Hackaday

Syndicate content
Fresh hacks every day
ถูกปรับปรุง 4 hours 59 min ก่อน

Making a robot cleaner even smarter

อาทิตย์, 10/20/2019 - 18:00

Some electric cleaners are effective and some hardly even seem to make a difference. The ILIFE V7s may be a robot cleaner, but even with its cleaning modes and anti-collision system, it still requires IR signals to complete any tasks. Tired of having to be physically in the same place as his robot cleaner, [pimuzzo] decided to take matters into his own hands and build a RESTful remote control to send IR signals from afar.

The program uses the ESP8266WebServer and IRremoteESP8266 libraries for handling HTTP requests and sending and receiving infrared signals. The remote also respond to Actions on Google for controlling the robot over a Google Assistant.

The IR signals are a bit funky – as one user highlighted, finding the IR protocol is a nontrivial task that can be accomplished by recording the IR signals from the original remote with a IR receiver and matching the marks, spaces, and carrier frequency with those of known protocol codes. [Oitzu] was able to match the timing to the NEC 32 bit protocol and find the exact codes on an oscilloscope, which simplified the translation of the codes for the remote.

Sometimes when life gives you a robot cleaner, it’s your job to make it smarter.

Humanoid Robot Has Joints that Inspire

อาทิตย์, 10/20/2019 - 15:00

One of the challenges with humanoid robots, besides keeping them upright, is finding compact combinations of actuators and joint mechanisms that allow for good range of smooth motion while still having good strength. To achieve that researchers from the IRIM Lab at Korea University of Technology and Education developed the LIMS2-AMBIDEX robotic humanoid upper body that uses a combination of brushless motors, pulleys and some very interesting joint mechanisms. (Video, embedded below.)

The wrist mechanism. Anyone willing to tackle a 3D printed version?

From shoulder to fingers, each arm has seven degrees of freedom which allows the robot to achieve some spectacularly smooth and realistic upper body motion. Except for the wrist rotation actuator, all the actuators are housed in the shoulders, and motion is transferred to the required joint through an array of cables and pulleys. This keeps the arm light and its inertia low, allowing the arms to move rapidly without breaking anything or toppling the entire robot.

The wrist and elbow mechanisms are especially interesting. The wrist emulates rolling contact between two spheres with only revolute joints. It also allows a drive shaft to pass down the centre of the mechanism and transfer rotating motion from one end to the other. The elbow is a rolling double jointed affair that allows true 180 degrees of rotation.

We have no idea why this took two years to end up in our YouTube feed, but we’re sure glad it finally did. Check out some of the demo videos after the break.

We’ve covered a few robots that emulates form factors from the natural world including Boston Dynamic’s robot dog and Disney’s backflipping robot.

MIT Mini Cheetah Made and Improved In China

อาทิตย์, 10/20/2019 - 12:00

We nearly passed over this tip from [xoxu] which was just a few links to some AliExpress pages. However, when we dug a bit into the pages we found something pretty surprising. Somewhere out there in the wild we…east of China there’s a company not only reverse engineering the Mini Cheetah, but improving it too.

We cover a lot of Mini Cheetah projects; it’s a small robot that can do a back-flip after all. When compared to the servo quadruped of not so many years ago it’s definitely exciting magic. Many of the projects go into detail about the control boards and motor modifications required to build a Mini Cheetah of your own. So we were especially interested to discover that this AliExpress seller has gone through the trouble of not just reverse engineering the design, but also improving on it. Claiming their motors are thinner and more dust resistant than what they’ve seen from MIT.

To be honest, we’re not sure what we’re looking at. It’s kind of cool that we live in a world where a video of a research project and some papers can turn into a $12k robot you can buy right now. Let us know what you think after the break.

Name A Hacker Camp

อาทิตย์, 10/20/2019 - 09:00

Many of us look forward to visiting a summer hacker camp, as an opportunity to immerse ourselves in some of the coolest and most stimulating stuff that comes out of our community. The names trip off the tongue, ToorCamp, CCCamp, EMFcamp, BornHack, and more.

There’s one major event that doesn’t trip off the tongue in the same way though, because though it’s one of the oldest in our calendar it doesn’t have the same name every time. Since the end of the 1980s the Netherlands has seen a sequence of  hacker camps with three letter names such as HAR, OHM, and SHA. Every four years these events delight and amaze us, and every four years they need a new name. Do you think you can help them pick one for 2021?

There are a few ground rules to observe, for the would-be coiner of a new moniker. The tradition is of a three-letter acronym, usually one with a meaning somewhere in technology, and so far always containing the letter H somewhere to stand for “Hack” in some form. The idea is that it should somehow encapsulate the spirit of hacker camp culture rather than simply be three words containing “Hack”. HAR for example was Hacking At Random, OHM was Observe Hack Make, and SHA was Still Hacking Anyway. So if you can dream up a TLA within those parameters, there is a group of hackers in the Netherlands who might like to hear from you. We suspect that HAD is already taken.

