Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 04/16/22 in Posts

  1. After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remotely within VirusTotal platform and gain access to its various scans capabilities. About virustotal: The virustotal.com application has more than 70 antivirus scanners that scan files and URLs sent by users. The original idea of the exploration was to use the CVE-2021-22204 so that these scanners would execute the payload as soon as the exiftool was executed. Technical part: The first step was uploading a djvu file to the page https://www.virustotal.com/gui/ with the payload: Virustotal.com analyzed my file and none of the antiviruses detected the payload added to the file's metadata. According to the documentation at the link: https://support.virustotal.com/hc/en-us/articles/115002126889-How-it-works , virustotal.com uses several scans. The application sent our file with the payload to several hosts to perform the scan. On virustotal hosts, at the time that exiftool is executed, according to CVE-2021-22204 inform, instead of exiftool detecting the metadata of the file it executes our payload. Handing us a reverse shell on our machine. After that we noticed that it’s not just a Google-controlled environment, but environments related to internal scanners and partners that assist in the virustotal project. In the tests it was possible to gain access to more than 50 internal hosts with high privileges. Hosts identified within the internal network: The interesting part is every time we uploaded a file with a new hash containing a new payload, virustotal forwarded the payload to other hosts. So, not just we had a RCE, but also it was forwarded by Google's servers to Google's internal network, it customers and partners. Various types of services were found within the networks, such as: mysql, Kubernetes, oracle database, http and https applications, metrics applications, SSH, etc. Due to this unauthorized access, it was possible to obtain sensitive and critical information such as: Kubernetes tokens and certificates, service settings info, source codes, Logs, etc. We reported all the findings to Google that fixed this issue quickly. Disclosure Process: Report received by GoogleVRP - 04.30.2021 GoogleVRP trigged the report - 05.19.2021 GoogleVRP accepted the report as a valid report - 21.05.2021 GoogleVRP closed the report - 04.06.2021 Virustotal was no longer vulnerable - 13.01.2022 GoogleVRP allowed publishing - 15.01.2022 Source: https://www.cysrc.com/blog/virus-total-blog
    8 points
  2. Adevarat, intr-o zi erau 3000+ in alta 11.000+. Cred ca RST a avut "atacuri mult mai grele" si cu iptables -j DROP s-au rezolvat instant. Sa vorbeasca cu cei care se ocupa de hosting-ul emag si alte servicii de Black Friday
    7 points
  3. Pai si bugete pentru firmele neamurilor? Ei nu cauta solutii man. Cauta sa ofere contractele si sa mulga bani
    5 points
  4. Oricum sunt inutile site-urile guvernamentale. Poti chiar spune ca sunt site-uri folosite la frauda, la cat va fura statul roman ticalos. ♥️ fratii mei rusi!
    5 points
  5. ce ne facem baieti, a picat psd.ro si inca cateva rahaturi de site-uri pe la 7 dimineata, maine poimaine o sa atace si covrigaria luca plm a sunat 1990 isi vor pachetele inapoi
    5 points
  6. Asta e curs cum sa iti ia casa foc. Nu se respecta niciun fel de normativ/standard acolo. E instalatie electrica sau lucreaza la ma-sa la grajd :)))) - Conductorii par de 1,5 mm toti - Sigurantele sunt de 16 AMPERI curba C (pentru consumatori inductivi, nu rezistivi, asa cum avem in casa la majoritatea lucrurilor). Pentru instalatiile domestice se folosesc curba A sau B. E logic, ai curba C pentru ca un consumator inductiv consuma de pana la 6 ori curentul absorbit la pornire (o sa sara siguranta aia la 60 de amperi, atunci cand toata instalatia facuta pe 1.5mm sectiune o sa arda in flacari) - Nu exista niciun fel de siguranta diferentiala - A ocupat mai mult de 70% din cutie cu ele. - Conductorii litati nu se dezizoleaza cu caterul - Este interzisa cositorirea conductorilor in instalatii electrice. Acolo se folosesc cleme speciale de tip wago (prinderea se face mecanic, altfel cositorul acela o sa curga la prima supra sarcina iar suprafata de contact este de ~0,3mm, ori de cate ori l-ar rasuci labarul) - A pus deasupra sarme intre sigurante in loc de busbar (9 sigurante de 16 amperi pe un singur conductor de 1,5mm)
    5 points
