An RGB laser projector opened up on a workbench

Laser Projector Needs Hardware Hack After Software Mod

You probably recognize that dreadful feeling when you reboot a gadget after updating its firmware, only to be greeted by a blank screen and an unresponsive device. This apparently happened to the previous owner of a bricked RGB laser projector that [Buy It Fix It] got his hands on: it briefly flashed its laser on power-up but otherwise remained completely dead.

A thorough inspection of the major components didn’t reveal any physical damage, so the issue had to be in software. [Buy It Fix It] managed to connect his Segger J-link programmer to the STM32 main processor and downloaded the contents of its firmware, only to find the remains of a PDF file which seemed to have been accidentally flashed into the chip’s program space. Fixing the device should then just be a matter of restoring the proper firmware, but [Buy It Fix It] wasn’t able to find a copy of it anywhere.

A PCB with a few mod wires on itWhat he did find was Maximus64’s GitHub repository that contained a software mod for a different projector model, as well as its original firmware. Flashing that version didn’t fix [Buy It Fix It]’s projector either, although it did now start to actuate its galvos.

A bit of reverse engineering revealed that the two projectors were very similar from a hardware point of view, but had their laser drivers hooked up to different I/O pins: simply cutting the board traces and soldering some wires to re-route the signals was enough to bring the projector back into a working state.

Having to modify hardware in order to make it fit a piece of software is unfortunate, but sometimes you just have to make do with what you’ve got. If you’ve got no firmware to begin with, then you might even have to write your own from scratch.

Continue reading “Laser Projector Needs Hardware Hack After Software Mod”

Telnet Gets Stubborn Sony Camera Under Control

According to [Venn Stone], technical producer over at LinuxGameCast, the Sony a5000 is still a solid option for those looking to shoot 1080p video despite being released back in 2014. But while the camera is lightweight and affordable, it does have some annoying quirks — namely an overlay on the HDMI output (as seen in the image above) that can’t be turned off using the camera’s normal configuration menu. But as it so happens, using some open source tools and the venerable telnet, you can actually log into the camera’s operating system and fiddle with its settings directly.

As explained in the write-up, the first step is to install Sony-PMCA-RE, a cross-platform suite of tools developed for reverse engineering and modifying Sony cameras. With the camera connected via USB, this will allow you to install a program on the camera called Open Memories Tweak. This unlocks some developer options on the camera, such as spawning a telnet server on its WiFi interface.

With the a5000 connected to your wireless network, you point your telnet client to its IP address and will be greeted by a BusyBox interface that should be familiar to anyone who’s played with embedded Linux gadgets. The final step is to invoke the proper command, bk.elf w 0x01070a47 00, which sets the specific address of the camera’s configuration file to zero. This permanently disables the HDMI overlay, though it can be reversed by running the command again and setting the byte back to 01.

As you might expect, the Sony-PMCA-RE package is capable of quite a bit more than just unlocking a telnet server. While it might not be as powerful as a firmware modification such as Magic Lantern for Canon’s hardware, those looking for a hackable camera that won’t break the bank might want to check out the project’s documentation to see what else is possible.

Continue reading “Telnet Gets Stubborn Sony Camera Under Control”

BadPower Vulnerability In Fast Chargers Might Make Phones Halt And Catch Fire

A few days ago, Chinese researchers from technology giant Tencent released a paper outlining a firmware vulnerability in several types of fast charger power bricks (translated). The attack is known as BadPower, and it works by altering the default parameters in the firmware of fast chargers to deliver more power to devices than they can handle, which can cause them to overheat, melt, or catch fire.

The ancient and basic USB charging spec provides 0.5 A at 5 V, which is equal to 2.5 W. In theory, that’s all you’ll ever get from those types of chargers. But the newer generation of chargers are different. When you plug your phone into a fast charger, it negotiates a voltage and charging speed with your phone before passing it any power.

