Software Hacks

999 Articles

Oddball X86 Instructions

February 25, 2021 by 66 Comments

David Letterman made the top ten list famous. [Creel] has a top ten that should appeal to many Hackaday readers: the top 10 craziest x86 assembly language instructions. You have to admit that the percentage of assembly language programmers is decreasing every year, so this isn’t going to have mass appeal, but if you are interested in assembly or CPU architecture, this is a fun way to kill 15 minutes.

Some would say that all x86 instructions are crazy, especially if you are accustomed to reduced instruction set computers. The x86, like other non-RISC processors, has everything but the kitchen sink. Some of these instructions might help you get that last 10 nanoseconds shaved off a time-critical loop.

Continue reading “Oddball X86 Instructions”

Software Challenge’s Solution Shows Reverse Engineering In Action

February 16, 2021 by 3 Comments

[0xricksanchez] participated in a software reverse-engineering challenge and recently wrote up the solution, and in so doing also documented the process used to discover it. The challenge was called Devil’s Swapper, and consisted of a small binary blob that output a short message when executed. The goal of the challenge? Discover the secret key and the secret message within. [0xricksanchez]’s writeup, originally intended just as a personal record, ended up doing an excellent job of showing how a lot of reverse engineering tools and processes get applied to software in a practical way.

What’s also great about [0xricksanchez]’s writeup is that it uses standard tools and plenty of screenshots to show what is being done, while also explaining why those actions are being chosen and what is being learned. It’s easy to follow the thought process as things progress from gathering information, to chasing leads, and finally leveraging what’s been learned. It’s a fascinating look into the process of applying the reverse engineering mindset to software, and a good demonstration of the tools. Give it a read, and see how far you can follow along before learning something new. Want more? Make sure you have checked out the Hackaday 2020 Remoticon videos on reverse engineering firmware, and doing the same for PCBs.

Ghidra Used To Patch Fahrenheit Into An Air Quality Meter

February 15, 2021 by 73 Comments

Even though most of the world population couldn’t tell you what room or body temperature is in Fahrenheit, there are some places on this globe where this unit is still in common use. For people in those areas, it’s therefore a real hassle when, say, a cheap Chinese air quality measurement systems only reports in degrees Celsius. Fortunately, [BSilverEagle] managed to patch such a unit to make it display temperature in Fahrenheit.

The reverse engineering begins by finding a way to dump the firmware. It’s nice to hear that [BSilverEagle] used some the skills demonstrated in [Eric Shlaepfer’s] PCB reverse engineering workshop from Hackaday Remoticon last November to trace out the debug header and the SWD pins of STM32F103C8 MCU. After that, OpenOCD could be used to dump the firmware image, with no read protection encountered. The firmware was then reverse-engineered using Ghidra, so that [BSilverEagle] could figure out where the temperature was being calculated and where the glyph for the Celsius symbol was stored. From there this it was a straight-forward rewrite of those two parts of the original firmware to calculate the temperature value in Fahrenheit, change the glyph and reflash the MCU.

So why buy this thing in the first place if it didn’t spit out units useful for your current locale? Cost. Buying this consumer(ish) device was about the same cost as buying the individual parts, designing and manufacturing the PCB, and writing the firmware for it. The only downside for their use case was the lack of Fahrenheit. Not a problem for those who demand full control of the hardware they own.

Need a boot camp for using Ghidra? Matthew Alt put together a spectacular video series on Reverse Engineering with Ghidra.

Legacy Digital Photos, With A Side Of Murphy’s Law

February 14, 2021 by 26 Comments

[Dave Madison] came across some old digital photos, and in his quest to access them, he ran into quite a few challenges. The saga brings to mind both Murphy’s Law, and while [Dave] prevailed in the end, it required quite a few more steps than one might expect.

The one smooth part of the process was that Konica’s proprietary software had a handy JPEG export feature.

Here’s the scene: in the late 90s, Konica partnered with photo shops to provide a photo scanning service, delivering digital scans of film photos on 3.5″ floppy disks, and that’s exactly what [Dave] had to work with. The disks were in good condition, and since modern desktop computers still support floppy drives and the FAT filesystem, in theory all one needs to do is stick disks into the reader one at a time in order to access the photos.

Sadly, problems started early. A floppy drive is revoltingly slow compared to any modern storage device, so [Dave]’s first step was to copy all of the files to his machine’s local storage before working on them. This took a bit of wrangling to deal with 8.3 format file names and avoid naming collisions across disks while still preserving some metadata such as original creation date. It was nothing a quick python script couldn’t handle, but that soon led to the next hurdle.

The photos in question were in an obsolete and proprietary Konica .KQP format. [Dave] went through a number of photo viewing programs that claimed to support .KQP, but none of them actually recognized the images.

Fortunately, each disk contained a copy of Konica’s proprietary “PC PictureShow” viewer, but despite having a variety of versions dated between 1997 and 2001 (making them from the Windows 98 and Windows ME eras) [Dave] could not get any version of the program to run in Windows 10, even with compatibility mode for legacy programs enabled. The solution was to set up a Windows XP virtual machine using Oracle’s Virtualbox, and use that to ultimately run PC PictureShow and finally access the photos. After all that work, [Dave] finally had a stroke of luck: Konica’s software had a handy feature to export images in JPEG format, and it worked like a charm.

