Disposable Drones

How do you deliver medical supplies to a war zone cheaply? The answer, according to this project, might be to make a disposable drone. Created by friends of Hackaday [Star Simpson] and the Sky Machines group at Otherlab, this project is looking to make drones out of cheap biodegradable products like cardboard.

Rather than risk an expensive drone that might never return, the project imagines a drone that flies to the target, delivers its cargo with an accuracy of about 10 meters and then be easily disposed of. The prototype the team is working on is part of a DARPA project called Inbound, Controlled Air-Releasable Unrecoverable Systems (ICARUS) and is a glider designed to be released from a plane or helicopter. Using a cheap GPS receiver and controller, the drone then glides to the destination.

It’s an interesting take on the drone: making it so simple and cheap that you can use it once and throw it away. And if you want to get a feel for how [Star] and Otherlabs approach problems like this, check out the awesome talk that [Star] gave at our recent SuperConference on making beautiful circuit boards.

Thanks for the tip, [Adrian]!

TruffleHog Sniffs Github for Secret Keys

Secret keys are quite literally the key to security in software development. If a malicious actor gains access to the keys securing your data, you’re toast. The problem is, to use keys, you’ve got to write them down somewhere – oftentimes in the source code itself. TruffleHog has come along to sniff out those secret keys in your Github repository.

It’s an ingenious trick — a Python script goes through the commit history of a repository, looking at every string of text greater than 20 characters, and analyzing its Shannon entropy. This is a mathematical way of determining if it looks like a relatively random string of numbers and letters. If it has high entropy, it’s probably a key of some sort.

Sharing source code is always a double-edged sword for security. Any flaws are out for all to see, and there are both those who will exploit the flaws and those who will help fix them. It’s a matter of opinion if the benefits outweigh the gains, but it’s hard to argue with the labor benefits of getting more eyes on the code to hunt for bugs. It’s our guess though, that a lot of readers have accidentally committed secret keys in a git repository and had to revert before pushing. This tool can crawl any publicly posted git repo, but might be just as useful in security audits of your own codebase to ensure accidentally viewable keys are invalidated and replaced.

For a real world example of stolen secret keys, read up on this HDMI breakout that sniffs HDCP keys.

1 kB Challenge: And the winners are…

The 1 kB Challenge deadline has come and gone. The judges have done their work, and we’re ready to announce the winners. Before you jump down to find out who won, I’d like to take a moment to say thanks to everyone who participated. We had some incredible entries. To say that judging was hard is quite an understatement. Even [Eben Upton], father of the Raspberry Pi got in on the action. He created a new helicopter game for the classic BBC Micro. Look for writeups on the winners and many of the other entries in the coming weeks.

Grand Prize

brainfckThe grand prize goes to [Jaromir Sukuba] for Brainf*cktor. [Jaromir] went above and beyond this time. He created a computer which can be programmed in everyone’s favorite esoteric programming language. Brainf*cktor uses 1019 bytes of program memory in [Jaromir’s] PIC18F26K22. You can write, execute and edit programs. [Jaromir] ran into a bit of a problem with his LCD. The character tables would have thrown him over the 1 kB limit. Not a problem – he designed his own compressed character set, which is included in the 1019 bytes mentioned above. All the clever software takes physical form with a homemade PCB, and a case built from blank PCB material. Best of all, [Jaromir] has explained his software tricks, as well as included a full build log for anyone who wants to replicate his project. All that hard work will be rewarded with a Digi-Comp II kit from EMSL.

First Prize

mosFirst prize goes to [Dumitru Stama] with M0S – CortexM0 RTOS in 1024 bytes. Operating systems are complex beasts. Many of our readers have toyed with the Linux Kernel. But writing a real-time OS from scratch? That’s quite an undertaking.  [Dumitru] didn’t shy away from the challenge. He designed a Real-Time Operating System (RTOS) for ARM processors, written completely in ARM thumb assembly instructions. This is no bare-bones executive. M0S has a rich list of features, including preemptive task scheduling, mutexes, and inter-process communication. [Dumitru] even gave us memory allocation with an implementation of malloc() and free(). The OS was demonstrated with a NUCLEO-F072RB board from ST-Micro.

[Dumitru] didn’t just drop a GitHub link and run. He documented M0S with seven project logs and a 37-minute long video. The video uses electronic whiteboard drawings to clearly explain all the internal workings of the operating system, as well as how to use it.

[Dumitru] is the proud new owner of a Maker Select 3D printer V2!

Second Prize

1klaserSecond prize goes to [Cyrille Gindreau] with 1K Challange Laser. Vector lasers generally take lots of memory. You have to manage galvanometers, laser drive, and perform all the magic it takes to convert a set of vectors to lines drawn in space. The project uses 912 bytes of program and initialized data memory to command an MSP430 to draw an image.

