binary

59 Articles

Remote Code Execution On An Oscilloscope

July 17, 2023 by 10 Comments

There are a huge number of products available in the modern world that come with network connectivity now, when perhaps they might be better off with out it. Kitchen appliances like refrigerators are the classic example, but things like lightbulbs, toys, thermostats, and door locks can all be found with some sort of Internet connectivity. Perhaps for the worse, too, if the security of these devices isn’t taken seriously, as they can all be vectors for attacks. Even things like this Rigol oscilloscope and its companion web app can be targets.

The vulnerability for this oscilloscope starts with an analysis of the firmware, which includes the web control application. To prevent potentially bricking a real oscilloscope, this firmware was emulated using QEMU. The vulnerability exists in the part of the code which involves changing the password, where an attacker can bypass authentication by injecting commands into the password fields. In the end, the only thing that needs to be done to gain arbitrary code execution on the oscilloscope is to issue a curl command directed at the oscilloscope.

In the end, [Maunel] suggests not connecting this oscilloscope to the Internet at all. He has informed the producer about it but as of this writing there has not been a resolution. It does, however, demonstrate the vulnerabilities that can be present in network-connected devices where the developers of the software haven’t gone to the lengths required to properly secure them for use with the modern Internet. Even things not connected to a traditional Internet connection can be targets for attacks.

Watch A Web Page Fetch Itself Over TLS, Complete With Commentary

May 21, 2023 by 12 Comments

TLS, byte by byte performs an unusual and interesting function: it fetches itself over HTTPS, and provides a complete annotation of what’s going on in the process, one byte at a time. Visit the site and give the button a click to watch it happen, it’s neat!

Transport Layer Security (TLS) is what’s responsible for encrypting traffic over the internet, and it’s normally implemented on top of TCP to encrypt an application-layer protocol like HTTP (resulting in HTTPS and the little padlock icon in browsers indicating a connection with a web site is encrypted.) Back in the day, traffic over the internet was commonly unencrypted, but nowadays no communication or hardware is too humble for encryption and methods are easily accessible.

So for what purpose would someone actually need or use such an implementation of TLS? Well, probably no one actually needs it. But it is a userspace TLS implementation in javascript that may fit a niche for someone, and it certainly provides beautifully-indented and annotated binary data in the process. Sound up your alley? The GitHub repository for the project has all the details, so give it a look.

Here’s How To Build A Tiny Compiler From Scratch

May 21, 2023 by 27 Comments

Believe it or not, building a tiny compiler from scratch can be as fun as it is accessible. [James Smith] demonstrates by making a tiny compiler for an extremely simple programming language, and showing off a hello world.

Here’s what happens with a compiler: human-written code gets compiled into low-level machine code, creating a natively-executable result for a particular processor. [James]’ compiler — created from scratch — makes native x64 Linux ELF binary executables with no dependencies, an experience [James] found both educational and enjoyable. The GitHub repository linked below has everything one needs, but [James] also wrote a book, From Source Code to Machine Code, which he offers for sale to anyone who wants to step through the nitty-gritty.

The (very tiny) compiler is on GitHub as The Pretty Laughable Programming Language. It’s tiny, the only data types are integers and pointers, and all it can do is make Linux syscalls — but it’s sufficient to make a program with. Here’s what the code for “Hello world!” looks like before being fed into the compiler:

; the write() syscall:
; ssize_t write(int fd, const void *buf, size_t count);
(syscall 1 1 "Hello world!\n" 13)
0

Working at such a low level can be rewarding, but back in the day the first computers actually relied on humans to be compilers. Operators would work with pencil and paper to convert programs into machine code, and you can get a taste of that with a project that re-creates what it was like to program a computer using just a few buttons as inputs.

