PrintNightmare Windows CVE-2021-1675

Featured

So Microsoft wanted to make it easy for a standard user to install a Printer without Administrator rights. There is a huge bug with the PrintSpooler service that has a huge vulnerability that was a EoP (Elevation of Privilege) affecting Windows 7 to Server 2019.

However this escalated to a RCE (Remote Code Execution). RCE refers to a bug by which cybercriminals can break into your computer in the first place, without needing any password for any account on your computer.

Microsoft released an update to fix it

At the same time this was going on a Zero-day exploit was on the rise. Researchers from the cybersecurity company Sangfor were going to present their paper about Print Spooler Bugs at the 2021 Black Hat conference in August but decided to release it early. Since the Print Spooler was recently patched they thought it would be alright since the vulnerability was fixed.

Well come to find out it was something completely different hiding in the exploit that wasn’t patched. In other words there were two security holes in it. One was patched and the other was not.

The Sangfor crew inadvertently documented an as-yet-undisclosed RCE bug, thus unintentionally unleashing a zero-day exploit. The researchers apparently took down the offending information once the mistake was figured out but by then it was too late, because the exploit code had already been downloaded and republished elsewhere. Pandora’s box had already been opened, and it was too late to close it up again.

The only way to fix this until a patch release is to disable the Print Spooler. However this will disable printing and can’t print anything. It’s good practice anyway to disable the Print Spooler if you don’t have a printer to free up resources in Windows but if you use a printer all the time you’re kind of screwed until then.

This is one of the many reasons why I left Windows in the dust and use Linux. Granted there are exploits in Linux as well but they are typically targeted on older software packages and an easy update fixes it. If it’s a major one it is typically fixed within hours after it has been known to the world.

Installing pfSense on a PC Engines APU2

Featured

The APU2 came in and now I can install pfSense and share the knowledge.

First things first. The APU2 does not have a Video Out such as VGA or HDMI. It’s a headless System that uses RS-232 to run it until pfSense is installed. The options for this is to use either a DB9 Null Modem Cable if the System you’re going to connect has Serial/RS-232 or use a modern USB to Serial Cable.

For this install the Host Machine is my Desktop running Debian Linux. I am also using a USB to Serial Cable Adapter. It uses the CH341-UART chip. Keep in mind you will need a DB9 Null Modem Adapter, a simple Gender Changer Adapter isn’t going to work. for the connection software wise I am going to use GNU Screen.

We need to download pfSense. Make sure to follow the image below.

After it downloads uncompress the file and use dd (DiskDump) to write to a USB Thumb Drive. The Thumb Drive shows up as /dev/sdc but this varies system to system. If anything insert the Thumb Drive and run sudo dmesg and it should show up last and will say /dev/sd* whatever the * is is the Thumb Drive, could be sdb, sdc, sdd and so on.

For my System I issued this command.

sudo dd if=~/Desktop/pfSense-CE-memstick-serial.img of=/dev/sdc

While it was writing to the Thumb Drive I gathered the rest of the equipment together. Do not power on the APU2 just yet. When the Thumb Drive is ready plug it into the APU2. Launch GNU Screen with this command. Remember I am using a USB 2 Serial Adapter so yours might differ.

screen /dev/ttyUSB0 115200

With Screen running you can now power on the APU2. When you turn it on you should see Text pop up in the window. Select F10 to bring up the Boot Menu and select the Thumb Drive. It will take a couple of minutes to load up but it should go directly into the Installer. From there just follow the prompts and install pfSense like you would on a typical PC.

When finished installing you’ll need to reboot the APU2 and this time hit F10 again and select Manage Payload. This will bring you to a BIOS setup and just tell it to boot from whatever Media you installed pfSense onto. If you skip this part then it will only Boot into MemTest86.

After that it should work and you can then start programming it via the Web UI.

Here is a couple of shots of my APU2.

So far I am impressed. I plan installing it this Weekend and see how it goes.

Featured

S-100 Z80 Progress

I didn’t like the first revision of the Schematic so I redid the whole thing. I came across a Z80 Trainer made by Dr. Baker and used that as the basis of the new Schematic. I also used the circuit for the VT132 Project for a Terminal VGA and USB Keyboard.

Control Panel
CPU and Clock
RAM and ROM
IO Board
Serial Terminal for Video and Keyboard

These are not final. I need to review these and make sure everything is in the right order. I also need to import the S-100 BUS.

Featured

New CCTV System

I decided to buy the CCTV equipment. I bought a Reolink 5MP Pan Tilt Zoom Camera for the Driveway and a Reolink 5MP with Audio Turret Camera for the Lanai. My Boss let me buy a Hikvision Door Bell at cost and it was on sale from the distributor for $98.00. It’s the only one I can find that has ONVIF currently. I also have a couple of Hikvision IP Cameras I will use for Indoor use.

