Open Source, DIY Soldering Robot

After [Brian] starting selling his own Raspberry Pi expansion boards, he found himself with a need for a robot that could solder 40-pin headers for him. He first did what most people might do by looking up pre-built solutions. Unfortunately everything he found was either too slow, too big, or cost as much as a new car. That’s when he decided to just build his own soldering robot.

The robot looks similar to many 3D printer designs we’ve seen in the past, with several adjustments. The PCBs get mounted to a flat piece of aluminum dubbed the “PCB caddy”. The PCBs are mounted with custom-made pins that thread into the caddy. Once the PCBs are in place, they are clamped down with another small piece of aluminum. A computer slowly moves the caddy in one direction, moving the header’s pins along the path of the soldering irons one row at a time.

The machine has two soldering irons attached, allowing for two pins to be soldered simultaneously. The irons are retracted as the PCB caddy slides into place. They irons are then lowered onto the pins to apply heat. Two extruders then push the perfect amount of solder onto each pin. The solder melts upon contact with the hot pins, just as it would when soldered by hand.

The system was originally designed to be run on a Windows 8.1 tablet computer, but [Brian] found that the system’s internal battery would not charge while also acting like a USB host. Instead, they are running the Windows WPF application on full PC. All of the software and CAD files can be found on [Brian’s] github page. Also be sure to check out the demo video below. Continue reading “Open Source, DIY Soldering Robot”

A Simple And Inexpensive GPS Navigation Device

There are plenty of GPS navigation units on the market today, but it’s always fun to build something yourself. That’s what [middelbeek] did with his $25 GPS device. He managed to find a few good deals on electronics components online, including and Arduino Uno, a GPS module, and a TFT display.

In order to get the map images on the device, [middelbeek] has to go through a manual process. First he has to download a GEOTIFF of the area he wants mapped. A GEOTIFF is a metadata standard that allows georeferencing information to be embedded into a TIFF image file.  [middelbeek] then has to convert the GEOTIFF into an 8-bit BMP image file. The BMP images get stored on an SD card along with a .dat file that describes the boundaries of each BMP. The .dat file was also manually created.

The Arduino loads this data and displays the correct map onto the 320×240 TFT display. [middelbeek] explains on his github page that he is currently unable to display data from two map files at once, which can lead to problems when the position moves to the edge of the map. We suspect that with some more work and tuning this system could be improved and made easier to use, of course for under $25 you can’t expect too much.

Hacking a Thin Client to Gain Root Access

[Roberto] recently discovered a clever way to gain root access to an HP t520 thin client computer. These computers run HP’s ThinPro operating system. The OS is based on Linux and is basically just a lightweight system designed to boot into a virtual desktop image loaded from a server. [Roberto’s] discovery works on systems that are running in “kiosk mode”.

The setup for the attack is incredibly simple. The attacker first stops the virtual desktop image from loading. Then, the connection settings are edited. The host field is filled with garbage, which will prevent the connection from actually working properly. The real trick is in the “command line arguments” field. The attacker simply needs to add the argument “&& xterm”. When the connection is launched, it will first fail and then launch the xterm program. This gives the attacker a command shell running under the context of whichever user the original software is running as.

The next step is to escalate privileges to root. [Roberto] discovered a special command that the default user can run as root using sudo. The “”hpobl” command launches the HP Easy Setup Wizard. Once the wizard is opened, the attacker clicks on the “Thank You” link, which will then load up the HP website in a version of Firefox. The final step is to edit Firefox’s default email program association to xterm. Now when the attacker visits an address like “mailto:test@test.com”, Firefox (running as root) launches xterm with full root privileges. These types of attacks are nothing new, but it’s interesting to see that they still persist even in newer software.

Race Conditions Exploit Granted Free Money on Web Services

[Josip] has been playing around with race conditions on web interfaces lately, finding vulnerabilities on both Facebook and Digital Ocean. A race condition can occur when a piece of software processes multiple threads using a shared resource.

For example, [Josip] discovered that he was able to manipulate page reviews using just a single Facebook account. Normally, a user is permitted to leave just one review for any given Facebook page. This prevents a single user from being able to skew the page’s overall ranking by making a bunch of positive or negative reviews. The trick to manipulating the system was to intercept the HTTP request that submitted the page review. The request was then replayed over and over in a very short amount of time.

