USB HID And Run Exposes Yet Another BadUSB Surface

April 4, 2024 by Arya Voronova 19 Comments

You might think you understand the concept of BadUSB attacks and know how to defend it, because all you’ve seen is opening a terminal window. Turns out there’s still more attack surface to cover, as [piraija] tells us in their USB-HID-and-run publication. If your system doesn’t do scrupulous HID device filtering, you might just be vulnerable to a kind of BadUSB attack you haven’t seen yet, rumoured to have been the pathway a few ATMs got hacked – simply closing the usual BadUSB routes won’t do.

The culprit is the Consumer Control specification – an obscure part of HID standard that defines media buttons, specifically, the “launch browser” and “open calculator” kinds of buttons you see on some keyboards, that operating systems, surprisingly, tend to support. If the underlying OS you’re using for kiosk purposes isn’t configured to ignore these buttons, they provide any attacker with unexpected pathways to bypass your kiosk environment, and it works astonishingly well.

[piraija] tells us that this attack provides us with plenty of opportunities, having tested it on a number of devices in the wild. For your own tests, the writeup has Arduino example code you can upload onto any USB-enabled microcontroller, and for better equipped hackers out there, we’re even getting a Flipper Zero application you can employ instead. While we’ve seen some doubts that USB devices can be a proper attack vector, modern operating systems are more complex and bloated than even meets the eye, often for hardly any reason – for example, if you’re on Windows 10 or 11, press Ctrl+Shift+Alt+Win+L and behold. And, of course, you can make a hostile USB implant small enough that you can build them into a charger or a USB-C dock.

USB image: Inductiveload, Public domain.

Review: Beepy, A Palm-sized Linux Hacking Playground

August 7, 2023 by Tom Nardi 45 Comments

In the long ago times, when phones still flipped and modems sang proudly the songs of their people, I sent away for a set of Slackware CDs and embarked on a most remarkable journey. Back then, running Linux (especially on the desktop) was not a task to be taken lightly. The kernel itself was still in considerable flux — instead of changing some obscure subsystem or adding support for a niche gadget you don’t even own, new releases were unlocking critical capabilities and whole categories of peripherals. I still remember deciding if I wanted to play it safe and stick with my current kernel, or take a chance on compiling the latest version to check out this new “USB Mass Storage” thing everyone on the forums was talking about…

But modern desktop Linux has reached an incredible level of majority, and is now a viable choice for a great number of computer users. In fact, if you add Android and Chrome OS into the mix, there are millions and millions of people who are using Linux on daily basis and don’t even realize it. These days, the only way to experience that sense of adventure and wonderment that once came pre-loaded with a Linux box is to go out and seek it.

Which is precisely how it feels using using the Beepy from SQFMI. The handheld device, which was formerly known as the Beepberry before its creators received an all-too-predicable formal complaint, is unabashedly designed for Linux nerds. Over the last couple of weeks playing with this first-run hardware, I’ve been compiling kernel drivers, writing custom scripts, and trying (though not always successfully) to get new software installed on it. If you’re into hacking around on Linux, it’s an absolute blast.

There’s a good chance that you already know if the Beepy is for you or not, but if you’re still on the fence, hopefully this in-depth look at the hardware and current state of the overall project can help you decide before SQFMI officially starts taking new orders for the $79 gadget.

Continue reading “Review: Beepy, A Palm-sized Linux Hacking Playground” →

Two e-readers side to side. On the left, you can see the frontal view, showing text on the e-ink screen. On the right, you can see the backside with a semi-transparent 3D-printed cover over it, and two AAA batteries inside a holder in the center.

Open Book Abridged: OSHW E-Reader Now Simplified, Pico-Driven

September 29, 2022 by Arya Voronova 15 Comments

If you ever looked for open-source e-readers, you’ve no doubt seen [Joey Castillo]’s Open Book reader, but you might not yet have seen the Abridged version he’s building around a Raspberry Pi Pico.

The Open Book project pairs a 4.2″ E-Ink screen with microprocessors we all know and love, building a hacker-friendly e-reader platform. Two years ago, this project won first place in our Adafruit Feather contest — the Feather footprint making the Open Book compatible with a wide range of MCUs, giving hackers choice on which CPU their hackable e-reader would run. Now, it’s time for a RP2040-based reboot.

