Software Hacks

1043 Articles

Lowering JavaScript Timer Resolution Thwarts Meltdown And Spectre

January 6, 2018 by 35 Comments

The computer security vulnerabilities Meltdown and Spectre can infer protected information based on subtle differences in hardware behavior. It takes less time to access data that has been cached versus data that needs to be retrieved from memory, and precisely measuring time difference is a critical part of these attacks.

Our web browsers present a huge potential surface for attack as JavaScript is ubiquitous on the modern web. Executing JavaScript code will definitely involve the processor cache and a high-resolution timer is accessible via browser performance API.

Web browsers can’t change processor cache behavior, but they could take away malicious code’s ability to exploit them. Browser makers are intentionally degrading time measurement capability in the API to make attacks more difficult. These changes are being rolled out for Google Chrome, Mozilla Firefox, Microsoft Edge and Internet Explorer. Apple has announced Safari updates in the near future that is likely to follow suit.

After these changes, the time stamp returned by performance.now will be less precise due to lower resolution. Some browsers are going a step further and degrade the accuracy by adding a random jitter. There will also be degradation or outright disabling of other features that can be used to infer data, such as SharedArrayBuffer.

These changes will have no impact for vast majority of users. The performance API are used by developers to debug sluggish code, the actual run speed is unaffected. Other features like SharedArrayBuffer are relatively new and their absence would go largely unnoticed. Unfortunately, web developers will have a harder time tracking down slow code under these changes.

Browser makers are calling this a temporary measure for now, but we won’t be surprised if they become permanent. It is a relatively simple change that blunts the immediate impact of Meltdown/Spectre and it would also mitigate yet-to-be-discovered timing attacks of the future. If browser makers offer a “debug mode” to restore high precision timers, developers could activate it just for their performance tuning work and everyone should be happy.

This is just one part of the shock wave Meltdown/Spectre has sent through the computer industry. We have broader coverage of the issue here.

Much Assembly Required: Game Your Way To Assembly Guru Status

January 1, 2018 by 18 Comments

It can be hard these days to find an excuse to create something for learning purposes. Want a microcontroller board? Why make one when you can buy an Arduino or a Blue Pill for nearly nothing? Want to control a 3D printer? Why write the code when you can just download something that works well like Marlin or Repetier? If you want to learn assembly language, then, it can be hard to figure out something you want to do that isn’t so silly that it demotivates you. If that sounds like you, then you should check out Much Assembly Required.

This is a multi-player game that runs in your Web browser. But before you click close, consider this: the game has you control an autonomous robot using an x86-like assembly language. Your robots have to find resources and build structures so it is sort of a mash up of Minecraft and one of the many modern Hammurabi-inspired games like Civilization.

The robots have a variety of peripherals including: drills, lasers, LiDar, legs, a hologram projector, solar-charged batteries, clocks, and more mundane things such as clocks, floppy drives, and a random number generator. The virtual world simulates day and night, so plan your power management accordingly.

You might wonder if you should even bother learning assembly. While it is true it isn’t as necessary as it once was,  understanding what the computer is doing in a very basic way can help form your thinking in surprising ways. There are also those times when you need to optimize something in assembly and that’s the difference between working and not working.

If you want to do something more practical, we’ve looked at options before. Of course, you can always slip your C compiler some assembly, too.

Exporting Eagle Libraries To FOSS Tools

December 21, 2017 by 39 Comments

Since Autodesk’s acquisition, Eagle has been making waves in the community. The de facto standard for Open Hardware PCB design is now getting push-and-shove routing, a button that flips the board over to the back (genius!), integration with Fusion360, automated 3D renderings of components, and a bunch of other neat tools. However, Eagle is not without its warts, and there is a desire to port those innumerable Eagle board layouts and libraries to other PCB design packages. This tool does just that.

The tool is an extension of pcb-rnd, a FOSS tool for circuit board editing, and this update massively extends support for Eagle boards and libraries. As an example, [VK5HSE] loaded up an Eagle .brd file of a transceiver, selected a pin header, and exported that component to a KiCad library. It worked the first time. For another experiment, the ever popular TV-B-Gone .brd file was exported directly to pcb-rnd. This is a mostly complete solution for Eagle to KiCad, Eagle to Autotrax, and Eagle to gEDA PCB, with a few minimal caveats relating to copper pours and silkscreen — nothing that can’t be dealt with if you’re not mindlessly using the tool.

While it must be noted that most Open Hardware projects fit inside a 80 cm2 board area, and can therefore be opened and modified with the free-to-use version of Autodesk’s Eagle, this is a very capable tool to turn Eagle boards and libraries into designs that can be built with FOSS tools.

Thanks [Erich] for the tip.

OpenCV Never Forgets A Face

December 11, 2017 by 12 Comments

All the cool phones now are doing facial recognition. While that sounds like a big job, you can add face detection and recognition easily to your projects if you can support the OpenCV library. [LinuxHint] has a great tutorial that steps you from the basics of OpenCV to actually acquiring and identifying faces. It is aimed at Ubuntu users, but the code would apply to any OpenCV-supported platform. You can also see a less detailed tutorial to learn more about installing OpenCV on the Pi Zero from [DanishMalhotra].

