firmware

153 Articles

Remote Code Execution On An Oscilloscope

July 17, 2023 by 10 Comments

There are a huge number of products available in the modern world that come with network connectivity now, when perhaps they might be better off with out it. Kitchen appliances like refrigerators are the classic example, but things like lightbulbs, toys, thermostats, and door locks can all be found with some sort of Internet connectivity. Perhaps for the worse, too, if the security of these devices isn’t taken seriously, as they can all be vectors for attacks. Even things like this Rigol oscilloscope and its companion web app can be targets.

The vulnerability for this oscilloscope starts with an analysis of the firmware, which includes the web control application. To prevent potentially bricking a real oscilloscope, this firmware was emulated using QEMU. The vulnerability exists in the part of the code which involves changing the password, where an attacker can bypass authentication by injecting commands into the password fields. In the end, the only thing that needs to be done to gain arbitrary code execution on the oscilloscope is to issue a curl command directed at the oscilloscope.

In the end, [Maunel] suggests not connecting this oscilloscope to the Internet at all. He has informed the producer about it but as of this writing there has not been a resolution. It does, however, demonstrate the vulnerabilities that can be present in network-connected devices where the developers of the software haven’t gone to the lengths required to properly secure them for use with the modern Internet. Even things not connected to a traditional Internet connection can be targets for attacks.

Inexpensive Ham Radio Gets Upgrades Thanks To A Trojan

July 6, 2023 by 21 Comments

Love them or hate them, the crop of cheap hand-held amateur radio transceivers is here to stay. They’re generally horrible radios, often smearing spurious emissions across the spectrum, but they’re cheap enough to throw in a glove box for emergencies, and they invite experimentation — for instance, modifying the firmware to add functionality the OEM didn’t think to offer.

The new hotness in this class of radios is the Quansheng UV-K5, a two-band transceiver you can pick up for about $40, and we suspect it’ll get hotter still with this firmware trojan by [Piotr (SQ9P)]. We’ve already seen a firmware hack for these radios, one that aimed at unlocking the full frequency range of the RF chip at the heart of the radio. Honestly, we’re not huge fans of these mods, which potentially interfere with other allocations across multiple bands. But [Piotr]’s hacks seem a bit more innocuous, focusing mainly on modifying the radio’s display and adding useful features, such as a calibrated received signal strength bar graph and a numerical RSSI display. The really neat new feature, though, is the spectrum display, which shows activity across a 2-MHz slice of spectrum centered on the currently set frequency. And just because he could, [Piotr] put in a game of Pong.

[Piotr]’s description of the mod as a trojan seems apt since his new programs run in parallel to the OEM firmware by wrapping its vector table. We’d imagine other mods are possible, and we’re keen to see what people come up with for these hackable little units. Just make sure you’re staying within the law, especially in the United States — the FCC does not play games (third item).

Easy Modifications For Inexpensive Radios

June 23, 2023 by 65 Comments

Over the past decade or so, amateur radio operators have benefited from an influx of inexpensive radios based around a much simpler design than what was typically commercially available, bringing the price of handheld dual-band or GMRS radios to around $20. This makes the hobby much more accessible, but they have generated some controversy as they tend to not perform as well and can generate spurious emissions and other RF interference that a higher quality radio might not create. But one major benefit besides cost is that they’re great for tinkering around, as their simplified design is excellent for modifying. This experimental firmware upgrade changes a lot about this Quansheng model.

With the obligatory warning out of the way that modifying a radio may violate various laws or regulations of some localities, it looks like this modified firmware really expands the capabilities of the radio. The chip that is the basis of the radio, the BK4819, has a frequency range of 18-660 MHz and 840-1300 MHz but not all of these frequencies will be allowed with a standard firmware in order to comply with various regulations. However, there’s typically no technical reason that a radio can’t operate on any arbitrary frequency within this range, so opening up the firmware can add a lot of functionality to a radio that might not otherwise be capable.

Some of the other capabilities this modified firmware opens up is the ability to receive in various other modes, such as FM and AM within the range of allowable frequencies. To take a more deep dive on what this firmware allows be sure to check out the original GitHub project page as well, and if you’re curious as to why these inexpensive radios often run afoul of radio purists and regulators alike, take a look at some of the problems others have had in Europe.