  7. " PERCHEZIȚIE LA O PERSOANĂ BĂNUITĂ DE IMPLICARE ÎN ATACURILE INFORMATICE RECENTE Începând cu data de 29 aprilie a.c., o serie de atacuri informatice de tip DDoS - Distributed Denial of Service a afectat multiple site-uri web care aparțin unor instituții publice și organizații private din România. Atacurile ar fi fost revendicate de o grupare intitulată ‘KillNet’, de origine rusă, iar activitatea acestora ar fi promovată pe diferite canale de comunicare, fiind motivate de contextul conflictului militar Rusia - Ucraina. Imediat după aceste atacuri, specialiști ai Ministerului Afacerilor Interne, Direcției Generale de Protecție Internă, Inspectoratului General al Poliției Române, precum și din cadrul celorlalte structuri și instituții din sistemul de apărare, ordine publică și siguranță națională, au desfășurat activități specifice din competență, pentru contracararea atacurilor, protecția site-urilor vizate și identificarea persoanelor responsabile, în vederea asigurării rezilienței infrastructurilor IT. În urma activităților comune desfășurate, a fost identificată o persoană bănuită, cetățean român, rezident în Marea Britanie, care ar fi susținut activitatea grupării infracționale, prin oferirea de sprijin pentru traducerea din limba rusă în limba română a materialelor promovate de gruparea infracțională și prin indicarea unor site-uri web din Romania care ar fi putut fi atacate prin același mod de operare. La data de 2 mai 2022, în urma cooperării polițienești internaționale, autoritățile de aplicare a legii din Marea Britanie, prin National Crime Agency, au efectuat o percheziție domiciliară, în Marea Britanie, la adresa de reședință cetățeanului român, bănuit că ar fi fost implicat în desfășurarea atacurilor informatice, din ultimele zile, asupra infrastructurii IT din România. De asemenea, ofițeri specializați din cadrul IGPR- Direcția de Combatere a Criminalității Organizate - Serviciul de Combatere a Criminalității Informatice s-au deplasat în Marea Britanie, pentru acordarea de sprijin în ancheta desfășurată de National Crime Agency." Sursa: Politia Romana Personal cred ca isi pierd timpul dand jos site-urile partidelor....exact ce a spus si tex, cui ii pasa de site-urile astea?
    4 points
  8. Despite the old saying, not everything lives forever on the internet — including stolen crypto. This week, crypto security firm BlockSec announced that a hacker figured out how to exploit lending agreements and triple their crypto reward on the ZEED DeFi protocol, which runs on the Binance Smart Chain and trades with a currency called YEED. “Our system detected an attack transaction that exploited the reward distribution vulnerability in ZEED,” BlockSec said on Twitter this week. The end of the thread threw readers for a loop, though, because BlockSec also said the stolen currency had been permanently lost because of a self-destruct feature the hacker used. “Interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract. Probably, he/she was too excited,” BlockSec said in a following tweet. Possible Vigilante The sheer thought of losing a million dollars is enough to make anybody sweat bullets, but it’s possible the hacker did this on purpose. BlockSec isn’t sure what the motive was, and suggests it could’ve been an accident. A report by VICE published this week says the hacker could’ve been a vigilante with a message or something to prove. Because the self-destruct feature “burned” the tokens, they’re essentially gone forever. VICE suggests the hacker could’ve wanted to watch the crypto world burn — and the mysterious attacker certainly did cause a lot of chaos. After selling the hacked tokens, YEED’s value crashed to near zero. Sales won’t resume until ZEED takes steps to secure, repair and test its systems. Maybe the hacker messed up, or maybe we just witnessed a modern day Robin Hood attack. It’s possible we’ll never know who pulled off the hack, or why. Source: https://futurism.com/the-byte/hacker-steals-destroys Dorele, ce făcuși..... 😂
    4 points
  9. Salut, si eu as recomanda SaaS pentru magazine mici, cel putin la inceput de drum pana cand se stabilizeaza treaba. Cunosc pe cineva care a luat decizia de trece de la Magento la Shopify si a fost una din cele mai bune decizii. Costurile de hosting, mentenanta si update-uri permanente (au fost si probleme de securitate, a trebuit investigat, refacut, backup-uri, etc.) au fost principalul motiv pentru migrare. Acum totul e mai simplu, fara batai de cap. Plati cu cardul, administrare usoara, API-ul de la Shopify are tot ce trebuie, griji in minus. Overall, costurile sunt mai mici pe termen lung. Sigur, pentru magazine mari, cu departamente IT, situatia se schimba. Personal, atunci m-as gandi sa fac mutarea de la SaaS, sunt suficiente servicii/tooluri de migrare ulterioara de pe Shopify pe Magento si restul.
