hack

119 Articles

Hack On Self: Headphone Friend

December 4, 2024 by 3 Comments

In the last two articles, I talked about two systems relying on audio notifications. The first one is the Alt-Tab annihilator system – a system making use of my window monitoring code to angrily beep at me when I’m getting distracted. The other is the crash prevention system – a small script that helps me avoid an annoying failure mode where I run out of energy before getting myself comfortable for it.

I’ve been appreciating these two systems quite a bit – not only are they at my fingertips, they’re also pretty effective. To this day, I currently use these two systems to help me stay focused as I hack on my own projects or write articles, and they are definitely a mainstay in my self-hacking arsenal.

There is a particular thing I’ve noticed – audio notifications help a fair bit in a way that phone or desktop notifications never would, and, now I have a framework to produce them – in a way that calls for a purpose-tailored device. It’s just wireless headphones, Pi-powered, connected through WiFi, and a library to produce sounds on my computer, but it turns out I can squeeze out a lot out of this simple combination.

Here’s a pocketable device I’ve developed, using off-the-shelf hardware – an audio receiver/transmitter with extra IO, paired to my laptop. And, here’s how I make use of this device’s capabilities to the fullest.

Audio Output

In the “producing sound out of a Pi” article, I’ve mentioned USB-C 3.5mm soundcards. You can use them with a USB-C host port, and you don’t even need any sort of resistors for that – the soundcard doesn’t try and detect state of the CC pin, and why would it, anyway? Get VBUS, GND, D+, and D-, and you got yourself an audio card with high quality output.

Continue reading “Hack On Self: Headphone Friend”

USB-C For Hackers: Reusing Cables

November 21, 2024 by 82 Comments

Your project needs a cable, and since USB-C cables are omnipresent now, it’s only natural to want to reuse them for your evil schemes. Ever seen USB 3.0 cables used for PCIe link carrying duty? It’s because USB 3.0 cables are built to a reasonably high standard, both sockets and cables are easy to find, and they’re cheap. Well, USB-C cables beat USB 3.0 cables by all possible metrics.

Let’s go through USB-C cable reuse in great detail, and see just what exactly you get when you buy either a gas station C-C USB 2.0 cable, or, the fanciest all-features-supported 240 W Thunderbolt cable that money can buy. Looking for a cable to cut, or something to pass a seriously high-speed link? You’re reading the right article.

The Omnipresent Cables

USB-A to USB-C cables are the least interesting. They’re equivalent to a microUSB to USB-A cable, except there’s a resistor on the USB-C plug, connected from VBUS to one of the CC pins. That’s it. The cable contains four conductors, there’s really not much new. Save these cables for all the devices still built without the 5.1 kΩ resistors.

Now, a USB-C to USB-C cable – let’s say, 60 W max, the default USB-C cable capability. If your cable says anything less than 60 W, say, “2 A” or “15 W”, that’s a lie – it can handle 60 W no problem, all USB-C to C cables can do 60 W. This cable is also cool – for one, it has five conductors; GND, VBUS, D+, D-, and CC. Two of them (GND and VBUS) are guaranteed to be thick enough to carry 3 A without much voltage drop if any, too!

Continue reading “USB-C For Hackers: Reusing Cables”

MOTU Audio Interface Resurrected After Some Reverse Engineering

October 18, 2024 by 8 Comments

These days, when something electronic breaks, most folks just throw it away and get a new one. But as hackers, we prefer to find out what the actual problem is and fix it. [Bonsembiante] took that very tack when a MOTU brand audio interface wasn’t booting. As it turns out, a bit of investigative work led to a simple and viable fix.

The previous owner had tried to get the unit fixed multiple times without success. When it ended up on [Bonsembiante]’s bench, reverse engineering was the order of the day. Based around an embedded Linux system, there was lots to poke and prod at inside, it’s just that… the system wasn’t booting, wasn’t showing up over USB or Ethernet, or doing much of anything at all.

Extracting the firmware only revealed that the firmware was actually valid, so that was a dead end. However, after some work following the boot process along in Ghidra, with some external help, the problem was revealed. Something was causing the valid firmware to fail the bootloader’s checks—and with that fixed, the unit booted. You’ll have to read the article to get the full juicy story—it’s worth it!

We’ve seen [Bonsembiante’s] work here before, when they turned an old ADSL router into a functioning guitar pedal. Video after the break.

Continue reading “MOTU Audio Interface Resurrected After Some Reverse Engineering”

The Internet Archive Has Been Hacked

October 10, 2024 by 33 Comments

There are a great many organizations out there, all with their own intentions—some selfish, some selfless, some that land somewhere in between. Most would put the Internet Archive in the category of the library—with its aim of preserving and providing knowledge for the aid of all who might call on it. Sadly, as [theresnotime] reports, it appears this grand institution has been hacked.

On Wednesday, users visiting the Internet Archive were greeted with a foreboding popup that stated the following:

Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!

The quote appears to refer to Have I Been Pwned (HIBP), a site that collates details of security breaches so individuals can check if their details have been compromised.