Hackaday Links Column Banner

Hackaday Links: May 28, 2023

May 28, 2023 by 20 Comments

The Great Automotive AM Radio War of 2023 rages on, with the news this week that Ford has capitulated, at least for now. You’ll recall that the opening salvo came when the US automaker declared that AM radio was unusable in their EV offerings thanks to interference generated by the motor controller. Rather than fixing the root problem, Ford decided to delete the AM option from their EV infotainment systems, while letting their rolling EMI generators just keep blasting out interference for everyone to enjoy. Lawmakers began rattling their sabers in response, threatening legislation to include AM radio in every vehicle as a matter of public safety. Ford saw the writing on the wall and reversed course, saying that AM is back for at least the 2024 model year, and that vehicles already delivered without it will get a fix via software update.

Continue reading “Hackaday Links: May 28, 2023”

Adding Variometer Functionality To A GPS

May 25, 2023 by 10 Comments

Flying a glider, or similarly piloting a paraglider or hang glider, can all be pathways into aviation with a lower barrier of entry than powered flight. Sacrificing one’s engine does generate a few complexities, but can be rewarding as the pilot searches for various means of increasing altitude like ridge soaring or thermaling. You’ll need a special instrument called a variometer to know just how much altitude you’re gaining though, like this one which is built into commercially-available handheld GPS units.

These GPS units are normally intended for use on terra firma only, but [Oganisyan] has figured out a clever way to add this flight instrumentation to these units to help when operating a paraglider. An ATmega328 paired with a pressure sensor is added to the inside of the GPS units and communicates with an available serial interface within the units. To complete the modification, a patched firmware must be installed which adds the variometer function to the display. This upgrade is compatible with a handful of GPS units as well such as the BikePilot2+ or Falk Tiger.

For those who already own one of these GPS units, this could be a cost-effective way of obtaining a variometer, especially since commercially-available variometers tailored for this sort of application can cost around $200 to $500. It is an activity sensitive to cost, though, as it offers a much more affordable option for taking to the skies than any powered craft could, with an exception made for this powered paraglider which offers the ability for powered take off and flight extension using electric-powered props.

Thanks to [MartinO] for the tip!

Getting The Most From Fading ThinkPads

April 21, 2023 by 40 Comments

The ThinkPad line of laptops has been widely prized not only by businesses but also by those who appreciate a high standard of hardware quality and repairability. But some think the cracks are starting to form in their reputation, as it seems that new ThinkPads are sacrificing quality for aesthetics and cost. As a result a huge modding scene has popped up around models that are a few years old like [Cal] found out when working on this X230.

At first he only made some cosmetic improvements to the laptop like replacing the worn palm rest, but quickly found himself in a rabbit hole with other upgrades like swapping out the keyboard and battery. The new keyboard is a 7-row X220 keyboard, which required modification of the connector and flashing the embedded controller with a hacked image to change the keyboard map without needing to make changes at the OS level. From there, he decided to replace the lackluster screen with a 1920×1080 matte IPS panel using an adapter board from Nitrocaster, and finished off his upgrades with a customized Coreboot BIOS for improved performance and security.

While Coreboot doesn’t remove all of the binary blobs that a bootloader like libreboot does, the latter is not compatible with more modern machines like this X230. Still, you’ll get many benefits from using Coreboot instead of the stock bootloader. For running Linux on a daily driver laptop, we appreciate all of these updates and expect that [Cal] will get plenty of years of use out of his machine. We’ve definitely seen an active modding scene for ThinkPads that were (at the time) seven years old and still going strong, so we’d expect nothing less for this one.

Stadia Controller’s Two Extra Buttons Get Seen With WebHID

February 13, 2023 by 9 Comments

The Google Stadia game streaming service relied on a proprietary controller. It was a pretty neat piece of hardware that unfortunately looked destined for landfills when Google announced that Stadia would discontinue. Thankfully it’s possible to use them as normal gamepads, and related to that, [Thomas Steiner] has a developer blog post about how to talk to the Stadia controller via WebHID. Continue reading “Stadia Controller’s Two Extra Buttons Get Seen With WebHID”