For now I plan to use MicroSD Cards for recording and push it to Shinobi that is running on the Home Assistant Server. For now I will use a TP-Link 5 Port PoE Switch. I really don’t see adding anymore Cameras since the placements I have chosen should cover everything. Except one area that has the A/C unit.

I am a bit worried since I heard A/C unit thefts are on arise in my area but I got that covered. I traded a A/C Tech 25ft of Coax for 25ft of outdoor rated cable used for A/C systems so I can make a dummy line that connects to the Alarm Panel so when someone cuts it the Alarm goes off, I have it programmed as a Duress so the Central Station sends out the Cops without Verification. Also used longer Tapcons to attach the unit into the Cement Pad. I also stripped out the Nut Driver portion of the Tapcons so the only way to get them out is with a Flat Head or a Cutting Wheel. Besides the Driveway Camera and Lanai Camera would catch anyone going to the side of the House anyway.

Anyway, back on topic here. I will probably run the Cabling to the Master Closet or Garage and then run a Single Line to the Living Room since the TV stand is getting full. Since the pfSense box has one more open port I can dedicate that to the CCTV and give access to Home Assistant.

I already got a friend that wants to buy my old Analog DVR and I will probably give the Ring to my Mother.

Featured

Lost art of Cable Management – Cable Lacing

Used in Telcom, NASA and Avionics a almost lost art of Cable Management called Cable Lacing. Instead of using Zip Ties or Tape a Waxed Coated Cotton String is used for the whole length of a Wire Rack or Wire Harness/Bundle.

In my honest opinion this looks a lot cleaner and better then a hundred Zip Ties and doesn’t leave a sticky residue like Tape does. It’s also pretty darn cheap, just don’t buy the “Electronics Grade” stuff. The 1mm size that is used for Jewelry is cheaper and it is the exact same stuff. You can also use thinner stuff but you’ll have to double wrap the bundle.

I found a little Video on YouTube that covers how to do it. The man in the Video has a terrible accent but you just to need to watch rather then listen.

A few Tips I have with this Method. Have the knots closer then what I have in the example photo. If the Cabling is running flat then you can get away with knots further away but when you go into turns and twists you want the knots closer or it will look like this.

Just like anything new you will be slow and it will look like crap but with practice it will look better and you’ll get much faster.

Featured

Fresh install Debian 10 Linux

When I install Linux I end up spending a lot of time tweaking it the way I like it. No matter the Distribution I end up doing stuff like this. Mostly because Out of the Box is for the novice user. Most end Linux users do the same thing.

I typically start with just the base install to make sure all of my hardware is in working order such as Chipset, CPU Microcode, Networking and USB. Easier to catch the issues when it’s a plain Command Line Interface. Also much easier to redo the install to Unstable if the Kernel is too old to see brand new hardware. Unstable isn’t really Unstable, it’s just newer Software that is still experimental. For a example Ubuntu uses a mixture of Unstable and LTR (Long Term Release).

When partitioning I keep things simple and use a single Partition for everything. Now if I am doing this to a system that has Multiple Hard Drives I’ll move things around such as putting the /home directory onto a different drive. Back in the day I use to toss in a old drive just to be used for SWAP but these days I see no performance gains. A EXT4 Partition is just find and no need to go into the world of ZFS and GPT since ZFS eats RAM and GPT will bite you in the ass in the end.

After I verify everything is working I’ll edit the APT sources file and add the contrib and non-free entries, update the mirrors and upgrade. Install Xorg and whatever Window Manager I want. Currently I am giving KDE Plasma a spin and it has a few nice features but I like using the Awesome WM.

Before anything else I once again verify my Video and Audio is working correctly. I’ll run the glxgears program or just look at the OpenGL Information. To test Audio I’ll just load something up in YouTube, a few times in the past the Audio would work fine within the Window Manager but YouTube, Steam and VLC would be deaf. So if YouTube works then there shouldn’t be issues with anything else.

Now I can start adding my custom tweaks and such.

