Year: 2023

Hackaday Podcast 223: Smoking Smart Meter, 489 Megapixels, And Unshredding Documents

June 16, 2023 by 10 Comments

Elliot’s back from vacation, and Dan stepped into the virtual podcast studio with him to uncover all the hacks he missed while hiking in Italy. There was a lot to miss, what with a smart meter getting snuffed by a Flipper Zero — or was it? How about a half-gigapixel camera built out of an old scanner, or a sonar-aimed turret gun? We also looked at a couple of projects that did things the hard way, like a TV test pattern generator that was clearly a labor of love, and an all-transistor HP frequency counter. More plastic welding? Hey, a fix is a fix! Plus, we’ll dive into why all those Alexas are just gathering dust, and look at the really, REALLY hard problems involved in restoring shredded documents.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download a long series of ones and zeroes that, when appropriately interpreted, sound like two people talking about nerdy stuff!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 223: Smoking Smart Meter, 489 Megapixels, And Unshredding Documents”

IKEA LACK Table Becomes Extremely Affordable DIY Copy Stand

June 16, 2023 by 14 Comments

A copy stand is a tool used to capture images of photos, artwork, books, and things of a similar nature. It holds a camera perpendicular to a large and flat surface, upon which the subject rests.

A threaded rod provides effective vertical adjustment.

They are handy, but there’s no need to spend a lot when [BlandPasta]’s DIY copy stand based on a cheap IKEA LACK table can be turned into an economical afternoon project with the help of simple hardware and a few 3D printed parts.

The main structure comes from a mixture of parts from two LACK tables: one small and one normal-sized. A tabletop is used as the bed, and the square legs make up the structural parts with the help of some printed pieces. A threaded rod combined with some captive hardware provides a way to adjust the camera up and down with a crank, while one can manually slide the horizontal camera mount as needed to frame the subject appropriately.

This is a clever remix of IKEA parts, and the somewhat matte white finish of the LACK complements photography well. Adding some DIY LED lighting is about all it takes to get a perfectly serviceable copy stand that won’t break the bank.

This Week In Security: ACME.sh, Leaking LEDs, And Android Apps

June 16, 2023 by 3 Comments

Let’s Encrypt has made an enormous difference to the landscape of the web. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. This pseudo-CA only supports acme.sh, and now we know why. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. Oof.

The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. So, just a good community member offering a service that ACME doesn’t quite support, right?

Well, maybe not so innocent. The way it appears this works, is that the end user sends a certificate request to HiCA. HiCA takes that information, and initiates a certificate request off to SSL.com. SSL.com sends back a challenge, and HiCA embeds that challenge in the RCE and sends it to the end user. The end user’s machine triggers the RCE, which pushes the challenge token to the well-known location, and bypasses the ACME protection against exactly this sort of CA-in-the-middle situation.

The last piece of the authentication process is that the signing server reaches out over HTTP to the domain being signed, and looks for the token to be there. Once found, it sends the signed certificates to HiCA, who then forward them on to the end user. And that’s the problem. HiCA has access to the key of every SSL cert they handled. This doesn’t allow encryption, but these keys could be used to impersonate or even launch MitM attacks against those domains. There’s no evidence that HiCA was actually capturing or using those keys, but this company was abusing an RCE to put itself in the position to have that ability.

The takeaway is twofold. First, as an end user, only use reputable CAs. And second, ACME clients need to be hardened against potentially malicious CAs. The fact that HiCA only supported the one ACME client was what led to this discovery, and should have been a warning flag to anyone using the service. Continue reading “This Week In Security: ACME.sh, Leaking LEDs, And Android Apps”

Persistence Pays In TI-99/4A Cassette Tape Data Recovery

June 16, 2023 by 11 Comments

In the three or four decades since storing programs on audio cassettes has been relevant, a lot of irreplaceable personal computing history has been lost to the ravages of time and the sub-optimal conditions in the attics and basements where tapes have been stored. Luckily, over that time we’ve developed a lot of tools and techniques that might make it possible to recover some of these ancient treasures. But as [Noel] shows us, recovering data from cassette tapes is a tricky business.

His case study for the video below is a tape from a TI-99/4A that won’t load. A quick look in Audacity at the audio waveform seems to show the problem — an area of severely attenuated signal. Unfortunately, no amount of boosting and filtering did the trick, so [Noel] had to dig a bit deeper. It turns out that the TI tape interface standard, with its redundant data structure, was somewhat to blame for the inability to read this particular tape. As [Noel] explains, each 64-bit data record is recorded to tape twice, along with a header and a checksum. If neither record decodes correctly, then tape playback just stops.