    4 points
  10. Intre timp, romania educata https://www.romaniatv.net/primarie-din-valcea-datoare-la-trupa-de-lautari-se-vand-microbuzele-scolare-pentru-plata-sumei-uriase-altfel-nu-putem_6455043.html
    3 points
  11. Ultima data era cineva de la Mediafax care manage-uia feed-ul. Tot Yahoo-ul Romania e facut pe pile, nu are treaba support-ul.
    3 points
  12. Pe aceasi logica in care iti pierzi varsta daca pierzi buletinul.
    3 points
  13. Tu cred ca nu ai idee care e diferenta dintre mono si stereo. Stereo nu inseamna doua boxe si atat. Rezumat la tiganul de pe youtube:
    3 points
  14. Poti sa ii faci un fingerprint la browser si sa il blochezi specific pe el. Exista https://fingerprintjs.com/, pentru free plan ai 20k IDs pe luna, mai mult decat suficient. Sunt si alte alternative precum https://github.com/mattbrailsford/imprintjs. Sa implementezi tu ceva similar nu merita efortul.
    2 points
  15. Sunt curios, este cineva pe aici care s-a uitat putin la "firehose-urile patched" de pe net pentru telefoanele Xiaomi? Firehose-ul e o parte a firmware-ului ce te previne sa ii dai flash in EDL daca nu ai autorizatie de la Xiaomi (Emergency Download Mode) - cel putin din ce inteleg eu despre domeniu, corectati-ma daca gresesc. In fine, ideea e ca au aparut pe internet multe firehose-uri "patched" pentru anumite telefoane Xiaomi. Daca inlocuiesti firehose-ul original al firmware-ului cu cel patch-uit pe care ti-l da indianu' de pe YouTube, atunci o sa poti da flash in EDL fara a avea un cont autorizat Xiaomi. Din pacate, doar telefoanele mai vechi sau mai ieftine au firehose-uri patched. Dintr-un motiv sau altul, cele recente (cum e Mi 11-le) nu au. Masura asta mi se pare o nesimtire din partea celor de la Xiaomi, luand in calcul ca mi-am brickuit Mi 11-le de la update-ul lor *oficial* (nu glumesc). Dupa aia l-am mai brick-uit de inca vreo 2 ori dar aia a fost vina mea. Ca sa debrick-uiesc a trebuit sa-i dau unui indian cu acces la un cont autorizat (probabil lucra la Xiaomi) 25 de euro ca sa-mi resuscitez telefonul, ca altfel era o caramida (literalmente). A mai avut cineva pe aici "aventuri" similare cu telefoane Xiaomi? Daca da, ati gasit vreo metoda sa o scoateti la capat fara sa platiti pe cineva cu autorizatie? Si care mai exact e faza cu firehose-urile astea patched in primul rand? A, si sper ca a 3-a sa fie ultima oara cand mai brickuiesc Mi 11-le. Am dat 3000 de lei pe un telefon care isi da brick singur... clar nu mai cumpar Xiaomi.
    2 points
  16. Lăsând gluma la o parte, este banal ce se întâmplă. Cum sa nu poți proteja niște site-uri la un atac DDoS banal de 3000-5000 de boți? Era un articol cum ca s-au investit nu știu cate milioane de euro pentru dezvoltarea "Capitalei cibernetice a Europei" a.k.a România. S-a mediatizat mult știrea asta si oamenii care nu au cunoștințele necesare rămân uimiți. Ne cam scade din reputație... daca s-ar fi chinuit puțin cei care se ocupa de site-urile respective ar fi găsit soluții de protecție open-source pe GitHub, dar incompetenta e la ea acasă... si cine plm ar face asta pentru 1500 lei? Daca aveți prieteni/cunoștințe care au poziții înalte pe acolo, ar fii o idee sa le oferim un topic/secțiune aici, si sa-i ajutam cu cate o idee...