I add my user to the sudoers file and make sure the hostname for the system is final. Also install ntp if Xorg’s install didn’t include it.

su
apt install binutiles sudo ntp ufw fish vlc
nano /etc/sudoers


under root’s entry add
[username] ALL=(ALL:ALL) ALL
Save and exit.

exit

I start by changing the Command Line Shell. Debian uses a modified version of BASH called DASH. Works alright but after you start playing with other types of Shells you end up staying away from it. I use to use Zsh but I converted to FISH. After installing fish I then issue chsh -s /usr/bin/fish then launch it. From there I go into ~/.config/fish and edit the config.fish file and add my alias entries.

alias ls="ls -lahp"
alias dir="ls -lahp"
alias shutdown="sudo shutdown now"
alias reboot="sudo reboot"
alias update="sudo apt update"
alias upgrade="sudo apt upgrade"
alias purge="sudo apt autoremove"
alias edit="nano"
alias G="grep"
alias S="sudo"

After tweaking commands to my liking I’ll add more software I attend to use such as Htop, Bleachbit, Guake, and KDE Connect.

Over time I end up installing neofetch, screen, Arduino IDE, Sublime Text and GCC, Firefox and vBox.

Once in a blue moon I’ll screw up and spend a good few hours fixing it or just end up reinstalling everything.

Featured

Limit Unwanted Network Connections

I’m slowly putting together a Network Administration suite for the Raspberry Pi. Came across a little jewel called Evil Limiter. It’s a Python 3 Script that can do a ARP scan of a Network and give you a IP Address on the Network that you know shouldn’t be there or you have a User sucking up too much Bandwidth. So instead of Deauthing the user you can Throttle or even Block the User. For a example you can Limit a User to 100Kbit/sec or even totally block them.

This could be handy for enforcing say the Kids Internet usage during the Spring/Summer Break or even at work when Steve should be working on a report but is too busy watching Netflix or YouTube.

Now this tool is considered a DoS (Denial of Service) Attack so be careful how you use it and deploy it.

Featured

Building a Z80 Computer

Every hardcore Electronics Engineer and Computer Nerd has a bucket list and there is a Homebrew Retro Computer on that list. I could cheat and buy a RC2014 kit but building it from total scratch is even better.

Now you just don’t order/buy/find the parts and slap it all together. You have to study up on the subject. There is a PDF floating around called “Build your own Z80 Computer” by Steve Ciarcia. Then you have Grant Searle’s Website that is loaded with tons of Schematics and ideas for a minimal chip count Z80 running BASIC and CP/M.

To start off the build I am going to build a curd version of the Zeta256 and branch off of that by adding memory, UART, ROM and so forth.

Gigabyte GTX 1080 D5X 8G renewal – Complete

The Silicone Thermal pads showed up and I went to work. I had already taken the whole card apart and cleaned all of the dust out. I didn’t get any pictures of it but to give you an idea here is what the inside of the power supply looks like.

One dirty SOB

Here is what it looked like with the old thermal pads and grease.

Here is with the new thermal pads and some Arctic Silver 5 grease.

I ordered a assortment pack of the pads that came in different thicknesses. On the rear plate I had to double up on the pads and the top under the cooler I used the super thin ones for the RAM and the medium thickness pads for the power side. The idea is to have the part push into the pad, not crush it because you’ll either end up hurting the components or cause the pad to tear through and create a hot spot.

Gigabyte GTX 1080 D5X 8G renewal

My Son decided to build a new computer for himself and he gave me his old GPU and Power Supply. I was told it was a NVIDIA 1080 TI but it’s not. Still the GTX 1080 packs a punch todays standards, at least for me since I am currently sporting a Radeon RX 550.

Anyway, my Son didn’t take care of his computer and was filled with a bunch of dust. So much I had to take the card completely apart. I went as far as opening up the fans and oiled them up. Sadly I can’t use the card yet because when I took the heatsink off it tore apart the Silicone Thermal pads so I had to order new ones.

I just hope this card still works. I find it kinda odd my Son gave it to me before even buying a new computer and he lives and breathes on the computer.

When the Thermal pads show up I’ll take before and after pictures.

Hardware upgrades for the Dell Optiplex 3010 – Part 4

I left off with Part 3 thinking I was done with this build but nope. I started to have the front panel I/O error when I would power up the machine and I was going to live with it but over time it annoyed me.

To fix this issue with the SFF (Small Form-Factor) motherboard I had to short out a few things. I searched around and a lot of people had some fixes but they didn’t work. I found this one and tried it and it worked.

The one on the right is the board I have

Since I don’t use the Analog audio jacks AKA Front Audio I was fine there but for the Front USB I had to add a dupont connector and bridge it to the ground pin. A solid piece of 22awg worked great for that jumper.

After getting that taken care of my oldest Son came up to me with his Computer in hand and asked if I wanted it. The Computer is about four years old and he tore it up. I only took it because it has a NVIDIA GTX 1080 Ti in it so I am going to the NVIDIA side of the force. I hope I don’t have to swap out the Power Supply for the 1000 watt supply because I have plans for future build.