If you want to know more about the Netherlands camps, read our review of SHA, in 2017.

Header image: [Renze]. “Met Elkaar Hacken” means something close to “Hack together”.

Storm Cloud Lamp Brings The Weather Inside

อาทิตย์, 10/20/2019 - 06:00

The humble lamp is a common build for a hacker looking to express themselves creatively. Often, nature can serve as an inspiration, as was the case for [Michael Pick]’s Storm Cloud. (Video, embedded below.)

Electronically, the build is straightforward, consisting of an Arduino Uno, an MP3 shield, and a string of WS2801 LEDs. These are driven slightly differently than the more-common WS2812B type, but Adafruit libraries make it easy for even the beginner. There’s also an RF keyfob fitted for remote control of the device, and a voice synth that serves as a user interface.

The video also covers the construction of the body of the lamp. Cardboard forms are created, then covered in tape to create a rough 3D ovaloid shape. This mold is then fiberglassed to create two shells, which are later joined together with bolts. This allows the LEDs and electronics to be neatly mounted inside. Spray adhesive is then used to affix what appears to be cotton wool or polyfill stuffing to the outside to create the cloud effect.

The final result is rather aesthetically pleasing. There’s the usual soft-glowing rainbows as you’d expect, but the real highlight is storm mode, which causes flickers of lighting to scatter across the surface of the cloud. The accompanying sound effects from the MP3 shield help add to the drama.

We’ve seen other takes on a cloud lamp before, too. Video after the break.

Beam Me Up to the PCB Space Ship

อาทิตย์, 10/20/2019 - 03:00

This project would fit in perfectly with #BadgeLife if someone could figure out a way to hang it from their neck. Inspired by Star Trek’s Starship Enterprise, [bobricius] decided to design and assemble a miniature space ship PCB model, complete with 40 blinking LEDs controlled by an ATtiny85.

While the design uses 0603, 0802, 3014, 4014, and 0805 LEDs, some substitutions can be made since the smallest LEDs can be difficult to solder. The light effects include a green laser, plasma coils, a deflector with scrolling blue LEDs, and the main plate and bridge for the space ship.

The LEDs are controlled by charlieplexing, a technique for driving LED arrays with relatively few I/O pins, different from traditional multiplexing. Charlieplexing allows n pins to drive n2−n LEDs, while traditional multiplexing allows n pins to drive (n/2)2 LEDs. (Here is the best explanation of Charlieplexing we’ve ever seen.)

Especially with the compiled firmware running on the MCU, the PCB model makes for an impressive display.

The only catch? Your Starship Enterprise can’t actually fly.

The HackadayPrize2019 is Sponsored by:





Customizing Xiaomi ARM Cortex-M Firmware

อาทิตย์, 10/20/2019 - 00:00

This hack was revealed a while ago at DEFCON26, but it’s still a fascinating look into vulnerabilities that affect some of the most widely used IoT devices.

[Dennis Giese] figured out a way to modify ARM Cortex-M based firmware for use in customizing the functionality of devices or removing access to the vendor. Obviously, there are more malicious activities that can be done with this type of hack, as with any exploits of firmware, but they are (also) obviously not condoned.

The talk goes into the structure of Xiaomi ecosystem and products before going into a step-by-step approach to binary patching the firmware. The first step was to acquire the firmware, either by dumping SPI flash memory (using JTAG, SWD, or desoldered Flash pins) or intercepting traffic during a firmware update and downloading the firmware. There’s also a possibility of downloading the firmware using a URL, although this can be more difficult to find.

The firmware can then be parsed, which first requires the format to be converted from a proprietary format to and ELF file. This conversion makes it easier to load into IDA pro, and gives information on the segments of the firmware and its entry point. Python tools luckily exist for converting binary files to ELF, which simplifies the task.

After loading the ELF file into the disassembler, you’ll want to find the key memory area, denoted by “TAG_MAC”, “TAG_DID”, and “TAG_KEY” in the example firmware (for storing the MAC address, device ID, and key). In order to prepare the firmware for Nexmon – a software that supported C-based firmware binary patching for ARM Cortex-A and ARM Cortex-M binaries – you’ll need to partition some space in the memory for patches and know the function names and signatures for the firmware.

The latter is done by doing a difference comparison in the disassembler between an unknown executable and the example executable.

With the necessary information gathered, you can now use Nexmon to make your modifications. The fact that this can be done for smart devices at home means that smart devices you acquire – especially those partitioned by others – may contain malicious code, so take care when handling used devices.