    2 points
  17. Si sms-urile alea de spam care e treaba cu ele de unde au numerele "sensibile" oare ? :)))))))))
    2 points
  18. In rem, demareaza ancheta asupra faptei, nu a faptasilor. https://legeaz.net/dictionar-juridic/in-rem
    2 points
  19. "Atac dede o se, asa cum este el denumit de specialisti" i-auzi ma, plm, care pronunti asa? =)))) au dat jos site-ul psd-ului lol DIICOT a anunțat că a demarat o anchetă penală. Hmmm... si cum ii vor ancheta pe rusi?
    2 points
  20. Shodan.io is a search engine with the job of crawing the internet for publically acessible servers, software, and equipment. Intended as a site for cyber security experts and researchers, Shodan is a popular destination for those with other intentions as well. While not an inherently bad site, a hacker might want to cause some trouble by remotely accessing a web server with default credentials found on Shodan. News stories over the last few years talk about how Shodan has been used to log into traffic light controls, web cameras, and find databases to exploit. How do you prevent your network from being scanned and added to Shodan? First you’ll need a router or firewall with more than basic functions. Your device should accept custom firewall rules where you can block by remote IP address. Second you’ll need a list of the servers that Shodan uses to crawl the internet. Below is a list of known Shodan IP addresses and host names. A firewall rule should be created to block each entry. 93.120.27.62 - m247.ro.shodan.io 85.25.43.94 - rim.census.shodan.io 85.25.103.50 - pacific.census.shodan.io 82.221.105.7 - census11.shodan.io 82.221.105.6 - census10.shodan.io 71.6.167.142 - census9.shodan.io 71.6.165.200 - census12.shodan.io 71.6.135.131 - census7.shodan.io 66.240.236.119 - census6.shodan.io 66.240.192.138 - census8.shodan.io 198.20.99.130 - census4.shodan.io 198.20.70.114 - census3.shodan.io 198.20.69.98 - census2.shodan.io 198.20.69.74 - census1.shodan.io 188.138.9.50 - atlantic.census.shodan.io If you have a router capable of displaying active sessions or reporting blocked firewall events, you’ll see something like this. There are of course a number of things you can do to protect yourself from uninvited internet guests. First and foremost, don’t use default credentials for your router, server, database, IP camera, etc. These devices are incredibly easy to find through Shodan and there is never an excuse for defaults! You can also set your router to only allow inbound traffic from known IP addresses. Disabling WAN pings is another way you can try and prevent inbound traffic to your network. The easiest test is to run a Shodan search against yourself. If you know your external IP address, plug it into Shodan and look at the results. Do you see open ports? Do you have devices that are unsecured or running default credentials? The best solution is not to have public facing devices at all and instead to use a VPN to remotely access equipment, but in some situations that just isn't an option and the firewall rules are a fix. There are a number of routers that can provide the necessary firewall capabilities to block sites like Shodan from scanning your network. (Blocking a Shodan IP on a Peplink) The Pepwave Surf SOHO or Cradlepoint MBR1200B will provide adequate blocking for most homeowners or small businesses. Medium to enterprise size companies will want to look at more capable options like the Peplink Balance 380 or the AER3100. SOURCE
    2 points
  21. https://www.insanelyusefulwebsites.com Autor: jayra
    2 points
  22. Salutari, Are cineva un contact pe unde e nevoie pentru introducerea feed-urilor de la site-urile de stiri in ro.yahoo.com? Ofer 1000 euro, banul jos daca se incheie deal-ul (cu finalizare, ca la curve)
    2 points
  23. First, it's illegal if you don't have any legit authorization to do that. To do that, you must have a knowledge base that is missing from you. If a server (IP) has multiple ports open, it doesn't mean that you can obtain access to the server. To make an idea about the penetration testing process ("infiltrate"), I recommend having a look at Hackthebox and trying to learn how to do reconnaissance, information gathering, exploit, lateral movement, privilege escalation, etc. YouTube may also help.