Luckily, someone who had already run into this problem spun up a Windows program to help. CS1er — our guess would be “Ceaser” — takes WAV file input and loads each record, simply flagging the bad ones instead of just bailing out. [Noel] used the program to analyze multiple recordings of the same data and eventually got enough good records to reassemble the original program, a game called Dogfight — or was it Gogfight? Either way, he managed to get most of the data off the tape, and since it was a BASIC program, it was pretty easy to figure out the missing bytes by inspection.

[Noel]’s experience will no doubt be music to the ears of the TI aficionados out there. Of which we’ve seen plenty, from the TI-99 demoscene to running Java on one, and whatever this magnificent thing is.

Continue reading “Persistence Pays In TI-99/4A Cassette Tape Data Recovery”

These Illusions Celebrate Exploiting Human Senses

June 16, 2023 by 7 Comments

Illusions are perceptual experiences that do not match physical reality, and the 2023 Illusion of the Year contest produced a variety of nifty ones that are worth checking out. A video for each is embedded below the break, but we’ll briefly explain each as well.

Some of the visual illusions play with perspective. One such example happens to be the contest winner: Platform 9 3/4 has a LEGO car appear to drive directly through a wall. It happens so quickly it’s difficult to say what happened at all!

Another good one is the Tower of Cubes, which appears as two stacks of normal-looking hollow cubes, but some of the cubes are in fact truly bizarre shapes when seen from the side. This is a bit reminiscent of the ambiguous cylinder illusion by Japanese mathematician and artist [Kokichi Sugihara].

Cornelia is representative of the hollow face illusion, in which a concave face is perceived as a normal convex one. (Interestingly this illusion is used to help diagnose schizophrenia, as sufferers overwhelmingly fail to perceive the illusion.)

The Accelerando Illusion is similar to (but differs from) an auditory effect known as the Risset Rhythm by composer Jean-Claude Risset. It exploits ambiguities in sound to create a dense musical arrangement that sounds as though it is constantly increasing in tempo.

The Buddha’s Ear Illusion creates the illusion of feeling as though one’s earlobe is being stretched out to an absurd length, and brings to mind the broader concept of body transfer illusion.

While it didn’t appear into the contest, we just can’t resist bringing up the Thermal Grill Illusion, in which one perceives a painful burning sensation from touching a set of alternating hot and cold elements. Even though the temperatures of the individual elements are actually quite mild, the temperature differential plays strange tricks on perception.

A video of each of the contest’s entries is embedded below, and they all explain exactly what’s going on for each one, so take a few minutes and give them a watch. Do you have a favorite illusion of your own? Share it in the comments!

Continue reading “These Illusions Celebrate Exploiting Human Senses”

Hack Club OnBoard

Hack Club Grants Encourage Open Source PCB Designs By Teens

June 15, 2023 by 6 Comments

[Hack Club] is a nonprofit network of coder and maker clubs for teenage high school students around the world. With an impressive reach boasting clubs in about 400 schools, they serve approximately 10,000 students. Their OnBoard program asserts, “Circuit boards are magical. You design one, we’ll print it!”

Any teenage high school student can apply for a [Hack Club] OnBoard Grant to have their Printed Circuit Board design fabricated into real hardware.  The process starts by designing a PCB using any tool that can generate Gerber files. The student then publishes their design on GitHub and submits the Gerber files to a PCB manufacturer.

A screenshot from the board house showing the completed design upload and production cost is the main requirement of the grant application.  If approved, the grant provides up to $100 to cover PCB manufacturing costs.

OnBoard encourages collaboration, community, and friends. Designers can share their projects and progress with [Hack Club] teens around the world. Those who are working on, or have completed, their own circuit board designs can share support and encouragement with their peers.

Example hardware projects from [Hack Club] include Sprig, an open-source handheld game console based on the Raspberry Pi Pico microcontroller.  Teen makers can explore the example OnBoard projects and then it’s… three, two, one, go!

The Fake Moon Landing Quarantine

June 15, 2023 by 43 Comments

We aren’t much into theories denying the moon landing around here, but [Dagomar Degroot], an associate professor at Georgetown University, asserts that the Apollo 11 quarantine efforts were bogus. Realistically, we think today that the chance of infection from the moon, of all places, is low. So claiming it was successful is like paying for a service that prevents elephants from falling through your chimney. Sure, it worked — there hasn’t been a single elephant!

According to [Degroot], the priority was to protect the astronauts and the mission, and most of the engineering money and effort went towards that risk reduction. The — admittedly low — danger of some alien plague wiping out life on Earth wasn’t given the same priority.

Continue reading “The Fake Moon Landing Quarantine”