This project is designed so that you can assemble it on your own after sourcing parts and PCBs. To help you in the process, the PCB itself resembles a book page – on the silkscreen, there is explanations of what each component is for, as well as information that would be useful for you while hacking on it, conveying the hardware backstory to the hacker about to dive into assembly with a soldering iron in hand. There’s simple but quite functional software to accompany this hardware, too – and, as fully open-source devices go, any missing features can be added.

Joey has recorded a 30-minute video of the Pi Pico version for us, assembling and testing the newly ordered boards, then showing the software successfully booting and operational. The Pi Pico-based revision has been greatly simplified, with a number of self-assembly aspects improved compared to previous versions – the whole process really does take less than half an hour, and he gets it done with a pretty basic soldering iron, too!

If you’re looking for updates on this revision as development goes on, following [Joey] on Twitter is your best bet. He’s no stranger to making devices around us more free and then sharing the secret sauce with all of us! During the 2021 Remoticon he showed off a drop-in replacement mainboard for the Casio F-91W wristwatch, and told us all about reverse-engineering its controller-less segment LCD — worth a listen for any hacker who’s ever wanted to bend these LCDs to their will.

Continue reading “Open Book Abridged: OSHW E-Reader Now Simplified, Pico-Driven” →

Hackable OSHW CardClock Demands Attention

July 12, 2022 by Ryan Flowers 12 Comments

When examining a project, it’s easy to be jaded by a raw parts list. When the main component is an ESP8266, we might say “oh, another 8266 project. yawn!” But we’re certain that when you take a look at [Will Fox]’s Foxie CardClock, it’ll surely grab your attention.

As if all those beautiful LEDs weren’t enough, the rest of the device’s specifications are quite impressive. The core components might be common, but what often separates such projects is the software. With Over The Air updates supported via ArduinoOTA, updates are a snap. A light sensor helps to keep all those LEDs at a sane level, and a once-per-minute synchronization via NTP keeps the time accurate. Even if power is lost, a super-capacitor can hold the time accurate for up to two days with the built in RTC module. There’s even provisions for setting the time using the buttons on the front panel should you want to keep the gadget offline.

The entire project is open source, with the hardware released under the CERN Open Hardware Licence Version 2 and the firmware source code distributed as GPLv3. Users are encouraged to hack and modify the design, and all the information you need to build one of your own is available in the project’s GitHub repository. [Will] also offers a pre-assembled version of the clock for just $45 USD, but unfortunately it seems to be out of stock at the time of this writing.

If credit card sized hacks are your chosen area of interest, you will appreciate this crystal radio made from an actual Credit Card. Thanks to [Abe] for submitting the Tip!

Two shots of the dispenser in question next to each other, showing it from different sides. One is showing the front panel, and the other shot gives us a better look at the top part, with a rotating disk that has openings for treats to be placed in.

Open-Hardware Dog Treat Dispenser Is A Stepping Stone For Behavioral Research

February 6, 2022 by Arya Voronova 12 Comments

The principles of open-source hardware are starting to make great strides in scientific research fields. [Walker Arce] tells us about his paper co-authored with [Jeffrey R. Stevens], about a dog treat dispenser designed with scientific researchers in mind – indispensable for behavior research purposes, and easily reproducible so that our science can be, too. Use of Raspberry Pi, NEMA steppers and a whole lot of 3D printed parts make this build cheap (< $200 USD) and easy to repeat for any experiments involving dogs or other treat-loving animals.

Even if you’re not a scientist, you could always build one for your own pet training purposes – this design is that simple and easy to reproduce! The majority of the parts are hobbyist-grade, and chances are, you can find most of the parts for this around your workshop. Wondering how this dispenser works, and most importantly, if the dogs are satisfied with it? Check out a short demonstration video after the break.

Despite such dispensers being commercially available, having a new kind of dispenser designed and verified is more valuable than you’d expect – authors report that, in their experience, off-the-shelf dispensers have 20-30% error rate while theirs can boast just 4%, and they have test results to back that up. We can’t help but be happy that the better-performing one is available for any of us to build. The GitHub repository has everything you could want – from STLs and PCB files, to a Raspberry Pi SD card image and a 14-page assembly and setup guide PDF.

