You Need A Cyberdeck, This Board Will Help

In 1984, William Gibson’s novel Neuromancer helped kick off the cyberpunk genre that many hackers have been delighting in ever since. Years before Tim Berners-Lee created the World Wide Web, Gibson was imagining worldwide computer networks and omnipresent artificial intelligence. One of his most famous fictional creations is the cyberdeck, a powerful mobile computer that allowed its users to navigate the global net; though today we might just call them smartphones.

While we might have the functional equivalent in our pockets, hackers like [Tillo] have been working on building cyberdecks that look a bit more in line with what fans of Neuromancer imagined the hardware would be like. His project is hardly the first, but what’s particularly notable here is that he’s trying to make it easier for others to follow in his footsteps.

There’s a trend to base DIY cyberdecks on 1980s vintage computer hardware, with the logic being that it would be closer to what Gibson had in mind at the time. Equally important, the brutalist angular designs of some of those early computers not only look a lot cooler than anything we’ve got today, but offer cavernous internal volume ripe for a modern hardware transfusion. Often powered by the Raspberry Pi, featuring a relatively small LCD, and packed full of rechargeable batteries, these cyberdecks make mobile what was once anchored to a desk and television.

[Tillo] based his cyberdeck on what’s left of a Commodore C64c, reusing the original keyboard for that vintage feel. That meant he needed to adapt the keyboard to something the Raspberry Pi could understand, for which some commercially available options existed already. But why not take the idea farther for those looking to create their own C64c cyberdecks?

He’s currently working on a new PCB specifically designed for retrofitting one of these classic machines with a Raspberry Pi. The board includes niceties like a USB hub, and should fill out some of those gaping holes left in the case once you remove the original electronics. [Tillo] has already sent the first version of his open source board out for fabrication, so hopefully we’ll get an update soon.

In the meantime, you might want to check out some of the other fantastic cyberdeck builds we’ve covered over the last couple of years.

Hands-On: Queercon 16 Hardware Badge Shows Off Custom Membrane Keyboard

Year over year, the Queercon badge is consistently impressive. I think what’s most impressive about these badges is that they seemingly throw out all design ideas from the previous year and start anew, yet manage to discover a unique and addictive aesthetic every single time.

This year, there are two hardware badges produced by the team composed of Evan Mackay, George Louthan, Tara Scape, and Subterfuge. The one shown here is nicknamed the “Q” badge for its resemblance to the letter. Both get you into the conference, both are electronically interactive, but this one is like a control panel for an alternate reality game (ARG) that encourages interactivity and meaningful conversations. The other badge is the “C” badge. It’s more passive, yet acts as a key in the ARG — you cannot progress by interacting with only one type of badge, you must work with people sporting both badge types so that Queercon attendees who didn’t purchase the Q badge still get in on the fun.

The most striking feature on this badge is a custom membrane keyboard tailored to playing the interactive game across all badges at the conference. But I find that the eInk screen, RJ12 jack for connectivity, and the LED and bezel arrangements all came together for a perfect balance of function and art. Join me after the break for a closer look at what makes this hardware so special.

Continue reading “Hands-On: Queercon 16 Hardware Badge Shows Off Custom Membrane Keyboard”

Hackaday Podcast 031: Holonomic Drives, Badges Of DEF CON, We Don’t Do On-Chip Debugging, And Small Run Manufacturing Snafus

Mike Szczys and Kerry Scharfglass recorded this week’s podcast live from DEF CON. Among the many topics of discussion, we explore some of the more interesting ways to move a robot. From BB-8 to Holonomic Drives, Kerry’s hoping to have a proof of concept in time for Supercon. Are you using On-Chip Debugging with your projects? Neither are we, but maybe we should. The same goes for dynamic memory allocation; but when you have overpowered micros such as the chip on the Teensy 4.0, why do you need to? We close this week’s show with a few interviews with badge makers who rolled out a few hundred of their design and encountered manufacturing problems along the way. It wouldn’t be engineering without problems to solve.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 031: Holonomic Drives, Badges Of DEF CON, We Don’t Do On-Chip Debugging, And Small Run Manufacturing Snafus”

Broken HP-48 Calculator Reborn As Bluetooth Keyboard

Considering their hardware specification, graphing calculators surely feel like an anachronism in 2019. There are plenty of apps and other software available for that nowadays, and despite all preaching by our teachers, we actually do carry calculators with us every day. On the other hand, never underestimate the power of muscle memory when using physical knobs and buttons instead of touch screen or mouse input. [epostkastl] combined the best of both worlds and turned his broken HP-48 into a Bluetooth LE keyboard to get the real feel with its emulated counterpart.

