[Ryan Miceli] wanted to build some reverse engineering skills by finding a new exploit for an original Xbox. Where he ended up was an exploit that worked across the network, across several games, and several different consoles. But it all started with an unbounded strcpy in Tony Hawk Pro Skater (THPS).

Xbox, PlayStation 2, and Gamecube (often referred to as the sixth generation) are wonderful hacking targets as they don’t possess many of the security enhancements of the seventh generation, like hypervisors, privilege levels, and hardware executability protections. The console launches the game, and control is fully within the game, so once you get your code executing, you’re done. The exploit started with a feature in many Tony Hawk games, the custom map editor. In the editor, you can create gaps between jumps with a name so that when a player completes the gap, it can flash “you jumped x” in big letters. However, on Xbox, the gap name is copied with an unbounded strcpy to the stack, meaning you can overwrite the return pointer. Additionally, there are no stack cookies for THPS, which meant nothing stopped [Ryan] from smashing his way through. He includes a small memcpy stub in the header of the level, which the gap name jumps to, which then copies and executes his full payload.

The other games in the series, like Tony Hawk’s Pro Skater 3 (THPS3), had the bug, but the gap name was copied to the heap, not the stack. However, he could overflow into a vtable of the next object that would call his code when the object was freed. However, the level save data wasn’t an executable region of memory, which meant he needed ROP (return-oriented programming). Just a few gadgets later, and [Ryan] had another exploit working.

Tony Hawk’s Underground 1 and 2 had stack cookies turned on. This meant a random value was placed on the stack before a function, then popped off and checked. This meant the program could check if its stack had been smashed. Unfortunately for [Ryan], this proved to be a major roadblock. However, the PC and PS2 versions of these games do not have stack cookies, which means they can be exploited in the same manner.

The beauty of the exploit is that the game allows you to invite a friend to play a custom level. This means once the level is transferred over the network, their console is hacked as well. However, the full payload wasn’t sent to the client console, which meant the exploit had to send the payload to the other console using the game’s existing net code. The exploit sets up an asynchronous file transfer then hands control back to the game. Of course, there was a memory leak in the netcode, because the game had never sent large amounts of data over the network before. So, part of the exploit was a hot patch for a memory leak.

As a last hurrah, [Ryan] ported the hack to Gamecube, PS2, and PC. The code is on GitHub, and the video is after the break. We love the attention the Xbox has been getting, and if you’re curious about a hardware hack, this 256MB ROM mod goes deep into the internals.

youtube.com/embed/Pjqw1Gwk0jg?…

HVAC – heating, ventilation, and air conditioning – can account for a huge amount of energy usage of a building, whether it’s residential or industrial. Often it’s the majority energy consumer, especially in places with extreme climates or for things like data centers where cooling is a large design consideration. When problems arise with these complex systems, they can go undiagnosed for a time and additionally be difficult to fix, leading to even more energy losses until repairs are complete. With the growing availability of platforms that can run capable artificial intelligences, [kutluhan_aktar] is working towards a system that can automatically diagnose potential issues and help humans get a handle on repairs faster.

The prototype system is designed for hydronic (water-based) systems and uses two separate artificial intelligences, one to analyze thermal imagery of the system and look for problems like leaks, hot spots, or blockages, and the other to listen for anomalous sounds especially relating to the behavior of cooling fans. For the first, a CNC-like machine was built to move a thermal camera around a custom-built model HVAC system and report its images back to a central system where they can be analyzed for anomalies. The second system which analyses audio runs its artificial intelligence on a XIAO ESP32C6 and listens to the cooling fans running in the model.

