NES Classic Edition – Controller Mod

December 29, 2016 by Lewin Day 12 Comments

The Nintendo Classic Mini took the world by storm this year — finally, an NES in a cute, tiny package that isn’t 3D printed and running off a Raspberry Pi! It’s resoundingly popular and the nostalgic set are loving it. But what do you do when you’re two hours deep into a hardcore Metroid session and you realize you need to reboot and reload. Get off the couch? Never!

[gyromatical] had already bought an Emio Edge gamepad for his NES Mini. A little poking around inside revealed some unused pads on the PCB. Further investigation revealed that one pad can be used to wire up a reset button, and two others can be used to create a home switch. Combine this with the turbo features already present on the Emio Edge, and you’ve got a pretty solid upgrade over the stock NES Mini pad. Oftentimes, there’s extra functionality lurking inside products that manufacturers have left inactive for the sake of saving a few dollars on switches & connectors. It’s always worth taking a look inside.

Now, back in 2006, the coolest hack was running Linux on everything — and somebody’s already trying to get Linux on the NES Mini.

Continue reading “NES Classic Edition – Controller Mod” →

Little Bobby Tables Just Registered A Company…

December 29, 2016 by Jenny List 33 Comments

Sometimes along comes a tech story that diverges from our usual hardware subject matter yet which just begs to be shared with you because we think you will find it interesting and entertaining.

XKCD 327, Exploits of a Mom (CC BY-NC 2.5).

You will no doubt be familiar with the XKCD cartoon number 327, entitled “Exploits of a Mom”, but familiarly referred to as “[Bobby Tables]”. In it a teacher is ringing the mother of little [Robert’); DROP TABLE Students; –], whose name has caused the loss of a year’s student records due to a badly sanitized database input. We’ve all raised a chuckle at it, and the joke has appeared in other places such as an improbably long car license plate designed to erase speeding tickets.

It's nice to see that Companies House sanitise their database inputs. — It’s nice to see that Companies House sanitise their database inputs.

Today we have a new twist on the Bobby Tables gag, for someone has registered a British company with the name “; DROP TABLE “COMPANIES”;– LTD“. Amusingly the people at Companies House have allowed the registration to proceed, so either they get the joke too or they are unaware of the nuances of a basic SQL exploit. It’s likely that if this name leaves Her Majesty’s civil servants with egg on their faces it’ll be swiftly withdrawn, so if that turns out to be the case then at least we’ve preserved it with a screenshot.

Of course, the chances of such a simple and well-known exploit having any effect is minimal. There will always be poor software out there somewhere that contains badly sanitized inputs, but we would hope that a vulnerability more suited to 1996 would be vanishingly rare in 2016.

If by some chance you haven’t encountered it before we’d recommend you read about database input sanitization, someday it may save you from an embarrassing bit of code. Meanwhile we salute the owner and creator of this new company for giving us a laugh, and wish them every success in their venture.

33C3: If You Can’t Trust Your Computer, Who Can You Trust?

December 29, 2016 by Elliot Williams 47 Comments

It’s a sign of the times: the first day of the 33rd Chaos Communications Congress (33C3) included two talks related to assuring that your own computer wasn’t being turned against you. The two talks are respectively practical and idealistic, realizable today and a work that’s still in the idea stage.

In the first talk, [Trammell Hudson] presented his Heads open-source firmware bootloader and minimal Linux for laptops and servers. The name is a gag: the Tails Linux distribution lets you operate without leaving any trace, while Heads lets you run a system that you can be reasonably sure is secure.

It uses coreboot, kexec, and QubesOS, cutting off BIOS-based hacking tools at the root. If you’re worried about sketchy BIOS rootkits, this is a solution. (And if you think that this is paranoia, you haven’t been following the news in the last few years, and probably need to watch this talk.) [Trammell]’s Heads distribution is a collection of the best tools currently available, and it’s something you can do now, although it’s not going to be easy.

Carrying out the ideas fleshed out in the second talk is even harder — in fact, impossible at the moment. But that’s not to say that it’s not a neat idea. [Jaseg] starts out with the premise that the CPU itself is not to be trusted. Again, this is sadly not so far-fetched these days. Non-open blobs of firmware abound, and if you’re really concerned with the privacy of your communications, you don’t want the CPU (or Intel’s management engine) to get its hands on your plaintext.

[Jaseg]’s solution is to interpose a device, probably made with a reasonably powerful FPGA and running open-source, inspectable code, between the CPU and the screen and keyboard. For critical text, like e-mail for example, the CPU will deal only in ciphertext. The FPGA, via graphics cues, will know which region of the screen is to be decrypted, and will send the plaintext out to the screen directly. Unless someone’s physically between the FPGA and your screen or keyboard, this should be unsniffable.

As with all early-stage ideas, the devil will be in the details here. It’s not yet worked out how to know when the keyboard needs to be encoded before passing the keystrokes on to the CPU, for instance. But the idea is very interesting, and places the trust boundary about as close to the user as possible, at input and output.

Making VR Controllers From The Ground Up

December 29, 2016 by Brian Benchoff 4 Comments

VR is going to be the next big thing in five to seven years, and with that comes the problem of what the controllers will look like. The Vive and PS Move are probably close to what the first successful consumer VR setup will look like, but there’s plenty of room for experimentation. [ShinyQuagsire] decided to experiment with VR, IMUs, and computer vision and managed to make a VR controller from the ground up.