Garage Rehab for 2022

Happy New Year. Over the last two years the Garage has become a total mess. It looks like an episode or Hoarders.

This February I am taking a whole week off of work to clean this Garage out once and for all.

The idea is to pull everything out of the Garage and then put it back in with the exception of the trash and stuff I don’t need anymore. I already told the kids last month to make sure anything they want to keep is taken out of the garage or it will be in the trash.

I am also going to install two A/C vents into the Garage. I am going to remove the A/C vent in the laundry room since honestly that room is so small and is the coldest room in the house. I think the A/C uses four inch so I would just pull off the duct from the laundry and toss on a 4″ Y adapter and then run 4″ duct to both new locations in the Garage. I need top hop in the attic and get the final size measurements. The first vent will be near the Desk and the second vent will be near the entry door. I’ll just cap off the vent in the Laundry room so I can easily revert back. I am also going to install some blown-in insulation and some air sealing while I am at it.

Upgrading to Tasmota 10.1.0

So I was bored and checked to see if there was a new version of Tasmota since I haven’t checked in a while. Sure enough there was so I ran the OTA update in TasmoAdmin but nothing happened. It said it updated everything but all of my devices said they were still running 9.5.0.

So I picked a random device and it was the lock to the Master Bedroom. I kept getting a Upload buffer miscompare error.

I looked into it and I had to upgrade to the Minimal version of 10.1.0 via the GZ file type and then in the console make it upgrade to the full build. I did a backup with decode-config but when I tried to restore the backup I got an error stating that major changes are in 10.1.0. Well I had no hard copy of the GPIO settings I used so I had to look things up in the json file that decode-config created. I found the GPIO settings.

"user_template": {"base": 46, "flag": 0, "gpio": [0, 0, 0, 0, 224, 192, 0, 0, 0, 0, 0, 0, 0, 0], "name": "DOOR_MASTER"},

I had to clean it up and copied and paste it into the WebUI for the device.

{"NAME":"DOOR_MASTER","GPIO":[0,0,0,0,224,192,0,0,0,0,0,0,0,0],"FLAG":0,"BASE":46}

I thought I was set but I heard the lock engage from the Garage since the lock kinda sounds like a jail cell door’s electronic lock. Come to find out the base was wrong. In 10.1.0 BASE 46 is for a shelly device. I had to change it to BASE 18 and that fixed it.

Before I go and update anymore devices I need to write down the configurations. Since I don’t have Tasmota doing to much I can easily migrate to the new version without too much work. Now if I was doing Device Groups and other funky stuff then I would have a lot of work ahead of me.

Scene Controller Update – Face Plate

So after finally getting the 3D Printer squared away I was able to print a new face plate for the Scene Controller. It’s printed with Red PLA filament but I plan to redo the buttons in Clear and Prime/Paint the rest in White.

Dry fit test

As you can see the glue residue and the mess left when I did the standoffs for the print. The sanding will clean that all up.

Making this face plate wasn’t so simple. I had to build a new keypad all together.

It looks ugly but it’s kinda hard to get stuff on proto-board to look good. All of the bare copper is the ground plain and the little colorful loops are the signal wires. I looped them to add strength to the connections so the wire isn’t pulled from the solder joint.

Instead of doing awesome addressable LEDs I just used some 3mm blue LEDs and have the current limit resistors on the other side of the board.

Saturday I plan to finish this up and have it installed.

2GIG Edge Review

Monday I was given a work order to upgrade a customer’s system to a 2GIG Edge. In the past I have installed a 2GIG system and I have a 2GIG GoControl laying around so I was the victim to install it.

The hardware was a Takeover module, Remote Keypad, Outdoor sensor, Gun Motion Detector and the main Edge panel. It’s a typical all-in-one touch screen unit. Has a much bigger screen compared to the Qulsys IQ panel and Honeywell Tuxedo.

The Takeover module works just like their older E-Series model and it steals power from the old Panel and you wire up any hardline sensors to it. the Outdoor Sensor programs in like any other sensor and the Gun Motion Sensor you program as a generic motion and set it up as a Day Alarm so it beeps locally and if the system is armed for Stay or Away it will sound off the Alarm.

The remote Keypad is easy to program in, install it, connect it to the WiFi and tell it to pair with the main panel. Tell the main panel to search for it and tell it to pair. Downside is you need WiFi for it to work. I’m not sure if it’s only for the pairing then switches to RF or it only communicates via WiFi. The system is too dang easy to program. It took ten minutes but took forever for central station to register it.

