This Week In Security: Morse Code Malware, Literal And Figurative Watering Holes, And More

February 12, 2021 by Jonathan Bennett 6 Comments

Code obfuscation has been around for a long time. The obfuscated C contest first ran way back in 1984, but there are examples of natural language obfuscation from way earlier in history. Namely Cockney rhyming slang, like saying “Lady from Bristol” instead of “pistol” or “lump of lead” instead of “head”. It’s speculated that Cockney was originally used to allow the criminal class to have conversations without tipping off police.

Code obfuscation in malware serves a similar purpose — hiding from security devices and applications. There are known code snippets and blacklisted IP addresses that anti-malware software scans for. If that known bad code can be successfully obfuscated, it can avoid detection. This is a bit of a constant game of cat-and-mouse, as the deobfuscation code itself eventually makes the blacklist. This leads to new obfuscation techniques, sometimes quite off the wall. Well this week, I found a humdinger of an oddball approach. Morse Code.

Yep, dots and dashes. The whole attack goes like this. You receive an email, claiming to be an invoice. It’s a .xlsx.hTML file. If you don’t notice the odd file extension, and actually let it open, you’re treated to a web page. The source of that page is a very minimal JS script that consists of a morse code decoder, and a payload encoded in Morse. In this case, the payload is simply a pair of external scripts that ask for an Office 365 login. The novel aspect of this is definitely the Morse Code. Yes, our own [Danie] covered this earlier this week, but it was too good not to mention here. Continue reading “This Week In Security: Morse Code Malware, Literal And Figurative Watering Holes, And More” →

Ethernet Goes To The Ether

November 9, 2020 by Al Williams 14 Comments

Since the ether is an old term for the fictitious space where radio waves propagate, we always thought it was strange that the term ethernet refers to wired communication. Sure, there are wireless devices, but that’s not really ethernet. [Jacek] had the same thought, but decided to do something about it.

What he did is use two different techniques to alter the electromagnetic emission from an ethernet adapter on a Raspberry Pi. The different conditions send Morse code that you can receive at 125 MHz with a suitable receiver.

Practical? Hardly, unless you are looking to exfiltrate data from an air-gapped machine, perhaps. But it does have a certain cool factor. The first method switches the adapter between 10 Mbps and 100 Mbps. The second technique uses a stream of data to accomplish the modulation. The switching method had a range of around 100 meters while the data-based method topped out at about 30 meters. The code is on GitHub if you want to replicate the experiment.

There is plenty of precedent for this sort of thing. In 1976 Dr. Dobb’s Journal published an article about playing music on an Altair 8800 by running code while an AM radio was nearby. We’ve seen VGA adapters forced to transmit data, too.

Continue reading “Ethernet Goes To The Ether” →

Bluepill Copies Code So You Don’t Have To

July 17, 2020 by Al Williams 5 Comments

You really should learn to read Morse code. But if you can’t — or even if you can, and just want a break — you can always get a computer to do it. For example, [jmharvey1] has a decoder that runs on a cheap Bluepill dev board.

The device uses a touchscreen and a few common components. The whole thing cost about $16. You can see it at work along with a description of the project in the video below.

Continue reading “Bluepill Copies Code So You Don’t Have To” →

Speech To Morse Code, Courtesy Of Google

July 16, 2020 by Tom Nardi 16 Comments

Google has been responsible for unleashing some pretty incredible hardware and software on the world, but they can only take partial credit for the voice to Morse code gadget that [WhiskeyTangoHotel] recently completed.

With the Google AIY Voice Bonnet, [WhiskeyTangoHotel] had everything he needed to pick up on human speech and turn that into text the Raspberry Pi can parse and act on. Usually this would get passed to some kind of virtual assistant software, but in this case, a Python script breaks the speech down into individual characters and looks up their Morse representations. All those “dits” and “dahs” are then sent to one of the Pi’s GPIO pins, to which a relay has been connected.

At this point, you’ve got an interesting little toy that can sit on your desk and turn your speech into audible Morse code as the relay clicks and clacks its way through the message. In fact, if you don’t have a ham radio license, this is probably where you should stop. But if you’ve done the appropriate paperwork to transmit over the air, the relay can be connected to a radio to actually transmit messages.

