Shhh… Robot Vacuum Lidar Is Listening

There are millions of IoT devices out there in the wild and though not conventional computers, they can be hacked by alternative methods. From firmware hacks to social engineering, there are tons of ways to break into these little devices. Now, four researchers at the National University of Singapore and one from the University of Maryland have published a new hack to allow audio capture using lidar reflective measurements.

The hack revolves around the fact that audio waves or mechanical waves in a room cause objects inside a room to vibrate slightly. When a lidar device impacts a beam off an object, the accuracy of the receiving system allows for measurement of the slight vibrations cause by the sound in the room. The experiment used human voice transmitted from a simple speaker as well as a sound bar and the surface for reflections were common household items such as a trash can, cardboard box, takeout container, and polypropylene bags. Robot vacuum cleaners will usually be facing such objects on a day to day basis.

The bigger issue is writing the filtering algorithm that is able to extract the relevant information and separate the noise, and this is where the bulk of the research paper is focused (PDF). Current developments in Deep Learning assist in making the hack easier to implement. Commercial lidar is designed for mapping, and therefore optimized for reflecting off of non-reflective surface. This is the opposite of what you want for laser microphone which usually targets a reflective surface like a window to pick up latent vibrations from sound inside of a room.

Deep Learning algorithms are employed to get around this shortfall, identifying speech as well as audio sequences despite the sensor itself being less than ideal, and the team reports achieving an accuracy of 90%. This lidar based spying is even possible when the robot in question is docked since the system can be configured to turn on specific sensors, but the exploit depends on the ability to alter the firmware, something the team accomplished using the Dustcloud exploit which was presented at DEF CON in 2018.

You don’t need to tear down your robot vacuum cleaner for this experiment since there are a lot of lidar-based rovers out there. We’ve even seen open source lidar sensors that are even better for experimental purposes.

Thanks for the tip [Qes]

The Mystery Of A Particular ATtiny85 Fuse

First-timers playing with 8-bit micros such as the AVR and PIC will at some point in their lives, find themselves locked out of their MCUs. This is usually attributed to badly configured fuses that disable certain IO functions rending the device unprogrammable via conventional ICSP methods. [Uri Shaked] shares his story of how his ATtiny85 got locked and became the subject of a lengthy investigation into fuse bit configurations.

[Uri]’s journey started when he accidentally left some pins of the device connected to a second board while he was flashing the firmware. He quickly researched online for a solution for the problem and it turns out, there are a number of recipes to resolve the issue. As it turns out, his problem was not so straight-forward and warranted more digging. [Uri] ended setting up a High Voltage Programming serial programming setup and then probing the communications. He discovered that the chip refused to reset its fuses and would reject attempts to set fuses.

Further investigation of the fuse bits and reading them proved useful in understanding that the memory protection features were preventing alteration of the device. The quick-fix was to erase the ATtiny and things were back to normal thereafter. [Uri] details his pursuit of reading and comparing fuse bits from the impacted chip against a fresh device which is where he makes the discovery. The write-up is a case study in the investigation into the idiosyncrasies of device programming and will be a great resource for many and reduce hair loss for some.

Once you get your hands on an ATTINY, there are a number of small experiments to be done to cure boredom. Be sure to share your experiments and stories with us to inspire the masses.

Blue Pill As A Nerdy Swiss Army Knife

Not everyone can afford an oscilloscope, and some of us can’t find a USB logic analyzer half the time. But we can usually get our hands on a microcontroller kit, which can be turned into a makeshift instrument if given the appropriate code. A perfect example is buck50 developed by [Mark Rubin], an open source firmware to turn a STM32 “Blue Pill” into a multi-purpose test and measurement instrument.

buck50 comes with a plethora of functionality built in which includes an oscilloscope, logic analyzer, and bus monitor. The device is a two way street and also comes with GPIO control as well as PWM output. There’s really a remarkable amount of functionality crammed into the project. [Mark] provides a Python application that exposes a text based UI for configuring and using the device though commands and lots of commands which makes this really nerdy. There are a number of options to visualize the data captured which includes gnuplot, gtk wave and PulseView to name a few.

[Mark] does a fantastic job not only with the firmware but also with the documentation, and we really think this makes the project stand out. Commands are well documented and everything is available on [GitHub] for your hacking pleasure. And if you are about to order a Blue Pill online, you might want to check out the nitty-gritty of the clones that are floating around.

Thanks [JohnU] for the tip!

