Day: December 23, 2022

Working With I2S-Compatible FM Tuners

December 23, 2022 by 9 Comments

While the Internet is a great place to get access to any music or audio you can dream of, there’s still a place for broadcast radio. [mit41301] has recently been exploring implementing a simple FM tuner chip in various projects.

The chip in question is the RDA7088, which is designed to require the bare minimum in external components, and is available in a compact SOP16 package. As per the datasheet, it was intended for use in applications like portable radios, PDAs, cell phones, and MP3 players.

[mit41301]’s first attempt involved using the chip as a simple tuner, hooked up to a PIC10F200 for control. Investigation revealed it was capable of outputting digital audio via I2S, while being commanded via I2C. By default, it spits out audio at a low sample rate of 8 kHz, but reconfiguration will jump that up to 44.1 or 48 kHz. Piping that digital I2S stream out to a DAC then delivers analog output that can be fed to an amplifier. The build also got remote control, with the PIC handling decoding IR signals and outputting commands to the radio chip.

Following this success, [mit41301] then went further, hooking up an ESP-01 to the chip to try and get RDS going. If you’re unfamiliar with the Radio Data System, it’s a way for short textual messages to be sent out by FM broadcasters. In addition to the duties carried out by the PIC module, the ESP-01 is also charged with receiving RDS data from the RDA7088, and outputting it to a display.

While using such chips is routine in industry, it’s always great to see a DIY guide to interfacing with specific hardware. If you want to integrate FM radio into your own projects, the RDA7088 is a simple and easy way to do so. We’ve seen similar work before, adding FM radio to the Raspberry Pi.

Continue reading “Working With I2S-Compatible FM Tuners”

This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability

December 23, 2022 by 6 Comments

It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part of the target’s development environment, and there’s been a few clever attacks found over the years that take advantage of that. There’s now another one, what Legit Security calls Github Environment Injection, and there were some big-name organizations vulnerable to it.

The crux of the issue is the $GITHUB_ENV file, which contains environment variables to be set in the Actions environment. Individual variables get added to this file as part of the automated action, and that process needs to include some sanitization of data. Otherwise, an attacker can send an environment variable that includes a newline and completely unintended environment variable. And an unintended, arbitrary environment variable is game over for the security of the workflow. The example uses the NODE_OPTIONS variable to dump the entire environment to an accessible output. Any API keys or other secrets are revealed.

This particular attack was reported to GitHub, but there isn’t a practical way to fix it architecturally. So it’s up to individual projects to be very careful about writing untrusted data into the $GITHUB_ENV file.

Continue reading “This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability”

GitHub ESP32 OTA Updates, Now In MicroPython Flavor

December 23, 2022 by 5 Comments

Wouldn’t it be great if you could keep all of your small Internet-connected hacks up to date with a single codebase? A couple of weeks ago, we wrote up a project that automagically pulls down OTA updates to an ESP32 from GitHub, using the ESP32 C SDK. [Pascal] asked in the comments, “but what about MicroPython?” Gauntlet thrown, [TURFPTAx] wrote ugit.pya simple library that mirrors all of the code from a public GitHub Python repo straight to your gizmo running Micropython.

[Damped] wrote in about Senko, another library that does something very similar, but by then [TURFPTAx] was already done. Bam! Part of the speed is that MicroPython includes everything you need to get the job done – parsing streamed JSON was the hard part with the original hack. MicroPython makes those sorts of things easy.

This is one of those ideas that’s just brilliant for a hacker with a small flock of independent devices to herd. And because ugit.py itself is fairly simple and readable, if you need to customize it to do your own bidding, that’s no problem either. Just be sure that when you’re storing your WiFi authentication info, it’s not publicly displayed. ([TURFPTAx], could I log into your home WiFi?)

What’s [TURFPTAx] going to be using this for? We’re guessing it’s going to be deploying code to his awesome Open Muscle sensing rigs. What will we be using it for? Blinky Christmas decorations for the in-laws, now remotely updatable without them having to even learn what a “repo” is.

Continue reading “GitHub ESP32 OTA Updates, Now In MicroPython Flavor”

Beat Backing Box For Bassists

December 23, 2022 by 9 Comments

The soul of a rock band is its rhythm section, usually consisting of a drummer and bass player. If you don’t believe that, try listening to a band where these two can’t keep proper time. Bands can often get away with sloppy guitars and vocals (this is how punk became a genre), but without that foundation you’ll be hard pressed to score any gigs at all. Unfortunately drums are bulky and expensive, and good drummers hard to find, so if you’re an aspiring bassist looking to practice laying down a solid groove on your own check out this drum machine designed by [Duncan McIntyre].

The drum machine is designed to be as user-friendly as possible for someone who is actively playing another instrument, which means all tactile inputs and no touch screens. Several rows of buttons across the top select the drum sounds for the sequencer and each column corresponds to the various beats, allowing custom patterns to be selected and changed rapidly. There are several other controls for volume and tempo, and since it’s based on MIDI using the VS1053 chip and uses an STM32 microcontroller it’s easily configurable and can be quickly interfaced with other machines as well.

For anyone who wants to build their own, all of the circuit schematics and code are available on GitHub. If you have an aversion to digital equipment, though, take a look at this drum machine that produces its rhythms using circuits that are completely analog.

Continue reading “Beat Backing Box For Bassists”