Every year at Superconference, Editor-in-Chief Mike Szczys gets the chance to talk about what we think are the biggest, most important themes in the Hackaday universe. This year’s talk was about science and technology, and more importantly who gets to be involved in building the future. Spoiler: all of us! Hackaday has always stood for the ideal that you, yes you, should be taking stuff apart, improving it, and finding innovative ways to use, make, and improve. To steal one of Mike’s lines: “Hackaday is an engine of engagement in engineering fields.”
Voja Antonic designed this fantastic retrocomputing badge for Hackaday Belgrade in 2018, and it was so much fun that we wanted to bring it stateside to the Supercon essentially unaltered. And that meant that Voja had some free time to devote to a new hardware giveaway: the Cube. So while his talk at Supercon in November was ostensibly about the badge, he just couldn’t help but tell us about his newer love, and some of the extremely clever features hidden within.
It’s funny how the hardware we design can sometimes reflect so much on the creator. Voja designed then-Yugoslavia’s first widely used home computer (and published the DIY plans in a magazine!). Thousands were built from their kits. The Galaksija was a Z80-based design with a custom BASIC that was just barely squeezed into the available 4K of ROM. So you shouldn’t be shocked that the retro-badge has a working keyboard and a nice BASIC on board.
But let’s jump ahead to the Cube, because that’s even more of a passion project. On the outside, they’re very simple devices, with only a USB port and a sweet diffused LED ring visible. Aesthetic? Minimalistic? Beautiful, honestly.
Continue reading “Voja Antonic: Designing the Cube”
Ben Krasnow has a vision of future electronics: instead of the present PCB-screwed-into-a-plastic-box construction, flexible circuits will be deposited straight onto the plastic body of the device itself, merging the physical object and its electronics. There is existing copper-on-plastic technology, but Ben’s got something novel that he presents in this talk that you could implement yourself. You might also want a display, or at least something to blink, so he’s also working on some electroluminescent technology to complement it. If you were wondering why Ben is so interested in silkscreening photopolymers right now, watching this talk will pull a lot of interesting threads together. Continue reading “Ben Krasnow at Supercon: Making Alien Technology in Your Own Shop”
Every year for the past 35 years, the German Chaos Computer Club has met just after Christmas for a few days of “Spaß am Gerät” — having fun with the machines. And that’s everything from trying to bring an old PDP-8 back into running condition to forging new software to replace the old and busted social media platforms that permeate our lives. The sum total of around 17,000 people doing the nerdy stuff that they love, and sharing it together, is both amazing and inspiring. Four days of little sleep and much socializing later, I bet there was still another four days’ worth of stuff to see.
The official theme this year was “Refreshing Memories” which honestly sounds a bit too much like a cola slogan, but was a great opportunity to think back on the hacks of the past that got us where we are. Assemblies put up shrines to their hacker heroes of the past. Retro computers were everywhere, in the talks and on the floor. This year’s Congress was a great time to look back and remember, but also to create new memories for the future. On that front, it was a total success.
But the unofficial theme this year was “Smooth Running”. Everything went very well, which is no small feat considering that the infrastructure, decoration, security, and even the medical response teams are from the Chaos community. It’s the depth of engagement that makes this work: of the 17,000 people who showed up, just over 4,000 of them volunteered for “angel” shifts — meaning they helped guard the doors, staff the info desks, or build up or tear down. It was the largest ever CCC, and you could feel it, but they pulled it off, and then some.
The angels are geeks just like you and me, and since everything went so smoothly, they had time to play. For instance, the phone operations people offer DECT phone service so that attendees can bring in their home phones and use them at Congress. In years past, the lines to register and enroll phones were painfully long. This year, it all happened online, and the result is that the phone ops crew got bored. That explains how they had time to establish roaming home-phone wireless service in some of the normal Leipzig city trams. Wait, what?
It all started when I bought a late-1990s synthesizer that needed a firmware upgrade. One could simply pull the ROM chip, ship it off to Yamaha for a free replacement, and swap in the new one — in 2003. Lacking a time machine, a sensible option is to buy a pre-programmed aftermarket EPROM on eBay for $10, and if you just want a single pre-flashed EPROM that’s probably the right way to go. But I wanted an adventure.