    2 points
  24. :)))))))))))) Ba nene, nu mai fumati nasoale inainte de a intreba ceva. Cum adica sa pierzi vechimea? E rubrica acolo cu data obtinerii categoriei, da-o in pastele ma-sii S-a desfacut in doua si ai pierdut doar mecla sau cum parastas s-a pierdut mecla dar ai verso Sa-l reînmuiești poate
    2 points
  25. 2 points
  26. Buna seara, Urmeaza sa deschid, impreuna cu niste asociati, o companie care importa si vinde niste echipamente electrice. Caut persoana care sa creeze si sa administreze magazinul online. Preferam sa lucram cu wordpress/joomla/platforme prebuilded de ecommerce, iar persoana interesata sa aibe experienta vasta in acest domeniu (un portofoliu este bine-venit). Reprezinta un plus experienta in SEO si google/fb ads. Suntem interesati atat de o colaborare scurta (configurarea initiala), cat si de ceva de durata. Cei interesati sa imi trimita PM.
    2 points
  27. Ministerul Cercetării, Inovării şi Digitalizării recrutează experţi în domeniul IT&C pentru implementarea reformelor şi investiţiilor asumate de România în acest domeniu prin Planul Naţional de Redresare şi Rezilienţă (PNRR). Salariile sunt de până la 4.000 de euro net, iar specialiştii vor fi angajaţi până în anul 2026. „Ministerul Cercetării, Inovării şi Digitalizării (MCID) anunţă stabilirea grilei de salarizare pentru personalul angajat în afara organigramei, ca parte a „Grupului de Operativ pentru Implementarea şi Monitorizarea Reformelor şi Investiţiilor privind Transformarea Digitală” (Task Force), din Planul Naţional de Redresare şi Rezilienţă (PNRR). Grila de salarizare a acestei unităţi cu un rol major în reuşita implementării transformărilor digitale asumate de România este una competitivă, de până la 4.000 euro net lunar, care permite recrutarea celor mai buni specialişti care vor fi angajaţi până în anul 2026”, transmite ministerul, într-un comunicat. Candidaţii pentru funcţia contractuală de conducere şi pentru cele 16 funcţii de execuţie pot depune dosarul pentru procesul de selecţie până pe 26 aprilie, interviurile având loc în perioada 3 – 5 mai. Sunt scoase la concurs o funcţie contractuală de conducere – un post de manager, studii superioare, program de lucru 8 h/zi, la Task Force/MCID şi 16 funcţii de execuţie, respectiv: manager executiv – 1 post expert implementare – 2 posturi arhitect de sistem în domeniul TIC – 2 posturi specialist în domeniul calităţii – 1 post expert în securitate cibernetică – 1 post administrator baze de date – 2 posturi inginer de sistem în informatică – 3 posturi manager analiză de business în domeniul TIC – 3 posturi inginer de dezvoltare a produselor sofware (UI/UX) – 1 post Mai multe detalii despre posturile scoase la concurs – condiții, tematică și bibliografie – pot fi consultate AICI.
    2 points
  28. Sa inteleg ca erau multi romani pe acolo? sau care-i treaba cu RO police? 🚨 more info Raid Forums Is Down
    2 points
  29. This topic was created five years ago Look here: - https://wiki.ipfire.org/configuration/firewall/blockshodan Also, you can read here something: https://www.csoonline.com/article/3020108/blocking-shodan-isnt-some-sort-of-magical-fix-that-will-protect-your-data.html
    1 point
  30. 2008 e data obtinerii categoriei, 2014 data la care a fost schimbat ultima oara. Teoretic ar trebui sa fie valabil pana in 2024. Cred ca trebuie doar sa soliciti un duplicat. https://www.drpciv.ro/document-details/permise/5ab13584fa4e9422012c2bab EDIT: Din ce scrie pe acolo, noul document va fi eliberat cu valabilitate celui pierdut/deteriorat. Dat fiind ca mai sunt doar 2 ani de valabilitate eu unul as face si o fisa medicala. Asa ai 10 ani de valabilitate. Scapi de o grija si de plata altor 90-100 de lei peste 2 ani.
