Slider

4811 Articles

Human-Interfacing Devices: Packing For The Descriptor Heist

February 6, 2024 by 4 Comments

We started with figuring out HID descriptors a week ago, and I’ve shown you how to send raw HID packets using a MicroPython fork. We do still have the task in front of us – making a touchscreen device. For that, let’s give you the tools to capture an existing descriptor from a touchscreen, then show you how to tweak it and how it turns out in the end.

Packing For The Heist

When it comes to this kind of adventure, we can’t go without tools and weapons – it could be dangerous! Without them, you could even abandon your project halfway! Here’s enough high-precision tools and ammunition to last you through whatever obstacles you might encounter. Except for the web-based tools, these tools are for Linux, but please remember that you can always use a virtual machine or a Raspberry Pi. Nobody would use Windows for a heist anyway, what’s with all the telemetry and such.

The first tool is for reading descriptors – we need one to learn from, it’s just like a keycard you can flash to a security guard and scan at the vault entry. Of course, with RFID, you want to have enough examples, compare bits between a few cards and all. For now, HID descriptors don’t have authenticity checks, but it looks like that might just change in the future. Leave it to Apple and Microsoft to add them, as usual. On Linux, seeing descriptors is simple – as root, go into /sys/bus/usb/devices/, find your device by its lsusb device tree path, then follow the directory with the VID/PID in it. That directory will contain a report_descriptor file – hexdump it. The entire command could look like this:

sudo hexdump -v -e '/1 "%02X "' /sys/bus/usb/devices/3-6.2/3-6.2\:1.1/0003\:0C40\:8000.0022/report_descriptor

Again, you might need root to even find this path, so use sudo -i if you must. The format string in the hexdump command gives you parser-friendly output. Specifically, for parsing, I use this webpage – it’s wonderful, even adding tabs that delineate different sections of the descriptor, making its output all that more readable! You can also save this webpage locally, it’s a very neat tool. Other than that, you can try other local tools like this one!

Continue reading “Human-Interfacing Devices: Packing For The Descriptor Heist”

They Want To Put A Telescope In A Crater On The Moon

February 6, 2024 by 30 Comments

When we first developed telescopes, we started using them on the ground. Humanity was yet to master powered flight, you see, to say nothing of going beyond into space. As technology developed, we realized that putting a telescope up on a satellite might be useful, since it would get rid of all that horrible distortion from that pesky old atmosphere. We also developed radio telescopes, when we realized there were electromagnetic signals beyond visible light that were of great interest to us.

Now, NASA’s dreaming even bigger. What if it could build a big radio telescope up on the Moon?

Continue reading “They Want To Put A Telescope In A Crater On The Moon”

Hackaday Links Column Banner

Hackaday Links: February 4, 2024

February 4, 2024 by 20 Comments

Things may not have gone as planned last week for the flying cellphone on Mars, but just because Ingenuity‘s flying career is over doesn’t mean there’s no more work to do. NASA announced this week that it’s going to try a series of “wiggle” maneuvers on Ingenuity‘s rotors, in an attempt to get a better look at the damage to the blade tips and possibly get some clues as to what went wrong. The conjecture at the moment seems to be that a large area of relatively featureless terrain confused the navigation system, which uses down-facing cameras to track terrain features. If the navigation program couldn’t get a bead on exactly how far above the ground it was, it’s possible the copter came in too hard and caused the rotor tips to dig into the regolith. There seems to be some photographic suggestion of that, with what looks like divots in the ground about where you’d expect the rotor tips to dig in, and even scraps of material that look out of place and seem to be about the same color as the rotor blades. All this remains to be seen, of course, and we’re sure that NASA and JPL are poring over all available data to piece together what happened. As much as we hate to say goodbye to Ingenuity, we eagerly await the post-mortem.

Continue reading “Hackaday Links: February 4, 2024”

Will There Be Any Pi Left For Us?

February 2, 2024 by 72 Comments

Our world has been abuzz with the news that Raspberry Pi are to float on the London Stock Exchange. It seems an obvious move for a successful and ambitious company, and as they seem to be in transition from a maker of small computers into a maker of chips which happen to also go on their small computers, they will no doubt be using the float to generate the required investment to complete that process.

New Silicon Needs Lots Of Cash

An RP1 chip on a Raspberry Pi 5.
The most important product Raspberry Pi have ever made.

