Pulling Data From HDMI RF Leakage

A long-running story in the world of electronic security has been the reconstruction of on-screen data using RF interference from monitors or televisions. From British TV detector vans half a century ago to 1980s scare stories about espionage, it was certainly easy enough to detect an analogue CRT with nothing more than an AM broadcast radio receiver. But can this still be done in the digital age? It’s something [Windytan] has looked into, as she reconstructs images using leakage from HDMI cables.

The tale starts with a mystery RF noise, soon identified as not unlike the scanning frequencies of a video signal. Plotting the noise intensities while treating the supposed scanning frequencies as video synchronization yields a shadowy version of her Raspberry Pi desktop, so she’s on to something. It’s important to note that this isn’t a video signal she’s receiving, but the noise associated with the bit transitions in an uncompressed digital video stream, so she quickly concludes that trying to resolve color would be futile.

It does however leave the tantalizing possibility of using this as a medium to wirelessly export data from a compromised machine, and it’s down this route she goes. She finally arrives on a scheme of encoding data as lines of individual colors that look like interference patterns over a desktop, and from there can send and retrieve files. It works for digital audio streams, and as shown in the video below, even an MJPEG video stream, hidden in the noise from a video signal. That’s impressive work, by any standard!

We covered those BBC detector vans in detail a while back.

Continue reading “Pulling Data From HDMI RF Leakage”

Digital Video From The Amiga’s DB23 Socket

Back in the days of 16-bit home computers, the one to have if your interests extended to graphics was the Commodore Amiga. It had high resolutions for the time in an impressive number of colours, and thanks to its unique video circuitry, it could produce genlocked broadcast-quality video. Here in 2023 though, it’s all a little analogue. What’s needed is digital video, and in that, [c0pperdragon] has our backs with the latest in a line of Amiga video hacks. This one takes the 12-bit parallel digital colour that would normally go to the Amiga’s DAC, and brings it out into the world through rarely-used pins on the 23-pin video connector.

This follows on from a previous [c0pperdragon] project in which a Raspberry Pi Zero was used to transform the digital video into HDMI. This isn’t a hack for the faint-hearted though, as it involves extensive modification of your treasured Amiga board.

It is of course perfectly possible to generate HDMI from an Amiga by using an external converter box from the analogue video output, of the type which can be bought for a few dollars from online vendors. What this type of hack gives over the cheap approach is low latency, something highly prized by gamers. We’re not sure we’re ready to start hacking apart our Amigas, but we can see the appeal for some enthusiasts.

An Open-Source HDMI Capture Card

[YuzukiHD] has provided files for anyone that wishes to build their own HDMI capture card at home. The design is known as the Yuzuki Loop Out HDMI Capture Card PRO, or YuzukiLOHCC PRO for short.

The build is based on the MS2130, a HD video and audio capture chip that’s compatible with USB 3.2 Gen 1. We’re pretty sure that’s now called USB 3.2 Gen 1×1, and that standard is capable of transfers at up to 5 Gbps. Thus, the chip can support HDMI at up to 4K resolution at 60 Hz depending on the exact signals being passed down the line. It’s compatible with YUV422 & MJPEG modes and can be used with software like OBS Studio and FFmpeg. The board itself is relatively simple. It features an HDMI In port, an HDMI Out port, and a USB-C port for hooking up to a computer for capture.

HDMI capture cards can be expensive and fussy things, so you may find it pays to roll your own. Plus, being open sourced under the CERN Open Hardware License V2 means that you can make changes to suit your own use case if you so desire.

We’ve seen some other hilarious video capture tricks over the years, such as a convoluted rig that uses a SNES to turn a Game Boy Camera into a usable webcam. If you’ve got any such madcap hacks brewing up in your lab, be sure to let us know!

HDMI Is An Attack Surface, So Here’s An HDMI Firewall

Many years of using televisions, monitors, and projectors have conditioned us into treating them as simple peripherals whose cables carry only video. A VGA cable may have an i2c interface for monitor detection, but otherwise it presents little security risk. An HDMI interface on the other hand can carry an increasing number of far more capable ports, meaning that it has made the leap from merely a signal cable to being a connector stuffed with interesting attack vectors for a miscreant. Is it time for an HDMI firewall? [King K√©vin] thinks so, because he’s made one.

It’s a surprisingly simple device, because the non-signal capabilities of HDMI rely on a set of conductors which are simply not connected. This of course also disconnects the on-board EEPROM in the device being connected, so there’s an EEPROM on the firewall board to replace it which must be programmed with the information for the device in question.