Initially implemented as USB device, [epostkastl] opted for a wireless version this time, and connected an nRF52 based Adafruit Feather board to the HP-48’s conveniently exposed button matrix pins. For the software emulation side, he uses the Emu48, an open source HP calculator emulator for Windows and Android. The great thing about Emu84 is that it supports fully customizable mappings of regular keyboard events to the emulated buttons, so you can easily map, say, the cosine button to the [C] key. The rest is straight forward: scanning the button matrix detects button presses, maps them to a key event, and sends it as a BLE HID event to the receiving side running Emu84.

As this turns [epostkastl]’s HP-48 essentially into a regular wireless keyboard in a compact package — albeit with a layout that outshines every QWERTY vs Dvorak debate. It can of course also find alternative use cases, for examples as media center remote control, or a shortcut keyboard. After all, we’ve seen the latter one built as stomp boxes and from finger training devices before, so why not a calculator?

Continue reading “Broken HP-48 Calculator Reborn As Bluetooth Keyboard”

This Week In Security: Black Hat, DEF CON, And Patch Tuesday

Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.

First some light-hearted shenanigans. Obviously inspired by Little Bobby Tables, Droogie applied for the vanity plate “NULL”. A year went by without any problems, but soon enough it was time to renew his registration. The online registration form refused to acknowledge “NULL” as a valid license plate. The hilarity didn’t really start until he got a parking ticket, and received a bill for $12,000. It seems that the California parking ticket collection system can’t properly differentiate between “NULL” and a null value, and so every ticket without a license plate is now unintentionally linked to his plate.

In the comments on the Ars Technica article, it was suggested that “NULL” simply be added to the list of disallowed vanity plates. A savvy reader pointed out that the system that tracks disallowed plates would probably similarly choke on a “NULL” value.

Hacking an F-15

In a surprising move, Air Force officials brought samples of the Trusted Aircraft Information Download Station (TADS) from an F-15 to DEF CON. Researchers were apparently able to compromise those devices in a myriad of ways. This is a radical departure from the security-through-obscurity approach that has characterized the U.S. military for years.

Next year’s DEF CON involvement promises to be even better as the Air Force plans to bring researchers out to an actual aircraft, inviting them to compromise it in every way imaginable.

Patch Tuesday

Microsoft’s monthly dump of Windows security fixes landed this week, and it was a doozy. First up are a pair of remotely exploitable Remote Desktop vulnerabilities, CVE-2019-1222 and CVE-2019-1226. It’s been theorized that these bugs were found as part of an RDP code review launched in response to the BlueKeep vulnerability from earlier this year. The important difference here is that these bugs affect multiple versions of Windows, up to and including Windows 10.

What the CTF

Remember Tavis Ormandy and his Notepad attack? We finally have the rest of the story! Go read the whole thing, it’s a great tale of finding something strange, and then pulling it apart looking for vulnerabilities.

Microsoft Windows has a module, MSCTF, that is part of the Text Services Framework. What does the CTF acronym even stand for? That’s not clear. It seems that CTF is responsible for handling keyboard layouts, and translating keystrokes based on what keyboard type is selected. What is also clear is that every time an application builds a window, that application also connects to a CTF process. CTF has been a part of Microsoft’s code base since at least 2001, with relatively few code changes since then.

CTF doesn’t do any validation, so an attacker can connect to the CTF service and claim to be any process. Tavis discovered he could effectively attempt to call arbitrary function pointers of any program talking to the same CTF service. Due to some additional security measures built into modern Windows, the path to an actual compromise is rather convoluted, but by the end of the day, any CFT client can be compromised, including notepad.

The most interesting CFT client Tavis found was the login screen. The exploit he demos as part of the write-up is to lock the computer, and then compromise the login in order to spawn a process with system privileges.

The presence of this unknown service running on every Windows machine is just another reminder that operating systems should be open source.

