Hackaday Links: March 24, 2019

It has come to my attention that a few of you don’t know about Crystalfontz, an online store where you can find displays of all types, from USB LCD displays to I2C OLEDs, to ePaper displays. Thanks to [arthurptj] for that tip. Yes, Crystalfontz is cool, but have you ever heard of Panelook? Oh boy are there some displays at Panelook. Here’s a 1024 by 768 resolution display that’s less than half an inch across.

The comments section of Hackaday has been pretty tame as of late, so here’s why Apple is the king of design. It’s a question of fillets. There are a few ways to add a fillet to the corner of an icon or a MacBook. The first is to draw two perpendicular lines, then add a fixed radius corner. The Apple way is to make everything a squircle. The ‘squircle’ way of design is that there are no sudden jumps in curvature, and yes, you can do this in Fusion360 or any other design tool. This is also one of those things you can’t unsee once you know about it, like the arrow in the FedEx logo.

The ESP8266 simply appeared one day, and it changed everything. The ESP32, likewise, also just arrived on the Internet one day, and right now it’s the best solution for a microcontroller, with WiFi, that also does things really fast. Someone over at Espressif is dropping hints of a new microcontroller, with a possible release on April 1st (the same date that Apple released their competitor to the Raspberry Pi). Is it RISC-V? Is it 5V tolerant? Who knows! (Editor’s note: it’s not RISC-V. Though they’re saying that’s in the pipeline.)

The Verge got their hands on an original iPhone engineering validation unit. It’s a breakout board for an iPhone.

San Dimas High School Football Rules

There’s a screwdriver in your toolbox that has a cast clear handle, a blue ferrule surrounding the shaft, and red and white lettering on the side. Go check, it’s there. It’s a Craftsman screwdriver. It’s an iconic piece of design that’s so ubiquitous that it’s unnoticeable. It’s just what a screwdriver is. It’s a prototypical screwdriver. Thanks to the rise of resin and turning craftsmanship, there’s now a gigantic version of this screwdriver.

[The 8-Bit Guy] posted the following message on his Facebook on March 19th: “Just FYI – somebody hacked and totally erased my website. So, it’s going to be down for a while.” At the time of this writing, everything looks okay, which brings up the larger question of why Facebook is still a thing. We’re on a gradient of coolness here, and the sooner you delete your Facebook, the cooler you are. I, for example, deleted my Facebook during the Bush administration, and we all know how cool I am. I’ll never get to the singularity of coolness of kids who never had a Facebook in the first place, but the point remains: delete your Facebook old man.

[SirEdmar] wants to bring Fusion 360 to Linux users. Autodesk wants the same, and they tried a web-based version of Fusion 360, but… it’s a web version of Fusion 360. Right now the best solution is Wine, and thanks to [SirEdamr] 360 works in Wine.

Bing translate does Klingon! How well does it work? Not bad, it could use some work, mostly with non-standard vocabulary:

What Happens When A Regular Person Finds A Huge Security Flaw?

The biggest news in the infosec world, besides the fact that balaclavas are becoming increasingly popular due to record-low temperatures across the United States, is that leet haxors can listen to you from your iPhone using FaceTime without you even answering the call. There are obvious security implications of this bug: phones should only turn on the microphone after you pick up a call. This effectively turns any iPhone running iOS 12.1 or later into a party line. In response Apple has taken group FaceTime offline in preparation of a software update later this week.

So, how does this FaceTime bug work? It’s actually surprisingly simple. First, start a FaceTime call with an iPhone contact. While the call is dialing, swipe up, and tap Add Person. Add your own phone number in the Add Person screen. This creates a group call with two instances of your iPhone, and the person you’re calling. You may now listen in to the audio of the person you originally called even though they haven’t chosen to pick up the call. Dumb? Yes. Insecure? Horribly. If your iPhone is ringing, the person on the other end could be listening in.

But this isn’t a story about how Apple failed yet again. This is a story about how this security flaw was found, and what a normal person can do if they ever find something like this.

