Hackaday editors Elliot Williams and Mike Szczys peruse the world of hacks. There was so much news this week that we lead off the show with a rundown to catch you up. Yet there is still no shortage of hardware hacks, with prosthetic legs for your rubber ducky, a RC cart that channels the spirit of Formula 1, and a project that brings 80’s video conferencing hardware to Zoom. There’s phosphine gas on Venus and unlimited hacking projects inside your guitar. The week wouldn’t be complete without the joy of riffing on the most useless machine concept.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Their candy slide is almost entirely made of PVC, plus some gauze to mummify it and make it scarier. It’s essentially a six-foot long section of 3″ tubing supported by two ladders made of 1″ tubing that put the top four feet off the ground and a kid-friendly two feet off the ground at the receiving end. [WickedMakers] did a great job of hiding the PVC-ness of this build. We can’t help but wonder how much harder it would be to make the skeleton put the candy on the slide. Check out the build video after the break.
The uTorrent client was recently updated to fix a null pointer dereference (CVE-2020-8437), discovered by [whtaguy]. Triggering the dereference simply crashes the client — so far an actual RCE hasn’t been found. Given the nature of the null pointer dereference, it’s possible this bug is limited to denial of service. That’s extremely good, because the flaw is extremely easy to target.
BitTorrent is a clever protocol. It’s still used to distribute large files, like Linux ISOs. The concept is simple: Split a large file into small chunks. Send the chunks to a client one at a time. As each chunk is received, the client sends a copy of that chunk to the next client. As a result of this peer-to-peer (p2p) arrangement, the bandwidth available to the server is greatly multiplied. As with all other p2p arrangements, the sticking point is how to make those connections between peers, particularly when most of the world’s desktops are behind NAT routers. In practice, for two peers to share data, at least one of them has to have a port opened or forwarded to the client. This is often accomplished through Universal Plug-n-Play (UPnP) or the NAT Port Mapping Protocol (NAT-PMP). The idea of both protocols are the same; a client on an internal device can request a temporary port forward without manual intervention. Whether it’s a good idea to allow automatic port forwards is another issue for another day. Continue reading “This Week In Security: UTorrent Vulnerable, Crowd-Sourcing Your Fail2Ban, And Cryptographers At Casinos”→
Repurposing commodity electronics is one of the true forms of hacking, and it’s always the simple little hacks that lead to big ones. [Everett] wanted to use a $20 GoPro clone as a dash cam, so he wired a microcontroller into it to automate some actions and make it practical.
The camera turns on automatically when connected to external power like a car charger, but starting and stopping a recording and power down all had to be done manually. [Everett] wanted to automate these functions, so he opened up the camera and started probing with an oscilloscope. He found the power button, record button, 3.3 V and external 5 V traces conveniently next to each other in the top of the camera.
To automate the required functions, he wired in a PIC10 on a small breakout board, powered by the 3.3 V line. It detects if 5 V is connected to the charging port on start-up via an N-channel FET, then automatically starts a recording. When the 5 V power is switched off with the car, it waits 10 seconds before stopping the recording and switching off the camera. If no external 5 V is not detected on start-up the microcontroller does nothing, which allows the camera to be used as a normal handheld. [Everett] mounted the camera to his rearview mirror with a magnetic bracket made using a combination of a 3D printer and 3D pen.
This is a simple and practical little hack, and the firmware is available on Github. Cheap dashcams are available for similar prices, but you won’t get any hacking satisfaction that way.
In the continuing quest by countless hobbyists to allow every 1980s 8-bit home computer to experience the joys of an online experience that doesn’t involve a 9600 baud modem, [Roland Leurs] has created a cartridge-based module for the Acorn Electron that adds WiFi, which he showed off at the virtual ABug conference in September 2020.
The Acorn Electron is a Synertek 6502-based computer that was released in the UK in August of 1983. It’s a budget version of the well-known BBC Micro educational/home computer, with 32 kB of RAM and featuring BBC BASIC v2 in its ROM. [Roland]’s ElkWiFi card slots into an available cartridge slot, after which the onboard ESP8266 (ESP-1 module) can be enabled and used as a WiFi modem.
The board features the Exar ST16C2552CJ dual UART chip, one channel of which connects to the ESP-1 module, with the other channel used as an uncommitted UART header. The control logic is implemented in VHDL and flashed to the onboard Xilinx CPLD, and a 128 kB RAM module is used as WiFi data buffer.
Although a definite niche product, reading through the forum thread makes one really appreciate the technical complexity and joy once things are beginning to work reliably. It also shows one of the few cases where an ESP-1 module is used for its original purpose: as an easy way to add WiFi functionality with full WiFi and TCP stack, without burdening the main CPU.