Old Rabbit Ears Optimized for Weather Satellite Downlink

Communicating with a satellite seems like something that should take a lot of equipment. A fancy antenna and racks full of receivers, filters, and amplifiers would seem to be the entry-level suite of gear. But listening to a weather satellite with an old pair of rabbit ears and an SDR dongle? That’s a thing too.

There was a time when a pair of rabbit ears accompanied every new TV. Those days are gone, but [Thomas Cholakov (N1SPY)] managed to find one of the old TV dipoles in his garage, complete with 300-ohm twinlead and spade connectors. He put it to work listening to a NOAA weather satellite on 137 MHz by configuring it in a horizontal V-dipole arrangement. The antenna legs are spread about 120° apart and adjusted to about 20.5 inches (52 cm) length each. The length makes the antenna resonant at the right frequency, the vee shape makes the radiation pattern nearly circular, and the horizontal polarization excludes signals from the nearby FM broadcast band and directs the pattern skyward. [Thomas] doesn’t mention how he matched the antenna’s impedance to the SDR, but there appears to be some sort of balun in the video below. The satellite signal is decoded and displayed in real time with surprisingly good results.

Itching to listen to satellites but don’t have any rabbit ears? No problem — just go find a cooking pot and get to it.

Continue reading “Old Rabbit Ears Optimized for Weather Satellite Downlink”

Fake Your ID Photos – the 3D Way

Photographs for identification purposes have strict requirements. Lighting, expression, and framing are all controlled to enable authorities to quickly and effectively use them to identify individuals reliably. But what if you created an entirely fake photograph from scratch? That’s exactly what [Raphael Fabre] set out to do.

With today’s 3D modelling tools, human faces can be created in extreme detail. Using these, [Raphael] set out to create a 3D model of himself, which was then used to render images simulating a passport photograph. Not content to end the project there, [Raphael] put his digital doppelgänger to the test – applying for a French identification card. He succeeded.

While the technology to create and render high-quality human faces has existed for a while, it’s impressive that [Raphael]’s work passed for genuine human. Obviously there’s something to be said for the likelihood of an overworked civil servant catching this sort of ruse, but the simple fact is, the images made it through the process, and [Raphael] has his ID. Theoretically, this leaves open the possibility of creating entirely fictitious characters and registering them as real citizens with the state, for all manner of nefarious purposes. If you do this, particularly on a grand scale, be sure to submit it to the tip line.

We’ve seen other concerning ID hacks before, such as this attempt at hacking RFIDs in Passport Cards.

File Format Posters

It’s not uncommon for hackers to have a particular delectation for unusual interior decoration. Maybe it’s a Nixie tube clock, or a vacuum fluorescent display reading out the latest tweets from a favorite chatbot. If this sounds like your living room already, perhaps you’d like some of these file format posters to adorn your walls.

The collection of images includes all kinds of formats — GIF, ZIP and WAV are all represented, but it even gets into some real esoterica — DOLphin format executables are here if you’re a total GameCube fanatic. Each poster breaks down the format into parts, such as the header, metadata and descriptor sections, and come in a variety of formats themselves — most available in SVG, PDF and PNG.

If we’re totally honest, these aren’t all designed for hanging on your wall as-is — we’d consider putting some work into to optimize the color palettes and layouts before putting these to print. But regardless, they’re an excellent visual representation of data structures that you might find particularly useful if you need to do some reverse engineering down the track.

If you still have wall space available after seeing this, here’s the electronic reference poster that should fill it.

[Thanks to JD for the tip!]

Hacklet 97 – Camera Projects

We last covered camera projects way back in Hacklet #11. A ton of camera projects have been added to Hackaday.io since then. While the rest of the world is taking selfies, hackers, makers, and engineers have been coming up with new ways to hack their image capture devices. This week on the Hacklet, we’re taking a look at some of the best camera projects on Hackaday.io!

pixelzFirst up is [aleksey.grishchenko] with PiXel camera. PiXel is a camera and a live video display all in one, We wouldn’t exactly call it high-definition though! A Raspberry Pi uses its camera module to capture images of the world. [Aleksey] then processes those images and displays them on a 32 x 32 RGB LED matrix. This matrix is the same kind of tile used in large outdoor LED signs. The result is a surreal low resolution view of the world. Since the Pi, batteries, and camera all hide behind the LED matrix, there is an unobstructed view of the world around you. [Aleksey] used  [Henner Zeller’s] matrix library to make this hack happen.

imagerNext up is [Esben Rossel] with Linear CCD module. [Esben] is building a Raman spectrometer, much like 2014 Hackaday Prize finalist [fl@C@] with his own ramanPi. The heart of a spectrometer is the linear image capture device. Both of these projects use the same TCD1304 linear CCD. Linear Charge Coupled Devices (CCDs) are the same type of device used in flatbed document scanners. The output of the CCD is analog, so an ADC must be used to capture the data. [Esben] is using an STM32F401RE on a Nucleo board as the control logic. The ST’s internal ADC converts the analog signal to digital. From there, it’s time to process all the spectra.