According to founder Brewster Kahle, the site was apparently DDOS’d, with the site defaced via a JavaScript library. It’s believed this may have been a polyfill supply chain attack. As for the meat of the hack, it appears the individuals involved made off with usernames, emails, and encrypted and salted passwords. Meanwhile, as Wired reports, it appears Have I Been Pwned first received the stolen data of 31 million users on September 30.

At the time of writing, it appears the Internet Archive has restored the website to some degree of normal operation. It’s sad to see one of the Internet’s most useful and humble institutions fall victim to a hack like this one. As is always the way, no connected machine is ever truly safe, no matter how much we might hope that’s not the case.

[Thanks to Sammy for the tip!]

Llama.ttf Is AI, In A Font

June 26, 2024 by 6 Comments

It’s a great joke, and like all great jokes it makes you think. [Søren Fuglede Jørgensen] managed to cram a 15 M parameter large language model into a completely valid TrueType font: llama.ttf. Being an LLM-in-a-font means that it’ll do its magic across applications – in your photo editor as well as in your text editor.

What magic, we hear you ask? Say you have some text, written in some non-AI-enabled font. Highlight that, and swap over to llama.ttf. The first thing it does is to change all “o” characters to “ø”s, just like [Søren]’s parents did with his name. But the real magic comes when you type a length of exclamation points. In any normal font, they’re just exclamation points, but llama.ttf replaces them with the output of the TinyStories LLM, run locally in the font. Switching back to another font reveals them to be exclamation points after all. Bønkers!

This is all made possible by the HarfBuzz font extensions library. In the name of making custom ligatures and other text shaping possible, HarfBuzz allows fonts to contain Web Assembly code and runs it in a virtual machine at rendering time. This gives font designers the flexibility to render various Unicode combinations as unique glyphs, which is useful for languages like Persian. But it can just as well turn all “o”s into “ø”s or run all exclamation points through an LLM.

Something screams mischief about running arbitrary WASM while you type, but we remind you that since PostScript, font rendering engines have been able to run code in order to help with the formatting problem. This ability was inherited by PDF, and has kept malicious PDFs in the top-10 infiltration vectors for the last fifteen years. [Citation needed.] So if you can model a CPU in PDF, why not an LLM in TTF? Or a Pokemon clone in an OpenType font?

We don’t think [Søren] was making a security point here, we think he was just having fun. You can see how much fun in his video demo embedded below.

Continue reading “Llama.ttf Is AI, In A Font”

Displays We Like Hacking: HDMI

June 5, 2024 by 27 Comments

I don’t like HDMI. Despite it being a pretty popular interface, I find crucial parts of it to be alien to what hackers stand for. The way I see it, it manages to be proprietary while bringing a lot of the old cruft in. It doesn’t have a native alternative like DisplayPort, so portable implementations tend to suffer power-wise; the connector situation is interesting, and the HDMI Foundation has been doing some weird stuff; in particular, they are pretty hostile to open-source technology.

This article is not the place for such feelings, however, especially since I’ve expressed them enough in the DisplayPort article. We the hackers deserve to be able to handle the interfaces we stumble upon, and I firmly believe in that way more than in my right to animosity towards HDMI.

The HDMI interface is seriously prominent wherever you look, in part because it’s the interface created by the multimedia-involved companies for the multimedia-involved companies. Over the years we’ve had it, it’s been more than sufficient for basically everything we do video-wise, save for the highest resolutions.

It’s also reasonably simple to wire up, hack on, and even bitbang. Let’s go through what makes it tick.

The Core

HDMI is, at its core, three differential pairs for data, plus one pair to clock them and in the darkness bind them. It’s a digital interface, though it is a fun one. This makes it way more suitable for higher-distance video transmissions than interfaces like VGA, and as long as you stick to relatively low resolutions, HDMI won’t have as many asks in terms of PCB layout as DisplayPort might, thanks to HDMI link speeds scaling proportionally with the display resolution.

Continue reading “Displays We Like Hacking: HDMI”

apple airtag being opened to remove the sounder

Apple AirTag: Antitheft Or Antistalking?

February 24, 2024 by 37 Comments

Occasionally, the extra features added to a product can negate some of the reasons you wanted to buy the thing in the first place. Take, for example, Apple’s AirTag — billed as an affordable way to link your physical stuff to your phone. If some light-fingered ne’er-do-well wanders by and half-inches your gear, you get notified. The thing is, the AirTag also has an anti-stalking measure, which after a while, notifies nearby iPhones, should the tag move but not be near your iPhone!

In a recent video, [David Manning] explains that this feature is great for preventing the device from being used to track people. But it also means that if said thief happens to own an iPhone, they will be notified of the nearby tag, and can find it and disable it. So in the end, it’s a bit less useful as an anti-theft measure!

The solution is to pop the back off the tag and yank out the little sounder module from the rear plastic. You lose the ability to locate the tag audibly, but you gain a little more chance of returning your stolen goods. Apple could easily remove this feature with a firmware update, but it’s a matter of picking your poison: antistalking or antitheft?

Continue reading “Apple AirTag: Antitheft Or Antistalking?”