One problem that had to be tackled before any of this could be completed was actually building an open-source dataset to train the AI on. That’s part of the reason for the HVAC model in this project; being able to create problems to train the computer to detect before rolling it out to a larger system. The project’s code and training models can be found on its GitHub page. It seems to be a fairly robust solution to this problem, though, and we’ll be looking forward to future versions running on larger systems. Not everyone has a hydronic HVAC system, though. As heat pumps become more and more popular and capable, you’ll need systems to control those as well.

da Radio Popolare (19-7-2024):

Le colonie israeliane in Cisgiordania sono illegali. Lo ha stabilito oggi la Corte internazionale di giustizia con un pronunciamento storico, che ha chiuso un importante procedimento avviato nel 2022.
“Il popolo ebraico non è conquistatore nella propria terra”, ha subito commentato il premier israeliano Benyamin Netanyahu, mentre i ministri di estrema destra Itamar Ben Gvir e Bezalel Smotrich hanno risposto chiedendo “l’annessione” di larghe parti della Cisgiordania.
Il parere della Corte era stato formalmente richiesto dall’Assemblea generale delle Nazioni Unite a proposito delle conseguenze legali dell’occupazione da parte di Israele della Cisgiordania e di Gerusalemme Est. Sentiamo Chantal Meloni, docente di diritto penale internazionale alla statale di Milano: radiopopolare.it/riassunto-del…

Few processors have found themselves in so many different devices as the venerable Z80. While it isn’t powerful by modern standards, you can still use devices like this Cidco MailStation as a terminal.

The MailStation was originally designed as an email machine for people who weren’t onboard with this whole computer fad, keeping things simple with just an adjustable monchrome LCD, a keyboard, and a few basic applications. [Joshua Stein] developed a terminal application, msTERM, for the MailStation thanks to work previously done on decoding this device and the wealth of documentation for Z80 assembly.

While [Stein] designed his program to access BBSes, we wonder if it might be a good way to do some distraction-free writing. If that wasn’t enough, he also designed the WiFiStation dongle which lets you communicate over a network without all that tedious mucking about with parallel ports.

If you’d like something designed specifically for writing, how about an AlphaSmart? Wanting to build your own Z80-based project? Why not start with an Altoids-sized Z80 SBC, but don’t wait forever since Z80 production finally ended in June.

youtube.com/embed/Z7FYuFUxFlo?…

The world is tough and uncaring sometimes, especially if you’re at home tinkering with HP Enterprise equipment. If you’re in the same boat as [Neel Chauhan], you might have found that HPE is less than interested in interacting with small individual customers. Thus, when a cable was needed, [Neel] was out of luck. The simple solution was to assemble a substitute one instead!

[Neel] had a HPE ProLiant ML110 Gen11 server, which was to be used as network-attached storage (NAS). Unfortunately, it was bought as an open box, and lacked an appropriate serial-attached SCSI (SAS) cable. Sadly, HPE support was of no assistance in sourcing one.

SlimSAS LP x8 to dual MiniSAS x4 cables aren’t easy to find from anyone else, it turns out. Thus, [Neel] turned to Amazon for help sourcing a combination of parts to make this work. A SlimSAS LP 8X to 2x MiniSAS SFF-8643 cable was used, along with a pair of Mini SAS SFF-8087 to SAS HD SFF-8643 female adapters. From there, SFF-8087 cables could be used to hook up to the actual SAS devices required. The total cost? $102.15.

The stack of cables and adapters looks a bit silly, but it works—and it got [Neel]’s NAS up and running. It’s frustrating when you have to go to such lengths, but it’s not the first time we’ve seen hackers have to recreate obscure cables or connectors from scratch! What’s the craziest adapter salad you’ve ever made?

Social media giant X has suspended the processing of some personal data from EU users' public posts to train AI models, two days after the Irish Data Protection Commission (DPC) launched court proceedings over the practice.

euractiv.com/section/data-priv…

slowforward.net/2024/08/08/bts…

slowforward

2024-08-08 17:17:29

English below

slowforward.net/wp-content/upl…

“Welcome to Hell” è il rapporto più completo e autorevole sugli abusi e le torture sistematiche nelle carceri israeliane dal 7 ottobre, redatto da B’Tselem, la principale organizzazione israeliana per i diritti umani, che ha trascorso mesi a intervistare dozzine di ex prigionieri palestinesi (quelli che sono sopravvissuti alle torture).
Il loro rapporto fa “appello a tutte le nazioni e a tutte le istituzioni e gli organismi internazionali, compresa la Corte penale internazionale, affinché facciano tutto il possibile per porre immediatamente fine alle crudeltà inflitte ai palestinesi dal sistema carcerario israeliano e per riconoscere il regime di apartheid sistematico che opera in Israele”.