What I don’t like about these new smart panels is the Power Supply is terrible. Uses a wallwart that is on the long side and can only power one device. So if you have a couple of remote keypads you’re going to have issues getting them powered from a central location unless you happen to have a outlet near the panel. Would be nice if they had the main panel’s supply have enough current to power the main panel and a remote panel. Or design them to use a typical AC 16 volt transformer.

The default Installer code is 1561 and the default user code is 1111 in case anyone needs that info.

The Edge Panel has a bunch of features such as FaceID to Arm/Disarm the panel. Can be used as a Home Automation controller. It’s a Alarm.com product and takes snapshots and uploads them to Alarm.com to notify the key-holder/customer who armed or disarmed the system. Those features I didn’t get a chance to play with but looked pretty cool.

The part my trainee kept playing with was the Gun Motion Detector. It’s a Trigger lock that can fit on most firearms and has a tilt sensor and tamper. If the gun is moved it will trigger then does a cool down for 45 seconds and if moved again it will trigger again. Also if the lock is opened it triggers. We decided to not use a voice prompt for that but a chime sound instead. If the system is armed and if the gun is moved or unlocked it will trigger the alarm. Pretty cool for someone that wants extra safety for their firearms.

Stuff going on

I got the 3D Printer working perfectly now. I tore down the hot end, cleaned it and replaced the Tip. I printed out a D1 Mini wall mount and compared it to some previous ones I had and there is a huge difference in quality. Since that print came out great I am quickly printing the rest of the parts for the Scene Controller. I don’t want to run into any issues so I am using the filament I already had loaded up. It’s Red but I can just sand it, prime it and paint it white.

Last year I bought some Merkury RGB Bulbs and today I attempted to flash them but these bulbs have the Tuya WB2L modules that are not ESP8266 based and there is no compatible Tasmota version since these modules seem to be ARM based. Sadly I can’t just crack the bulbs open and replace the WB2L with a ESP because you have to basically destroy the bulb to get into it. I took one apart and desoldered the module and I’ll keep it in the parts box for a future project. Who knows maybe some one will find a way to flash the WB2L module.

Reolink Cameras on a different brand NVR

Say you bought a few Reolink IP Cameras and a different brand NVR because it was either cheaper or had features the Reolink didn’t have. You wired everything up correctly, programmed the NVR and plugged in the Cameras. The NVR sees them but you get username or password issues.

Well this is how to fix it.

First off you need Cameras that have Onvif. If the Cameras don’t have Onvif then you’ll need a Reolink NVR. Second the Cameras need to connect to the internet for activation but after activation you can have them plugged directly into the NVR.

To power an IP Camera you have two options. You can use a 12Volt Wallwart. Keep in mind it’s DC Voltage and you need at least 1 Amp or higher. The other option is PoE (Power over Ethernet) and you would need either a PoE Switch or a injector.

Download and Install the Reolink App on a Phone or Tablet and it will ask a couple of questions such as where are you in the world but since were just activating we don’t need to create a Reolink account. Add a Camera by scanning the QR Code on the Camera and leave the username as admin and create a password. You should use the same Password as the NVR so it’s easy for you to remember and if the NVR screws up it can add the Camera back in on it’s own. After you activated the Cameras you can now plug them into the back of the NVR and wait a couple of minutes then use the NVR’s tool to scan for them if needed. Most NVRs will automatically find them but some you have to tell it to find them.

On the NVR be sure to use the following options if you run into trouble. These are the setting options Dauha uses.

Manufacturer: ONVIF
RTSPMode: Custom
RTSP Port: 554
HTTP Port: 8000
Username: admin
Password: Password you created with the Reolink App
Total Channels: 1
Remote Channel Number: 1
Decode Strategy: Realtime 

It’s not as simple as just Plug & Play but it works. I did this with my Home Setup but I never plugged them into the NVR. Also yesterday I did it again at work when we installed some customer supplied Cameras but we provided the NVR that we did end up plugging them into the NVR.

Good bye direct drive on the 3D Printer

I bought that dual gear extruder kit and some capacorn tubing. It all came in yesterday and after putting most of the extruder together I found out it is too tall for my direct drive mounting plate. Luckily I have a lot of capacorn tubing so I just put the extruder back to the stock location on the Z-Axis. Down the road I’ll fabricate something to make it work for the direct drive.

When I get some free time I can then dial in the E-Steps for it and give it a whirl.

The Aluminum feels a little soft on the extruder and I think that spring is a little too stiff for the job. I might go through my hoard of springs and see if I have anything a little softer. I know for sure the old extruder spring is too weak.

I surely hope this will fix any remaining issues with this printer. The only other modification that would be beneficial would be adding a second Z-Axis lead screw to the right side.