rumoured to have been the pathway a few ATMs got hacked – simply closing the usual BadUSB routes won’t do.

The culprit is the Consumer Control specification – an obscure part of HID standard that defines media buttons, specifically, the “launch browser” and “open calculator” kinds of buttons you see on some keyboards, that operating systems, surprisingly, tend to support. If the underlying OS you’re using for kiosk purposes isn’t configured to ignore these buttons, they provide any attacker with unexpected pathways to bypass your kiosk environment, and it works astonishingly well.

[piraija] tells us that this attack provides us with plenty of opportunities, having tested it on a number of devices in the wild. For your own tests, the writeup has Arduino example code you can upload onto any USB-enabled microcontroller, and for better equipped hackers out there, we’re even getting a Flipper Zero application you can employ instead. While we’ve seen some doubts that USB devices can be a proper attack vector, modern operating systems are more complex and bloated than even meets the eye, often for hardly any reason – for example, if you’re on Windows 10 or 11, press Ctrl+Shift+Alt+Win+L and behold. And, of course, you can make a hostile USB implant small enough that you can build them into a charger or a USB-C dock.

USB image: Inductiveload, Public domain.