python

474 Articles

This Week In Security: IPhone Unpowered, Python Unsandboxed, And Wizard Spider Unmasked

May 20, 2022 by 14 Comments

As conspiracy theories go, one of the more plausible is that a cell phone could be running malicious firmware on its baseband processor, and be listening and transmitting data even when powered off. Nowadays, this sort of behavior is called a feature, at least if your phone is made by Apple, with their Find My functionality. Even with the phone off, the Bluetooth chip runs happily in a low-power state, making these features work. The problem is that this chip doesn’t do signed firmware. All it takes is root-level access to the phone’s primary OS to load a potentially malicious firmware image to the Bluetooth chip.

Researchers at TU Darmstadt in Germany demonstrated the approach, writing up a great paper on their work (PDF). There are a few really interesting possibilities this research suggests. The simplest is hijacking Apple’s Find My system to track someone with a powered down phone. The greater danger is that this could be used to keep surveillance malware on a device even through power cycles. Devices tend to be secured reasonably well against attacks from the outside network, and hardly at all from attacks originating on the chips themselves. Unfortunately, since unsigned firmware is a hardware limitation, a security update can’t do much to mitigate this, other than the normal efforts to prevent attackers compromising the OS.
Continue reading “This Week In Security: IPhone Unpowered, Python Unsandboxed, And Wizard Spider Unmasked”

Network Time Protocol On The ESP32

May 16, 2022 by 29 Comments

Network Time Protocol (NTP) is one of the best ways to keep networked computers synchronized to the same time. It’s simple, lightweight, and not only allows computers to maintain a time standard together, but it also allows some computer manufacturers to save some money on hardware costs. The Raspberry Pi is perhaps the most well-known example of a low-cost computer without the extra expense of a real-time clock (RTC). While the Pi sets up NTP essentially automatically, other microcontrollers like the ESP32 don’t, but it is possible to configure them to use this time standard with some work.

For this project the MicroPython implementation for the ESP32 is required. MicroPython is a way of running Python code on microcontrollers or other embedded systems without all of the overhead that Python would normally require. Luckily enough, the NTP libraries are built right in so once MicroPython is running on the ESP32 it’s nearly as easy as calling the library. Of course you will have to make sure there is an internet connection, and then grab the time, sync it to the machine, and then set the timezone.

For a bonus exercise, the project’s creator [Bhavesh] suggests attempting to configure Daylight Savings Time, although this can be a surprisingly difficult problem to solve. In the meantime, there are a few other ways of installing a clock on a microcontroller like this one. An RTC module is an obvious choice, but you can also get incredibly accurate time by using a GPS module as well.

Twitch And Blink Your Way Through Typing With This Facial Keyboard

April 9, 2022 by 17 Comments

For those that haven’t experienced it, the early days of parenthood are challenging, to say the least. Trying to get anything accomplished with a raging case of sleep deprivation is hard enough, but the little bundle of joy who always seems to need to be in physical contact with you makes doing things with your hands nigh impossible. What’s the new parent to do when it comes time to be gainfully employed?

Finding himself in such a boat, [Fletcher]’s solution was to build a face-activated keyboard to work around his offspring’s needs. Before you ask: no, voice recognition software wouldn’t work, at least according to the sleepy little boss who protests noisy awakenings. The solution instead was to first try OpenCV and the dlib facial recognition library to watch [Fletcher] blinking out Morse code. While that sorta-kinda worked, one’s blinkers can’t long endure such a workout, so he moved on to an easier set of gestures. Mouthing Morse code covers most of the keyboard, while a combination of eye, eyebrow, and other facial twitches and tics cover the rest, with MediaPipe’s Face Mesh doing the heavy-lifting in terms of landmark detection.

The resulting facial keyboard, aptly dubbed “CheekyKeys,” performed well enough for [Fletcher] to use for a skills test during an interview with a Big Tech Company. Imagining the interviewer on the other end watching him convulse his way through the interview was worth the price of admission, and we don’t even care if it was a put-on. Video after the break.

CheekyKeys is pretty cool, doing something with a webcam and Python that we thought would have needed a dedicated AI depth camera to accomplish. But perhaps the real hack here was how [Fletcher] taught himself Morse in fifteen minutes.

Continue reading “Twitch And Blink Your Way Through Typing With This Facial Keyboard”

Using Statistics Instead Of Sensors

April 3, 2022 by 9 Comments

Statistics often gets a bad rap in mathematics circles for being less than concrete at best, and being downright misleading at worst. While these sentiments might ring true for things like political polling, it hides the fact that statistical methods can be put to good use in engineering systems with fantastic results. [Mark Smith], for example, has been working on an espresso machine which can make the perfect shot of coffee, and turned to one of the tools in the statistics toolbox in order to solve a problem rather than adding another sensor to his complex coffee-brewing machine.

To make espresso, steam is generated which is then forced through finely ground coffee. [Mark] found that his espresso machine was often pouring too much or too little coffee, and in order to improve his machine’s accuracy in this area he turned to the linear regression parameter R2, also known as the coefficient of determination. By using a machine learning algorithm tuned to this value, which assesses predictable variation in a data set, a computer can more easily tell when the coffee begins pouring out of the portafilter and into the espresso cup based on the pressure and water flow in the machine itself rather than using some other input such as the weight of the cup.