    1 point
  31. 1 point
  32. Mechanical keyboards are all the rage these days! People love the satisfying tactile sensation, and some go on great lengths to customise them to their exact liking. That begs the question: If we love it that much, why stop at just computer keyboards? If you think about it, there are plenty of everyday input devices in desperate need of mech-ing up! For example... a microwave keypad?? Yep you heard that right! Here is the story of how I added a RGB OLED hot-swap mechanical keypad to create the most pimped-up microwave in the entire world! Click me for high-res video with sound! Background A year ago, I picked up a used microwave for £5 at a carboot sale. It was a "Proline Micro Chef ST44": It appears to be from early 2000s, and is pretty unremarkable in every way. But it was cheap and it works, so good enough for me! Problem! That is, until almost exactly a year later. I pressed the usual buttons to heat up my meal, but nothing happened. After the initial disbelief, my thorough investigation by randomly prodding buttons revealed that the membrane keypad is likely broken. At first a few buttons still worked, but soon all the buttons stopped responding. At this point I could have just chucked it and still got my money's worth. But it seemed like a waste just because a cheap plastic keypad failed. Plus I could save a few pounds if I fixed it instead of buying a new one. So I took it apart and see if there was anything I could do. Disassembly After removing the case, we can see the main circuit board: Microcontroller at top-middle Buzzer at top-right Blue ribbon connector for keypad at middle-left Transformer and control relays near the bottom Entire board is through-hole, but I guess if it works it works! Here is the front side: The board is well marked, and it's interesting to see it uses a Vacuum Fluorescent Display (VFD), which was already falling out of favour by the time this was made. I also noticed this board, and in fact everything inside, was designed by Daewoo, a Korean conglomerate making everything from cars to, well, this. Anyway, back to the matter at hand. I thought I could just clean up the ribbon cable contacts and call it a day. Except I didn't notice the contacts were made from carbon(graphite?) instead of the usual metal, and I rubbed some right off: So if it wasn't broken then, it's definitely broken now. Great job! Enter the Matrix (Scanning) Still, it wasn't the end of the world. The keypad almost certainly uses Matrix Scanning to interface with the controller. There is a detailed introduction of this topic on Sparkfun. But in short, matrix scanning allows us to read a large number of inputs from limited number of controller pins. For example, there are more than 100 keys on our computer keyboard. If we simply connect each key to an input pin, the controller chip will need to have more than 100 pins! It will be bulky, difficult to route, and expensive to produce. Instead, with a little cleverness in the firmware, we can arrange the buttons in a grid of columns and rows, AKA a matrix, like this: This way, by scanning a single row and column at a time, we can determine which key(s) are pressed. Of course there are a lot more technicalities, so read more here if you want. Anyway, in the example above, instead of 4 * 4 = 16 pins, we only need 4 + 4 = 8 pins, a saving of half! And with our computer keyboard, we will only need around 20 pins instead of more than 100! Thus, we can see that Matrix Scanning simplifies the pin count and design complexity of input devices. Figuring Out the Matrix Back to our microwave keypad at hand. We can see its ribbon cable comes in two parts, each with 5 pins: So if my assumptions are correct, it would be a 5x5 matrix with 25 buttons. If you scroll all the way back up, you'll find the keypad has 24 buttons, so it checks out! Now we know there are 5 columns and 5 rows, it's time to figure out which key is which. To do that, I desoldered the ribbon cable connector and replaced it with a straight male header: As a side note, the microcontroller is a TMP47C412AN designed by Toshiba. It is a 4-bit processor with 4KB of ROM and 128 Bytes of RAM. It can also directly drive Vacuum Fluorescent Tubes. So all in all, a very specialised chip for appliances. Very underpowered compared to Arduinos and STM32s. But still, it gets the job done! I connected some jumper wires: And labeled the rows and columns with 1-5 and A-E: I then put the board back, powered on, and touched each pair of wires to see which button it responds as. It took a while, but eventually I figured out the matrix location of the buttons I need: So all in all, 10 numpad keys and 4 control buttons. There are a bunch of other buttons, but I didn't bother since I don't use them anyway. I quickly whipped up a simple schematic: With that, I hard-wired some buttons on a perf board as a quick and dirty fix: It works! At least I'll have hot meals now! And it didn't cost me a dime. But as you can see, it is very messy with 10 wires coming out of the case, and I'm sure I could do better. Pimp It Up! Around the same time, I was working on duckyPad, a 15-key