Millions Of Satellite Receivers Are Low-Hanging Fruit For Botnets

Satellite television is prevalent in Europe and Northern Africa. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. You need to buy a card if you want to watch. But you know how people like to get something for nothing. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets.

This was the topic of [Sofiane Talmat’s] talk at DEF CON 23. He also gave this talk earlier in the week at BlackHat and has published his slides (PDF).

stb-hardwareThe Hardware in Satellite receivers is running Linux. They use a card reader to pull in a Code Word (CW) which decodes the signal coming in through the satellite radio.

An entire black market has grown up around these Code Words. Instead of purchasing a valid card, people are installing plugins from the Internet which cause the system to phone into a server which will supply valid Code Words. This is known as “card sharing”.

On the user side of things this just works; the user watches TV for free. It might cause more crashes than normal, but the stock software is buggy anyway so this isn’t a major regression. The problem is that now these people have exposed a network-connected Linux box to the Internet and installed non-verified code from unreputable sources to run on the thing.

[Sofiane] demonstrated how little you need to know about this system to create a botnet:

  • Build a plugin in C/C++
  • Host a card-sharing server
  • Botnet victims come to you (profit)

It is literally that easy. The toolchain to compile the STLinux binaries (gcc) is available in the Linux repos. The STB will look for a “bin” directory on a USB thumb drive at boot time, the binary in that folder will be automatically installed. Since the user is getting free TV they voluntarily install this malware.

Click through for more on the STB Hacks.

Continue reading “Millions Of Satellite Receivers Are Low-Hanging Fruit For Botnets”

Cory Doctorow Rails Against The Effect Of DRM And The DMCA

If you weren’t at [Cory Doctorow’s] DEF CON talk on Friday you missed out. Fighting Back in the War on General Purpose Computing was inspiring, informed, and incomparable. At the very lowest level his point was that it isn’t the devices gathering data about us that is the big problem, it’s the legislation that makes it illegal for us to make them secure. The good news is that all of the DEF CON talks are recorded and published freely. While you wait for that to happen, read on for a recap and to learn how you can help the EFF fix this mess.

Continue reading “Cory Doctorow Rails Against The Effect Of DRM And The DMCA”

BeagleBone Green Hands-On: Lower Price, Same Horsepower

Although the BeagleBone Green was announced at the Bay Area Maker Faire last May, there hasn’t been much said about it on the usual forums and IRC channels. Now, it’s finally out and I got my hands on one of them. Through a cooperation between the BeagleBoard foundation and Seeed Studios, the best small Linux board for doing real work with small Linux boards is now cheaper, a little more modern, and green.

The BeagleBone Green is an update to the venerable BeagleBone Black, the dev board based on a TI ARM Cortex-A8. It’s an extremely capable machine with a few interesting features that make it the perfect device for embedded applications. With the BeagleBone Green, the BB Black gets a small hardware refresh and a drastic reduction in price. If you want to do real work on a Linux board, this is the one to get. Check out the review below for everything that’s been updated, everything that’s the same, and why this is one of the most interesting developments in small Linux boards in recent memory.

Continue reading “BeagleBone Green Hands-On: Lower Price, Same Horsepower”

Tindie Becomes A Part Of The Hackaday Family

A little over two years ago, we announced that Hackaday became a part of Supplyframe. This was a natural fit: both sides are comprised of hardware engineers, computer scientists and hackers alike. We immediately pooled forces and set out to make Hackaday bigger, with a broader mission. So far, it has been an amazing journey: Hackaday.io is approaching 100,000 registered users, The Hackaday Prize is in its second year, and the Hackaday Store is about to fulfill its 5,000th order.

The main theme behind all of this is fostering collaboration, learning, and providing incentives for everyone in the community to stop procrastinating and try to build something amazing. Hackaday.com is here to inspire, Hackaday.io to help develop projects in the open, and the Hackaday Store is to provide a way to turn passion projects into a self-sustainable lifestyle. While the road to community-powered innovation might not be easy, it’s something we’re all incredibly passionate about, and will continue investing in to further this goal.