There’s more to the 3D print than the eye can see

เสาร์, 10/19/2019 - 21:00

If you thought CADing designs for 3D printing was hard enough, wait until you hear about this .stl trick.

[Angus] of Maker’s Muse recently demoed a method for creating hidden geometries in .stl files that are only revealed during the slicing process before a 3D print. (Video, embedded below.) The process involves creating geometries with a thickness smaller than the size of the 3D printer’s nozzle that still appear to be solid in a .stl editor, but will not be rendered by a FDM slicer.

Most 3D printers have 0.4 mm thickness nozzle, so creating geometries with a wall thinner than this value will result in the effect that you’re looking for. Some possible uses for this trick are to create easter eggs or even to mess with other 3D printing enthusiasts. Of course, [Angus] recommends not to use this “deception for criminal or malicious intent” and I’d have to agree.

There’s a few other tricks that he reveals as well, including a way to create a body that’s actually a thin shell but appears to be solid: great for making unprintable letters that reveal hidden messages.

Nevertheless, it’s a cool trick and maybe one of those “features not bugs” in the slicer software.

Converting a Tesla to a Pickup Truck

เสาร์, 10/19/2019 - 18:00

The renowned inventor of useless robots [Simone Giertz] has outdone herself this time. She, along with a team of engineers featuring [Rich Rebuilds], [Laura Kampf], and [Marcos Ramirez], recently decided to convert a Tesla into a pickup truck, and make a video along the way, all while salvaging what remains they can of the back of the car and making the final product roadworthy. Yeah, this is a couple weeks old now, and yeah, it’s kind of a commercial, but really: [Simone Giertz] and Co. rock.

In her vlog of the experience, the team starts by gutting out the interior of the car in order to find out the weight distribution and form of the outer frame. Essentially, in order to create the pickup truck, a portion of the back of the car needs to be removed, with additional beams and support welded in depending on the consequent structural integrity. With a sawzall and angle grinder, the top portion of the frame is cut and taken out, but not before a worrying glance brings about the realization that the car needs exterior support during its modifications.

After the cushions, glass, wiring, and all other accessories are removed, they install a truck bed from another sacrificial pickup truck, as well as a roof rack to complete the look. Amidst the deconstruction and reconstruction, there are moments when the car encounters a “Safety restraint system fault” or when the team accidentally lines the inside of the car with fiberglass right before shooting their video. Between complaints of the different clip sizes used and the clear time pressure of the project, it’s a funny and informative look into a pretty unique car mod.

The final commercial they made of their Tesla-pickup hybrid, dubbed Truckla, is available on [Giertz]’s YouTube channel.

[Thanks to crener for the tip!]

File Compression By Steganography

เสาร์, 10/19/2019 - 15:00

In a world with finite storage and an infinite need for more storage space, data compression becomes a very necessary problem. Several algorithms for data compression may be more familiar – Huffman coding, LZW compression – and some a bit more arcane.

[Labunsky] decided to put to use his knowledge of steganography to create a wholly unique form of file compression, perhaps one that may gain greater notoriety among other information theorists.

Steganography refers to the method of concealing messages or files within another file, coming from the Greek words steganos for “covered or concealed” and graphe for “writing”. The practice has been around for ages, from writing in invisible ink to storing messages in moon cakes. The methods used range from hiding messages in images to evade censorship to hiding viruses in files to cause mayhem.

100% not [via xkcd]The developer explains that since every file is just a bit sequence, observing files leads to the realization that a majority of bits will be equal on the same places. Rather than storing all of the bits of a file, making modifications to the hard drive at certain locations can save storage space. What is important to avoid, however, is lossy file compression that can wreak havoc on quality during the compression stage.

The compression technique they ended up implementing is based on the F5 algorithm that embeds binary data into JPEG files to reduce total space in the memory. The compression uses libjpeg for JPEG decoding and encoding, pcre for POSIX regular expressions support, and tinydir for platform-independent filesystem traversal. One of the major modifications was to save computation resources by disabling a password-based permutative straddling that uniformly spreads data among multiple files.

One caveat – changing even one bit of the compressed file could lead to total corruption of all of the data stored, so use with caution!

Miss Nothing With A Hacked 360 Degree Camera Trap

เสาร์, 10/19/2019 - 12:00

Camera traps are a very common tool in wildlife conservation and research, but placing and pointing them correctly can be a bit of a guessing game. Something very interesting could happen just out of frame and you’d be none the wiser. The [Andrew Quitmeyer] and [Danielle Hoogendijk] at DINALABS (Digital Naturalism Laboratories) in Panama are experimenting with hacked consumer 360° cameras to help solve problem.