slowforward.net/wp-content/upl…

“Welcome to Hell” is the most comprehensive and authoritative report on systematic abuse and torture in Israeli prisons since October 7, written by B’Tselem, Israel’s leading human rights organization, which spent months interviewing dozens of former Palestinian prisoners (those who survived torture).
Their report “calls on all nations and all international institutions and bodies, including the International Criminal Court, to do everything possible to immediately put an end to the cruelties inflicted on Palestinians by the Israeli prison system and to recognize the systematic apartheid regime operating in Israel.”

slowforward.net/2024/08/08/bts…

#ApartheidFreeZone #BTselem #Cisgiordania #detention #dirittiUmani #EastJerusalem #Gaza #genocide #GeruselemmeEst #humanRights #illegalità #illegalitàIsraeliane #imprisonment #Israel #Israele #israeliPrisons #Palestina #Palestine #prigione #prigioniIsraeliane #prigionia #rapporto #report #sionismo #starvation #torture #trial #WelcomeToHell #WestBank #zionism #zionistPrisons #zionists

b’tselem’s report on israeli prisons, “welcome to hell”: free downloadable pdf // il pdf (liberamente scaricabile) del rapporto di b’tselem sulle carceri israeliane

“Welcome to Hell” is the most comprehensive and authoritative report on systematic abuse and torture in Israeli prisons since October 7, written by B’Tselem, Israel’s leadin…

^slowforward

Lo scorso capodanno ho visitato Nagasaki e i suoi monumenti alla bomba atomica. Sono parecchio brutti ma commoventi, e ci sono ancora reduci che portano la loro testimonianza con un'ammirevole dedizione alla diffusione di una cultura della pace anziché della vendetta. Mi dispiace che per amor di Bibi il vendicatore gli europei si siano fatti indietro.

ansa.it/sito/notizie/mondo/202…

Israele non invitato,ambasciatori occidente non vanno a Nagasaki - Notizie - Ansa.it

TOKYO, 07 AGO - Gli ambasciatori dei Paesi occidentali, compresa l'Italia, salteranno la cerimonia per il 79° anniversario del bombardamento di Nagasaki dopo che Israele non è stato invitato. Lo riferiscono alcuni funzionari. (ANSA)

^{Agenzia ANSA}

If there’s one thing humans love, it’s dancing with chance. To that end, [Jonathan] whipped up a fun dice box, connecting it to the Internet of Things for additional functionality.
Expect dice roll stat tracking to become a big thing in the D&D community.
The build is based around Pixels Dice. They’re a smart type of IoT dice that contains Bluetooth connectivity and internal LEDs. The dice are literally capable of detecting their own rolls and reporting them wirelessly. Thus, the dice connects to the dice box, and the dice box can literally log the rolls and even graph them over time.

The project was built in a nice octagonal box [Jonathan] picked up from a thrift store. It was fitted with a hidden battery and ESP32 to communicate with the dice and run the show. The box also contains integrated wireless chargers to recharge the dice as needed, and a screen for displaying status information.

The dice and dice box can do all kinds of neat things, like responding with mood lighting and animations to your rolls—for better or worse. There are some fun modes you can play with—you can even set the lights to sparkle if you pass a given skill check in your tabletop RPG of choice!

If you play a lot of tabletop games, and you love dice and statistics, this is a project well worth looking into. Imagine logging every roll so you can see how hot you are on a given night. Or, heck—whether it was the dice’s fault you lost your favorite player character in that foreboding dungeon.

We see a few dice hacks now and then, but not nearly enough. This project has us questioning where smart dice have been all our life! Video after the break.

youtube.com/embed/oCDr44C-qwM?…

Raspberry Pi’s first foray into the world of microcontrollers, the RP2040, was a very interesting chip. Its standout features were the programmable input/output units (PIOs) which enabled all sorts of custom real-time shenanigans. And that’s not to discount the impact of the Pi Pico, the $4 dev kit built around it.

