We’ve been waiting for this one. A worm was written for the Internet-connected Arduino Yun that gets in through a memory corruption exploit in the ATmega32u4 that’s used as the serial bridge. The paper (as PDF) is a bit technical, but if you’re interested, it’s a great read. (Edit: The link went dead. Here is our local copy.)
The crux of the hack is getting the AVR to run out of RAM, which more than a few of us have done accidentally from time to time. Here, the hackers write more and more data into memory until they end up writing into the heap, where data that’s used to control the program lives. Writing a worm for the AVR isn’t as easy as it was in the 1990’s on PCs, because a lot of the code that you’d like to run is in flash, and thus immutable. However, if you know where enough functions are located in flash, you can just use what’s there. These kind of return-oriented programming (ROP) tricks were enough for the researchers to write a worm.
In the end, the worm is persistent, can spread from Yun to Yun, and can do most everything that you’d love/hate a worm to do. In security, we all know that a chain is only as strong as its weakest link, and here the attack isn’t against the OpenWRT Linux system running on the big chip, but rather against the small AVR chip playing a support role. Because the AVR is completely trusted by the Linux system, once you’ve got that, you’ve won.
Will this amount to anything in practice? Probably not. There are tons of systems out there with much more easily accessed vulnerabilities: hard-coded passwords and poor encryption protocols. Attacking all the Yuns in the world wouldn’t be worth one’s time. It’s a very cool proof of concept, and in our opinion, that’s even better.
Thanks [Dave] for the great tip!
The apparent lull on the Arduino front the last few weeks was just the calm before the storm that is the Bay Area Maker Faire (BAMF). Both companies claiming the Arduino name were there over the weekend, with news and new products in tow. Ironically, you could see from one booth straight over to the other. Small world.
Perhaps the biggest news from Arduino LLC is that hacker-friendly Adafruit is now going to be making officially-licensed boards in the US. Competing with this news, Arduino SRL brought its new boards, including the Yun Mini and ARM-powered Arduino M0. And [Massimo Banzi] and Arduino LLC seem to be taking an end-run around the Arduino SRL trademark by announcing the “Genuino” brand for European production. For all the details, read on!
Continue reading “Adafruit And The Arduinos At Maker Faire”
We’ve all been there. You are having fun walking around the carnival when you suddenly find yourself walking past the carnival games. The people working the booths are taunting you, trying to get you to play their games. You know the truth, though. Those games are rigged. You don’t know how they do it. You just know that they do… somehow.
Now you can put your worries to rest and build your own carnival game! [John] built his own “Bass Master 3000” style carnival game and posted an Instructable so you can make one too.
The game is pretty straightforward. You have a giant fish-shaped target with a wide open mouth. You take hold of a small fishing reel with a rubber ball on the end. Your goal is to cast the ball out and hit the fish in its big mouth. If you hit the mouth, you get to hear a loud buzzer and see some flashing lights. The system also uses a webcam to take a candid photo of the winner. A computer screen shows all of the winners of the day.
The brain of the system is an Arduino Yún. The Yún is similar to an Uno but it also has some extra features. Some good examples are an Ethernet port, a wireless adapter, and an SD card slot. The mouth sensors are just two piezo elements. Each sensor is hooked up to the Arduino through a small trim pot. This allows you to dial in the sensitivity of each sensor. The lights and the buzzer are controlled via a relay, triggered by a 5V digital pin on the Arduino.
The Yún actually has a small on-board Linux computer that you can communicate with from inside the Arduino environment. This allows [John] to use the Yún to actually take photos directly from a web cam, store them on the local SD card, and display them on a local web server. The web server runs a simple script that displays a slide show of all of the photos stored on the card.
The final piece of the game is the physical target itself. The target is painted using acrylic paint onto a small tarp. The tarp is then attached to a square frame made from PVC pipe. The mouth of the fish is cut out of the tarp. A large piece of felt is then placed behind the hole with the piezo sensors attached. A short length of copper pipe helps to weigh down the bottom of the felt and keep it in place. The important thing is to make sure the felt isn’t touching the tarp. If it touches, it might be overly sensitive and trigger even when a player misses.
Now you know how to build your own Bass Master 3000 carnival game. Whether you rig the game or not is up to you. Also, be sure to check out a video of the system working below. Continue reading “Build a Bass Master 3000 Carnival Game”
The Arduino Yún was the first of a new breed of Arduinos that added a big honkin’ Linux System on Chip to the familiar ATMega microcontroller and unique pin headers. It’s a surprisingly powerful system, but also very simple: basically, it’s just an Atheros AR9331 running Linux, an ATMega32u4 doing its Arduino thing, both connected by a serial connection. The Atheros AR9931 is also found in a router popular amongst hardware hackers. It really was only a matter of time before someone ported the Yun software to a router, then.
[Tony] took a TL-WR703N router and put OpenWRT on it. Turning this router into the Linux side of a Yún was a simple matter of uploading the Yún software to the root directory of the router and rebooting it. The Arduino side of the Yún is handled by an Arduino Mega connected to the USB port of the router. A quick update to Arduino’s boards.txt file, and a hacked together Yún is just a strip of duct tape away.
The Yún may not be extremely popular, but it does have a few interesting use cases. Maybe not enough to drop $70 on a board, but if you already have a WR703 router, this is a great way to experiment.
Thanks [Matt] for the tip.