Illumos Gets A New C Compiler

Illumos is an OpenSolaris-derived Unix system, and no Unix is complete without a C compiler or two. And with a name like Portable C Compiler (PCC), you would think that would be a great bet to get up and running on Illumos. That’s probably what [Brian Callahan] thought, too, but found out otherwise.

PCC already generates x86 code, so that wasn’t the problem. It was a matter of reconfiguring the compiler for the environment, ironic since PCC probably started on true Unix but now won’t work with 64-bit Solaris-like operating system. According to the post:

It looks like some time ago someone added configuration for 32-bit x86 and SPARC64 support for the Solaris family. But no one ever tried to support 64-bit x86. So first we had to teach the configure script for both pcc and pcc-libs that 64-bit x86 Solaris

Continue reading “Illumos Gets A New C Compiler”

Improving Ocean Power With Static Electricity

Water is heavy, so if you think about it, a moving ocean wave has quite a bit of energy. Scientists have a new way to use triboelectric generators to harvest that power for oceangoing systems. (PDF) Triboelectric nanogenerators (TENGs) are nothing new, but this new approach allows for operation where the waves have lower amplitude and frequency, making traditional systems useless.

The new approach uses a rotor and a stator, along with some aluminum, magnets, and — no kidding — rabbit fur. The stator is 3D printed in resin. The idea is to mechanically accumulate and amplify small low-frequency waves into high-frequency motion suitable for triboelectric generation.

Continue reading “Improving Ocean Power With Static Electricity”

Hackaday Links Column Banner

Hackaday Links: July 16, 2023

Last week, we noted an attempt to fix a hardware problem with software, which backfired pretty dramatically for Ford when they tried to counter the tendency for driveshafts to fall out of certain of their cars by automatically applying the electric parking brake.

This week, the story is a little different, but still illustrates how software and hardware can interact unpredictably, especially in the automotive space. The story centers on a 2015 Optima recall for a software update for the knock sensor detection system. We can’t find the specifics, but if this recall on a similar Kia model in the same model year range and a class-action lawsuit are any indication, the update looks like it would have made the KSDS more sensitive to worn connecting rod damage, and forced the car into “limp home mode” to limit damage to the engine if knocking is detected.

A clever solution to a mechanical problem? Perhaps, but because the Kia owner in the story claims not to have received the snail-mail recall notice, she got no warning when her bearings started wearing out. Result: a $6,000 bill for a new engine, which she was forced to cover out of pocket. Granted, this software fix isn’t quite as egregious as Ford’s workaround for weak driveshaft mounting bolts, and there may very well have been a lack of maintenance by the car’s owner. But if you’re a Kia mechanical engineer, wouldn’t your first instinct have been to fix the problem causing the rod bearings to wear out, rather than papering over the problem with software?

Continue reading “Hackaday Links: July 16, 2023”

Halbach Array Makes Magnets Strong, Weak

If you want a strong magnet, the obvious answer is to buy one. However, for a variety of reasons, you might want to combine several smaller magnets. There are a few ways to do this, but the Halbach array, as [wannabemadsci] explains, allows you to make an array of magnets where one side is very strong, and the other side is very weak.

The example uses a 3D-printed housing and five cube magnets. To form a Halbach array, the poles of the magnets are in a specific orientation that effectively rotates ninety degrees for each — in this case — cube.

Continue reading “Halbach Array Makes Magnets Strong, Weak”

two USBValve devices on a table, both with a USB cable plugged in. The top one with a long narrow OLED display and the bottom one with a 128x64 OLED display.

Sleuth Untrusted USB Communication With USBValve

USB devices are now ubiquitous and, from an information security standpoint, this is a terrifying prospect as malicious software can potentially be injected into a system by plugging in a compromised USB stick. To help get some piece of mind, [Cesare Pizzi] created USBValve to help expose suspicious USB activity on the fly.

The idea behind USBValve is to have the onboard microcontroller advertise itself as a storage device, pretending to have a filesystem with some common files available. When an unknown USB device is first inserted into the USB port on the USBValve tool, USBValve displays usage information, via the attached OLED screen, on whether the USB device is accessing files it shouldn’t be or immediately trying to write to the filesystem, which is a clear sign of malicious behavior.

The USBValve hardware is a straight forward composition of a Raspberry Pi Pico, an tiny I2C OLED screen and an optional PCB carrier board with a 3D printed spacer. The software uses Adafruit’s Tiny USB library along with the SSD1306AsciiWire library to drive the OLED display. And it’s all open source, including the code and PCB design files.

There’s a lot of security fun to be had with USB, from DIY dirt cheap Rubber Duckies to open source hardware Rubber Duckies, to discussions on the BadUSB exploits. The simplicity of the USBValve project allows it to be low cost, easy to use and can provide concise, critical information for a variety of real world threats.

After the break, be sure to check out [Cesare Pizzi]’s talk about USBValve at the SCC Insomnihack conference which has a wealth of information on how it fares against some known malware attacks, discussions on some of its shortcomings and potential avenues for improvement.

Thanks to [watchdog] for the tip!

Continue reading “Sleuth Untrusted USB Communication With USBValve”

A Current Sensing Coil That’s Open Ended

One of the joys of writing for Hackaday comes in learning new things which even after a long engineering background haven’t yet come your way. So it is with the Rogowski coil, an AC current sensing coil which is unlike conventional current transformers in that it’s open ended — in other words not needing to be closed around the conductor it’s measuring. [Weston Braun] has an interesting introduction to the subject, as part of his open source Rogowski coil based current probe.

The project itself is an amplifier and integrator that provides a voltage output proportional to the current sensed by the coil, but the real meat is in discovering the coils themselves. They’re a many-turn coil wound on a flexible former, forming in effect a toroidal inductor with a gap in it when bent into a circle. They’re for high frequencies only though, with the one in this project having a bandwidth from 888 Hz to 25 MHz. We don’t have any immediate need to non-intrusively measure current at those frequencies, but it’s something to know that we could.

This isn’t the first time a Rogowski coil has turned up on Hackaday though, back in 2011 we saw one used to measure a steep current impulse.

Brute Forcing A Mobile’s PIN Over USB With A $3 Board

Mobile PINs are a lot like passwords in that there are a number of very common ones, and [Mobile Hacker] has a clever proof of concept that uses a tiny microcontroller development board to emulate a keyboard to test the 20 most common unlock PINs on an Android device.

Trying the twenty most common PINs doesn’t take long.

The project is based on research analyzing the security of 4- and 6-digit smartphone PINs which found some striking similarities between user-chosen unlock codes. While the research is a few years old, user behavior in terms of PIN choice has probably not changed much.

The hardware is not much more than a Digispark board, a small ATtiny85-based board with built-in USB connector, and an adapter. In fact, it has a lot in common with the DIY Rubber Ducky except for being focused on doing a single job.

Once connected to a mobile device, it performs a form of keystroke injection attack, automatically sending keyboard events to input the most common PINs with a delay between each attempt. Assuming the device accepts, trying all twenty codes takes about six minutes.

Disabling OTG connections for a device is one way to prevent this kind of attack, and not configuring a common PIN like ‘1111’ or ‘1234’ is even better. You can see the brute forcing in action in the video, embedded below.

Continue reading “Brute Forcing A Mobile’s PIN Over USB With A $3 Board”