When a tech startup with immense goodwill grows in this way, there’s always a worry that it could mark the start of the decline. You might for instance be concerned that a floated Raspberry Pi could bring in financial whiz-kids who let the hobbyist products wither on the vine as they license the brand here and there and perform all sorts of financial trickery in search of shareholder value and not much else. Fortunately we don’t think that this will be the case, and Eben Upton has gone to great lengths to reassure the world that his diminutive computers are safe. That is however not to say that there might be pitfalls ahead from a hobbyist Pi customer perspective, so it’s worth examining what this could mean.

As we remarked last year, the move into silicon is probably the most important part of the Pi strategy for the 2020s. The RP2040 microcontroller was the right chip with the right inventory to do well from the pandemic shortages, and on the SBCs the RP1 all-in-one peripheral gives them independence from a CPU house such as Broadcom. It’s not a difficult prediction that they will proceed further into silicon, and it wouldn’t surprise us to see a future RP chip containing a fully-fledged SoC and GPU. Compared to their many competitors who rely on phone and tablet SoCs, this would give the Pi boards a crucial edge in terms of supply chain, and control over the software.

Continue reading “Will There Be Any Pi Left For Us?”

Hackaday Podcast Episode 255: Balloon On The Moon, Nanotech Goblets, And USB All The Way

February 2, 2024 by 13 Comments

This week, Dan joined Elliot for a review of the best and brightest hacks of the week in Episode 0xFF, which both of us found unreasonably exciting; it’s a little like the base-2 equivalent of watching the odometer flip over to 99,999. If you know, you know. We had quite a bumper crop of coolness this week, which strangely included two artifacts from ancient Rome: a nanotech goblet of colloidal gold and silver, and a perplexing dodecahedron that ends up having a very prosaic explanation — probably. We talked about a weird antenna that also defies easy description, saw a mouse turned into the world’s worst camera, and learned how 3D-printed signs are a whole lot easier than neon, and not half bad looking either. As always, we found time to talk about space, like the legacy of Ingenuity and whatever became of inflatable space habitats. Back on Earth, there’s DIY flux, shorts that walk you up the mountain, and more about USB-C than you could ever want to know.

And don’t forget that to celebrate Episode 256 next week, we’ll be doing a special AMA segment where we’ll get all the regular podcast crew together to answer your questions about life, the universe, and everything. If you’ve got a burning question for Elliot, Tom, Kristina, Al, or Dan, put it down in the comment section and we’ll do our best to extinguish it.

 

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 255: Balloon On The Moon, Nanotech Goblets, And USB All The Way”

This Week In Security: Glibc, Ivanti, Jenkins, And Runc

February 2, 2024 by 4 Comments

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems nearly impossible to exploit. The vulnerability relies on a very long program name, which can overflow an internal buffer. No binaries are going to have a name longer than 1024 bytes, so there’s no problem, right?

Let’s talk about argv. That’s the list of arguments that gets passed into the main() function of every Linux binary when it launches. The first string in that list is the binary name — except that’s a convention, and not particularly enforced anywhere. What really happens is that the execve() system call sets that list of strings. The first argument can be anything, making this an attacker-controlled value. And it doesn’t matter what the program is trying to write to the log, because the vulnerability triggers simply by writing the process name to a buffer.

There is a one-liner to test for a vulnerable Glibc:

exec -a "`printf '%0128000x' 1`" /usr/bin/su < /dev/null

and the Qualys write-up indicates that it can be used for an escalation of privilege attack. The good news is this seems to be a local-only attack. And on top of that, a pair of other lesser severity issues were found and fixed in glibc while fixing this one.
Continue reading “This Week In Security: Glibc, Ivanti, Jenkins, And Runc”

Polynesian Wayfinding Traditions Let Humans Roam The Pacific Ocean

February 1, 2024 by 24 Comments

Polynesian cultures have a remarkable navigational tradition. It stands as a testament to human ingenuity and an intimate understanding of nature. Where Western cultures developed maps and tools to plot courses around the world, the Polynesian tradition is more about using human senses and pattern-finding skills to figure out where one is, and where one might be going.

Today, we’ll delve into the unique techniques of Polynesian navigation, exploring how keen observation of the natural world enabled pioneers to roam far and wide across the breadth of the Pacific.

Continue reading “Polynesian Wayfinding Traditions Let Humans Roam The Pacific Ocean”