Hackaday Links: July 7, 2019

July 7, 2019 by Brian Benchoff 7 Comments

Like modular synths? Sure you do, and you need another hole to throw money into! For the last few months, Supplyframe has been hosting synthesizer and electronic music meetups in San Francisco. This week, the HDDG/Piqued meetup will have a great talk with the creator of VCV Rack. VCV Rack is an Open Source, virtual, modular synthesizer — basically a bunch of Eurorack modules inside a computer and it costs a whole lot less. The talk is this Thursday evening in SF. You should come!

The W600 is a new module (you can get it from Seeed, although it’s produced by Winner Micro in various formats) that is basically an ESP32, except it uses an ARM Cortex-M3 instead of a Tensilica core. [ultratechie] recently got their hands on one of these modules and got started with MicroPython. This seems like a capable module and it’s only three dollars, but will that be enough to catch up to the ESP32?

Purple gorilla enters art gallery. At the Het Nieuwe Instituut in Rotterdam there is a new exhibit featuring the, ‘destructive beauty of the computer virus’. The curators are detailing the historical progress of the computer virus from innocent DOS viruses to Melissa to Stuxnet and ransomware.

USB C has been around for a while, but 2019 is the year everything started to become USB C. Case in point: the Raspberry Pi 4. The only problem is that the Raspberry Pi Foundation messed up their implementation of USB C. Not a problem, because here’s how you design a USB C power sink. Basically, you give each CC line its own resistor. Don’t even think about it, just copy the USB C spec. You don’t know more about USB C than the people who designed it, and you’re not really saving a ton of money by deleting one resistor. Just copy the spec.

35C3: A Deep Dive Into DOS Viruses And Pranks

December 31, 2018 by Dan Maloney 29 Comments

Oh, the hijinks that the early days of the PC revolution allowed. Back in the days when a 20MB hard drive was a big deal and MS-DOS 3.1 ruled over every plain beige PC-clone cobbled together by enthusiasts like myself, it was great fun to “set up” someone else’s machine to do something unexpected. This generally amounted to finding an unattended PC — the rooms of the residence hall where I lived in my undergrad days were a target-rich environment in this regard — and throwing something annoying in the AUTOEXEC.BAT file. Hilarity ensued when the mark next booted the machine and was greeted with something like an inverted display or a faked hard drive formatting. Control-G was good to me too.

So it was with a sense of great nostalgia that I watched [Ben Cartwright-Cox]’s recent 35C3 talk on the anatomy and physiology of viruses from the DOS days. Fair warning to the seasoned reader that a sense of temporal distortion is inevitable while watching someone who was born almost a decade after the last meaningful release of MS-DOS discuss its inner workings with such ease. After a great overview of the DOS API elements that were key to getting anything done back then, malware or regular programs alike, he dives into his efforts to mine an archive of old DOS viruses, the payloads of most of which were harmless pranks. He built some tools to find viruses that triggered based on the system date, and used an x86 emulator he designed to test every day between 1980 and 2005. He found about 10,000 malware samples and explored their payloads, everything from well-wishes for the New Year to a bizarre foreshadowing of the Navy Seal Copypasta meme.

We found [Ben]’s talk a real treat, and it’s good to see someone from the current generation take such a deep dive into the ways many of us cut our teeth in the computing world.

Continue reading “35C3: A Deep Dive Into DOS Viruses And Pranks” →

Source Of Evil – A Botnet Code Collection

September 9, 2018 by Sven Gregori 9 Comments

In case you’re looking for a variety of IRC client implementations, or always wondered how botnets and other malware looks on the inside, [maestron] has just the right thing for you. After years of searching and gathering the source code of hundreds of real-world botnets, he’s now published them on GitHub.

With C++ being the dominant language in the collection, you will also find sources in C, PHP, BASIC, Pascal, the occasional assembler, and even Java. And if you want to consider the psychological aspect of it, who knows, seeing their malicious creations in their rawest form might even give you a glimpse into the mind of their authors.

These sources are of course for educational purposes only, and it should go without saying that you probably wouldn’t want to experiment with them outside a controlled environment. But in case you do take a closer look at them and are someone who generally likes to get things in order, [maestron] is actually looking for ideas how to properly sort and organize the collection. And if you’re more into old school viruses, and want to see them run in a safe environment, there’s always the malware museum.

Françoise Barré-Sinoussi: Virus Hunter

July 17, 2018 by Steven Dufresne 13 Comments

It was early 1983 and Françoise Barré-Sinoussi of the prestigious Pasteur Institute in Paris was busy at the centrifuge trying to detect the presence of a retrovirus. The sample in the centrifuge came from an AIDS patient, though the disease wasn’t called AIDS yet.

Barré-Sinoussi and Montagnier in 1983, Image source: Le Globserver

Just two years earlier in the US, a cluster of young men had been reported as suffering from unusual infections and forms of cancer normally experienced by the very old or by people using drugs designed to suppress the immune system. More cases were reported and US Centers for Disease Control and Prevention (CDC) formed a task force to monitor the unusual outbreak. In December, the first scientific article about the outbreak was published in the New England Journal of Medicine.

By May 1983, researchers Barré-Sinoussi and Luc Montagnier of the Pasteur Institute had isolated HIV, the virus which causes AIDS, and reported it in the journal Science. Both received the Nobel prize in 2008 for this work and the Nobel prize citation stated:

Never before have science and medicine been so quick to discover, identify the origin and provide treatment for a new disease entity.

It’s only fitting then that we take a closer look at one of these modern detectives of science, Françoise Barré-Sinoussi, and what led to her discovery.