Open hardware and science are a match made in heaven, even if the relationship is still developing. The Hackaday community has come together to discuss open hardware in science before, and every now and then, open-source scientific equipment graces our pages, just like this recent assortment of biosensing hacks using repurposed consumer-grade equipment.

Continue reading “Open-Hardware Dog Treat Dispenser Is A Stepping Stone For Behavioral Research” →

The powerbank PCB, with all the components on one side, 18650 holder on the other, a MicroUSB cable plugged into the PCB's MicroUSB socket

Open Hardware 5V UPS Improves On Cheap Powerbank Design

January 31, 2022 by Arya Voronova 35 Comments

Often, we need to power a 5V-craving project of ours on the go. So did [Burgduino], and, unhappy with solutions available, designed their own 5V UPS! It takes a cheap powerbank design and augments it with a few parts vital for its UPS purposes.

You might be tempted to reach for a powerbank when facing such a problem, but most of them have a fatal flaw, and you can’t easily tell a flawed one apart from a functioning one before you buy it. This flaw is lack of load sharing – ability to continue powering the output when a charger is inserted. Most store-bought powerbanks just shut the output off, which precludes a project running 24/7 without powering it down, and can cause adverse consequences when something like a Raspberry Pi is involved.

Understandably, [Burgduino] wasn’t okay with that. Their UPS is based on the TP5400, a combined LiIon charging and boost chip, used a lot in simple powerbanks, but not capable of load sharing. For that, an extra LM66100 chip – an “ideal diode” controller is used. You might scoff at it being a Texas Instruments part, but it does seem to be widely available and only a tad more expensive than the TP5400 itself! The design is open hardware, with PCB files available on EasyEDA and the BOM clearly laid out for easy LCSC ordering.

We the hackers might struggle to keep our portable Pi projects powered, employing supercapacitors and modifying badly designed Chinese boards. However, once we find a proper toolkit for our purposes, battery-powered projects tend to open new frontiers – you might even go beyond your Pi and upgrade your router with an UPS addon! Of course, it’s not always smooth sailing, and sometimes seemingly portability-friendly devices can surprise you with their design quirks.

WiFiWart Boots Linux, Moves To Next Design Phase

July 26, 2021 by Tom Nardi 12 Comments

Over the last few months we’ve been keeping an eye on WiFiWart, an ambitious project to develop a Linux single-board computer (SBC) small enough to fit inside a USB wall charger. Developer [Walker] says the goal is to create an easily concealable “drop box” for penetration testing, giving security researchers a valuable foothold inside a target network from which to preform reconnaissance or launch attacks. Of course, we don’t need to tell Hackaday readers that there’s plenty of other things you can do with such a tiny open hardware Linux SBC.

Today we’re happy to report that [Walker] has gotten the first version of the board booted into Linux, though as you might expect given a project of this complexity, there were a few bumps along the way. From the single missing resistor that caused U-Boot to throw up an error to the finer points of compiling the kernel for an embedded board, the latest blog post he’s written up about his progress provides fascinating insight into the little gotchas of bringing up a SBC from scratch.

Once the board was booted into Linux, [Walker] started testing out different aspects of the system. A memory benchmark confirmed the finicky DDR3 RAM was working as expected, and he was able to load the kernel modules for the dual RTL8188 interfaces and connect to a network. While the two WiFi modules are currently hanging off the board’s full-sized USB ports, they will eventually be integrated into the PCB.

Critically, this prototype board is also allowing [Walker] to get an idea of what the energy consumption of the final hardware might be. Even at full tilt, this larger board doesn’t go over 500 mA at 5 VDC; so if he designs the power supply with a maximum output of 1 A, he should have a nice safety margin. As mentioned in the previous post, the plan is currently to put the PSU on its own board, which will allow more effective use of the charger’s internal volume.

With the software and hardware now largely locked in, [Walker] says his attention will be turned towards getting everything small enough to fit into the final form factor. This will certainly be the most challenging aspect of the project, but with a growing community of hackers and engineers lending their expertise to the cause, we’re confident the WiFiWart will soon be a reality.