The project is called Panatrap and looks very promising. They’ve done very detailed testing with a number of different 360° cameras, and have built functional prototypes with the Xiaomi Misphere and Ricoh Theta V. The Xiaomi had some handy contacts on the bottom of the camera for its selfie stick interface (simply a resistor and button), which allowed full control of the camera. An Arduino compatible board waits for the motion detected signal from a PIR sensor which then sends the required command to the camera to wake-up and take footage. The Ricoh was slightly more challenging, but they discovered that the camera will wake up if an emulated keyboard command is received over it’s USB port from a Teensy. Triggering is then done by a servo pushing against the camera’s button. Everything is housed in a laser cut acrylic case to help it survive the wet jungle. If anyone knows how to hack the Samsung Gear camera to work, the team is keen to hear from you!

All the work is open sourced, with build details and hardware designs available on the project page and software up on Github. Check out some cool 360° test footage after the break with some local wildlife. We are looking forward to more footage!

It’s possible to make your own rudimentary 360° camera using a raspberry pi. Also check out our recent article on Dian Fossey, a hero of gorilla conservation.

Revisiting The BlackHat Hack: How A Security Conference Was Pwned

เสาร์, 10/19/2019 - 09:00

Does anyone remember the Black Hat BCard hack in 2018? This hack has been documented extensively, most notoriously by [NinjaStyle] in his original blog post revealing the circumstances around discovering the vulnerability. The breach ended up revealing the names, email addresses, phone numbers, and personal details of every single conference attendee – an embarrassing leak from one of the world’s largest cybersecurity conferences.

To recap: The Black Hat conference badges included an embedded NFC tag storing the participant’s contact details presumably for vendors to scan for marketing purposes. After scanning the tag, [NinjaStyle] realized that his name was readily available, but not his email address and other information. Instead, the NFC reader pointed to the BCard app – an application created for reading business cards.

[NinjaStyle] decompiled the APK for the app to search for API endpoints and found that the participants each had a custom URL made using event identification values. After finding data that appeared to correspond to an eventID and badgeID, he sent a request over a web browser and found that his attendee data was returned completely unauthenticated. With this knowledge, it was possible to brute-force the contact details for every Black Hat attendee (the range of valid IDs was between 100000-999999, and there were about 18,000 attendees). Using Burp Suite, the task would take about six hours. 

He was able to get ahold of BCard to reveal the vulnerability, which was fixed in less than a day by disabling the leaky API from their legacy system. Even so, legacy APIs in conference apps aren’t an uncommon occurrence – the 2018 RSA Conference (another cybersecurity conference) also suffered from an unprotected app that allowed 114 attendee records to be accessed without permission.

With the widespread publicity of leaked attendee data, event organizers are hopefully getting smarter about the apps that they use, especially if they come from a third-party vendor. [Yashvier Kosaraju] gave a talk at TROOPERS19 about pen testing several large vendors and discovering that Kitapps (Attendify) and Eventmobi both built apps with unauthenticated access to attendee data. It’s hard to say how many apps from previous years are still around, or whether or not the next event app you use will come with authentication – just remember to stay vigilant and to not give too much of your personal data away.

A Low-Power Solution To Streamlining Sensor Data For IoT

เสาร์, 10/19/2019 - 06:00

For home use IoT systems, getting sensor data from tons of physical locations centralized to a single Raspberry Pi can be a difficult job, especially when considering the power consumption that’s necessary for doing it all over WiFi. When you’re using an ESP8266, for instance, swapping out batteries and accounting for connectivity issues can be a major hassle for a long-term solution. The NoCAN platform, created by [Alain Pannetrat], solves this problem using a wired approach that improves the use of the CAN bus.

Since SPI and I2C only work for short distances, approaches like RS-485 and CAN bus are a better bet for this type of setup. For systems with one centralized point, RS-485 works best – thus, the CAN bus is the better approach when you’re considering using multiple masters in a single environment.

CAN devices typically need a static address, so messaging involves sending data to the known address of the destination device. With NoCAN, a dynamic address assignment scheme allows nodes to request an address from a node manager on boot-up (similar to DHCP). A command line application also allows users to send and receive message from nodes using a pub/sub implementation – a device sends messages to a channel, and every device subscribed to the channel receives the message.

The hardware for the NoCAN platform consists of a Raspberry Pi with a “PiMaster” HAT and an Arduino-compatible CANZERO board. The PiMaster HAT uses an STM32F042 ARM Cortex M0 MCU, acting as an interface between the Pi and the CAN bus as well as preventing over-current events with a software-controlled smart switch. The CANZERO is based on the the SAMD21G18 ARM Cortex M0+ running at 48MHz, similar to the Arduino MKR Zero, with CAN bus networking using the STM32F042 ARM Cortex M0. The double MCU design allows the secondary MCU to reset the primary if it gets stuck due to a programming error, with the messages sent over the CAN bus.