With that in mind, we’re very excited to announce that everyone’s favorite hardware marketplace – Tindie, has been acquired by Supplyframe and will be joining the Hackaday family! Apart from the fact that most of us are personal fans of the website, we believe that Tindie fills an important gap in helping projects cross the chasm between prototype and initial production. Crowdfunding provides access to capital for some (and access to laughs for others), but it’s not always the way to go. You might not be ready to quit your day job or take on a project full-time. You might be working on rev1 of the project and want to try the “lean manufacturing” thing. Or maybe you’re building something for your own purposes and have some extras lying around. Tindie is a platform that has helped launch many such projects, and we’re incredibly lucky to have it be a part of Hackaday.

Now what?

Naturally, the question that’s on everyone’s mind is, what happens next? Are we going to mess things up? Paint Tindie in black? Change the fee structure? While we have ideas on things that we could help with, our main goal will be making sure that the Tindie community continues to thrive. The only changes we’re interested in are the ones that make the community stronger. We are fascinated with the challenges surrounding the supply chain and will be looking into tools to help sellers improve margins and ship better products. Hackaday.io and Tindie combined represent the world’s largest repository of (working) Open Hardware products, so we will be looking into more closely integrating the two. We will also make efforts to grow the overall Tindie audience, as every new buyer helps move the community forward.

All of these are some of the ideas, but we’re ultimately looking at you for guidance: things we should do, problems we should attack, dreams of future capabilities.

Wish us luck in this new adventure.

Aleksandar Bradic
CTO
Supplyframe

Hacking The Digital And Social System

When you live in a totalitarian, controlled and “happy” society, and you want to be a hacker, you have to hack the social system first. Being just an engineer doesn’t cut it, you have to be a hypocrite, dissident and a smuggler at the same time. That’s the motto of my personal story, which starts in Yugoslavia, and ends in Serbia. No, I didn’t move, I’m still in Belgrade, only the political borders have changed.

Half a century ago, when I was in elementary school, I discovered the magical world of HAM radio. I became a member of two amateur radio clubs, passed all exams and got my licence and callsign, which was YU1OPC. I was delighted, but after five years, the party was over. What happened? Well, one day the police paid a visit to all registered owners of CB Band equipment and simply took that equipment away. No one knows why they did it, but it was probably off the books, as we never got any written confirmation, and no one ever saw their equipment again.

Continue reading “Hacking The Digital And Social System”

Downloading Satellite Images Via FM Radio

Did you know weather satellites transmit their weather images over an FM frequency? And now that you know… You can intercept them yourself with a $10 FM radio dongle!

American NOAA weather satellites are in a polar orbit around earth, and each one will pass the same point approximately every 12 hours. When it is overhead, the signal is strong enough to receive. After [Matt] found out this tidbit of knowledge, he had to learn how to intercept the images himself.

The satellites transmit the images over the 137MHz band, and using a radio tuner USB dongle, you can record the transmission and then decode it into a picture. He used CubicSDR to tune and record the signal, and then Soundflower to pull out interference, and finally WXtoIMG — which starts recording when the satellite is above, and decodes the image.

[Thanks for the tip Amirgon!]

Build Your Own CPU? That’s The Easy Part!

You want to build your own CPU? That’s great fun, but you might find it isn’t as hard as you think. I’ve done several CPUs over the years, and there’s no shortage of other custom CPUs out there ranging from pretty serious attempts to computers made out of discrete chips to computers made with relays. Not to trivialize the attempt, but the real problem isn’t the CPU. It is the infrastructure.

What Kind of Infrastructure?

I suppose the holy grail would be to bootstrap your custom CPU into a full-blown Linux system. That’s a big enough job that I haven’t done it. Although you might be more productive than I am, you probably need a certain amount of sleep, and so you may want to consider if you can really get it all done in a reasonable time. Many custom CPUs, for example, don’t run interactive operating systems (or any operating system, for that matter). In extreme cases, custom CPUs don’t have any infrastructure and you program them in straight machine code.

Machine code is error prone so, you really need an assembler. If you are working on a big machine, you might even want a linker. Assembly language coding gets tedious after a while, so maybe you want a C compiler (or some other language). A debugger? What about an operating system?

Each one of those things is a pretty serious project all by itself (on top of the project of making a fairly capable CPU). Unless you have a lot of free time on your hands or a big team, you are going to have to consider how to hack some shortcuts.

Continue reading “Build Your Own CPU? That’s The Easy Part!”