Slider

4421 Articles

Supercon 2024: Badge Add-On Winners

November 4, 2024 by 3 Comments

This year we challenged the Hackaday community to develop Shitty Simple Supercon Add-Ons (SAO) that did more than just blink a few LEDs. The SAO standard includes I2C data and a pair of GPIO pins, but historically, they’ve very rarely been used. We knew the talented folks in this community would be able to raise the bar, but as they have a tendency to do, they’ve exceeded all of our expectations.

As we announced live during the closing ceremony at the 2024 Hackaday Supercon, the following four SAOs will be put into production and distributed to all the attendees at Hackaday Europe in Spring of 2025.

Continue reading “Supercon 2024: Badge Add-On Winners”

I Installed Gentoo So You Don’t Havtoo

November 4, 2024 by 46 Comments

A popular expression in the Linux forums nowadays is noting that someone “uses Arch btw”, signifying that they have the technical chops to install and use Arch Linux, a distribution designed to be cutting edge but that also has a reputation of being for advanced users only. Whether this meme was originally posted seriously or was started as a joke at the expense of some of the more socially unaware Linux users is up for debate. Either way, while it is true that Arch can be harder to install and configure than something like Debian or Fedora, thanks to excellent documentation and modern (but optional) install tools it’s no longer that much harder to run than either of these popular distributions.

For my money, the true mark of a Linux power user is the ability to install and configure Gentoo Linux and use it as a daily driver or as a way to breathe life into aging hardware. Gentoo requires much more configuration than any mainline distribution outside of things like Linux From Scratch, and has been my own technical white whale for nearly two decades now. I was finally able to harpoon this beast recently and hope that my story inspires some to try Gentoo while, at the same time, saving others the hassle.

A Long Process, in More Ways Than One

My first experience with Gentoo was in college at Clemson University in the late ’00s. The computing department there offered an official dual-boot image for any university-supported laptop at the time thanks to major effort from the Clemson Linux User Group, although the image contained the much-more-user-friendly Ubuntu alongside Windows. CLUG was largely responsible for helping me realize that I had options outside of Windows, and eventually I moved completely away from it and began using my own Linux-only installation. Being involved in a Linux community for the first time had me excited to learn about Linux beyond the confines of Ubuntu, though, and I quickly became the type of person featured in this relevant XKCD. So I fired up an old Pentium 4 Dell desktop that I had and attempted my first Gentoo installation.

For the uninitiated, the main thing that separates Gentoo from most other distributions is that it is source-based, meaning that users generally must compile the source code for all the software they want to use on their own machines rather than installing pre-compiled binaries from a repository. So, for a Gentoo installation, everything from the bootloader to the kernel to the desktop to the browser needs to be compiled when it is installed. This can take an extraordinary amount of time especially for underpowered machines, although its ability to customize compile options means that the ability to optimize software for specific computers will allow users to claim that time back when the software is actually used. At least, that’s the theory. Continue reading “I Installed Gentoo So You Don’t Havtoo”

Hackaday Links Column Banner

Hackaday Links: November 3, 2024

November 3, 2024 by 22 Comments

“It was the best of times, it was the blurst of times?” Perhaps not anymore, if this Ig Nobel-worthy analysis of the infinite monkey theorem is to be believed. For the uninitiated, the idea is that if you had an infinite number of monkeys randomly typing on an infinite number of keyboards, eventually the complete works of Shakespeare or some other famous writer would appear. It’s always been meant to be taken figuratively as a demonstration of the power of time and randomness, but some people just can’t leave well enough alone. The research, which we hope was undertaken with tongue firmly planted in cheek, reveals that it would take longer than the amount of time left before the heat death of the universe for either a single monkey or even all 200,000 chimpanzees in the world today to type the 884,647 words of Shakespeare’s complete works in the proper order.

Continue reading “Hackaday Links: November 3, 2024”

Capturing Light In A Vacuum: The Magic Of Tube Video Cameras

November 1, 2024 by 30 Comments

Cameras are a funny rabbit hole to fall down as a hacker, because we have well over a century of items to pick and choose from, a lot of which can be had for relative pennies. In my case I have more of them than I’d care to mention, mostly film cameras and 8mm movie cameras, but there are one or two that are entirely different. My first interest in electronics came through PAL televisions, so it’s hardly surprising that along the way I’ve also acquired more than one chunky old tube-based video camera. These devices are now long ago supplanted by their solid state replacements, but they retain a fascination for me as the mirror of the CRT-based TV sets I know so well. It’s time for a fascinating descent into the world of analogue video.

Electrons chasing light, chasing electrons

The zig-zag line pattern of a TV scan.
A raster scan pattern. Ian Harvey, Public domain.