If you think giving Google access to the content of your Morse code messages is a step too far, you’ll just have to learn it yourself. It might not be necessary to get your amateur license anymore, but that doesn’t mean it’s not worth knowing.

Continue reading “Speech To Morse Code, Courtesy Of Google” →

Loading Coils, The Heaviside Condition, And Pupin Coils

June 19, 2020 by Al Williams 27 Comments

When we draw schematics, we have the luxury of pretending that wire is free. There are only a few cases where you have to account for the electrical characteristics of wire: when the wire is very long or the frequency on the wire is relatively high.

This became apparent after the first transatlantic cable went into service for telegraph communications. Even though the wire was linear, there was still distortion on the line so severe that dots and dashes would overlap each other. The temporary solution was to limit speeds so slow that operators had trouble sending and receiving at those speeds. How slow? An average character took two minutes to send! That’s not a typo. Two minutes per character. By custom, Morse code assumes a word is five characters, so you could send a word every 10 minutes.

The first transatlantic cable went into service in 1858 and was virtually the moon landing of its day. Frustrated with how slow the communications were, an electrician by the name of Whitehouse decided to crank up the voltage to over 1,000 volts which caused the cable to fail after only three weeks in service. Whoops. Later analysis showed the cable was probably going to fail quickly anyway, but Whitehouse took the public blame.

The wire back then wasn’t as good as what we have today, which led to some of the problems. The insulation was made from multiple coats of a natural latex, gutta percha, which is what dentists use to fill root canals. The jackets were made from tarred hemp and bound with iron wire. There was no way to build an underwater amplifier in 1858, so the cables were just tremendous wires laying on the ocean floor between Newfoundland and Ireland.

Continue reading “Loading Coils, The Heaviside Condition, And Pupin Coils” →

Clear Some Space And Build A Cosmo Clock

May 10, 2020 by Kristina Panos 4 Comments

Like many of us, [Artistikk] is inspired by astronauts and space travel in general. To keep the inspiration coming, he made the Cosmo Clock — a sleek little clock that changes color whenever an astronaut is launched into space.

As awesome as space is, we’re inspired by the amount of Earth-saving reuse going on in this project. The actual time-telling is coming from a recycled wristwatch movement. [Artistikk] cut a bigger set of hands for it out of a plastic container, and used the lid from another container for the clock’s body.

The launch inquiries are handled by an ESP8266, which uses a Blynk app and some IFTTT magic to get notified whenever NASA yeets an astronaut into space. Then the ESP generates random RGB values and sends them to a single RGB LED. The clock body is small enough that a single LED is bright enough to light up all the parts that aren’t blacked out with thick paper. In case you’re wondering, the pattern around the edge isn’t random, it’s Morse code for ‘sky’, but you probably already knew that, right? Make a dash past the break to take the tour.

Clocks that wind up in space are much more complicated. Check out this tear-down of the clock from a late-90s Soyuz spacecraft.

Continue reading “Clear Some Space And Build A Cosmo Clock” →

Typing By Slamming Your Laptop Closed. Repeatedly

April 4, 2020 by Danie Conradie 26 Comments

Do you sometimes feel that your custom mechanical keyboard is not quite loud enough to proclaim your superior hacking powers? Or do you need a more forceful way shout in all caps at someone who is wrong on the internet? For all this and more, [Jesse Li] has got you covered, with a set of bash scripts that allows you to type by slamming your laptop closed repeatedly, using Morse code.

Not the fastest way to type, but definitely the most forceful

The scripts are quite simple, and work receiving the lid open/close events from ACPI (Advanced Configuration and Power Interface), recording the open and close timestamp and converting the timing to dots and dashes. After slamming to the required rhythm, you keep the lid open to see the character appear.

Why would want this? Well, you can now type the letter E by closing your laptop, instead of locking it. Maybe use it to send an emergency message while you’re being held by terrorists in a B-grade action movie. Otherwise, we think this is just an entertaining little hack that’s probably the product of quarantine induced boredom.

Morse code, otherwise known as CW, is still in surprisingly widespread use by ham radio operators, because it’s good at getting messages across intercontinental distances when signal conditions are bad and CW-only ham radio gear is cheap and easy to build yourself. We’ve also covered the Koch Method of learning CW, so don’t be afraid to dabble a bit during the quarantine.