3D On The ZX Spectrum 48K

There are times when a project becomes such a big part of a maker’s life that they find themselves revisiting it even years later. [Thanassis] combined this phenomena with his love for the ZX Spectrum when he ported one of his old 3D rendering projects to the ZX Spectrum 48K. The video below shows the result, and they speak for themselves.

The roots of this project go back around three years, when [Thanassis] posted a similar project for the ATMega328 which employed fixed point math tricks for achieving the graphics. The code needed to be even tighter to run on the Spectrum, eventually getting boiled down to just a handful of calculations. This got the proof of concept working with the z88dk compiler, but it wasn’t quite fast enough.

In the end, hand assembly optimizations nearly doubled the performance to a blistering 10 frames per second. There’s also a version that kicks it all the way up to 40 FPS, but only if you give it a few minutes to do the calculations ahead of time. With a few teaks and the right display, this project could produce some very cool retro visuals.

Continue reading “3D On The ZX Spectrum 48K”

High Speed The Way We Want It

The one thing we have learned over the current pandemic is that we need the internet, and the faster the better. Though cost is surely a hurdle, the amount of bandwidth available has its bottlenecks rooted from the underlying technology. Enter new technology from an Australian Research team who have claimed to have field tested internet speeds as fast at 44.2 terabits per second.

The breakthrough in bandwidth is attributed to a new optical chip that employs optical frequency combs or micro-comb, and has been published by [Corcoran et al] of Monash University. The team exploits the ability of certain crystals to create resonant optical fields called solitons and these form highly efficient optical transmission system. For the uninitiated, optical frequency combs are an optical spectrum of equidistant lines whose values if fixed, can be used to measure unknown frequencies. The original discovery earned Roy J. Glauber, John L. Hall and Theodor W. Hänsch the Nobel Prize in Physics in 2005, and though it is a relatively new field it has seen a lot of activity in the research community.

The experimental setup has a resonator with a free spectral range spacing of 48.9GHz, and from the generated optical fields or lines, 80 were selected. Using a side-band modulator the bands were doubled and eventually with 64 QAM modulation facilitated a symbol rate of 23 Gigabaud. Now at this point, the paper says that this experiment is still an under-utilization of the available resources. The extra connectivity speed may be helpful in gaming and streaming but we will be needing faster drives to get our emails attachments downloaded faster. If you are inspired and want to play with lasers and optical communications, check out the DIY Laser Optical Link.

Thanks [Anil Pattni] for the tip.

Instruction Set Hack For Protected Memory Access

The nRF51 Series SoCs is a family of low power Bluetooth chips from Nordic Semiconductor that is based on ARM Cortex cores. The nRF51822 has the Cortex M0 core and is used in a lot of products. [Loren] has written a blog post in which he claims to be able to circumvent read back protection on the chip, thus giving access to the ROM, RAM and registers as well as allow for interactive debugging sessions.

The hack stems from the fact that the  Serial Wire Debug or SWD interface cannot be completely disabled on these chips even if the Memory Protection Unit prevents access to any memory regions directly. The second key piece is the fact that CPU can fetch stuff from the code memory. Combined with the SWD super powers to make changes to the registers themselves, this can be a powerful tool.

Continue reading “Instruction Set Hack For Protected Memory Access”

The ATtiny Series Is A Great Companion In Isolation

As a consequence of the social distancing and self isolation, many a maker has been searching for ways to cure boredom. So what happens when you put a maker in a closed space with electronics parts. The answer is a bunch of random microcontroller projects that help beat boredom. [Danac1886] posts a video with a bunch of experiments with the ATtiny series of microcontrollers which can be a source of time-killing inspiration for these tough days of solitude.

The video is based upon a variety of controllers ranging from the ATtiny85 to the ATtiny84 and even includes the ATtiny2313. There is also a project with the ATtiny10, an SMD SOT23-6 package that is quite amazing to behold. All the devices can be programmed using the Ardino as an ISP so all you need is another Arduino lying around in case you do not have an AVR ICSP.

As for the projects themselves, there is an assortment of things that start with the basic blinking LED, adding an I2C LCD and then moving on to a 7 segment display counting up with variable speed controlled with a pot. We really loved how much these tiny projects inspire and can help someone get started with basic electronics and programming.

If you are looking to get started, have a look at the Jumbo LED with the Attiny10 and we assure you, it will brighten your day.

Continue reading “The ATtiny Series Is A Great Companion In Isolation”