Day: April 23, 2021

An Anamorphic Lens Adapter For Very Pretty Video

April 23, 2021 by 11 Comments

Anamorphic lenses are a great way to shoot in widescreen, but they’re prohibitively expensive on digital formats. Enthusiasts have experimented with using anamorphic adapter lenses from old projectors, but focusing can be a chore and results sub-par. [Andrew] found a way to use these cheap old anamorphic adaptors on a modern camera without sacrificing too much functionality.

Pretty, no?

Anamorphic filming techniques came about in the era of film. The aim was to record cinema-style widescreen footage on 3:2 aspect ratio 35 mm film. The way this was done was by using a lens that squeezes a wide aspect ratio to fit the format, and then a corresponding lens to squeeze it back on the projector. This allows for higher resolution than simply letterboxing onto the 35 mm frame and wasting the extra space.

Adam’s hack involves 3D printing a lens housing that pairs an anamorphic projector adapter lens with a Sony E-mount taking lens. Gears are set up so that both lenses can be focused together, rather than typical adapter setups that require the user to juggle multiple focus rings at once. This makes the rig much more usable in real shoots where there’s no time for messing about.

It’s a useful hack, and one we could imagine quite a few low-budget filmmakers will be rushing out to replicate. Files are on Thingiverse for the eager. Consider whipping yourself up a camera slider while you’re at it for really boss shots. Video after the break.

Continue reading “An Anamorphic Lens Adapter For Very Pretty Video”

This Week In Security: NAME:WRECK, Signal Hacks Back, Updates, And More

April 23, 2021 by 9 Comments

NAME:WRECK is a collection of vulnerabilities in DNS implementations, discovered by Forescout and JSOF Research. This body of research can be seen as a continuation of Ripple20 and AMNESIA:33, as it builds on a class of vulnerability discovered in other network stacks, problems with DNS message compression.

Their PDF Whitepaper contains a brief primer on the DNS message format, which is useful for understanding the class of problem. In such a message, a DNS name is encoded with a length-value scheme, with each full name ending in a null byte. So in a DNS Request, Hackaday.com would get represented as [0x08]Hackaday[0x03]com[0x00]. The dots get replaced by these length values, and it makes for an easily parsable format.

Very early on, it was decided that continually repeating the same host names in a DNS message was wasteful of space, so a compression scheme was devised. DNS compression takes advantage of the maximum host/domain length of 63 characters. This max size means that the binary representation of that length value will never contain “1”s in the first two digits. Since it can never be used, length values starting with a binary “11” are used to point to a previously occurring domain name. The 14 bits that follow this two bit flag are known as a compression pointer, and represent a byte offset from the beginning of the message. The DNS message parser pulls the intended value from that location, and then continues parsing.

The problems found were generally based around improper validation. For example, the NetX stack doesn’t check whether the compression pointer points at itself. This scenario leads to a tight infinite loop, a classic DoS attack. Other systems don’t properly validate the location being referenced, leading to data copy past the allocated buffer, leading to remote code execution (RCE). FreeBSD has this issue, but because it’s tied to DHCP packets, the vulnerability can only be exploited by a device on the local network. While looking for message compression issues, they also found a handful of vulnerabilities in DNS response parsing that aren’t directly related to compression. The most notable here being an RCE in Seimens’ Nucleus Net stack. Continue reading “This Week In Security: NAME:WRECK, Signal Hacks Back, Updates, And More”

This ESP8266 Dev Board Has A Surprising Story Behind It

April 23, 2021 by 24 Comments

If you’re looking to get started with the ESP8266, there’s no shortage of development boards out there to select from. But we don’t think you’ll find one with a more unique a backstory than the open source ME-ESP8266. That’s because Malouf, the company that makes the $20 USD board, is a home goods company better known for their pillows and bed frames.

So how do you go from mattress toppers to microcontrollers? Well, as unlikely as it might seem, the missing element is Toys R’ Us. Or more specifically, the liquidation of Toys R’ Us. A Texas distribution center Malouf purchased from the iconic toy retailer included an automated conveyor belt system to move product through the gargantuan building, but unfortunately, they couldn’t get it to work with their existing system. The company decided to use their in-house team of engineers to solve the problem, and the ME-ESP8266 was born.

It turns out that an ESP8266 board developed to move bedding around an old Toys R’ Us warehouse has a lot of useful features for hackers and makers. It’s got an integrated relay, 16 MB of flash storage, an IR receiver, beefy screw terminals, and a 2.54mm-pitch GPIO pin header. There’s even a MAX232 on the board so it can talk to RS-232 devices. The hardware is compatible with the standard Arduino IDE as a “Generic ESP8266 Module”,  so you’ll have no problem using existing libraries and example code.

Now under normal circumstances, the public would never know about this sort of behind the scenes engineering. But instead of keeping their new ESP board to themselves, the team at Malouf got the go ahead from the company’s Chief Technology Officer (CTO) to release it as an open source project. Even more impressive, they got the company to put the board into production so it could be sold to the public. So today we not only learned that bedding companies have CTOs, but that they can be exceptionally open-minded.

Our hats off to the engineers at Malouf and the forward thinking brass that green lit production of the ME-ESP8266. It’s not the first interesting development to come from the liquidation of Geoffrey’s kingdom, but it just might be the most useful.

Stepper Motor Analyzer Reveals All

April 23, 2021 by 15 Comments

In theory, you really don’t need much to work with electronics. A scope ought to do everything. However, for special purposes, it is handy to have meters, logic analyzers, and other special-purpose instruments. If you work on motion systems like 3D printers and CNC machines, you ought to have a way to look at stepper motors. You don’t? [Zapta] has a great Simple Stepper Motor Analyzer and [Teaching Tech] has a great video (see below) that shows some of the great things it can do.

What can it do? It analyzes the motor in place and can visualize what’s happening during stepping, microstepping, and other operating modes. Connecting the instrument is easy since you just use a four-pin pass-through connector.

Continue reading “Stepper Motor Analyzer Reveals All”