We have seen in the past how seriously [Mark] takes his coffee-making, and this is another step in a series of improvements he has made to his equipment. In this iteration, he has additionally produced a simulation in JupyterLab to better assist him in modeling the system and making even more accurate predictions. It’s quite a bit more effort than adding sensors, but since his espresso machine already included quite a bit of computing power it’s not too big a leap for him to make.

Hacked GDB Dashboard Puts It All On Display

March 22, 2022 by 20 Comments

Not everyone is a fan of GUI interfaces. But some tasks really lend themselves to something over a bare command line. Very few people enjoy old command line text editors like edlin or ed. Debugging is another task where showing source files and variables at all times makes sense. Of course, you don’t absolutely have to have a GUIĀ per se. You can also use a Text User Interface (TUI). In fact, you can build gdb — the GNU Debugger — with a built-in TUI mode. Try adding –tui to your gdb command line and see what happens. There are also many GUI frontends for gdb, but [cyrus-and] has an easy way to get a very useful TUI-like interface to gdb that doesn’t require rebuilding gdb or even hacking its internals in any way.

The secret? The gdb program runs a .gdbinit file on startup. By using Python and some gdb commands, [cyrus-and] causes the debugger to have a nice dashboard interface for your debugging sessions. If you install a helper script, you can even get syntax highlighting.

The system uses modules and you can even add your own custom modules and commands, if you like. You can also control what modules appear on each dashboard display. Normally, the dashboard shows when the program stops. For example, on each breakpoint. However, gdb has a hook system that allows you to trigger a dashboard using the appropriately-named dashboard command on other commands, too. Using the layout option to the dashboard command, you can even trigger different modules at different times.

Installation is simple. Just put the .gdbinit file in your home directory. If you want syntax highlights, you need to install Pygments, too. We understand you can even use his under Windows, if you like.

We don’t always take full advantage, but gdb is actually amazing. The flexible architecture makes all sorts of interesting things possible.

A Macintosh-inspired desk ornament, next to a sceenshot of a classic Macintosh computer desktop

‘Desk Accessory’ Pays Homage To Macintosh

March 21, 2022 by 9 Comments

The retrocomputing community are experts at keeping vintage Apple iron running, but if you’re looking for a simpler way to pay homage to the original Mac, check out this Raspberry Pi powered ‘desk accessory’ by [John Calhoun], fittingly called ‘SystemSix’.

Housed inside a delightfully Mac-shaped piece of laser-cut acrylic, SystemSix is powered by as Raspberry Pi 3, with the graphics displayed on a sizeable 5.83″ e-ink panel. While it resembles a kind of retro-futuristic take on the ‘classic’ Macintosh, SystemSix is the illusion of a fully interactive computer. While non-interactive, the fake desktop is every bit as charming as a real Macintosh display, albeit scaled down. The desktop updates automatically with new information, and presently includes a calendar, dithered lunar phase graphic, and a local weather report.

Clearly calling it a ‘desk accessory’ is a neat play on words. The original Macintosh implemented simple desk accessory programs, such as the calculator and alarm clock, that could run alongside the main application in memory. This was the only way to run more than one application on the Macintosh, before MultiFinder added rudimentary cooperative multitasking in 1987. As such, SystemSix is a functional, stylish and quite literal ‘desk accessory’.

[John] has the full project write-up over on GitHub, and goes into great detail about maintaining the Macintosh aesthetic. For example, the lunar phase graphic uses ‘Atkinson’ dithering. This technique was pioneered by Apple programmer Bill Atkinson, the author of MacPaint and the QuickDraw toolbox on the original Macintosh (and later, Hypercard).

And in case you were wondering – yes, this is the [John Calhoun], who programmed Glider for Macintosh. Now recently retired from Apple, we’re really excited to see what other Macintosh-inspired creations he comes up with. Maybe he will come back around to his Mac-powered MAME cabinets that we covered all the way back in 2005. Or perhaps a sleeper battlestation, like the iMac G4 lampshade that was upgraded with an M1 processor.

 

 

Keep Tabs On Asteroids With Asteroid Atlas

March 20, 2022 by 4 Comments

Keeping tabs on the night sky is an enjoyable way to stay connected to the stars, and astronomy can be accessible to most people with a low entry point for DIY telescopes. For those who live in areas with too much light pollution, though, cost is not the only issue facing amateur astronomers. Luckily there are more ways to observe the night sky, like with this open source software package from [elanorlutz] which keeps tabs on all known asteroids.

The software is largely based on Python and uses a number of databases from NASA to allow anyone with a computer to explore various maps of the solar system and the planetary and non-planetary bodies within it. Various trajectories can be calculated, and paths of other solar system bodies can be shown with respect to an observer in various locations. Once the calculations are made in Python it is able to export the images for use in whichever image manipulation software you prefer.

The code that [elanorlutz] has created is quite extensive and ready to use for anyone interested in tracking comets, trans-Neptunian objects, or even planets and moons from their own computer. We would imagine a tool like this would be handy for anyone with a telescope as well as it could predict locations of objects in the night sky with accuracy and then track them with the right hardware.