wiimote-cam[Chiprobot] brings the classic Wii remote camera to the internet of things with
ESP8266 meets Wii Mote Camera. The Wii remote uses a camera which doesn’t output images, instead it plots the location of up to four IR LEDs. Normally these LEDs are located in the poorly named sensor bar that is sold with the Wii. Hackers have been using these cameras in projects for years now. [Chiprobot] paired his camera with the modern classic ESP8266 WiFi module. The ‘8266 is programmed to read data from the camera’s I2C bus. It then sends the data as an SVG request to the W3C website. W3C returns a formatted image based on those coordinates. The resulting image is a picture of the IR LEDs seen by the camera. Kind of like sending your negatives out to be developed.

photoboothFinally, we have [GuyisIT] with Raspberry Pi Photobooth. Photo booths are all the rage these days. First it was weddings, but now it seems like every kids party has one. [GuyisIT] didn’t rent a booth for his daughter’s birthday, he built one using his Raspberry Pi and Pi camera. The project is written in python, based upon [John Croucher’s] code. When the kids press a button, the Pi Snaps a series of pictures. The tiny Linux computer then joins and rotates the images while adding in some superhero themed graphics. Finally the Pi prints the image on to a photo printer. The biggest problem with this hack is re-triggering. The kids loved it so much, they kept pressing the big red button!

If you want to see more camera projects, check out our updated camera projects list! If I missed your project, don’t be shy! Just drop me a message on Hackaday.io. That’s it for this week’s Hacklet. As always, see you next week. Same hack time, same hack channel, bringing you the best of Hackaday.io!

Stegosploit: Owned by a JPG

We’re primarily hardware hackers, but every once in a while we see a software hack that really tickles our fancy. One such hack is Stegosploit, by [Saumil Shah]. Stegosploit isn’t really an exploit, so much as it’s a means of delivering exploits to browsers by hiding them in pictures. Why? Because nobody expects a picture to contain executable code.

stegosploit_diagram[Saumil] starts off by packing the real exploit code into an image. He demonstrates that you can do this directly, by encoding characters of the code in the color values of the pixels. But that would look strange, so instead the code is delivered steganographically by spreading the bits of the characters that represent the code among the least-significant bits in either a JPG or PNG image.

OK, so the exploit code is hidden in the picture. Reading it out is actually simple: the HTML canvas element has a built-in getImageData() method that reads the (numeric) value of a given pixel. A little bit of JavaScript later, and you’ve reconstructed your code from the image. This is sneaky because there’s exploit code that’s now runnable in your browser, but your anti-virus software won’t see it because it wasn’t ever written out — it was in the image and reconstructed on the fly by innocuous-looking “normal” JavaScript.

232115_1366x1792_scrotAnd here’s the coup de grâce. By packing HTML and JavaScript into the header data of the image file, you can end up with a valid image (JPG or PNG) file that will nonetheless be interpreted as HTML by a browser. The simplest way to do this is send your file myPic.JPG from the webserver with a Content-Type: text/html HTTP header. Even though it’s a totally valid image file, with an image file extension, a browser will treat it as HTML, render the page and run the script it finds within.

The end result of this is a single image that the browser thinks is HTML with JavaScript inside it, which displays the image in question and at the same time unpacks the exploit code that’s hidden in the shadows of the image and runs that as well. You’re owned by a single image file! And everything looks normal.

We like this because it combines two sweet tricks in one hack: steganography to deliver the exploit code, and “polyglot” files that can be read two ways, depending on which application is doing the reading. A quick tag-search of Hackaday will dig up a lot on steganography here, but polyglot files are a relatively new hack.

[Ange Ablertini] is the undisputed master of packing one file type inside another, so if you want to get into the nitty-gritty of [Ange]’s style of “polyglot” file types, watch his talk on “Funky File Formats” (YouTube). You’ll never look at a ZIP file the same again.

Sweet hack, right? Who says the hardware guys get to have all the fun?

Hiding Executable Javascript in Images That Pass Validation

Here’s an interesting proof-of-concept that could be useful or hazardous depending on the situation in which you encounter it. [jklmnn] drew inspiration from the work of [Ange Albertini] who has documented a way to hide Javascript within the header of a .gif file. Not only does it carry the complete code but both image and the Javascript are seen as valid.

With just a little bit of work [jklmnn] boiled down the concept to the most basic parts so that it is easy to understand. Next, a quick program was written to automate the embedding of the Javascript. Grab the source code if you want to give it a try yourself.

Let’s get back to how this might be useful rather than harmful. What if you are working on a computer that doesn’t allow the browser to load Javascript. You may be able to embed something useful, kind of like the hack that allowed movies to be played by abusing Microsoft Excel.

Images carrying an encrypted data payload


This is a tidy looking banner image. But according to [Ian] it contains 52KB of source code. You can’t just read out all of that data. Well, you can but it will be gibberish. Before hiding the bits in plain sight he encrypted them with two different keys.

He’s using AES-256 encryption to keep his data away from prying eyes. But if that wasn’t enough, he also wrote a PHP program to hide the bits in a PNG image. Not just any picture will do (otherwise your eye will be able to see something’s awry). The post linked above focuses mainly on how to choose an image that will hide your data most easily. We asked him if he would share his techniques for actually merging the encrypted file with the picture and he delivered. Head on over to his repository if you want to take a look at the generator code.