To join the network together, a four-wire cable daisy-chains the nodes in the bus network, providing connectivity for up to 1000 feet. Either 12V or 24V DC power runs through the network, stepping down to 5V or 3.3V at each node. The approach is similar to PoE (power over Ethernet), although it is slower and lower in cost. Overall, it seems like a good solution for environments where wireless connectivity simply doesn’t cut it.

USB Power Delivery For All The Things

เสาร์, 10/19/2019 - 03:00

The promise of USB Power Delivery (USB-PD) is that we’ll eventually be able to power all our gadgets, at least the ones that draw less than 100 watts anyway, with just one adapter. Considering most of us are the proud owners of a box filled with assorted AC/DC adapters in all shapes and sizes, it’s certainly a very appealing prospect. But [Mansour Behabadi] hasn’t exactly been thrilled with the rate at which his sundry electronic devices have been jumping on the USB-PD bandwagon, so he decided to do something about it.

[Mansour] wanted a simple way to charge his laptop (and anything else he could think of) with USB-PD over USB-C, but none of the existing options on the market was quite what he wanted. He looked around and eventually discovered the STUSB4500, a a USB power delivery controller chip that can be configured over I2C.

With a bit of nonvolatile memory onboard, it can retain its settings so he didn’t have to include a microcontroller in his design: just program it once and it can be used stand-alone to negotiate the appropriate voltage and current requirements when its plugged in.

The board that [Mansour] came up with is a handy way of powering your projects via USB-C without having to reinvent the wheel. Using the PC configuration tool and an Arduino to talk to the STUSB4500 over I2C, the board can be configured to deliver from 5 to 20 VDC to whatever device you connect to it. The chip is even capable of storing three seperate Power Delivery Output (PDO) configurations at once, so you can give it multiple voltage and current ranges to try and negotiate for.

In the past we’ve seen a somewhat similar project that used USB-PD to charge lithium polymer batteries. It certainly isn’t happening overnight, but it looks like we’re finally starting to see some real movement towards making USB-C the standard.

Replacing the 3D Printer and Router: A Tool for Manufacturing Human-Scale Forms

เสาร์, 10/19/2019 - 01:30

The purpose of Geometer becomes apparent when you realize its simplicity: [David Troetschel]’s project is to create an easily understandable design tool that encourages goal-oriented design. The kit comes with physical components and digital counterparts that can be combined in a modular way. They each have a specific geometry, which provide versatility while keeping manufacturing simple.

For the prototyping phase, small snap-on parts 3D printed on a Formlabs printer mimic the module components on a smaller scale. Once a design is conceived and the Geometer Grasshopper program finalizes the module arrangement necessary for the model, the larger pieces can be used as a mold for a concrete or hydrocal mold casting.

The present set of modules is in its seventh iteration, initially beginning as a senior thesis for [Troetschel]. Since then, the project itself has had an extensive prototyping phase in which the components have gone from being injection-molded to 3D printed.

The overall process for prototyping is faster than 3D printing and more cost-effective than sending to a third-party shop to build, which adds to the project’s goal of making manufacturing design more accessible. This is an interesting initiative to introduce a new way of making to the DIY community, and we’re curious to see this idea take off in makerspaces.

The HackadayPrize2019 is Sponsored by:





Speakers Taking the Stage at Supercon Plus a Hint of the Hacking to Come

เสาร์, 10/19/2019 - 00:01

Four weeks from today the Hackaday Superconference comes alive for the fifth year. From engineering in challenging environments to elevating the art form of electronics, here are nine more talks that will make this a year to remember.

In addition to the slate of speakers below there are three other announcements, plus workshops. Jeroen Domburg (aka Sprite_TM) is designing this year’s badge based around a beefy FPGA running a RISC-V core and using open source synthesis tools. We’ll have more on that soon, but if you just can’t wait, check out the expansion board spec he just published, and join the conference chat room for the inside track. Badge hacking is sure to be the liveliest we’ve ever seen.

Tickets are sold out but you can still get on the waiting list and hope that one becomes available. If you are holding onto one of these hot commodities but are unable to use it, please return your ticket so that we can get it to someone waiting with their fingers crossed.

The Talks (Part Four of Many)

  • Laurel Cummings

    When it Rains, It Pours

    Over the last two years my work has been beyond ordinary, building and prototyping in strange locations like being stranded on a sailboat in the Atlantic Ocean, teaching US Marines in Kuwait, and building fuel gauge sensors for generators for vital systems in North Carolina post hurricane Florence. Some of the big lessons I’ve learned are about how to source materials and supplies in weird places, like finding potentiometers in the backwoods of North Carolina when Amazon cannot physically deliver across flooded highways, how to find welding gas in Kuwait City (and how a local chef could possibly be your best bet), or how far you can get with an O’Reilly’s Auto Parts store near the city docks. These situations help you really see the “engineer creep” that can happen to a project. I’ve learned that when you’re in high-risk situations, you really should stop caring about whether the edges of your 3D print are chamfered. In fact, version 1 of the hurricane fuel gauge sensor was demonstrated while being housed inside an elegant, tasteful sandwich baggie.


