Hackaday Celebrates 15 Years And Oh How The Hardware Has Changed

September 5, 2019 by Mike Szczys 56 Comments

Today marks exactly 15 years since Hackaday began featuring one Hack a Day, and we’ve haven’t missed a day since. Over 5,477 days we’ve published 34,057 articles, and the Hackaday community has logged 903,114 comments. It’s an amazing body of work from our writers and editors, a humbling level of involvement from our readers, and an absolutely incredible contribution to open hardware by the project creators who have shared details of their work and given us all something to talk about and to strive for.

What began as a blog is now a global virtual hackerspace. That first 105-word article has grown far beyond project features to include spectacular long-form original content. From our community of readers has grown Hackaday.io, launched in 2014 you’ll now find over 30,000 projects published by 350,000 members. The same year the Hackaday Prize was founded as a global engineering initiative seeking to promote open hardware, offering big prizes for big ideas (and the willingness to share them). Our virtual connections were also given the chance to come alive through the Hackaday Superconference, Hackaday Belgrade, numerous Hackaday Unconferences, and meetups all over the world.

All of this melts together into a huge support structure for anyone who wants to float an interesting idea with a proof of concept where “why” is the wrong question. Together we challenge the limits of what things are meant to do, and collectively we filter through the best ideas and hold them high as building blocks for the next iteration. The Hackaday community is the common link in the collective brain, a validation point for perpetuating great ideas of old, and cataloging the ones of new.

Perhaps the most impressive thing about the last 15 years of Hackaday is how much the technological landscape has changed. Hackaday is still around because all of us have actively changed along with it — always looking for that cutting edge where the clever misuse of something becomes the base for the next transformative change. So we thought we’d take a look back 15 years in tech. Let’s dig into a time when there were no modules for electronics, you couldn’t just whip up a plastic part in an afternoon, designing your own silicon was unheard of, and your parts distributor was the horde of broken electronics in your back room.

Continue reading “Hackaday Celebrates 15 Years And Oh How The Hardware Has Changed” →

ESP8266 And ESP32 WiFi Hacked!

September 5, 2019 by Elliot Williams 48 Comments

[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quick.

The first flaw is the simplest, and only effects ESP8266s. While connecting to an access point, the access point sends the ESP8266 an “AKM suite count” field that contains the number of authentication methods that are available for the connection. Because the ESP doesn’t do bounds-checking on this value, a malicious fake access point can send a large number here, probably overflowing a buffer, but definitely crashing the ESP. If you can send an ESP8266 a bogus beacon frame or probe response, you can crash it.

What’s most fun about the beacon frame crasher is that it can be implemented on an ESP8266 as well. Crash-ception! This takes advantage of the ESP’s packet injection mode, which we’ve covered before.

The second and third vulnerabilities exploit bugs in the way the ESP libraries handle the extensible authentication protocol (EAP) which is mostly used in enterprise and higher-security environments. One hack makes the ESP32 or ESP8266 on the EAP-enabled network crash, but the other hack allows for a complete hijacking of the encrypted session.

These EAP hacks are more troubling, and not just because session hijacking is more dangerous than a crash-DOS scenario. The ESP32 codebase has already been patched against them, but the older ESP8266 SDK has not yet. So as of now, if you’re running an ESP8266 on EAP, you’re vulnerable. We have no idea how many ESP8266 devices are out there in EAP networks, but we’d really like to see Espressif patch up this hole anyway.

[Matheus] points out the irony that if you’re using WPA2, you’re actually safer than if you’re unpatched and using the nominally more secure EAP. He also wrote us that if you’re stuck with a bunch of ESP8266s in an EAP environment, you should at least encrypt and sign your data to prevent eavesdropping and/or replay attacks.

Again, because [Matheus] informed Espressif first, most of the bugs are already fixed. It’s even percolated downstream into the Arduino-for-ESP, where it’s just been worked into the latest release a few hours ago. Time for an update. But those crusty old NodeMCU builds that we’ve got running everything in our house? Time for a full recompile.

We’ve always wondered when we’d see the first ESP8266 attacks in the wild, and that day has finally come. Thanks, [Matheus]!

Open Source Intel Helps Reveal US Spy Sat Capabilities

September 5, 2019 by Lewin Day 28 Comments

On the 30th August 2019, the President of the United States tweeted an image of an Iranian spaceport, making note of the recent failed Safir launch at the site. The release of such an image prompted raised eyebrows, given the high resolution of the image, and that it appeared to be a smartphone photo taken of a classified intelligence document.

Inquisitive minds quickly leapt on the photo, seeking to determine the source of the image. While some speculated that it may have been taken from a surveillance aircraft or drone, analysis by the satellite tracking community disagreed.

A comparison of the actual image, top, and a simulation of what a shot from USA 224 would look like. Ignore the shadows, which are from an image taken at a different time of day. Note the very similar orientation of the features of the launchpad.

The angle of shadows in the image was used to determine the approximate time that the image was taken. Additionally, through careful comparison with existing satellite images from Google Maps, it was possible to infer the azimuth and elevation of the camera. Positions of military satellites aren’t made public, but amateur tracking networks had data placing satellite USA 224 at a similar azimuth and elevation around the time the image was taken.

With both the timing and positioning pointing to USA 224, evidence seems conclusive that this KH-11 satellite was responsible for taking the image. The last confirmed public leak of a Keyhole surveillance image was in 1984, making this an especially rare occurrence. Such leaks are often frowned upon in the intelligence community, as nation states prefer to keep surveillance capabilities close to their chest. The Safir images suggest that USA 224 has a resolution of 10cm per pixel or better – information that could prove useful to other intelligence organisations.

It’s not the first time we’ve covered formerly classified information, either – this teardown of a Soviet missile seeker bore many secrets.

Kinetic Lamp Sheds Light On Scientific Principles

September 5, 2019 by Kristina Panos 7 Comments

This thing right here might be the coolest desk toy since Newton’s Cradle. It’s [Stephen Co]’s latest installment in a line of mesmerizing, zodiac-themed art lamps that started with the water-dancing Aquarius. All at once, it demonstrates standing waves, persistence of vision, and the stroboscopic effect. And the best part? You can stick your finger in it.

This intriguing lamp is designed to illustrate Pisces, that mythological pair of fish bound by string that represent Aphrodite and her son Eros’ escape from the clutches of Typhon. Here’s what is happening: two 5V DC motors, one running in reverse, are rotating a string at high speeds. The strobing LEDs turn the string into an array of optical illusions depending on the strobing rate, which is controlled with a potentiometer. A second pot sweeps through eleven preset patterns that vary the colors and visual effect. And of course, poking the string will cause interesting interruptions.

The stroboscopic effect hinges on the choice of LED. Those old standby 2812s don’t have a high enough max refresh rate, so [Stephen] sprung for APA102Cs, aka DotStars. Everything is controlled with an Arduino Nano clone. [Stephen] has an active Kickstarter campaign going for Pisces, and one of the rewards is the code and STL files. On the IO page for Pisces, [Stephen] walks us through the cost vs. consumer pricing breakdown.

We love all kinds of lamps around here, from the super-useful to the super-animated.