Biostar 2

Biostar 2 is a centralized biometric access control system in use by thousands of organizations and many countries around the globe. A pair of Israeli security researchers discovered that the central database that controls the entire system was unencrypted and unsecured. 23 Gigabytes of security data was available, including over a million fingerprints. This data was stored in the clear, rather than properly hashed, so passwords and fingerprints were directly leaked as a result. This data seems to have been made available through an Elasticsearch instance that was directly exposed to the internet, and was found through port scanning.

If you have any exposure to Biostar 2 systems, you need to assume your data has been compromised. While passwords can be changed, fingerprints are forever. As biometric authentication becomes more widespread, this is an unexplored side effect.

Electric Vehicles On Ice

This winter, a group of electric vehicle enthusiasts, including [Dane Kouttron], raced their homemade electric go-karts on the semi-frozen tundra nearby as part of their annual winter tradition. These vehicles are appropriately named Atomic Thing and Doom Sled, and need perfect weather conditions to really put them to the test. You want a glass-like race track but snowfall on ice freezes into an ice-mush intermediate that ends up being too viscous for high-speed ice vehicles. The trick is to watch for temperatures that remain well below zero without snow-like precipitation.

The group is from the community makerspace out of MIT known as MITERS and already have EV hacking experience. They retrofitted their VW Things vehicle (originally built for a high speed electric vehicle competition) to squeeze even more speed out of the design. Starting out with an 8-speed Shimano gearbox and a 7kW motor, they assembled a massive 24S 10P battery out of cylindrical A123 cells salvaged from a Prius A123 Hymotion program. This monster operates at 84V with a 22AH capacity, plenty for power for the team to fully utilize the motor’s potential.

The battery is ratchet strapped to the back of the Atomic Thing to provide more traction on the ice. It must feel just like riding on top of a different kind of rocket.

They tried using ice skates in the front of the Atomic Thing, but the steering was difficult to control over rough ice. Studded solid tires perform quite well, resulting in less jarring movement for the driver. Doom Sled is a contraption built from a frame of welded steel tube and a mountainboard truck with ice skate blades for steering. The motor — a Motenegy DC brush [ME909] — was salvaged from a lab cleanout, transferring power to the wheels through a chain and keyed shaft. The shaft-to-wheel torque was duly translated over two keyed hub adapters.

Doom Sled with seat strapped on

The crew fitted a seat from a longscooter and made a chain guard from aluminum u-channel to keep the flying chain away from the driver’s fingers. The final user interface includes a right-hand throttle and a left-hand “electric brake” (using resistors to remove the stored energy quickly to combat the enormous inertia produced by the vehicle).

Overall, ice racing was a success! You can see the racing conditions were just about perfect, with minimal ice mush on the lake. Any rough patches were definitely buffered smooth by the end of the day.

Continue reading “Electric Vehicles On Ice”

Turning A Sony Into A Leica Through Extreme Camera Modding

The quality of a photograph is a subjective measure depending upon a multitude of factors of which the calibre of the camera is only one. Yet a high quality camera remains an object of desire for many photographers as it says something about you and not just about the photos you take. [Neutral Gray] didn’t have a Leica handheld camera, but did have a Sony. What’s a hacker to do, save up to buy the more expensive brand? Instead he chose to remodel the Sony into a very passable imitation.

This is a Chinese language page but well worth reading. We can’t get a Google Translate link to work, but in Chrome browser, right clicking and selecting “translate” works. If you have a workaround for mobile and other browsers please leave a comment below.

The Sony A7R is hardly a cheap camera in the first place, well into the four-figure range, so it’s a brave person who embarks on its conversion to match the Leica’s flat-top aesthetic. The Sony was first completely dismantled and it was found that the electronic viewfinder could be removed without compromising the camera. In a bold move, its alloy housing was ground away, and replaced with a polished plate bearing a fake Leica branding.

 

Extensive remodelling of the hand grip with a custom carbon fibre part followed, with significantly intricate work to achieve an exceptionally high quality result. Careful choice of paint finish results in a camera that a non-expert would have difficulty knowing was anything but a genuine Leica, given that it is fitted with a retro-styled lens system.

We’re not so sure we’d like to brace Leica’s lawyers on this side of the world, but we can’t help admiring this camera. If you’re after a digital Leica though, you can of course have a go at the real thing.

Thanks [fvollmer] for the tip.