  • Angela Sheehan

    Building Whimsical Wearables: Leveling Up Through Playful Prototyping

    Whether it’s for a theme party, Halloween, cosplay, or That Thing in The Desert, designing wearables for whimsical self expression presents a great opportunity to challenge yourself as a maker, wearer, and collaborator. As an artist and designer who crash landed into a career in tech, I’ve found that imposter syndrome can often place limits on what feels personally achievable from an electronics and programming standpoint. Recontextualizing a project to shift the focus from ‘wearable tech hardware endeavor’ to ‘quirky mixed media experiment in personal styling’, I’ve created a safe space to play and try new things just outside my skill set and produced some of my most technically complex and polished personal work. Take a journey with me through the process of conceptualizing and building my Color Stealing Fairy project, an exercise in iterative design and upgrading an interactive wearable project over the course of two years and counting.


  • Michael Ossmann and Kate Temkin

    Software-Defined Everything

    The popularity of Software-Defined Radio (SDR) has led to the emergence of powerful open source software tools such as GNU Radio that enable rapid development of real-time Digital Signal Processing (DSP) techniques. We’ve used these tools for both radio and non-radio applications such as audio and infrared, and now we are finding them tremendously useful for diverse sensors and actuators that can benefit from DSP. In this talk we’ll show how we use the open source GreatFET platform to rapidly develop an SDR-like approach to just about anything.


  • Kelly Heaton

    “Hacking Nature’s Musicians” (or, “The Art of Electronic Naturalism”)

    The general lack of acceptance of electronic art results from a scarcity of critics, curators, collectors, and grantors who understand electronic media, compounded by a cultural gap between the artistic and engineering communities. In order to solve this problem, we must stretch our comfort zone and vocabularies to have a respectful, enlightening conversation with people with different educational backgrounds. In this talk I’ll discuss my wonderment at the simple, analog circuit designs that mimic life-like behavior such as chirping crickets and singing birds. This will include discussion of various schematics and demonstrations of a small. along with an abbreviated survey of my work to-date.


  • Jasmine Brackett

    Setting your Electronics Free

    In this panel we’ll discuss the key ways to get your projects from your workshop into the hands of the first few users, and what you can do to scale up from there. We’ll talk about common pitfalls, and also what are the best resources to draw upon.


  • David Williams

    MicroFPGA – The Coming Revolution in Small Electronics

    Big FPGA’s are awesome. They’re doing what they’ve always done, enabling AI, signal processing, military applications etc. However, there is a new possibility emerging – FPGA’s for small applications – which is quite possibly even more significant. Using open source tools, cheap flexible development boards, and new libraries, designers have a whole new set of options, creating incredibly high performance, flexible, low power projects and products.


  • Nick Poole

    Boggling the Boardhouse: Designing 3D Structures, Circuits, and Sensors from PCBs

    The presentation will be a series of design features or techniques with a few minutes of exploration into the ‘gotchas’ of each, as well as example layouts in EAGLE and physical examples. I’d like to cover as many different techniques as I can cram into 30 minutes, including bringing weird shapes into EDA, the inside corner problem caused by tab and slot, fillet soldering, stacking boards, imitating model sprues with mouse bites, manipulating the mask layer for custom displays, bendy tab buttons, working rotary encoder, and ergonomic design for handheld PCBs.


  • Ted Yapo

    Towards an Open-Source Multi-GHz Sampling Oscilloscope

    Tektronix designed a 14.5 GHz sampling oscilloscope in 1968. With the easy multi-layer PCB designs, tiny surface-mount parts, blazingly fast semiconductors, and computer horsepower available to the individual designer today, can a similar sampling head be re-created inexpensively with common, off-the-shelf components? Should be easy, right? It’s not. In this talk, I’ll discuss progress towards an open-source GHz+ sampling oscilloscope, including a lot of dead ends, plus some very promising leads.


  • Jeroen Domburg

    Building the Hackaday Superconference Badge

    The tradition of the Hackaday Supercon badge is to build something unlike any Supercon badge that came before. This year’s badge has an FPGA as its central component, and this comes with some extra challenges: the FPGA only comes in a BGA package with a whopping 381 pads to solder, and instead of just referring to the datasheet of the SoC to write the badge software, the SoC itself had to be written first.  I will discuss the development process of the badge, as well as the many challenges encountered along the way.