Today, they’re announcing a brand-new microcontroller: the RP2350. It will come conveniently packaged in the new Pi Pico 2, and there’s good news and bad news. The good news is that the new chip is better in every way, and that the Pico form factor will stay the same. The bad news? It’s going to cost 25% more, coming in at $5. But in exchange for the extra buck, you get a lot.

For starters, the RP2350 runs a bit faster at 150 MHz, has double the on-board RAM at 520 kB, and twice as much QSPI flash at 4 MB. And those sweet, sweet PIOs? Now it has 12 instead of just 8. (Although we have no word yet if there is more program space per PIO – even with the incredibly compact PIO instruction set, we always wanted more!)
Two flavors on the same chip: Arm and RISC
As before, it’s a dual-core chip, but now the cores are Arm Cortex M33s or RISC-V Hazard3s. Yes, you heard that right, there are two pairs of processors on board. Raspberry Pi says that you’ll be able to select which style of cores runs either by software or by burning one-time fuses. So it’s not a quad core chip, but rather your choice of two different dual cores. Wild!

Raspberry Pi is also making a big deal about the new Arm TrustZone functionality. It has signed boot, 8 kB of OTP key-storage memory, SHA-256 acceleration, a hardware RNG, and “fast glitch detectors”. While this is probably more aimed at industry that the beginning hacker, we’re absolutely confident that some of you out there will put this data-safe to good use.

There is, as of yet, no wireless built in. We can’t see into the future, but we can see into the past, and we remember that the original Pico was wireless for a few months before they got the WiFi and Bluetooth radio added into the Pico W. Will history repeat itself with the Pico 2?

We’re getting our hands on a Pico 2 in short order, and we’ve already gotten a sneak peek at the extensive software toolchain that’s been built out for it. All the usual suspects are there: Picotool, TinyUSB, and OpenOCD as we write this. We’ll be putting it through its paces and writing up all the details next week.

Image by [fata1err0r81] via redditThe most striking feature of the Tenshi keyboard has to be those dual track pads. But then you notice that [fata1err0r81] managed to sneak in two extra thumb keys on the left, and that those are tilted for comfort and ease of actuation.

The name Tenshi means ‘angel’ in Japanese, and creator [fata1err0r81] says that the track pads are the halos. Each one slides on a cool 3D-printed track that’s shaped like a half dovetail joint, which you can see it closer in this picture.

Tenshi uses a pair of RP2040 Zeros as controllers and runs QMK firmware. The track pads are 40 mm each and come from Cirque. While the Cirques have been integrated into QMK, the pull request for ZMK has yet to be merged in. And about those angled keys — [fata1err0r81] says they tried risers, but the tilting feels like less effort. Makes total sense to me, but then again I’m used to a whole keyboard full of tilted keys.

kbplacer Is Your New Best Friend

The finished result. Image by [Adam] via GitHubWhat’s the worst part about building custom mechanical keyboards? Well, it probably depends on the person, but for many, the answer would be placing the elements and routing them in order to create the actual PCB.

[Adam] wrote kbplacer, which is an open-source KiCad plugin for designing mechanical keyboards. kbplacer does automatic key placing and routing, and works with Keyboard Layout Editor, VIA, QMK, and, experimentally, Ergogen. It also places diodes, and lets the user select the diode position in relation to key position. In addition, kbplacer can also be installed with pip as a Python package for use with other tools.

If you do want to use it with Ergogen, [Adam] outlines a workflow example. Also, check out how kbplacer works with a whole bunch of popular layouts.

The Centerfold: Battleship Harleyquin

Image by [hiphasreddit] via redditHarlequin all the things, I say, and bring back the four-color Volkswagen. That’s why I love this here Battleship Harleyquin. Don’t miss the gallery!

This may look like an Alice, but it’s really the AVA by Sneak Box with GMK Panels key caps. A matching Panels desk mat might have been too much; I think the GMK Slasher looks nice.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: the Smith Premier 1

Image via Antique Typewriters
While not quite a 200% keyboard, the Smith Premier 1 definitely has one in spirit. As you can probably tell, there are separate keys for upper and lower case letters. No key performs a second function, so there is no Shift in sight. I particularly like the double space bars and the fact that the numerals run down both sides.