Continue reading “Françoise Barré-Sinoussi: Virus Hunter” →

Museum Shows Off Retro Malware

March 25, 2016 by Bryan Cockfield 21 Comments

There’s some debate on which program gets the infamous title of “First Computer Virus”. There were a few for MS-DOS machines in the 80s and even one that spread through ARPANET in the 70s. Even John von Neumann theorized that programs might one day self-replicate. To compile all of these early examples of malware, and possibly settle this question once and for all, [Mikko Hypponen] has started collecting many of the early malware programs into a Museum of Malware.

While unlucky (or careless) users today are confronted with entire hard drive encryption viruses (or worse), a lot of the early viruses were relatively harmless. Examples include Brain which spread via floppy disk, the experimental ARPANET virus, or Elk Cloner which, despite many geniuses falsely claiming that Apples are immune to viruses, infected Mac computers of the 80s. [Mikko] has collected many more from this era that can be downloaded or demonstrated in a browser.

Retrocomputing is an active community, with users keeping gear of this era up and running despite it being 30+ years old. This software, while malicious at the time, is a great look into what the personal computing world was like in its infancy. And don’t forget, if you have a beige computer from a bygone era, you can always load up our Retro Page.

Thanks to [chad] for the tip!

The Most Brilliant Use Of Crowdfunding Yet: Medical Research

December 17, 2015 by Brian Benchoff 55 Comments

Since the rise of Kickstarter and Indiegogo, the world has been blessed with $100 resin-based 3D printers, Video game consoles built on Android, quadcopters that follow you around, and thousands of other projects that either haven’t lived up to expectations or simply disappeared into the ether. The idea of crowdfunding is a very powerful one: it’s the ability for thousands of people to chip in a few bucks for something they think is valuable. It’s a direct democracy for scientific funding. It’s the potential for people to pool their money, give it to someone capable, and create something really great. The reality of crowdfunding isn’t producing the best humanity has to offer. Right now, the top five crowdfunding campaigns ever are two video games, a beer cooler, a wristwatch with an e-ink screen, and something to do with Bitcoin. You will never go broke underestimating people.

[Dr. Todd Rider] wants to change this. He might have developed a way to cure nearly all viral diseases in humans, but he can’t find the funding for the research to back up his claims. He’s turned to IndieGoGo with an audacious plan: get normal people, and not NIH grants, to pay for the research.

The research [Dr. Rider] has developed is called the DRACO, the Double-stranded RNA Activated Caspase Oligomerizer. It works by relying on the singular difference between healthy cells and infected cells. Infected cells contain long chains viral double-stranded RNA. The DRACOs attach themselves to these long strands of RNA and cause those cells to commit suicide. The research behind the DRACO was published in 2011, and since then [Dr. Rider] has already received funding from more traditional sources, but right now the project is stuck in the ‘funding valley of death’. It’s easy to get funding for early research, but to get the millions of dollars for clinical trials it takes real results – showing efficacy, and proving to pharmaceutical companies or VCs that the drug will make money.

So far, results are promising, but far from the cure for HIV and the common cold the DRACO promises to be. [Dr. Rider] has performed a few tests on cell cultures and mice, and the DRACOs have been effective in combating everything from the common cold, to the flu to dengue hemorrhagic fever.

The IndieGoGo campaign is flexible funding, meaning all the money raised will go towards research even if the funding goal is not met. Right now, just over $50,000 has been raised of a $100,000 goal. That $100k goal is just the first step; [Dr. Rider] thinks he’ll need about $2 Million to test DRACOs against more viruses and hopefully show enough progress to get additional traditional funding. That $2 Million is a little less than what Solar Roadways raised, meaning no matter what [Dr. Rider] will make one important medical discovery: people are very, very, very dumb.

Continue reading “The Most Brilliant Use Of Crowdfunding Yet: Medical Research” →

Decoding ZeuS Malware Disguised As A .DOC

March 6, 2015 by Rick Osgood 30 Comments

[Ronnie] recently posted about his adventures in decoding malware. One of his users reported a phishy email, which did indeed turn out to contain a nasty attachment. The process that [Ronnie] followed in order to figure out what this malware was trying to do is quite fascinating and worth the full read.

[Ronnie] started out by downloading the .doc attachment in a virtual machine. This would isolate any potential damage to a junk system that could be restored easily. When he tried to open the .doc file, he was presented with an error stating that he did not have either enough memory or disk space to proceed. With 45GB of free space and 2GB of RAM, this should not have been an issue. Something was definitely wrong.

The next step was to open the .doc file in Notepad++ for analysis. [Ronnie] quickly noticed that the file was actually a .rtf disguised as a .doc. [Ronnie] scanned through large chunks of data in an attempt to guess what the malware was trying to do. He noticed that one data chunk ended with the bytes “FF” and D9″, which are also found as the ending two bytes of .gif files.

[Ronnie] copied this data into a new document and removed all new line and return characters. He then converted the hex to ASCII, revealing some more signs that this was actually image data. He saved this file as a .gif and opened it up for viewing. It was a 79KB image of a 3D rendered house. He also found another chunk of data that was the same picture, but 3MB in size. Strange to say the least.

After finding a few other weird bits of data, [Ronnie] finally started to see more interesting sections. First he noticed some strings with mixed up capital and lowercase letters, a tactic sometimes used to avoid antivirus signatures. A bit lower he found a section of data that was about the size of typical shellcode. He decoded this data and found what he was looking for. The shellcode contained a readable URL. The URL pointed to a malicious .exe file that happened to still be available online.

Of course [Ronnie] downloaded the .exe and monitored it to see how it acted. He found that it set a run key in the registry to ensure that it would persist later on. The malware installed itself to the user’s appdata folder and also reached out repeatedly to an IP address known to be affiliated with ZeuS malware. It was a lot of obfuscation, but it was still no match for an experienced malware detective.