 

Keep Your Eye on Hackaday for the Livestream

The speakers you’ll see at Supercon have an amazing wealth of experience and we can’t wait to see their talks. But even if you couldn’t get a ticket, that doesn’t mean you have to miss out. Keep your eye on Hackaday for a link to the livestream which will begin on Saturday, November 16th.

Hackaday Podcast 040: 3D Printed Everything, Strength v Toughness, Blades of Fiber, and What Can’t Coffee Do?

ศุกร์, 10/18/2019 - 23:01

Hackaday Editors Mike Szczys and Elliot Williams opine on the coolest hacks we saw this week. This episode is heavy with 3D printing as Prusa released a new, smaller printer, printed gearboxes continue to impress us with their power and design, hoverboards are turned into tanks, and researchers suggest you pour used coffee grounds into your prints. Don’t throw out those “toy” computers, they may be hiding vintage processors. And we have a pair of fantastic articles that cover the rise and fall of forest fire watchtowers, and raise the question of where all those wind turbine blades will go when we’re done with them.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!



Direct download (59 MB)

Places to follow Hackaday podcasts:

Episode 039 Show Notes: New This Week: Interesting Hacks of the Week: Quick Hacks: Can’t-Miss Articles:

The True Cost of Multimeters

ศุกร์, 10/18/2019 - 22:30

If you are building a home shop, it is common to try to get the cheapest gear you can possibly get. However, professionals often look at TCO or total cost of ownership. Buying a cheap car, for example, can cost more in the long run compared to buying an expensive car that requires less maintenance. Most consumers will nod sagely and think of ink jet printers. That $20 printer with the $80 cartridges might not be such a deal after all. [JohnAudioTech] bought a few cheap multimeters and now has problems with each of them. Maybe that $120 meter isn’t such a bad deal, after all.

The problems he’s seen are the same ones we’ve all seen: noisy selector switches, suspect display readings, and worn off lettering. You can see the whole story in the video below.

Although we get that [John] has $90 worth of meters that are not so great, we wish he’d given us an idea of one that he used that he did like. If you shop, though, you can get one really good meter for the cost of the three meters in the video and some of those will reliably last for decades.

There are cheaper meters, of course (with strange connections to felines). You can even get a Fluke meter for less than you might think.

This Week in Security: A Digital Café Américain, The Linux Bugs That Weren’t, The Great Nation, and More

ศุกร์, 10/18/2019 - 21:00

A government is going after a human rights activists in Morocco. It sounds familiar, but I don’t think Humphrey Bogart is running the gin joint this time around.

Questionable Casablanca references aside, Amnesty International has reported another attack against human rights workers. In this case, a pair of Moroccan activists were targeted with what appears to be NSO’s Pegasus malware suite. Researchers identified text message phishing that led to malicious web pages, as well as HTTP man in the middle attacks against their mobile devices. Once the target was successfully directed to the malicious site, A collection of zero-day vulnerabilities were used to compromise the phone with the NSO malware.

NSO is an Israeli company that specializes in building malware and other cybersecurity tools for governments. As you can imagine, this specialization has earned NSO the scorn of quite a few organizations. NSO claims to have a policy framework in place that allows them to evaluate and terminate the use of their software when it is deemed illegal or abusive, but due to the nature of their contracts, that process is anything but transparent.

Sudo Vulnerability

A problem in sudo was disclosed this week, that allowed users to run commands as root even when they don’t have permission to do so. Sudo allows a user to specify a numeric user ID instead of a username. It was discovered that specifying -1 as the user did something unexpected, it failed. Trying to switch to user -1 fails, but sudo runs the rest of the command anyway, as root instead of user -1. I was excited to test this simple vulnerability on a slightly out-of-date system. I created an unprivileged user, ran the sudo command, and got the expected security error, but no root access.

There’s an xkcd for everything.

The actual exploit requires a very specific, and unusual system configuration. A user has to be added to the sudoer file, and have permission to run as any user except root. This effectively means that any user ID but 0 is allowed. The user ID of -1 passes the test of anything but 0 (root), but then causes the fail when trying to switch users, running the command as root.

Giving a user access to everything but root itself is not a great security strategy, to say the least. To point out the most obvious, if any other user has permission to run commands as root via sudo, the less privileged user could simply use sudo to run sudo as that administrator’s account.

In some ways a similar story, a problem in the Linux Kernel’s Realtek driver was found on Monday. At first glance, it’s another terrifying vulnerability that affects every Linux user with a Realtek wireless card. It’s appears to be a standard buffer overflow, where the length of a field is checked in one way, but not checked to be under the maximum length. A longer than expected data field will overflow the buffer and cause problems. A code execution exploit has not yet been discovered, but it’s likely to be eventually found.