In the end, [Dave] was able to save 479 out of the 483 images on the old floppy disks, with a reminder that proprietary formats are a pain. The disks and images may have been over twenty years old, but the roots of digital imaging go considerably further back than that. Take a few minutes out your day to read a bit about Russell Kirsch and the first digitized image, that of his three-month old son in 1957.

Can You Code Without Google?

February 13, 2021 by 106 Comments

Imagine for a moment that something has taken out your phone line, cell, and fibre connection so you have no internet. For some of you this may even be reality, but go with it and imagine yourself deciding to use your unexpectedly disconnected lockdown time pursuing that code project you always promised yourself. You pull out your laptop and fire up a code editor. Can you write code that works, without the Internet as a handy crib sheet? [Austin Z. Henley] couldn’t, when he tried writing a straightforward web app. He uses it as a hook to muse on the nature of learning, and it’s certainly a thought-provoking subject.

It has become an indispensable tool for the engineer and the coder alike, to constantly refer to online knowledge. This makes absolute sense, as it provides a reference library that will be many orders of magnitude in excess of anything an individual can possibly hold personally.

This holds true whether the resource takes the form of code snippets from StackOverflow or GitHub, or data sheets from TI or Microchip. Even our calculations have moved online, as it’s often much quicker to use an online calculator on a web page to derive for example an impedance calculation. This is not necessarily a bad thing, instead it’s an enabler; skills that used to take months to master due to slow information access can now be acquired in an afternoon. But it does pose the interesting question, in the Internet age what is the measure of an expert coder? Is it the ability to produce the code effectively with whatever help is available, or is it a guru-like mastery of the code? Maybe it’s both. If you have the Internet, give us your views in the comments.

Open Source: It’s The Little Things

February 13, 2021 by 108 Comments

I use open source software almost exclusively; at least on the desktop — the phone is another matter, sadly. And I do a lot of stuff with and on computers. Folks outside of the free software scene are still a little surprised when small programs are free to use and modify, but they’re downright skeptical when it comes to the big works of professional software. It’s one thing to write xeyes, but how about something to rival Photoshop, or Altium?

Of course, we all know the answer — mostly. None of the “big” software packages work exactly the same as their closed-source counterparts, often missing a few features here and gaining a few there, or following a different workflow. That’s OK, different closed-source programs work differently as well. I’m not here to argue that GIMP is better than Photoshop, but rather to point out what I really love about open software: it caters to the little guys and gals, the niche users, and the specialists. Or rather, it lets them cater to themselves.

I just started learning FreeCAD for a CNC milling project, and it’s awesome. I’ve used Fusion 360, and although FreeCAD isn’t “the same” as Fusion 360, it has most of the features that I need. But it’s the quirky features that set it apart.

The central workflow is to pick a “workbench” where specific tasks are carried out, and then you take your part to each bench, operate on it, and then move to the next one you need. But the critical bit here is that a good number of the workbenches are contributed to the open project by people who have had particular niche needs. For me, for instance, I’ve done most of my 3D modelling for 3D printing using OpenSCAD, which is kinda niche, but also the language that underpins Thingiverse’s customizer functionality. Does Fusion 360 seamlessly import my OpenSCAD work? Nope. Does FreeCAD? Yup, because some other nerd was in my shoes.

And then I started thinking of the other big free projects. Inkscape has plugins that let you create Gcode to drive CNC mills or strange plotters. Why? Because nerds love eggbots. GIMP has plugins for every imaginable image transformation — things that 99% of graphic artists will never use, and so Adobe has no incentive to incorporate.

Open source lets you scratch your own itch, and share your solution with others. The features of for-pay, closed-source software are driven by the masses: “is this a feature that enough of our customers want?” The features of open-source software are driven by the freaky ideas of nerds just like me. Vive la diffĂ©rence!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Phishing With Morse Code

February 11, 2021 by 13 Comments

All of us have seen our share of phishing emails, but there are a lot more that get caught by secure email gateways and client filters. Threat actors are constantly coming up with new ways to get past these virtual gatekeepers. [BleepingComputer] investigated a new phishing attack that used some old tricks by hiding the malicious script tags as morse code.

The phishing attack targets Microsoft account login credentials with an HTML page posing as an Excel invoice. When opened, it asks the user to re-enter their credentials before viewing the document. Some external scripts are required to render the fake invoice and login window but would be detected if the links were included normally. Instead, the actor encoded the script links using dots and dashes, for example, “.-” equals “a”. A simple function (creatively named “decodeMorse”) is used to decode and inject the scripts when it runs in the victim’s browser.

Of course, this sort of attack is easy to avoid with the basic precautions we are all familiar with, like not opening suspicious attachments and carefully inspecting URLs. The code used in this attack is simple enough to be used in a tutorial on JavaScript arrays, but it was good enough to slip past a few large company’s filters.

Phishing attacks are probably not going to stop anytime soon, so if you’re bored, you could go phishing for phishers, or write some scripts to flood them with fake information.