This machine, produced by the L.C. Smith Gun Co. of Syracuse, New York beginning in the late 1880s was “the most advertised and successful double keyboard typewriter of its time”. It sold for $100, which was about average for a keyboard typewriter at that time, when one could buy a horse-drawn carriage for $60.

While modern typewriters make use of keys attached to type bars with levers, the Smith Premier uses an array of turning rods in order to transfer motion from the key press to the type bar.

Pressing a key turns a particular horizontal rod that runs the length of the machine. At the rear, a small lever connected to the rod pulls down on the type bar above it, striking the paper. Apparently this design was quite smooth and responsive for the typist. Be sure to check out the detailed images on this one.

ICYMI: the Portable Pi 84

Image by [Michael Mayer] via PrintablesOver the years, the idea of ‘portable’ has changed significantly. While we once had luggable computers and chonky laptops, these have given way to sleek machines that look pretty much all alike from the outside.

Some of those laptops of yore had ultra-wide displays and were hinged in the center, leaving a sort of trunk the back. It is these classic computers that inspired [Michael Mayer] to build the Portable Pi 84.

Well, those, and in particular, [Michael]’s chosen mechanical keyboard, itself based on the Happy-Keyboard from [Luis Alegría]. The 9.3″ Waveshare display serendipitously just fits over the keyboard, and the rest is in that spacious trunk — the Raspberry Pi 4, a UPS hat, a couple of 21700 batteries, and a pair of speakers.

Be sure to check out the printed panels that let the user change up the ports and connection layout, because that’s an incredibly cool idea.

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

The foiled jihadist terrorist plot targeting Taylor Swift‘s concerts in Vienna highlights an increasing terrorist threat coming from radicalised European teenagers, which experts blame on social media.

euractiv.com/section/politics/…

La società di sicurezza CrowdStrike ha elaborato recentemente un report che riporta le ragioni del guasto del software Falcon Sensor, che ha interrotto il funzionamento di milioni di dispositivi basati su Windows in tutto il mondo oltre che ai miglioramenti introdotti.

L’incidente, denominato “Channel File 291″, è stato causato da un problema di convalida del contenuto a seguito dell’introduzione di un nuovo tipo di pattern per rilevare nuove tecniche di attacco

Il nuovo tipo di modello ha comportato una mancata corrispondenza dei parametri con 21 parametri di input passati allo strumento di convalida del contenuto invece dei 20 previsti forniti dall’interprete del contenuto. La discrepanza non è stata rilevata durante il test e ha causato l’errore. Di conseguenza, i sensori che hanno ricevuto il nuovo aggiornamento hanno riscontrato un problema con la lettura della memoria, che ha portato al crash del sistema.

In altre parole, la nuova versione del Channel File 291, rilasciata il 19 luglio, è stata la prima istanza del modello IPC a utilizzare il 21° parametro. La mancanza di un test specifico per la corrispondenza dei criteri senza caratteri jolly nel 21° campo ha fatto sì che il problema non fosse identificato prima di inviare un rapido aggiornamento del contenuto ai sensori.

CrowdStrike ha apportato modifiche per evitare problemi simili in futuro. Sono stati aggiunti controlli sui limiti dell’array di input ed è stato aumentato il numero di test per i nuovi modelli.

L’azienda ha anche coinvolto esperti di terze parti per rivedere il codice e migliorarne la qualità. Inoltre, la piattaforma Falcon è stata aggiornata per offrire ai clienti un maggiore controllo sulla fornitura degli aggiornamenti.

L'articolo CrowdStrike pubblica un report su “Channel File 291” spiegando l’incidente e i miglioramenti introdotti proviene da il blog della sicurezza informatica.