The catch with this bug is that before the vulnerable code is called, the driver checks whether the card is currently connected in p2p mode. Here’s the check in question if you’re interested. This means that rather than being vulnerable to attack any time your Realtek is powered on, you aren’t actually at risk unless you’re talking to another device using the p2p WiFi mode. In all the Linux WiFi work I’ve done over the years, I don’t think I’ve ever used p2p mode on a wireless card under Linux.

It’s good these bugs were found, and even better that they are getting fixed. That said, these are both very niche cases that have been oversold in some reporting.

Study The Great Nation

Red Team Lab, part of the Open technology Fund, partnered with Cure53 to do a detailed study of a Chinese mobile app, “Study the Great Nation”. This application is sponsored by Chinese government, particularly the Chinese Communist Party. At first glance, it seems to be a rather straightforward education tool, teaching students about Chinese history, and encouraging competition through quizzes and a public leaderboard.

Image: The Independent

The audit uncovered more devious activity than a simple educational tool. The app collects data from the phone, including information about what other apps are installed, calls that have been made, and even the device’s current location. This data is uploaded, presumably to the Chinese government.

Some of the more sensational stories claim that this app contains a superuser backdoor aimed at rooted phones. At the very least, the app does attempt to determine if the phone it is running on has been rooted. Looking at the code snippets, I don’t see anything that would bypass root management software like SuperSU or the like. There is a function that is designed to run commands as root, but without an exploit, this would still be user controlled, so long as the rooted device has SuperSU or a similar utility installed.

The app also requests microphone and camera access, reportedly for integration with other apps. It doesn’t take a great leap of the imagination to understand how those permissions could be abused.

Cure53’s report pointed out that the Java code that comprises this app is heavily obfuscated, and not all of the code was successfully de-obfuscated. There may still be nasty surprises lurking.

Hacking the Terminal

A Mozilla funded audit of iTerm2 turned up a surprising vulnerability. iTerm2 is an open source terminal replacement for MacOS that adds many features including built-in tmux integration. It was discovered that certain terminal output would be interpreted as tmux commands, leading to code execution on the machine running the terminal.

This leads to an interesting scenario, where the act of connecting to a remote server over SSH or Telnet would allow exploiting this bug. The default behavior of Curl is to output the downloaded file directly to the terminal, which could also trigger the bug.

Hacking Back

A question the security industry often has to field is why we don’t simply hack the hackers. This has been an ongoing debate for years, but occasionally someone decides to take matters into his own hands. [Tobias Frömel] was stung by the Muhstik ransomware, and coughed up the 0.09 bitcoin to get his files back. This must have left a sour taste in his mouth, because [Tobias] tracked down the command and control server, and discovered it was a legitimate server that had been compromised and co-opted to run the ransomware campaign. He discovered a remote access shell that the original attackers left behind, and used that to gain access to the server himself. From there, he dumped the database containing the keys, and released it to the world.

It’s a noble gesture, but also still illegal. I would guess (and hope) that [Tobias Frömel] is a pseudonym, and this digital vigilante is keeping his real name to himself. In any case, Bleeping Computer reported that many of the Muhstik victims have been able to recover their data as a result. I’m not sure whether [Tobias] is the hero we deserved, or just the hero we needed, but he was certainly a hero to Muhstik victims.

Lessons Learned Building a DIY Rebreather

ศุกร์, 10/18/2019 - 18:00

While the homebrew rebreather the [AyLo] describes on his blog looks exceptionally well engineered and is documented to a level we don’t often see, he still makes it very clear that he’s not suggesting you actually build one yourself. He’s very upfront about the fact that he has no formal training, and notes that he’s already identified several critical mistakes. That being said, he’s taken his rebreather out for a few dives and has (quite literally) lived to tell the tale, so he figured others might be interested in reading about his experiments.

For the landlubbers in the audience, a rebreather removes the CO2 from exhaled air and recirculates the remaining O2 for another pass through the lungs. Compared to open circuit systems, a rebreather can substantially increase the amount of time a diver can remain submerged for a given volume of gas. Rebreathers aren’t just for diving either, the same basic concept was used in the Apollo PLSS to increase the amount of time the astronauts could spend on the surface of the Moon.

The science behind it seemed simple enough, so [AyLo] did his research and starting designing a bare-minimum rebreather system in CAD. Rather than completely hack something together with zip ties, he wanted to take the time to make sure that he could at least mate his hardware with legitimate commercial scuba components wherever possible to minimize his points of failure. It meant more time designing and machining his parts, but the higher safety factor seems well worth the effort.

[AyLo] has limited the durations of his dives to ten minutes or less out of caution, but so far reports no problems with the setup. As with our coverage of the 3D printed pressure regulator or the Arduino nitrox analyser, we acknowledge there’s a higher than usual danger factor in these projects. But with a scientific approach and more conventional gear reserved for backups, these projects prove that hardware hacking is possible in even the most inhospitable conditions.