The design of [Quagsire]’s VR controller is very similar to the PS Move controller: there’s a glowy ball on top of a Wii-nunchuckish controller. There’s a good reason for this design: a sphere projected onto a 2D surface is always a circle. By illuminating a sphere with an IR LED, [Quagsire] can get an OpenCV script to hone in on the controller.

One thing that was particularly hard for [Quagsire] was building the 3D printed controllers. The first hardware revision wasn’t designed for manufacturing on a 3D printer — there were curves everywhere and very few flat areas for bed adhesion. The second hardware revision corrected these problems, but there’s a world of difference between designing a 3D printable part and being able to calibrate and tune a 3D printer. In the end, [Quagsire] sent the files off to 3DHubs to put that whole ordeal behind him.

With the case printed, [Quagsire] filled it with IMU breakouts, buttons, and a tiny joystick. The brains of the controller is a Teensy 3.2 that has plenty of examples of how to transmit gyro data and button presses over serial. With that done, the only thing left to do was to tie everything together.

The controller worked, and [Quagsire] learned a lot in the process. Making VR controllers is hard, even though a lot of the project isn’t the optimal way of doing things. For the next iteration of this project, [Quagsire] might look at wireless, but for now the entire project is up on Github for everyone to take a look at.

The Story Of Kickstarting The OpenMV

December 29, 2016 by Brian Benchoff 31 Comments

Robots are the ‘it’ thing right now, computer vision is a hot topic, and microcontrollers have never been faster. These facts lead inexorably to the OpenMV, an embedded computer vision module that bills itself as the ‘Arduino of Machine Vision.’

The original OpenMV was an entry for the first Hackaday Prize, and since then the project has had a lot of success. There are tons of followers, plenty of users, and the project even had a successful Kickstarter. That last bit of info is fairly contentious — while the Kickstarter did meet the minimum funding level, there were a lot of problems bringing this very cool product to market. Issues with suppliers and community management were the biggest problems, but the team behind OpenMV eventually pulled it off.

At the 2016 Hackaday SuperConference, Kwabena Agyeman, one of the project leads for the OpenMV, told the story about bringing the OpenMV to market:

Continue reading “The Story Of Kickstarting The OpenMV” →

Fail Of The Week: How I Killed The HiPot Tester

December 29, 2016 by Jenny List 18 Comments

Have you ever wired up a piece of test equipment to a circuit or piece of equipment on your bench, only to have the dreaded magic smoke emerge when you apply power? [Steaky] did, and unfortunately for him the smoke was coming not from his circuit being tested but from a £2300 Clare H101 HiPot tester. His write-up details his search for the culprit, then looks at how the manufacturer might have protected the instrument.

[Steaky]’s employer uses the HiPot tester to check that adjacent circuits are adequately isolated from each other. A high voltage is put between the two circuits, and the leakage current between them is measured. A variety of tests are conducted on the same piece of equipment, and the task in hand was to produce a new version of a switch box with software control to swap between the different tests.

This particular instrument has a guard circuit, a pair of contacts that have to be closed before it will proceed. So the switch box incorporated a relay to close them, and wiring was made to connect to the guard socket. At first it was thought that the circuit might run at mains voltage, but when it was discovered to be only 5V the decision was made to use a 3.5mm jack on the switch box. Inadvertently this was left with its sleeve earthed, which had the effect of shorting out a DC to DC converter in the HiPot tester and releasing the smoke. Fortunately then the converter could be replaced and the machine brought back to life, but it left questions about the design of the internal circuit. What was in effect a logic level sense line was in fact connected to a low current power supply, and even the most rudimentary of protection circuitry could have saved the day.

We all stand warned to be vigilant for this kind of problem, and kudos to [Steaky] for both owning up to this particular fail and writing such a good analysis of it.

Our Fail Of The Week series has plenty to entertain the reader who is not of a nervous disposition. This isn’t the first fail to feature a suspect bit of connector wiring, not an unexpected short or even some magic smoke.

Parts Bin Bonanza Leads To Arduino FM Radio

December 29, 2016 by Dan Maloney 15 Comments

Trolling eBay for parts can be bad for your wallet and your parts bin. Yes, it’s nice to be well stocked, but eventually you get to critical mass and things start to take on a life of their own.

This unconventional Arduino-based FM receiver is the result of one such inventory overflow, and even though it may take the long way around to listening to NPR, [Kevin Darrah]’s build has some great tips in it for other projects. Still in the mess-o-wires phase, the radio is centered around an ATmega328 talking to a TEA5767 FM radio module over I²C. Tuning is accomplished by a 10-turn vernier pot with an analog meter for frequency display. A 15-Watt amp drives a pair of speakers, but [Kevin] ran into some quality control issues with the amp and tuner modules that required a little extra soldering as a workaround. The longish video below offers a complete tutorial on the hardware and software and shows the radio in action.

We like the unconventional UI for this one, but a more traditional tuning method using the same guts is also possible, as this retro-radio refit shows.

Continue reading “Parts Bin Bonanza Leads To Arduino FM Radio” →