The European Commission does not plan to reopen the General Data Protection Regulation, instead focusing on enforcement, as privacy in the age of artificial intelligence is becoming increasingly controversial.

euractiv.com/section/data-priv…

Il 2 agosto in Turchia è stato bloccato l’accesso a Instagram, costringendo i residenti e gli ospiti del paese a iniziare a utilizzare in modo massiccio i servizi VPN per aggirare il blocco. Tuttavia, le autorità hanno rapidamente iniziato a limitare l’accesso a questi servizi.

Türkiye'den erişime engelli VPN servislerinin listesi: t.co/ttaery0W4m pic.twitter.com/OQHpGoHa5t
— EngelliWeb (@engelliweb) August 4, 2024

Il giornalista turco e coordinatore del progetto Free Web Turkey Ali Safa Korkut spiega che l’attuale situazione di blocco delle VPN non è nuova.

Nel dicembre 2023 sono stati bloccati 16 principali servizi VPN, tra cui ProtonVPN, Surfshark, IPVanish e CyberGhost. Successivamente, in periodi diversi, l’accesso è stato limitato ad altri 11 servizi VPN.

Surfshark ha confermato che i suoi utenti in Turchia hanno riscontrato difficoltà di accesso dalla fine dello scorso anno. “Da quando Instagram è stato bloccato, non abbiamo notato un aumento dei tentativi di bloccare il nostro servizio, ma stiamo monitorando attentamente la situazione“, ha affermato il product manager di Surfshark.

Nonostante i blocchi, gli utenti in Turchia continuano a utilizzare con successo alcuni servizi VPN, inclusi, stranamente, quelli bloccati. I rappresentanti di NordVPN, ExpressVPN, ProtonVPN, Surfshark e Private Internet Access hanno segnalato un aumento significativo del traffico e delle registrazioni degli utenti dalla Turchia.

Per coloro che intendono visitare la Turchia, si consiglia di scaricare in anticipo l’applicazione VPN scelta per evitare problemi di accesso. La registrazione su più servizi contemporaneamente ti aiuterà a bypassare i blocchi se una delle VPN smette improvvisamente di funzionare.

L’uso di Tor Browser può anche aiutare a aggirare le restrizioni, sebbene la connessione tramite Tor possa essere lenta a causa di più livelli di crittografia del traffico. Se la tua app VPN non funziona, Korkut consiglia di modificare le impostazioni DNS per accedere a Instagram.

La situazione relativa al blocco dei social network e dei servizi VPN in Turchia illustra chiaramente la crescente tendenza a limitare il libero accesso alle informazioni in molti paesi del mondo. Tali azioni governative sono tipicamente motivate da preoccupazioni di sicurezza nazionale o di controllo sul flusso di informazioni, ma invariabilmente limitano i diritti dei cittadini alla libertà di parola e all’accesso a fonti indipendenti.

L'articolo Muri Digitali: La Turchia stringe la morsa su Instagram e i Servizi VPN proviene da il blog della sicurezza informatica.

Many of us store a flashlight around the house for use in emergency situations. Usually, regular alkaline batteries are fine for this task, as they’ll last a good few years, and you remember to swap them out from time to time. Alternatively, you can make one that lasts virtually indefinitely in storage, and uses some simple chemistry, as [JGJMatt] demonstrates.

The flashlight uses 3D printing to create a custom battery using magnesium and copper as the anode and cathode respectively. Copper tape is wound around a rectangular part to create several cathode plates, while magnesium ribbon is affixed to create the anodes. Cotton wool is then stuffed into the 3D-printed battery housing to serve as a storage medium for the electrolyte—in this case, plain tap water.

The custom battery is paired with a simple LED flashlight circuit in its own 3D-printed housing. The idea is that when a blackout strikes, you can assemble the LED flashlight with your custom battery, and then soak it in water. This will activate the battery, producing around 4.5 V and 20 mA to light the LED.

It’s by no means going to be a bright flashlight, and realistically, it’s probably less reliable than just keeping a a regular battery-powered example around. Particularly given the possibility of your homebrew battery corroding over the years unless it’s kept meticulously dry. But that’s not to say that water-activated batteries don’t have their applications, and anyway it’s a fun project that shows how simple batteries really are at their basic level. Consider it as a useful teaching project if you have children interested in science and electricity!