Day: July 24, 2024

Hacking An IoT Camera Reveals Hard-Coded Root Password

July 24, 2024 by 24 Comments

Hacking — at least the kind where you’re breaking into stuff — is very much a learn-by-doing skill. There’s simply no substitute for getting your hands dirty and just trying something. But that doesn’t mean you can’t learn something by watching, with this root password exploit on a cheap IP video camera being a good look at the basics.

By way of background on this project, [Matt Brown] had previously torn into a VStarcam CB73 security camera, a more or less generic IP camera that he picked up on the cheap, and identified a flash memory chip from which he extracted the firmware. His initial goal was to see if the camera was contacting sketchy servers, and while searching the strings for the expected unsavory items, he found hard-coded IP addresses plus confirmation that the camera was running some Linux variant.

With evidence of sloppy coding practices, [Matt] set off on a search for a hard-coded root password. The second video covers this effort, which started with finding UART pins and getting a console session. Luckily, the bootloader wasn’t locked, which allowed [Matt] to force the camera to boot into a shell session and find the root password hash. With no luck brute-forcing the hash, he turned to Ghidra to understand the structure of a suspicious program in the firmware called encoder. After a little bit of poking and some endian twiddling, he was able to identify the hard-coded root password for every camera made by this outfit, and likely others as well.

Granted, the camera manufacturer made this a lot easier than it should have been, but with a lot of IoT stuff similarly afflicted by security as an afterthought, the skills on display here are probably broadly applicable. Kudos to [Matt] for the effort and the clear, concise presentation that makes us want to dig into the junk bin and get hacking.

Continue reading “Hacking An IoT Camera Reveals Hard-Coded Root Password”

Manually Computing Logarithms To Grok Calculators

July 24, 2024 by 20 Comments

Logarithms are everywhere in mathematics and derived fields, but we rarely think about how trigonometric functions, exponentials, square roots and others are calculated after we punch the numbers into a calculator of some description and hit ‘calculate’. How do we even know that the answer which it returns is remotely correct? This was the basic question that [Zachary Chartrand] set out to answer for [3Blue1Brown]’s Summer of Math Exposition 3 (SoME-3). Inspired by learning to script Python, he dug into how such calculations are implemented by the scripting language, which naturally led to the standard C library. Here he found an interesting implementation for the natural algorithm and the way geometric series convergence is sped up.

The short answer is that fundamental properties of these series are used to decrease the number of terms and thus calculations required to get a result. One example provided in the article reduces the naïve approach from 36 terms down to 12 with some optimization, while the versions used in the standard C library are even more optimized. This not only reduces the time needed, but also the memory required, both of which makes many types of calculations more feasible on less powerful systems.

Even if most of us are probably more than happy to just keep mashing that ‘calculate’ button and (rightfully) assume that the answer is correct, such a glimpse at the internals of the calculations involved definitely provides a measure of confidence and understanding, if not the utmost appreciation for those who did the hard work to make all of this possible.

A Lenticular Clock Spells Out The Hours

July 24, 2024 by 1 Comment

So many are the clock projects which cross the Hackaday threshold, that it’s very rare indeed to see something that hasn’t already been done. We think we’ve not seen a lenticular clock before though, and we’re thus impressed by this one produced by [Moritz Sivers].

You may well be familiar with lenticular images from toys and novelties, an animation is sliced into lines and placed behind an array of multi-faceted linear lenses. It gives the effect of movement as from different viewing angles a different frame of the animation is perceived. In this clock the animation is replaced by the clock digits, and by rotating the whole with a servo driven by an ESP8266 microcontroller it can display different digits to the viewer. The write-up and the video below are of value both for the clock itself and the description of how these animations are produced. The clock itself doesn’t sacrifice usability for all its novelty, and we can see this technique might find a place in other projects requiring custom displays.

The lenticular lenses used here are off the shelf, but if you are of an adventurous mind, you could try printing some of your own.

Continue reading “A Lenticular Clock Spells Out The Hours”

A 3D-printed puzzle for the visually impaired. The pieces have both a texture and a slant.

A Puzzle For The Visually Impaired, Or Blindfolded

July 24, 2024 by 8 Comments

There’s no reason why a visually impaired person can’t enjoy putting together a jigsaw puzzle. It just needs to look a little different. Or, in this case, feel different.

16-year-old [feazellecw] has come up with just the solution — a puzzle with pieces that have both a defining texture and a slant in the z-height to them. While there is no picture on the puzzle face to speak of, instead there is a satisfying end result. You could change it up and add a relief image if you wanted, as long as you still observed the diagonal lines, the z-slant, and the little hole in the bottom that helps differentiate it from the top.

As [feazellecw] says, it’s important to find a box to help keep the pieces together during assembly; a 3D-printed box would be a nice touch. Files for this 15-piece puzzle are available if you’d like to make one for yourself or someone else, but just the idea might inspire you to make your own variant.

Don’t like putting puzzles together? Build a robot to do it for you.

FLOSS Weekly Episode 793: Keeping An Eye On Things With Hilight.io

July 24, 2024 by No comments

This week Jonathan Bennett and Aaron Newcomb chat with Jay Khatri, the co-founder of Highlight.io. That’s a web application monitoring tool that can help you troubleshoot performance problems, find bugs, and improve experiences for anything that runs in a browser or browser-like environment. Why did they opt to make this tool Open Source? What’s the funding model? And what’s the surprising challenge we tried to help Jay solve, live on the show? Listen to find out!

Continue reading “FLOSS Weekly Episode 793: Keeping An Eye On Things With Hilight.io”

Supercon 2023: Jesse T. Gonzalez Makes Circuit Boards That Breathe And Bend

July 24, 2024 by 5 Comments

Most robots are built out of solid materials like metal and plastic, giving them rigid structures that are easy to work with and understand. But you can open up much wider possibilities if you explore alternative materials and construction methods. As it turns out, that’s precisely what [Jesse T. Gonzalez] specializes in.

Jesse is a PhD candidate at Carnegie Mellon’s Human-Computer Interaction Institute, and an innovator to boot. His talk at the 2023 Hackaday Supercon covers his recent work on making circuit boards that can breathe and bend. You might not even call them robots, but his creations are absolutely robotic.

Continue reading “Supercon 2023: Jesse T. Gonzalez Makes Circuit Boards That Breathe And Bend”

Exploring Soap Films

July 24, 2024 by 3 Comments

While fluid dynamics sounds like a dull topic, SoapFilmScope promises to make it fun by using your cell phone to observe the interactions between sound waves and liquid membranes. You can make your own with some PVC pipe, some 3D-printed attachments, a speaker, and a few other odds and ends.

If your PVC pipe doesn’t match [DaniloR29’s] exactly, no problem. The files are in OpenSCAD so you can easily change them to suit your needs. One end of the PVC tee dips into soap solution to form a film — think like a soap bubble before you blow it out of the bubble wand. The other ends have the speaker and the cell phone camera.

Continue reading “Exploring Soap Films”