mechanical macropad with OLED, hot-swap, RGB, and sophisticated input automation with duckyScript: Feel free to check out the project page if you're interested! I called it a "Do-It-All Macropad", so to live up to its name, it was only natural that I get it working on my microwave too! And if I pull this off, my lowly 20-year-old second-hand broken microwave will transform into the only one in the entire world with mechanical switches and RGB lighting! Now that's what I call ... a Korean Custom 😅. However, it wasn't as easy as it sounds. There are a number of challenges: I want to use the existing duckyPad as-is, so no redesigning. I want to keep it clean and tidy, so the fewer wires the better. It has to be powered by the microwave itself too. PMM Board Right now, there are 10 wires coming out of the case and into my hand-made keypad, very messy. Ideally, with duckyPad, I want it to use only 3 wires: Power, Ground, and Data. With so few wires, they can be inside a single cable, which would be much more clean and tidy. However, the microwave controller still expects 10 wires from the keypad matrix. So that means I would need an adapter of some sort. Let's just call it PMM board. duckyPad would talk to PMM board, which in turn talks to the microwave controller. Something like this: Not too bad! However, until now we have been using real switches with the keypad matrix. But with PMM board, we will need to control the key matrix electronically to fool the microwave into thinking we pressed buttons! How do we do it? Blast From the Past It came as a bit of a surprise, but after some digging, it turned out that I solved this exact problem 3 years ago! Back then, I was trying to automate inputs of Nintendo Switch Joycons, and they also used matrix scanning for their buttons. And the answer? Analogue Switches! You can think of them as regular switches, but instead of pushing them with your fingers, they are controlled electronically. The chip I used is ADG714 from Analog Devices. There are 8 switches in one chip, and they are controlled via simple SPI protocol: I quickly designed the PMM board: It's a relatively simple board. A STM32F042F6P6 is used, and I broke out all of its pins on headers in case I need them. Since there are 14 buttons that I want to control, two ADG714s are needed. With SPI, they can be daisy-chained easily. You can see in the schematic that the analogue switches are wired up in exactly the same way as my shoddy hand-soldered keypad. Except now they can be pressed electronically by the microcontroller. I had the PCB made, and soldered on all the components: I did a preliminary testing with continuity beeper, and it seemed to work fine, but we'll only know for sure once it is installed on the real thing. Serial-ous Talk Now the PMM board can control the button matrix, how should duckyPad talk to it? With only 1 wire for data, I reckoned that a simple one-way serial link should be more than enough. duckyPad would send a simple serial message at 115200bps every time a key is pressed. The PMM board receives it, and if the format is correct, it would momentarily close the corresponding analog switch, simulating a button press to the microwave. I added a top-secret UARTPRINT command to the duckyScript parser, and created a profile for my microwave keypad. They keys on duckyPad is arranged as follows: Why So Negative? It's all coming together! Which brings us to the final question: How are we going to power it? I thought it would be straightforward. There is already a microcontroller on the microwave circuit board, so just tap its power and job done! Turns out, almost but not quite. Examining the circuit board in detail, it turns out the whole thing runs on negative voltages. We can see it gets -26V from the transformer, steps it down to -12V, then again to -5V. The voltage regulator is a S7905PIC fixed-negative-voltage regulator, further confirming this theory. I'm not sure why it is designed this way, probably has something to do with the AC transformer. Still, it doesn't actually matter that much, as it's just from a different point of reference. I tapped two power wires from the circuit board to power the PMM board, and in turn, duckyPad: To reduce confusion, I marked them 0V and -5V. Usually, we would connect 0V to GND, and a positive voltage to VCC. But in this case, 0V is actually at the higher potential. So all I needed to do is connect -5V to GND, and 0V to VCC. The potential difference is still 5V, so everything works. (Eagle eyed viewers might notice I also covered the buzzer with a sticker. It was so loud!) A Duckin' Great Time! I reinstalled the circuit board, hooked everything up and did a quick test, it works! You can see the 3 wires going from duckyPad debug header to PMM board, as well as the 10 wires going into the control board where the blue ribbon cable used to be. I attached the duckyPad to the microwave, chopped off the ends of a cheap USB cable, and used the 4 wires inside to connect everything up through a vent at the bottom. Voilà! It's done! The first and (probably) only microwave in the entire universe with mechanical switches, OLED, and RGB lighting! Have