Continue reading “What Happens When A Regular Person Finds A Huge Security Flaw?”

Apple II Megademo Is Countin’ Cycles and Takin’ Names

The demoscene is an active place to this day, with enthusiasts around the world continuing to push the envelope as far as the capabilities of machines are concerned. [Deater], along with a skilled team, produced this Apple II Megademo which won first place at Demosplash 2018.

The demo starts with an intentional tease, with an emulated C64 BASIC startup screen which splits to reveal the title card. White-on-blue text isn’t the easiest on the Apple II, due to palette limitations, but it’s necessary for the joke to work. The following scenes make heavy use of mode-switching techniques in the middle of drawing the screen. Single screens are made up of various sections in LORES, HIRES, and even text modes. The term “cycle-counting” refers to the fact that the demo is written to operate in a cycle-exact fashion. This is necessary to achieve the mode-switching effects and to make the most of the limited resources of the Apple II.

It’s a demo that, like many others, does the right things in the wrong way to achieve its impressive results, and is a worthy competition winner. [Deater] has kindly provided an FAQ and source code for those who wish to study it further.

If you’ve written a mindblowing demo yourself, be sure to notify the tips line. Video after the break.

Continue reading “Apple II Megademo Is Countin’ Cycles and Takin’ Names”

What’s Inside that New Mac Mini Anyway?

It’s been four long years since Apple has refreshed their entry-level desktop line. Those that have been waiting for a redesign of the Mac Mini can now collectively exhale as the Late 2018 edition has officially been released. Thanks to [iFixit] we have a clearer view of what’s changed in the new model as they posted a complete teardown of the Mac Mini over on their website.

Mac Mini Teardown Late 2018 RAM Slots

One of the most welcomed changes is that the DDR4 RAM is actually user upgradeable this time around. Previously RAM was soldered directly to the motherboard, and there were no SO-DIMM slots to speak of. The 2018 Mac Mini’s RAM has also been doubled to 8GB compared to the 4GB in the 2014 model. Storage capacity may have taken a hit in the redesign, but the inclusion of a 128GB PCIe SSD in the base model fairs better than the 500GB HDD of old. The number of ports were flip-flopped between the two model generations with the 2018 Mini featuring four Thunderbolt ports along with two USB 3.0 ports. Though the biggest upgrade lies with the CPU. The base 2018 Mac Mini comes with a 3.6GHz quad-core Intel Core i3 as compared to the 2014’s 1.4GHz dual-core Intel Core i5.

Although Apple lacked “the courage” to drop the 3.5mm headphone jack this time around, they did retain the same footprint for Mac Mini redesign. It still provides HDMI as the default display out port, although the additional Thunderbolt ports provide additional options via an adapter. A quick overview of the spec differences between the 2018 and 2014 base Mac Mini models have been summarized below.

Model 2018 Mac Mini 2014 Mac Mini
CPU 3.6GHz quad-core Intel Core i3 1.4GHz dual-core Intel Core i5
Storage 128GB PCIe SSD 500GB HDD
RAM 8GB DDR4 @ 2666MHz 4GB DDR3 @ 1600MHz
Graphics Intel UHD 630 Intel HD 5000
Ports Thunderbolt 3 (x4), USB 3.0 (x2) Thunderbolt 2 (x2), USB 3.0 (x4)
Card Slot N/A SDXC
WiFi 802.11a/b/g/n/ac 802.11a/b/g/n/ac
Audio 3.5mm Headphone Jack 3.5mm Headphone Jack
Video HDMI HDMI
Price from $799 from $499

Source [MacWorld]

Apple Kernel Code Vulnerability Affected All Devices

Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.

This is a buffer overflow issue in the error handling for network packets. The kernel is expecting a fixed length of those packets but doesn’t check to prevent writing past the end of the buffer. The fact Apple’s XNU kernel powers all their products is remarkable, but issues like this are a reminder of the potential downside to that approach. Thanks to responsible disclosure, a patch was pushed out in September.