Fast chargers can push power at 20 V or more to speed up the charging process, depending on the charger and connected device. If the phone doesn’t do fast charging, it will default to the 5 V standard. Researchers claim the BadPower attack is capable of harming devices whether or not they include a fast charging feature. When a capable device is connected, the charger will still negotiate for 5V, but instead give 20V and wreak havoc.

In the demo after the break, one of the team uses a malicious device disguised as a phone to push the BadPower firmware change to a fast charger that’s hooked up to a voltmeter. Before the attack, the charger gives 5V. After the attack, it gives 5V for a few seconds before jumping up near 20V. Then they connect the now-dirty charger to two identical illuminated magnifying glasses. In one the chip lets the smoke monster out rather violently, and the chips of the other emit sparks.

The researchers tested 35 of the 200+ fast charging bricks currently on the market and found that 18 of them were vulnerable to BadPower, including 11 that can be exploited through the charging port itself. They believe the issue is fixable with a firmware update.

What is not available is enough information to verify this research, or a list of brands/models that are vulnerable. Researchers say the findings were submitted to the China National Vulnerability Database (CNVD) on March 27th, so the absence of this information may be a product of manufacturers needing more time to patch the vulnerability.

What do you think? We say halfway decent chargers shouldn’t be open to firmware attacks from the devices they are charging. And any halfway decent phone should have built-in electrical protection, right?

Continue reading “BadPower Vulnerability In Fast Chargers Might Make Phones Halt And Catch Fire”

Supercon Badge Hardware Hacking: Here’s What To Bring

Hackaday Superconference is just a week away (precious few tickets remain), a celebration of all things Hackaday, which naturally includes creative projects making the most of their hardware. Every attendee gets a platform for hacking in the form of the conference badge.

To make the most of your badge hacking fun, plan ahead so you will have the extra components and the tools you need. At the most basic, bring along a serial to USB cable and a PIC programmer. These are common and if you don’t own them, ask around and you will likely be able to borrow them. Now is also the time to put in a parts order for any components you want to use but don’t have on hand!

The badge is hackable without any extras, but it’s designed for adding hardware and hacking the firmware. We’re excited to see what you can do with it. We gave an overview of this retro themed pocket computer a few days ago, today we’re inviting you to exploit its potential for your hardware hacks.

Continue reading “Supercon Badge Hardware Hacking: Here’s What To Bring”

Car Security Experts Dump All Their Research And Vulnerabilities Online

[Charlie Miller] and [Chris Valasek] Have just released all their research including (but not limited to) how they hacked a Jeep Cherokee after the newest firmware updates which were rolled out in response to their Hacking of a Cherokee in 2015.

FCA, the Corp that owns Jeep had to recall 1.5 million Cherokee’s to deal with the 2015 hack, issuing them all a patch. However the patch wasn’t all that great it actually gave [Charlie] and [Chris] even more control of the car than they had in the first place once exploited. The papers they have released are a goldmine for anyone interesting in hacking or even just messing around with cars via the CAN bus. It goes on to chronicle multiple hacks, from changing the speedometer to remotely controlling a car through CAN message injection. And this release isn’t limited to Jeep. The research covers a massive amount of topics on a number of different cars and models so if you want to do play around with your car this is the car hacking bible you have been waiting for.

Jeep are not too happy about the whole situation. The dump includes a lot of background for vehicles by multiple manufactureres. But the 2015 hack was prominent and has step by step instructions. Their statement on the matter is below.

Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.

We anticipate seeing an increasing number of security related releases and buzz as summer approaches. It is, after all, Network Security Theatre season.

PSP Firmware 5.00 Hacked

We remember the halcyon days of firmware 1.00 for the PSP. It was wide open to run any code you wanted. Once the handheld game console was released outside Japan, Sony locked it down and began an arms race to prevent any sort of homebrew usage of the device. Nearly four years later and we’re at firmware 5.00. The hackers are on top of their game though. It’s only been a couple days since the official release and a custom firmware has already been published. Sony has traditionally supported development on their home consoles and we hope they’ll take that approach on their next portable instead of this stupid back and forth.

[via Gizmodo]