Day: November 1, 2018

Mini LEGO Technic Tank Patrols Your Desk Under ESP32 Control

November 1, 2018 by 11 Comments

We probably don’t have to tell the readers of Hackaday that LEGO isn’t just for kids; we’ve seen plenty of projects that live in an enclosure made of the multi-color bricks, and let’s not even get started on the Mindstorms builds we’ve seen over the years. But while LEGO (and especially the Technic product line) is fine for prototyping and putting together quick projects, the stock electronic components aren’t exactly top of the line. Which is why [Jason Kirsons] has been working on bridging the gap between LEGO and “real” parts.

His LEGO Technic tank is a perfect example of this principle. While the tank design itself is standard LEGO fare, he’s gone all in on the electronics. With an Adafruit Feather ESP32, custom motor controller board, and NEMA 8 steppers with 3D printed Technic adapters, this little tank has a lot more going on under the hood than you might expect. While this project is more a proof of concept than anything, the methods [Jason] demonstrates might be something to consider the next time you’re building with Billund’s best.

[Jason] chose the Feather ESP32 because of its small size, but you could get away with a generic board if you’re not trying to compress everything down into such a small footprint. Of course, if you go with another board you won’t be able to use the PCB he’s designed which attaches to the Feather and holds four Pololu DRV8835 motor drivers.

Easily the most broadly applicable element of this project is the work [Jason] has done designing adapter plates that let you use NEMA 8 motors with LEGO Technic parts. He’s put the adapters up on Thingiverse, for anyone looking for a drop-in solution to give their Technic creations a bit more oomph (technical term).

LEGO has a long history with hackers and makers. We’ve covered some absolutely incredible projects built with the famous construction set, and we don’t see any sign of it slowing down in the future.

Continue reading “Mini LEGO Technic Tank Patrols Your Desk Under ESP32 Control”

Hands On With The Arduino FPGA

November 1, 2018 by 31 Comments

All of the tools you need to work with the FPGA Arduino — the Vidor — are now in the wild!

We reported earlier that a series of French blog posts finally showed how all the pieces fit together to program the FPGA on the Arduino MKR4000 Vidor board. Of course, I wasn’t content to just read the Google translation, I had to break out the board and try myself.

I created a very simple starter template, a tool in C to do the bitstream conversion, required, and bundled it all together in one place. Here’s how you can use my starter kit to do your own FPGA designs using the Vidor. I’m going to assume you know about FPGA basics and Verilog. If you don’t, why not check out the FPGA boot camps first?

The first thing you’ll want to do is grab my GitHub repo. You’ll also need the Arduino IDE (a recent copy) and Intel’s Quartus software. Inside, you’ll find three directories, two of which contain slightly modified copies of original Arduino files. But before you start digging in, let’s get the high-level overview of the process.

Continue reading “Hands On With The Arduino FPGA”

Drawing On An OLED With An ATtiny85, No RAM Buffers Allowed

November 1, 2018 by 24 Comments

Small I2C OLED displays are common nowadays, and thanks to the work of helpful developers, there are also a variety of graphics libraries for using them. Most of them work by using a RAM buffer, which means that anything one wants to draw gets written to a buffer representing the screen, and the contents of that buffer are copied out to the display whenever it is updated. The drawback is that for some microcontrollers, there simply isn’t enough RAM for this approach to work. For example, a 128×64 monochrome OLED requires a 1024 byte buffer, but that’s bad news if a microcontroller has only 512 bytes of RAM in total like the ATtiny85. [David Johnson-Davies] has two solutions: a Tiny Graphics Library that needs no RAM buffer and an even slimmer Tiny Function Plotter, which we’ll discuss in order.

Tiny Function Plotter works on both SSD1306 and SH1106-based displays.

[David]’s Tiny Graphics Library works by taking advantage of a feature of SH1106 driver-based displays: the ability to read the display over I2C as well as write to it. With the ability to perform read-modify-write on a section at a time, using a large RAM buffer can be avoided. The only catch is that the library only works with OLEDs using the SH1106, but the good news is that these are very common at the usual Chinese resellers. ([David] notes that SH1106 is sometimes misspelled as “SSH1106”, so keep that in mind when searching.)

What about all those other SSD1306-based OLED displays out there? Are they out of luck? Not quite. [David] has one more trick up his sleeve: his Tiny Function Plotter works on the SSD1306 and also requires no RAM buffer. It’s unable to write text, but it can easily handle drawing graphs plotting things like values over time while needing very little overhead.

Another approach we’ve seen for using OLEDs driven by microcontrollers with limited memory is the solution [Michael] used in Tiny Sideways Tetris, which was done in part by realizing the smallest screen element he needed was a 4×4 block, and using that premise as the basis of a simple compression scheme.

Apple Kernel Code Vulnerability Affected All Devices

November 1, 2018 by 81 Comments

Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.

This is a buffer overflow issue in the error handling for network packets. The kernel is expecting a fixed length of those packets but doesn’t check to prevent writing past the end of the buffer. The fact Apple’s XNU kernel powers all their products is remarkable, but issues like this are a reminder of the potential downside to that approach. Thanks to responsible disclosure, a patch was pushed out in September.

Anatomy of a Buffer Overflow

Buffer overflows aren’t new, but a reminder on what exactly is going on might be in order. In low level languages like C, the software designer is responsible for managing computer memory manually. They allocate memory, tagging a certain number of bytes for a given use. A buffer overflow is when the program writes more bytes into the memory location than are allocated, writing past the intended limit into parts of memory that are likely being used for a different purpose. In short, this overflow is written into memory that can contain other data or even executable code.

With a buffer overflow vulnerability, an attacker can write whatever code they wish to that out-of-bounds memory space, then manipulate the program to jump into that newly written code. This is referred to as arbitrary code execution. [Computerphile] has a great walk-through on buffer overflows and how they lead to code execution.

This Overflow Vulnerabilty Strikes Apple’s XNU Kernel

[Kevin] took the time to explain the issue he found in further depth. The vulnerability stems from the kernel code making an assumption about incoming packets. ICMP error messages are sent automatically in response to various network events. We’re probably most familiar with the “connection refused’ message, indicating a port closed by the firewall. These ICMP packets include the IP header of the packet that triggered the error. The XNU implementation of this process makes the assumption that the incoming packet will always have a header of the correct length, and copies that header into a buffer without first checking the length. A specially crafted packet can have a longer header, and this is the data that overflows the buffer.

Because of the role ICMP plays in communicating network status, a closed firewall isn’t enough to mitigate the attack. Even when sent to a closed port, the vulnerability can still trigger. Aside from updating to a patched OS release, the only mitigation is to run the macOS firewall in what it calls “stealth mode”. This mode doesn’t respond to pings, and more importantly, silently drops packets rather than sending ICMP error responses. This mitigation isn’t possible for watchOS and iOS devices.

The good news about the vulnerability is that a packet, malformed in this way, has little chance of being passed through a router at all. An attacker must be on the same physical network in order to send the malicious packet. The most likely attack vector, then, is the public WiFi at the local coffee shop.

Come back after the break for a demonstration of this attack in action.

Continue reading “Apple Kernel Code Vulnerability Affected All Devices”