Hackaday Links Column Banner

Hackaday Links: April 30, 2023

April 30, 2023 by 17 Comments

Cloudy with a chance of concrete? The “success” of last week’s brief but eventful Starship launch has apparently raised some regulatory eyebrows, with the Federal Aviation Administration launching an investigation into the destruction wrought by the mighty rocket. And it’s not just the hapless Dodge Caravan that they’re concerned with — although we found some fantastic POV footage that shows the kill shot as well as close-ups of the results — but also the damage rained down upon residents around the Boca Chica launch complex. Tons of concrete and rebar were excavated by the 33 Raptor engines during the launch and sent in all directions, reportedly landing up to 6 miles (10 kilometers) from the pad. What’s worse, a lot of debris ended up on beaches that are home to endangered species, which has the Sierra Club also taking an interest. The FAA has apparently nixed any launches from the Texas facility until they complete their investigation.

Continue reading “Hackaday Links: April 30, 2023”

Fail Of The Week: Epic 312 Weeks Of Fixing A Broken Project

February 17, 2023 by 7 Comments

If a hacker guardian angel exists, then we’re sure he or she was definitely AWOL for six long years from [Aaron Eiche]’s life as he worked on perfecting and making his Christmas Countdown clock. [Aaron] started this binary clock project in 2016, and only managed to make it work as expected in 2022 after a string of failures.

In case you’d like to check out his completed project first, then cut the chase and head over to his Github repository for his final, working version. The hardware is pretty straightforward, and not different from many similar projects that we’ve seen before. A microcontroller drives a set of LED’s to show the time remaining until Christmas Day in binary format. The LEDs show the number of days, hours, minutes and seconds until Christmas and it uses two buttons for adjustments and modes. An RTC section wasn’t included in the first version, but it appeared and disappeared along the six year journey, before finding a spot in the final version.

The value of this project doesn’t lie in the final version, but rather in the lessons other hackers, specially those still in the shallow end of the pool, can learn from [Aaron]’s mistakes. Thankfully, the clock ornament is not very expensive to build, so [Aaron] could persevere in improving it despite his annual facepalm moments.

Continue reading “Fail Of The Week: Epic 312 Weeks Of Fixing A Broken Project”

Binary Watch Rocks A Bare PCB With Pride

January 26, 2023 by 18 Comments

Most of us learn to read digital clocks first, which display the time in obvious numbers. Analog clocks are often learned later, with the hands taking our young brains a little longer to figure out. Once you’ve grown into a 1337h4XX0r, though, you’re ready to learn how to read a binary watch. Then you can build your own, just like [taifur] did.

The watch rocks a simplistic, bare bones design with the PCB acting as the body of the device itself. It’s not great for water resistance, or even incidental contact, but it’s a sharp look with the golden traces on display. The heart of the operation is a ATmega328P, as seen in the popular Arduino Uno, and it’s paired with a DS3231M real-time clock module to keep accurate time. 13 SMD LEDs are charged with displaying the time in binary format, with [taifur] choosing to spec a classic red color for the build. The watch is powered via a CR2032 coin cell, which you’re best advised not to swallow. So far, [taifur] has found the watch will last for over a month before the battery is tapped out.

It’s a fun build, and one that looks good when paired with a classic NATO watch strap in green. If, however, you desire a watch that definitely won’t last a month on a single coin cell, you can always build a Nixie watch instead. Video after the break.

Continue reading “Binary Watch Rocks A Bare PCB With Pride”

Simple Binary Watch Uses A PCB Body

July 21, 2022 by 3 Comments

There are many ways to tell the time, from using analog dials to 7-segment displays. Hackers tend to enjoy binary watches, if only for their association with the digital machines that seem to make the world turn these days. [Vishal Soni] decided to build one of their own.

It’s a straightforward design, that uses six bits to show the time. A red light is illuminated at the top of the watch to indicate the watch is showing minutes, and these are displayed in binary on the six blue LEDs below. Then, the watch indicates it is showing hours, and again uses the six blue LEDs to show the relevant number. Continue reading “Simple Binary Watch Uses A PCB Body”