The basic mode of operation behind all but some of the very earliest electronic camera tubes is that an electron gun paints its raster of electrons onto a light-sensitive target, and the current flowing through the electron beam varies in proportion to the light at each particular point on the target. This can be used to create a voltage, which when combined with the various sync pulses makes a video signal that would be understood by a monitor. The various different types of tubes have names such as Iconoscope, Emitron, or Vidicon, and while the main differences between those various types of tube lie in the combination of materials and design of their targets. Successive generations of tube made improvements to sensitivity and noise performance, first combining photoemissive layers with electron multiplying layers to amplify the video signal in much the same way as a photomultiplier tube does, and then using photoconductive targets to vary the conductivity of the target depending on the light at a particular point. Continue reading “Capturing Light In A Vacuum: The Magic Of Tube Video Cameras”

This Week In Security: Playing Tag, Hacking Cameras, And More

November 1, 2024 by 3 Comments

Wired has a fascinating story this week, about the length Sophos has gone to for the last 5 years, to track down a group of malicious but clever security researchers that were continually discovering vulnerabilities and then using those findings to attack real-world targets. Sophos believes this adversary to be overlapping Chinese groups known as APT31, APT41, and Volt Typhoon.

The story is actually refreshing in its honesty, with Sophos freely admitting that their products, and security products from multiple other vendors have been caught in the crosshairs of these attacks. And indeed, we’ve covered stories about these vulnerabilities over the past weeks and months right here on this column. The sneaky truth is that many of these security products actually have pretty severe security problems.

The issues at Sophos started with an infection of an informational computer at a subsidiary office. They believe this was an information gathering exercise, that was a precursor to the widespread campaign. That campaign used multiple 0-days to crack “tens of thousands of firewalls around the world”. Sophos rolled out fixes for those 0-days, and included just a bit of extra logging as an undocumented feature. That logging paid off, as Sophos’ team of researchers soon identified an early signal among the telemetry. This wasn’t merely the first device to be attacked, but was actually a test device used to develop the attack. The game was on.

Sophos managed to deploy it’s own spyware to these test devices, to stealthily keep an eye on this clever opponent. This even thwarted a later attack before it could really start. Among the interesting observations was a bootkit infection on one of these firewalls. This wasn’t ever found in the wild, but the very nature of such an attack makes it hard to discover.

There’s one more interesting wrinkle to this story. In at least one case, Sophos received the 0-day vulnerability used in an attack through their bug bounty program, right after the wave of attacks was launched. The timing, combined with the Chinese IP Address makes it pretty clear this was more than a coincidence. This might be a Chinese hacker making a bit of extra cash on the side. It’s also reminiscent of the Chinese law requiring companies to disclose vulnerabilities to the Chinese government.

PTA 0-Day

GreyNoise runs a honeypot and an AI threat detection system, and found something interesting with that combination. The PTZOptics network security camera was the intended target, and there were a pair of vulnerabilities that this attack was intended to exploit. The first is a simple authorization bypass, where sending HTTP packets without an authorization header to the param.cgi endpoint returns data without any authorization needed. Use the get_system_conf parameter, and the system helpfully prints out valid username and password hashes. How convenient.

Gaining arbitrary command execution is trivial, as the ntp configuration isn’t properly sanitized, and the ntp binary is called insecurely. A simple $(cmd) can be injected for easy execution. Those two were being chained together for a dead simple attack chain, presumably to add the IoT devices to a botnet. The flaws have been fixed, and law enforcement have been on the case, at least seizing the IP address observed in the attacks.

Speaking of camera hacks, we do have an impressive tale from Pwn2Own 2024, where researchers at Synacktiv used a format string vulnerability to pwn the Synology TC500 camera. The firmware in question had a whole alphabet of security features, like ASLR, PIE, NX, and Full RelRO. That’s Address Space Layout Randomization, Position Independent Executables, Non-Executable memory, and Full Relocation Read-Only protections. Oh, and the payload was limited to 128 characters, with the first 32 ASCII characters unavailable for use.

How exactly does one write an exploit in this case? A bit of a lucky break with the existing memory layout gave access to what the write-up calls a “looping pointer”. That seems to be a pointer that points to itself, which is quite useful to work from offsets instead of precise memory locations. The vulnerability allowed for writing a shell command into unused memory. Then finally a bit of Return Oriented Programming, a ROP gadget, manages to launch a system call on the saved command line. Impressive.