Proving that flattery will get you everywhere, [Cyrille] picked the Hackaday logo as the subject. The Jolly Wrencher is not exactly simple to convert to vector format, though. It took some careful optimizations to come up with an image that fit within 1 kB. [Cyrille] wins a Bulbdial Clock kit from EMSL.

Third Prize

tinygamesThird prize goes to [Mark Sherman] with tinygames. Video games have been around for awhile, but they are never quite this small. [Mark] coaxed the minuscule Atmel ATtiny84 to play Centipede with only 1024 bytes of program memory. Even the BOM is kept small, with just a few support components. Control is handled by an Atari 2600 compatible joystick. Video is black and white NTSC, which is demonstrated on a period accurate CRT. [Mark] generates his video by racing the electron beam, exactly the same way the Atari 2600 did it.

[Mark] will take home a Blinkytile kit from Blinkinlabs.

Final thoughts

First of all, I’d like to thank the judges. Our own [Jenny List], [Gerrit Coetzee], [Pedro Umbelino], [Bil Herd], and [Brian Benchoff] worked hard with me in judging this contest. I’d also like to thank our community for creating some amazing projects. The contest may be over, but these projects are now out there for others to build, enjoy, and learn from.

I’ve wanted to organize this contest since [Jeri Ellsworth] and [Chris Gammell] took on the 555 contest way back in 2011. The problem is creating a set of rules that would be relatively fair to every architecture. I think 133 entries to this contest proves that we found a very fair set of constraints. It is safe to say this won’t be the last 1 kB Challenge here at Hackaday, so if you have ideas for future editions, share them in the comments!

Retrotechtacular: Social Hacking is Nothing New

If you watch enough mainstream TV and movies, you might think that hacking into someone’s account requires a huge monitor, special software, and intricate hand gestures. The reality is way more boring. Because people tend to choose bad passwords, if you have time, you can task a computer with quietly brute-forcing the password. Then again, not everyone has a bad password and many systems will enforce a timeout after failed attempts or require two-factor authentication, so the brute force approach isn’t what it used to be.

Turns out the easiest way to get someone’s password is to ask them for it. Sure, a lot of people will say no, but you’d be surprised how many people will tell you. That number goes up dramatically when you make them think you are with the IT department or their Internet provider. That’s an example of social engineering. You can define that many ways, but in this case it boils down to getting people to give you what you want based on making them believe you are something you aren’t.

Everything Old…

We think of social engineering as something new, but really–like most cybercrime–it is just the movement of old-fashioned crime to the digital world. What got me thinking about this is a service from Amazon called “Mechanical Turk.”

That struck me as odd when I first heard it because for product marketing it is pretty bad unless you are selling turkey jerky or something. If you tell me “Amazon Simple Storage Service” I can probably guess what that might be. But what’s Mechanical Turk?

Mechanical Turk

Continue reading “Retrotechtacular: Social Hacking is Nothing New”

FPGA Computer Covers A to Z

[F4HDK] calls his new computer A2Z because he built everything from scratch (literally, from A to Z). Well, strictly speaking, he did start with an FPGA, but you have to have some foundation. The core CPU is a 16-bit RISC processor with a 24-bit address bus and a 128-word cache. The computer sports 2 megabytes of RAM, a boot ROM, a VGA port and keyboard, and some other useful I/O. The CPU development uses Verilog.

Software-wise, the computer has a simple operating system, a filesystem, and basic programs like a text editor and an image viewer. Development software includes an assembler and a compiler for a BASIC-like language that resides on the PC. You can also run an emulator to experiment with A2Z without hardware. You can see a “car game” running on A2Z in the video below. You can also see videos of some other applications.

Continue reading “FPGA Computer Covers A to Z”

What’s So Bad about the Imperial System Anyway?

As a Hackaday writer, you can never predict where the comments of your posts will go. Some posts seem to be ignored, while others have a good steady stream of useful feedback. But sometimes the comment threads just explode, heading off into seemingly uncharted territory only tangentially related to the original post.

Such was the case with [Steven Dufresne]’s recent post about decimal time, where the comments quickly became a heated debate about the relative merits of metric and imperial units. As I read the thread, I recalled any of the numerous and similarly tangential comments on various reddit threads bashing the imperial system, and decided that enough was enough. I find the hate for the imperial system largely unfounded, and so I want to rise to its defense.

Continue reading “What’s So Bad about the Imperial System Anyway?”

Crippled Calculator Features Unlocked with Automated Help

[Aguilera Dario] likes his Casio fx-82ES calculator. However, it was missing a few functions, including complex numbers. A Casio fx-991ES has more functions but, of course, costs more. A quick Google revealed that if you press the right buttons, though, you can transform an fx-82ES into an fx-991ES.

Because it is apparently a buffer overflow exploit, the hack involves a lot of keys and once you cycle the power you have to do it again. [Aguilera] realized this would be a good candidate for automation and added a microcontroller to push his buttons. You can see a video of a breadboard version below. He also has a PCB version in the works that should be better integrated.

Continue reading “Crippled Calculator Features Unlocked with Automated Help”