The premise of HDMI as an attack surface is a valid one, and we’re sure there will be attacks that can be performed on vulnerable displays which could potentially in turn do naughty things to anything which connects to them. The main value for most readers here probably lies though in the introduction it gives to some of what goes into an HDMI interface, and in accessing the i2c interface therein.

It comes as a surprise to realise that HDMI is nearing 20 years old, so it’s hardly surprising that its hacking has quite a history.

Repairing An HDMI Adapter Doesn’t Go So Well

[Adrian] has a lot of retrocomputers, so he uses an RGB to HDMI converter to drive modern monitors. In particular, he has a box that uses a programmable logic chip to read various RGB signals and ships them to a Raspberry Pi Zero to drive the HDMI output. Sounds great until, of course, something goes wrong.

A converter that had worked stopped working due to a bad board with the programmable logic chip on it. Unlike the retrocomputers, this board has little tiny surface mount components. A little analysis suggested that some of the chip pins were not accepting inputs.

Continue reading “Repairing An HDMI Adapter Doesn’t Go So Well”

Barely HDMI Display Gets A Steampunk-Inspired Enclosure

It’s an interesting question: What does one do for a follow-up to building the world’s worst HDMI display? Simple — stick it in a cool steampunk-inspired case and call it a day.

That seems to have been [mitxela]’s solution, and please don’t take our assessment as a knock on either the original build or this follow-up. [mitxela] himself expresses a bit of wonder at the attention garnered by his “rather stupid project,” which used the I2C interface in an HDMI interface to drive a tiny monochrome OLED screen. Low refresh rate, poor resolution — it has everything you don’t want in a display, but was still a cool hack that deserved the attention it got.

The present work, which creates an enclosure for the dodgy display, is far heavier on metalworking than anything else, as the video below reveals. The display itself goes in a small box that’s machined from brass, while the HDMI plug gets a sturdy-looking brass housing that makes the more common molded plastic plug look unforgivably flimsy — hot glue notwithstanding. Connecting the two is a flexible stalk, allowing it to plug into a computer’s HDMI port and giving the user the flexibility to position the nearly useless display where it can be seen best.

But again, we may be too harsh in our judgment; while DOOM is basically unplayable on the tiny display, “Bad Apple!!” is quite watchable, especially when accompanied by [mitxela]’s servo-controlled MIDI music box. And since when has usability been a criterion for judging a hack’s coolness, anyway?

Continue reading “Barely HDMI Display Gets A Steampunk-Inspired Enclosure”

An 128x64 OLED display with a weird image on it, showing a mouse cursor, date and time in the bottom right corner, and a whole lot of presumably dithered dots

Making Your Own Technically-HDMI OLED Monitor

One day, [mitxela] got bored and decided to build his own HDMI monitor – the unconventional way. HDMI has a few high-speed differential pairs, but it also has an I2C interface used for detecting the monitor’s resolution and issuing commands like brightness control. In fact, I2C is the backbone for a lot of side channels like these – it’s also one of our preferred interfaces for connecting to cool sensors, and in this case, an OLED display!

[mitxela] describes his journey from start to end, with all the pitfalls and detours. Going through the pinout with a broken hence sacrificial HDMI cable in hand, he figured out how to probe the I2C lines with Linux command-line tools and used those to verify that the display was recognized on the HDMI-exposed I2C bus. Then, he turned to Python and wrote a short library for the display using the smbus bindings – and, after stumbling upon an FPS limitation caused by SMBus standard restrictions, rewrote his code to directly talk to the I2C device node, raising FPS from 2 to 5-10.

From there, question arose – what’s the best software route to take? He tried making a custom X modeline on the HDMI port the display was technically attached to, but that didn’t work out. In the end, he successfully employed the Linux capability called “virtual monitors”, and found out about an interesting peculiarity – there was no mouse cursor to be seen. Turns out, they’re typically hardware-accelerated and overlaid by our GPUs, but in [mitxela]’s case, the GPU was not involved, so he added cursor support to the picture forwarding code, too.

With partial refresh, the display could be redrawn even faster, but that’s where [mitxela] decided he’s reached a satisfactory conclusion to this journey. The write-up is a great read, and if videos are more your forte, he also made a video about it all – embedded below.

We first covered the ability to get I2C from display ports 14 years ago, and every now and then, this fun under-explored opportunity has been popping up in hackers’ projects. We’ve even seen ready-to-go breakouts for getting I2C out of VGA ports quickly. And if you go a bit further, with your I2C hacking skills, you can even strip HDCP!

We thank [sellicott] and [leo60228] for sharing this with us!

Continue reading “Making Your Own Technically-HDMI OLED Monitor”