Maybe It Wasn’t a Great Idea

…to give LLMs code execution capabilities. That’s the conclusion we came to after reading CyberArk’s post on how to achieve Remote Code Execution on a Large Language Model. The trick here is that this particular example, LoLLMs, can run python code on the backend to perform certain tasks, like do math calculations. This implementation uses Python sandboxing, and naturally there’s a known way to defeat it. The trick can be pulled off just by getting the model to evaluate the right JSON snippet, but it’s smart enough to realize that something is off and refuse to evaluate the JSON.

The interesting detail here is that it is the LLM itself that is refusing, so it’s the LLM that needs bypassed. There has been very interesting work done on LLM jailbreaks, like DAN, the Do Anything Now prompt. That would probably have worked, but this exploit can be even sneakier than that. Simply ask the LLM to help you write some JSON. Specify the payload, and ask it to add something to it. It gladly complies, and code is executed. Who knew that LLMs were so gullible?

More Quantum Erratta

This story just keeps on giving. This time it’s [Dan Goodin] at Ars Technica that has the lowdown, filling in the last few missing details about the much over-hyped quantum computing breakthrough. One of the first of those details is that the story of the compromise of AES was published in the South China Morning Post, which has over-hyped Chinese quantum progress before. What [Goodin]’s article really adds to the discussion is opinions from experts. The important takeaway is that the performance of the D-Wave quantum computer is comparable to classical approaches.

Bits and Bytes

Remember the traffic light hacking? And part two? We now have the third installment, which is really all about you, too, can purchase and hack on one of these traffic controllers. It may or may not surprise you that the answer is to buy them on Ebay and cobble together a makeshift power supply.

It’s amazing how often printers, point of sale, and other IoT gadgets are just running stripped-down, ancient versions of Android. This point of sale system is no exception, running an old, custom Android 6 system, that seems to actually be rather well locked down. Except that it has an NFC reader, and you can program NFC tags to launch Android apps. Use this creative workaround to get into Android settings, and you’re in business.

I have long maintained that printers are terrible. That sentiment apparently is extending into security research on printers, with Lexmark moving to a new encrypted filesystem for printer firmware. Thankfully, like most of these schemes, it’s not foolproof, and [Peter] has the scoop on getting in. May you never need it. Because seriously, printers are the worst.

Boss Byproducts: Fulgurites Are Fossilized Lightning

October 29, 2024 by 28 Comments

So far in this series, we’ve talked about man-made byproducts — Fordite, which is built-up layers of cured car enamel, and Trinitite, which was created during the first nuclear bomb test.

A fulgurite pendant.
A lovely fulgurite pendant. Image via Etsy

But not all byproducts are man-made, and not all of them are basically untouchable. Some are created by Mother Nature, but are nonetheless dangerous. I’m talking about fulgurites, which can form whenever lightning discharges into the Earth.

It’s likely that even if you’ve seen a fulgurite, you likely had no idea what it was. So what are they, exactly? Basically, they are natural tubes of glass that are formed by a fusion of silica sand or rock during a lightning strike.

Much like Lichtenberg figures appear across wood, the resulting shape mimics the path of the lightning bolt as it discharged into the ground. And yes, people make jewelry out of fulgurites.

Continue reading “Boss Byproducts: Fulgurites Are Fossilized Lightning”

FreeBSD At 30: The History And Future Of The Most Popular BSD-Based OS

October 28, 2024 by 38 Comments

Probably not too many people around the world celebrated November 1st, 2023, but on this momentous date FreeBSD celebrated its 30th birthday. As the first original fork of the first complete and open source Unix operating system (386BSD) it continues the legacy that the Berkeley Software Distribution (BSD) began in 1978 until its final release in 1995. The related NetBSD project saw its beginnings somewhat later after this as well, also forking from 386BSD. NetBSD saw its first release a few months before FreeBSD’s initial release, but has always followed a different path towards maximum portability unlike the more generic nature of FreeBSD which – per the FAQ – seeks to specialize on a limited number of platforms, while providing the widest range of features on these platforms.

This means that FreeBSD is equally suitable for servers and workstations as for desktops and embedded applications, but each platform gets its own support tier level, with the upcoming version 15.x release only providing first tier support for x86_64 and AArch64 (ARMv8). That said, if you happen to be a billion-dollar company like Sony, you are more than welcome to provide your own FreeBSD support. Sony’s Playstation 3, Playstation 4 and Playstation 5 game consoles namely all run FreeBSD, along with a range of popular networking and NAS platforms from other big names. Clearly, it’s hard to argue with FreeBSD’s popularity.

Despite this, you rarely hear people mention that they are running FreeBSD, unlike Linux, so one might wonder whether there is anything keeping FreeBSD from stretching its digital legs on people’s daily driver desktop systems?

Continue reading “FreeBSD At 30: The History And Future Of The Most Popular BSD-Based OS”