Facebook’s servers ended up processing some of these requests simultaneously, essentially unaware that multiple requests had come in so close together. The result was that multiple reviews were submitted, artificially changing the pages overall ranking even though only one review actually showed up on the page for this user. The user can then delete their single review, and repeat this cycle over and over. It took Facebook approximately two months to fix this vulnerability, but in the end it was fixed and [Josip] received a nice bounty.

The Digital Ocean hack was essentially the exact same process. This time instead of hacking page reviews, [Josip] went after some free money. He found that he was able to submit the same promotional code multiple times, resulting in a hefty discount at checkout time. Digital Ocean wasted no time fixing this bug, repairing it within just ten days of the disclosure.

Strapping an Apple II to Your Body

Now that the Apple wristwatch is on its way, some people are clamoring with excitement and anticipation. Rather than wait around for the commercial product, Instructables user [Aleator777] decided to build his own wearable Apple watch. His is a bit different though. Rather than look sleek with all kinds of modern features, he decided to build a watch based on the 37-year-old Apple II.

The most obvious thing you’ll notice about this creation is the case. It really does look like something that would have been created in the 70’s or 80’s. The rectangular shape combined with the faded beige plastic case really sells the vintage electronic look. It’s only missing wood paneling. The case also includes the old rainbow-colored Apple logo and a huge (by today’s standards) control knob on the side. The case was designed on a computer and 3D printed. The .stl files are available in the Instructable.

This watch runs on a Teensy 3.1, so it’s a bit faster than its 1977 counterpart. The screen is a 1.8″ TFT LCD display that appears to only be using the color green. This gives the vintage monochromatic look and really sells the 70’s vibe. There is also a SOMO II sound module and speaker to allow audio feedback. The watch does tell time but unfortunately does not run BASIC. The project is open source though, so if you’re up to the challenge then by all means add some more functionality.

As silly as this project is, it really helps to show how far technology has come since the Apple II. In 1977 a wristwatch like this one would have been the stuff of science fiction. In 2015 a single person can build this at their kitchen table using parts ordered from the Internet and a 3D printer. We can’t wait to see what kinds of things people will be making in another 35 years.

Continue reading “Strapping an Apple II to Your Body”

Remote Controlled Wildlife Camera with Raspberry Pi

If you are interested in local wildlife, you may want to consider this wildlife camera project (Google cache). [Arnis] has been using his to film foxes and mice. The core components of this build are a Raspberry Pi and an infrared camera module specifically made for the Pi. The system runs on a 20,000 mAh battery, which [Arnis] claims results in around 18 hours of battery life.

[Arnis] appears to be using a passive infrared (PIR) sensor to detect motion. These sensors work by detecting sudden changes in the amount of ambient infrared radiation. Mammals are good sources of infrared radiation, so the sensor would work well to detect animals in the vicinity. The Pi is also hooked up to a secondary circuit consisting of a relay, a battery, and an infrared light. When it’s dark outside, [Arnis] can enable “night mode” which will turn on the infrared light. This provides some level of night vision for recording the furry critters in low light conditions.

[Arnis] is also using a Bluetooth dongle with the Pi in order to communicate with an Android phone. Using a custom Android app, he is able to connect back to the Pi and start the camera recording script. He can also use the app to sync the time on the Pi or download an updated image from the camera to ensure it is pointed in the right direction. Be sure to check out the demo video below.

If you like these wildlife cameras, you might want to check out some older projects that serve a similar purpose. Continue reading “Remote Controlled Wildlife Camera with Raspberry Pi”

Controlling a Color TFT Display with PIC32

Sometimes it feels like everyone out there is using Arduino. It’s easy to find tutorials and libraries to get things working with Arduino, but if you want to use another platform you might have more trouble. [Tahmid] ran into this problem when he decided to try using a PIC32 to control a 2.2″ color TFT display from Adafruit.

Adafruit is really good about providing tutorials and Arduino libraries for their products. It makes it really easy to get up and running… if you are using Arduino. All of their libraries are open source, which means that the community can take them and modify them as needed. [Tahmid] decided to do exactly this and fork the Adafruit libraries over to the PIC32 platform in C. It’s a great learning experience. You get to see how (good or bad) other people code, and it immerses you in the differences between two different chip families.

He’s released the libraries online for others to use. He says that he’s heavily commented the code to try to make as self-explanatory as possible. The display interfaces with the PIC32 using SPI. The demo video below shows the screen up and running and demonstrates the crisp color graphics. Continue reading “Controlling a Color TFT Display with PIC32″