A few years ago, [Kingpin] a.k.a. [Joe Grand] (A judge for the 2014 Hackaday Prize) designed the most beautiful electronic prank ever. The BSODomizer is a simple device with a pass-through connection for a VGA display and an infrared receiver. Plug the BSODomizer into an unsuspecting coworker’s monitor, press a button on a remote, and watch Microsoft’s blue screen of death appear. It’s brilliant, devious, and actually a pretty simple device if you pick the right microcontroller.
The original BSODomizer is getting a little long in the tooth. VGA is finally dead. The Propeller chip used to generate the video only generates text, and can’t reproduce Microsoft’s fancy new graphical error screens. HDMI is the future, and FPGAs have never been more accessible. For this year’s DEF CON, [Kingpin] and [Zoz] needed something to impress an audience that is just learning how to solder. They’ve revisited the BSODomizer, and have created the greatest hardware project at this year’s DEF CON.
Continue reading “DEF CON: BSODomizing In High Definition”
[Laurent Gaffié] has discovered an exploit that affects Windows Vista, Windows 7, and possibly Windows Server 2008 (unconfirmed). This method attacks via the NEGOTIATE PROTOCOL REQUEST which is the first SMB query sent. The vulnerability is present only on Windows versions that include Server Message Block 2.0 and have the protocol enabled. A successful attack requires no local access to the machine and results in a Blue Screen of Death.
[Laurent] has a proof of concept available with his writeup in the form of a python script (please, white hat use only). There is no patch for this vulnerability but disabling the SMB protocol will protect your system until one is available.
Update: According to the Microsoft advisory this vulnerability could lead to code execution, making it a bit worse than we thought. On the bright side, they claim that the final version of Windows 7 is not open to this attack, only Windows Vista and Windows Server 2008.
[via Full Disclosure]
In case you were wondering what industrious hacker [Joe Grand] was doing when he’s not building stuff for Prototype This!, designing Defcon badges, or testifying before congress, it’s this: The BSoDomizer is a VGA pass through device that displays an image of your choice on the victim’s screen. It can do this either periodically or via an IR trigger. The image of choice is a Windows style Blue Screen of Death. It’s powered by a watch battery. The project site has all the schematics you need plus ASCII goatse imagery; you’ve been warned. Embedded below is a demo of the device. We unfortunately didn’t get to see it when it was originally presented during Defcon 16. Continue reading “BSoDomizer Blue-screens Your Enemies”