Author: Dan Maloney

3059 Articles

Hacking An IoT Camera Reveals Hard-Coded Root Password

July 24, 2024 by 21 Comments

Hacking — at least the kind where you’re breaking into stuff — is very much a learn-by-doing skill. There’s simply no substitute for getting your hands dirty and just trying something. But that doesn’t mean you can’t learn something by watching, with this root password exploit on a cheap IP video camera being a good look at the basics.

By way of background on this project, [Matt Brown] had previously torn into a VStarcam CB73 security camera, a more or less generic IP camera that he picked up on the cheap, and identified a flash memory chip from which he extracted the firmware. His initial goal was to see if the camera was contacting sketchy servers, and while searching the strings for the expected unsavory items, he found hard-coded IP addresses plus confirmation that the camera was running some Linux variant.

With evidence of sloppy coding practices, [Matt] set off on a search for a hard-coded root password. The second video covers this effort, which started with finding UART pins and getting a console session. Luckily, the bootloader wasn’t locked, which allowed [Matt] to force the camera to boot into a shell session and find the root password hash. With no luck brute-forcing the hash, he turned to Ghidra to understand the structure of a suspicious program in the firmware called encoder. After a little bit of poking and some endian twiddling, he was able to identify the hard-coded root password for every camera made by this outfit, and likely others as well.

Granted, the camera manufacturer made this a lot easier than it should have been, but with a lot of IoT stuff similarly afflicted by security as an afterthought, the skills on display here are probably broadly applicable. Kudos to [Matt] for the effort and the clear, concise presentation that makes us want to dig into the junk bin and get hacking.

Continue reading “Hacking An IoT Camera Reveals Hard-Coded Root Password”

Tiny Games Challenge: A Retro Racing Game On A 16×2 LCD

July 24, 2024 by 8 Comments

Sometimes, all it takes is a change in perspective to take something boring and make it fun. That’s true about 16×2 LCD; in its usual landscape format, it’s a quick and easy way to provide a character-based display for a project. But flip it 90 degrees and use a little imagination, and it can become a cool retro racing game that fits in the palm of your hand.

[arduinocelantano] has made it a habit to press the humble 16×2 character LCD into service in ways it clearly wasn’t intended to support, such as playing Space Invaders and streaming video on it. Both of these projects seem to inform the current work, which was one of the first entries in our current Tiny Games Challenge contest. The racing game requires multiple sprites to animate the roadway and the cars, using six “layers” of eight custom characters and rapidly switching between them to create the appearance of movement. The video below has a brief sample of gameplay.

Flipping the display on its side makes for a somewhat limited game — it’s all straightaway, all the time — but that could probably be fixed. [arduinocelentano] suggests scaling it up to a 16×4 to include curves, but we’d bet you could still simulate curves on the upper part of the game field while leaving the player’s car fixed on a straight section. Higher difficulties could be achieved by moving the curved section closer to the player’s position.

Sure, it’s limited, but that’s half the charm of games like these. If you’ve got an idea for our Tiny Games Challenge, head over to our contest page and let us know about it. We’re keen to see what you come up with.

Continue reading “Tiny Games Challenge: A Retro Racing Game On A 16×2 LCD”

Exploring Cheap Tantalum Caps Of Mysterious Provenance

July 22, 2024 by 23 Comments

We’ve all heard about the perils of counterfeit chips, and more than a few of us have probably been bitten by those scruple-free types who run random chips through a laser marker and foist them off as something they’re not. Honestly, we’ve never understood the business model here — it seems like the counterfeiters spend almost as much time and effort faking chips as they would just getting the real ones. But we digress.

Unfortunately, integrated circuits aren’t the only parts that can be profitably faked, as [Amateur Hardware Repair] shows us with this look at questionable tantalum capacitors. In the market for some tantalums for a repair project, the offerings at AliExpress proved too tempting to resist, despite being advertised alongside 1,000 gram gold bars for $121 each. Wisely, he also ordered samples from more reputable dealers like LCSC, DigiKey, and Mouser, although not at the same improbably low unit price.

It was pretty much clear where this would be going just from the shipping. While the parts houses all shipped their tantalums in Mylar bags with humidity indicators, with all but LCSC including a desiccant pack, the AliExpress package came carefully enrobed in — plastic cling wrap? The Ali tantalums were also physically different from the other parts: they were considerably smaller, the leads seemed a little chowdered up, and the package markings were quite messy and somewhat illegible. But the proof is in the testing, and while all the more expensive parts tested fine in terms of capacitance and equivalent series resistance, the caps of unknown provenance had ESRs in the 30 milliohm range, three to five times what the reputable caps measured.

None of this is to say that there aren’t some screaming deals on marketplaces like AliExpress, Amazon, and eBay, of course. It’s not even necessarily proof that these parts were in fact counterfeit, it could be that they were just surplus parts that hadn’t been stored under controlled conditions. But you get what you pay for, and as noted in the comments below the video, a lot of what you’re paying for at the parts houses is lot tracebility.