you ever experienced the crisp and clicky tactile and audible perfection of Gateron Greens while heating up some frozen junk food at 2am because you're too lazy to cook? Well, I have, so there's that! Click me for high-res video with sound! I want one too! If you're interested in duckyPad, you can learn more about it and get one here! And if you want the whole package, unfortunately it would be much more involved. Each microwave have different keypad matrix layouts, so you'll need to figure them out, and design and build a PMM board yourself. Not a small feat, but at least all the information is here! If you do go down this path, let me know if you have any questions! Of course there are high voltages and potential of microwave radiation when you take it apart, so be careful! Other Stuff I've done a few other fun projects over the years, feel free to check them out: Daytripper: Hide-my-windows Laser Tripwire: Saves the day while you slack off! exixe: Miniture Nixie Tube driver module: Eliminate the need for vintage chips and multiplexing circuits. From Aduino to STM32: A detailed tutorial to get you started with STM32 development. List of all my repos Questions or Comments? Please feel free to open an issue, ask in the official duckyPad discord, DM me on discord dekuNukem#6998, or email dekuNukem@gmail.com for inquires. Source
    1 point
  33. Poate te ajuta:
    1 point
  34. The Role... Individual with background in development, capable of driving the security engineering needs of the application security aspects of products built in-house and/or integrated from 3rd parties and ensuring alignment with the PPB technology strategy. Work closely with the other Security Engineering areas (Testing & Cloud), wider Security team and project teams throughout the organization to ensure the adoption of best of breed Security Engineering practices, so that security vulnerabilities are detected and acted upon as early as possible in the project lifecycle. In addition to ensuring a continuous and reliable availability and performance of the existing security tools (both commercial and internally developed), the role also involves its continuous improvement (namely to cover emerging technologies/frameworks) and the coordination and hands-on development of the internally developed tools to meet new business and governance needs. What you´ll be doing... Liaise with business stakeholders to ensure all business projects are assessed from a security point of view and input is provided in order to have security requirements implemented before project is delivered; Develop and maintain engineering components autonomously (Python) that enable the Application Security team to ensure internally developed code is following security best practices; Research and evaluate emerging technologies to detect, mitigate, triage, and remediate application security defects across the enterprise; Understand the architecture of production systems including identifying the security controls in place and how they are used; Act as part of the InfoSec Engineering team, coordinating and actively participating in the timely delivery of agreed pieces of work. Ensure a continuous and reliable availability and performance of the existing security tools (both commercial and internally developed); Support the engineering needs of the InfoSec Engineering and wider Security function. Build strong business relationships with partners inside and outside PPB to understand mutual goals, requirements, options and solutions to complex or intangible application security issues; Lead and coach junior team members supporting them technically in their development; Incident response (Security related), capable to perform triage and with support from other business functions provide mitigation advise. Capable of suggest and implement security controls for both public & private clouds Maintain and develop components to support application security requirements in to Continuous Delivery methodologies; Research maintain and integrate Static Code Analysis tools (SAST) according companies' requirements; Plan and develop deliverables according SCRUM. What We're Looking For... Good written and verbal communication skills; A team player, who strives to maximize team and departmental performance; Resolves and/or escalates issues in a timely fashion; Knowledge sharing and interest to grow other team members; Effectively manages stakeholder interaction and expectations; Develops lasting relationships with stakeholders and key personnel across security; Influences business stakeholders to develop a secure mindset; Interact with development teams to influence and expand their secure mindset; Aplicare: https://apply.betfairromania.ro/vacancy/senior-infosec-engineer-6056-porto/6068/description/ Daca sunteti interesati, astept un PM si va pun in legatura cu "cine trebuie"
    1 point
  35. Inlocuieste "eval" cu "print" si e un bun inceput ca sa intelegi ce face.
    1 point
  36. 1 point
  37. Nu stiu de ce, dar ma duce cu gandul la https://www.mobile.de/ , avand scopul de a folosi acele anunturi ptr scam
    1 point
  38. 1 point
×
×
  • Create New...