Anatomy of a Buffer Overflow

Buffer overflows aren’t new, but a reminder on what exactly is going on might be in order. In low level languages like C, the software designer is responsible for managing computer memory manually. They allocate memory, tagging a certain number of bytes for a given use. A buffer overflow is when the program writes more bytes into the memory location than are allocated, writing past the intended limit into parts of memory that are likely being used for a different purpose. In short, this overflow is written into memory that can contain other data or even executable code.

With a buffer overflow vulnerability, an attacker can write whatever code they wish to that out-of-bounds memory space, then manipulate the program to jump into that newly written code. This is referred to as arbitrary code execution. [Computerphile] has a great walk-through on buffer overflows and how they lead to code execution.

This Overflow Vulnerabilty Strikes Apple’s XNU Kernel

[Kevin] took the time to explain the issue he found in further depth. The vulnerability stems from the kernel code making an assumption about incoming packets. ICMP error messages are sent automatically in response to various network events. We’re probably most familiar with the “connection refused’ message, indicating a port closed by the firewall. These ICMP packets include the IP header of the packet that triggered the error. The XNU implementation of this process makes the assumption that the incoming packet will always have a header of the correct length, and copies that header into a buffer without first checking the length. A specially crafted packet can have a longer header, and this is the data that overflows the buffer.

Because of the role ICMP plays in communicating network status, a closed firewall isn’t enough to mitigate the attack. Even when sent to a closed port, the vulnerability can still trigger. Aside from updating to a patched OS release, the only mitigation is to run the macOS firewall in what it calls “stealth mode”. This mode doesn’t respond to pings, and more importantly, silently drops packets rather than sending ICMP error responses. This mitigation isn’t possible for watchOS and iOS devices.

The good news about the vulnerability is that a packet, malformed in this way, has little chance of being passed through a router at all. An attacker must be on the same physical network in order to send the malicious packet. The most likely attack vector, then, is the public WiFi at the local coffee shop.

Come back after the break for a demonstration of this attack in action.

Continue reading “Apple Kernel Code Vulnerability Affected All Devices”

Mergers And Acquisitions: Apple Buys Most of Dialog

Apple is buying a $600 million stake in Dialog Semiconductor in a deal Dialog is describing as an asset transfer and licensing deal.

Dialog’s current portfolio is focused mainly on mobile devices, with Bluetooth wearables-on-a-chipCODEC chips for smartphones, and power management ICs for every type of portable electronics. Power managment ICs are by far the most visible component, although they do have the very interesting GreenPAK, a sort of mixed-signal FPGA-ish thing that is one of the more interesting chips to be come online in the last few years. Apple of course are a trillion dollar company that once made computers, but now receives most of its revenue through phone dongles and lightning connector converters. It is not clear at the time of this writing whether a Dialog engineer with experience in heat management will be joining Apple.

In the last week, Apple have taken some bad press about the state of their supply chain. Bloomberg reported Apple found hidden chips in Supermicro motherboards. ostensibly implanted by Chinese intelligence agencies. This story is reportedly multiply sourced, but there’s no evidence or explanation of how this supply chain hack was done. In short, infiltration of a supply chain by foreign agents could happen (and I suspect Bloomberg engineers found something in some of their hardware), but the Bloomberg piece is merely just a wake-up call telling us yes, you are vulnerable to a hardware attack.

This is further evidence of Apple’s commitment to vertical integration. Apple are making their own chips, and the A12 Bionic in the new iPhone X is an Apple-designed CPU, GPU, and ‘neural engine’ that turns your Facetime sessions into animated emojis. This chip is merely the latest in a series of SoCs developed by Apple, and adds to Apple’s portfolio of chips designed to run the Apple Watch, Apple AirPods, and system management controllers in Apple products. There’s no other electronics manufacturer that is as dedicated to vertical integration as Apple (although we’re pouring one out for Commodore), and the acquisition of Dialog will surely add to Apple’s capabilities.