Of course, any facial recognition system is going to need a camera. The nice thing about the first tutorial is that it assumes you know nothing about OpenCV, so it covers the basics on up to using the face-related libraries.

Continue reading “OpenCV Never Forgets A Face”

Another Defeat Of The Intel Management Engine

December 7, 2017 by 53 Comments

If you have a computer with an Intel processor that’s newer than about 2007, odds are high that it also contains a mystery software package known as the Intel Management Engine (ME). The ME has complete access to the computer below the operating system and can access a network, the computer’s memory, and many other parts of the computer even when the computer is powered down. If you’re thinking that this seems like an incredible security vulnerability then you’re not alone, and a team at Black Hat Europe 2017 has demonstrated yet another flaw in this black box (PDF), allowing arbitrary code execution and bypassing many of the known ME protections.

[Mark Ermolov] and [Maxim Goryachy] are the two-man team that discovered this exploit, only the second of its kind in the 12 years that the ME has been deployed. Luckily, this exploit can’t be taken advantage of (yet) unless an attacker has physical access to the device. Intel’s firmware upgrades also do not solve the problem because the patches still allow for use of older versions of the ME. [Mark] and [Maxim] speculate in their presentation that this might be fixed on the next version of the ME, but also note that these security vulnerabilities would disappear if Intel would stop shipping processors with the ME.

We won’t hold our breath on Intel doing the right thing by eliminating the ME, though. It’s only a matter of time before someone discovers a zero-day (if they haven’t already, there’s no way to know) which could cripple pretty much every computer built within the last ten years. If you’re OK with using legacy hardware, though, it is possible to eliminate the management engine and have a computer that doesn’t have crippling security vulnerabilities built into it. This post was even written from one. Good luck doing anything more resource-intensive with it, though.

Lisp In 200 Lines

December 2, 2017 by 16 Comments

Contrary to popular belief, LISP does not stand for “lots of irritating spurious parenthesis.” However, it is true that people tend to love or hate this venerable programming language. Whichever side of the fence you’re on, many of the ideas it launched decades ago have become staples of other newer languages. How much C code do you think it takes to make a functional LISP system? If you guessed more than 200, you’ll want to go look at this GitHub repository.

Actually, the code isn’t as good as the (sort of) literate programming white paper on the program, but it gives a good overview of how 200 lines of C code can produce a working LISP-like language good enough to create its own eval loop. It does lack memory handling and error detection, so if you really wanted to use it, you’d probably need to spruce it up a bit.

Continue reading “Lisp In 200 Lines”

MeatBagPnP Makes You The Automatic Pick And Place

November 29, 2017 by 36 Comments

It’s amazing how hackers are nowadays building increasingly complex hardware with SMD parts as small as grains of sand. Getting multilayer PCB’s and soldering stencils in small quantities for prototyping is easier than ever before. But Pick-and-Place — the process of taking parts and stuffing them on the PCB in preparation for soldering — is elusive, for several reasons. For one, it makes sense only if you plan to do volume production as the cost and time for just setting up the PnP machine for a small run is prohibitive. And a desktop PnP machine isn’t yet as ubiquitous as a 3D printer. Placing parts on the board is one process that still needs to be done manually. Just make sure you don’t sneeze when you’re doing it.

Of course the human is the slow part of this process. [Colin O’Flynn] wrote a python script that he calls MeatBagPnP to ease this bottleneck. It’s designed to look at a row in a parts position file generated from your EDA program and highlight on a render of the board where that part needs to be placed. The human then does what a robotic PnP would have done.

A bar code scanner is not necessary, but using one does make the process a bit quicker. When you scan a code on the part bag, the script highlights the row on the spreadsheet and puts a marker on the first instance of it on the board. After you’ve placed the part, pressing the space bar puts a marker on the next instance of the same value. The script shows it’s done after all parts of the same value are populated and you can then move on to the next part. If you don’t have a bar code scanner handy, you can highlight a row manually and it’ll tell you where to put that part. Check it out in the video below.

Of course, before you use this tool you need some prior preparation. You need a good PNG image of the board (both sides if it is double-sided) scaled so that it is the same dimensions as the target board. The parts position file generated from your EDA tool must use the lower left corner of the board as the origin. You then tell the tool the board dimensions and it scales up everything so that it can put the red markers at the designated XY positions. The script works for single and double-sided boards. For a board with just a few parts, it may not be worth the trouble of doing this, but if you are trying to manually populate a complex board with a lot of parts, using a script like this could make the process a lot less painful.

The project is still fresh and rough around the edges, so if you have comments or feedback to offer, [Colin] is listening.

[Colin]’s name ought to ring a bell — he’s the hacker who built ChipWhisperer which took 2nd Prize at The Hackaday Prize in 2014. The MeatBagPnP project is a result of having worked at building increasingly complex boards manually and trying to make the process easier. In addition to the walk-through of how the script works after the break we’ve embedded his other video from three years back when he was stuffing parts — including BGA’s — the hard way and then reflowing them in a Chinese oven with hacked firmware.

Continue reading “MeatBagPnP Makes You The Automatic Pick And Place”