Continue reading “Exploring Cheap Tantalum Caps Of Mysterious Provenance”

Coax Stub Filters Demystified

July 21, 2024 by 9 Comments

Unless you hold a First Degree RF Wizard rating, chances are good that coax stubs seem a bit baffling to you. They look for all the world like short circuits or open circuits, and yet work their magic and act to match feedline impedances or even as bandpass filters. Pretty interesting behavior from a little piece of coaxial cable.

If you’ve ever wondered how stub filters do their thing, [Fesz] has you covered. His latest video concentrates on practical filters made from quarter-wavelength and half-wavelength stubs. Starting with LTspice simulations, he walks through the different behaviors of open-circuit and short-circuit stubs, as well as what happens when multiple stubs are added to the same feedline. He also covers a nifty online calculator that makes it easy to come up with stub lengths based on things like the velocity factor and characteristic impedance of the coax.

It’s never just about simulations with [Fesz], though, so he presents a real-world stub filter for FM broadcast signals on the 2-meter amateur radio band. The final design required multiple stubs to get 30 dB of attenuation from 88 MHz to 108 MHz, and the filter seemed fairly sensitive to the physical position of the stubs relative to each other. Also, the filter needed a little LC matching circuit to move the passband frequency to the center of the 2-meter band. All the details are in the video below.

It’s pretty cool to see what can be accomplished with just a couple of offcuts of coax. Plus, getting some of the theory behind those funny little features on PCBs that handle microwave frequencies is a nice bonus. This microwave frequency doubler is a nice example of what stubs can do.

Continue reading “Coax Stub Filters Demystified”

Hackaday Links Column Banner

Hackaday Links: July 21, 2024

July 21, 2024 by 20 Comments

When monitors around the world display a “Blue Screen of Death” and you know it’s probably your fault, it’s got to be a terrible, horrible, no good, very bad day at work. That’s likely the situation inside CrowdStrike this weekend, as engineers at the cybersecurity provider struggle to recover from an update rollout that went very, very badly indeed. The rollout, which affected enterprise-level Windows 10 and 11 hosts running their flagship Falcon Sensor product, resulted in machines going into a boot loop or just dropping into restore mode, leaving hapless millions to stare at the dreaded BSOD screen on everything from POS terminals to transit ticketing systems.

Continue reading “Hackaday Links: July 21, 2024”

Welding Wood Is As Simple As Rubbing Two Sticks Together

July 21, 2024 by 12 Comments

Can you weld wood? It seems like a silly question — if you throw a couple of pieces of oak on the welding table and whip out the TIG torch, you know nothing is going to happen. But as [Action Lab] shows us in the video below, welding wood is technically possible, if not very practical.

Since experiments like this sometimes try to stretch things a bit, it probably pays to define welding as a process that melts two materials at their interface and fuses them together as the molten material solidifies. That would seem to pose a problem for wood, which just burns when heated. But as [Action Lab] points out, it’s the volatile gases released from wood as it is heated that actually burn, and the natural polymers that are decomposed by the heat to release these gases have a glass transition temperature just like any other polymer. You just have to heat wood enough to reach that temperature without actually bursting the wood into flames.

His answer is one of the oldest technologies we have: rubbing two sticks together. By chucking a hardwood peg into a hand drill and spinning it into a slightly undersized hole in a stick of oak, he created enough heat and pressure to partially melt the polymers at the interface. When allowed to cool, the polymers fuse together, and voila! Welded wood. Cutting his welded wood along the joint reveals a thin layer of material that obviously underwent a phase change, so he dug into this phenomenon a bit and discovered research into melting and welding wood, which concludes that the melted material is primarily lignin, a phenolic biopolymer found in the cell walls of wood.

[Action Lab] follows up with an experiment where he heats bent wood in a vacuum chamber with a laser to lock the bend in place. The experiment was somewhat less convincing but got us thinking about other ways to exclude oxygen from the “weld pool,” such as flooding the area with argon. That’s exactly what’s done in TIG welding, after all. Continue reading “Welding Wood Is As Simple As Rubbing Two Sticks Together”

Hackaday Podcast Episode 280: TV Tubes As Amplifiers, Smart Tech In Sportsballs, And Adrian Gives Us The Fingie

July 19, 2024 by 3 Comments

Despite the summer doldrums, it was another big week in the hacking world, and Elliot sat down with Dan for a rundown. Come along for the ride as Dan betrays his total ignorance of soccer/football, much to Elliot’s amusement. But it’s all about keeping the human factor in sports, so we suppose it was worth it. Less controversially, we ogled over a display of PCB repair heroics, analyzed a reverse engineering effort that got really lucky, and took a look at an adorable one-transistor ham transceiver. We also talked about ants doing surgery, picking locks with nitric acid, a damn cute dam, and how to build one of the world’s largest machines from scratch in under a century. Plus, we answered the burning question: can a CRT be used as an audio amplifier? Yes, kind of, but please don’t let the audiophiles know or we’ll never hear the end of it.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Worried about attracting the Black Helicopters? Download the DRM-free MP3 and listen offline, just in case.

Continue reading “Hackaday Podcast Episode 280: TV Tubes As Amplifiers, Smart Tech In Sportsballs, And Adrian Gives Us The Fingie”