Spoiler alert: I did manage to flash a few EPROMs and the RM1X is happily running OS 1.13 and pumping out the jams. That’s not the adventure. The adventure is trying to erase UV-erasable EPROMS.
And that’s how I ended up with a small cardboard fire and a scorched tanning lamp, and why I bought a $5 LED, and why I left EPROMs out in the sun for four days. And why, in the end, I gave up and ordered a $15 EPROM eraser from China. Along the way, I learned a ton about old-school UV-erasable EPROMs, and now I have a stack of obsolete silicon that’s looking for a new project like a hammer looks for a nail — just as soon as that UV eraser arrives in the mail.
[Jiska Classen] and [Dennis Mantz] created a tool called Internal Blue that aims to be a Swiss-army knife for playing around with Bluetooth at a lower level. The ground for their tool is based in three functions that are common to all Broadcom Bluetooth chipsets: one that lets you read arbitrary memory, on that lets you run it, and one that lets you write it. Well, that was easy. The rest of their work was analyzing this code, and learning how to replace the firmware with their own version. That took them a few months of hard reversing work.
In the end, Internal Blue lets them execute commands at one layer deeper — the LMP layer — easily allowing monitoring and injection. In a series of live (and successful!) demos they probe around on a Nexus 6P from a modified Nexus 5 on their desk. This is where they started digging around in the Bluetooth stack of other devices with Broadcom chipsets, and that’s where they started finding bugs.
As is often the case, [Jiska] was just poking around and found an external code handler that didn’t do bounds checking. And that meant that she could run other functions in the firmware simply by passing the
address handler offset. Since they’re essentially calling functions at any location in memory, finding which functions to call with which arguments is a process of trial and error, but the ramifications of this include at least a Bluetooth module crash and reset, but can also pull such tricks as putting the Bluetooth module into “Device Under Test” mode, which should only be accessible from the device itself. All of this is before pairing with the device — just walking by is sufficient to invoke functions through the buggy handler.
All the details of this exploit aren’t yet available, because Broadcom hasn’t fixed the firmware for probably millions of devices in the wild. And one of the reasons that they haven’t fixed it is that patching the bug will disclose where the flaw lies in all of the unpatched phones, and not all vendors can be counted on to push out updates at the same time. While they focused on the Nexus 5 cellphone, which is fairly old now, it’s applicable to any device with a similar Broadcom Bluetooth chipset.
Aside from the zero-day bug here, the big story is their Bluetooth analysis framework which will surely help other researchers learn more about Bluetooth, finding more glitches and hopefully helping make Bluetooth more openly scrutinized and more secure. Now anyone with a Raspberry Pi 3/3+ or a Nexus 5, is able to turn it into a low-level Bluetooth investigation tool.
You might know [Jiska] from her previous FitBit hack. If not, be sure to check it out.
Hackaday is going to be at the 35th annual Chaos Communication Congress (35C3), December 27th – 31st, and we’re putting together an assembly. If you’re coming to 35C3, come join us!
If you’ve never been to a Congress before, it’s an amazing scene. This year over 15,000 hackers will take over the Leipzig Congress Hall, bringing whatever they’re working on with them, and showing off their last-minute dazzlers. Congress is awesome in both senses of the word: simultaneously incredible and a little bit intimidating.
With the scale of the Congress approaching absurd proportions, it’s nice to have a home base. “Assemblies”, small-ish gatherings of friends, members of a hackerspace, or even just like-minded folks, join forces and get some table space and Ethernet connections to call their own, and this year we’ll be flying the Jolly Wrencher.
November 28th is the deadline for changing our headcount, so if you’d like to take part, click over to the Hackaday 35C3 Assembly IO project ASAP and leave a comment or join the team so we have a good estimate. If you’ve already got a home away from home, we’ll keep some extra seats warm for you to come by and chat. [Elliot] will also be wearing his press hat, so if you’ve got a project in desperate need of a Hackaday writeup you’ll know where to find him.