Warwalking For Radiation

Can’t find a recently updated survey of radioactivity in your neighborhood? Try [Hunter Long]’s DIY scintillation counter warwalking rig. (Video also embedded below.) What looks like a paint can with a BNC cable leading to an unassuming grey box is actually a complete kit for radiation surveying.

Inside the metal paint can is a scintillation counter, which works by attaching something that produces light when struck by ionizing radiation on the end of a photomultiplier tube, to make even the faintest hits “visible”. And the BNC cable leads to a Raspberry Pi, touch screen, GPS, and the high-voltage converters needed to make the photomultiplier do its thing.

The result is a sensitive radiation detector that logs GPS coordinates and counts per second as [Hunter] takes it out for a stroll. Spoilers: he discovers that some local blacktop is a little bit radioactive, and even finds a real “hot spot”. Who knows what else is out there? With a rig like this, making a radiation map of your local environment is a literal walk in the park.

[Hunter] got his inspiration for the paint-can detector from this old build by [David Prutchi], which used a civil-defense Geiger counter as its source of high voltage. If you don’t have a CD Geiger detector lying around, [Alex Lungu]’s entry into the Hackaday Prize builds a scintillation detector from scratch.
Continue reading “Warwalking For Radiation”

ESP8266 And ESP32 WiFi Hacked!

[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quick.

The first flaw is the simplest, and only effects ESP8266s. While connecting to an access point, the access point sends the ESP8266 an “AKM suite count” field that contains the number of authentication methods that are available for the connection. Because the ESP doesn’t do bounds-checking on this value, a malicious fake access point can send a large number here, probably overflowing a buffer, but definitely crashing the ESP. If you can send an ESP8266 a bogus beacon frame or probe response, you can crash it.

What’s most fun about the beacon frame crasher is that it can be implemented on an ESP8266 as well. Crash-ception! This takes advantage of the ESP’s packet injection mode, which we’ve covered before.

The second and third vulnerabilities exploit bugs in the way the ESP libraries handle the extensible authentication protocol (EAP) which is mostly used in enterprise and higher-security environments. One hack makes the ESP32 or ESP8266 on the EAP-enabled network crash, but the other hack allows for a complete hijacking of the encrypted session.

These EAP hacks are more troubling, and not just because session hijacking is more dangerous than a crash-DOS scenario. The ESP32 codebase has already been patched against them, but the older ESP8266 SDK has not yet. So as of now, if you’re running an ESP8266 on EAP, you’re vulnerable. We have no idea how many ESP8266 devices are out there in EAP networks,  but we’d really like to see Espressif patch up this hole anyway.

[Matheus] points out the irony that if you’re using WPA2, you’re actually safer than if you’re unpatched and using the nominally more secure EAP. He also wrote us that if you’re stuck with a bunch of ESP8266s in an EAP environment, you should at least encrypt and sign your data to prevent eavesdropping and/or replay attacks.

Again, because [Matheus] informed Espressif first, most of the bugs are already fixed. It’s even percolated downstream into the Arduino-for-ESP, where it’s just been worked into the latest release a few hours ago. Time for an update. But those crusty old NodeMCU builds that we’ve got running everything in our house?  Time for a full recompile.

We’ve always wondered when we’d see the first ESP8266 attacks in the wild, and that day has finally come. Thanks, [Matheus]!

CCCamp: 5,000 Hackers Out Standing In Their Field

What do hackers do on vacation? What do hackers do whenever they have free time? What do you love to do? That’s right. But how much more fun would it be if you could get together with 5,000 other hackers, share your crazy projects and ideas, eat, drink, dance, swim, and camp out all together for five days, naturally with power and Internet? That’s the idea of the Chaos Communication Camp, and it’s a once-in-four-years highlight of hacker life.

Held not too far outside of Berlin, the Camp draws heavily on hackers from Europe and the UK, but American hackers have been part of the scene since almost the beginning. (And Camp played an important role in the new-wave hackerspaces in the US, but that’s another story.) It’s one thing to meet up with the folks in your local hackerspace and work together on a project or brainstorm the next one, but it’s entirely a different thing when you’re drawing on hackers from all over the world. There was certainly more to see and do at Camp than you could in a month, not to mention in only five days, and this could be overwhelming. But if you dig in, the sense of community that came from shared effort and shared interests was the real take-home. And nearly everything at Camp should have its own article on Hackaday.

Continue reading “CCCamp: 5,000 Hackers Out Standing In Their Field”

One Week Left For Supercon Talk And Workshop Submissions

The Hackaday Superconference is the highest density of the coolest hackers anywhere. Other events may be bigger, but we’ll be so bold to say that none are better. If you love Hackaday, and we know you do, you should really come join us in November in Pasadena, CA.

Far and away the best way to participate in a conference is to participate in the conference. This is your chance to give a presentation or a workshop and share your hard-earned knowledge, your crazy hacks, or entertaining tales of hardware heroism with a crowd that gets it. And you get free admission if we pick your talk for the big show.

One of my favorite tales from Supercon was meeting Jennifer Wang at her (and my!) first Supercon. She was a longtime Hackaday reader, and was honestly a little bit awed to meeting all of the great people there in person. By the next Supercon, she was giving a presentation about her IMU-based machine learning Harry Potter wand and inspiring the rest of us with her love of the cool things you can do with sensors and code. It’s one of the most honest and informative talks on machine learning I’ve seen!

You’ve got your story to share too, right? You’ve also got one week to put a proposal for a talk together. You can do this!

See you at Supercon!

Getting To Know Every Bit Of An ATtiny13

We recently heard it said of a hacker who pulled off a particularly nice VGA hack on an 8-bit microcontroller: “He knows all the bits, personally.” High praise, indeed. If you want to get on a first-name basis with a ton of transistors, then have a look at [Heinz D]’s Vacation Course in ATtiny13 Assembler (original in German, translated into English by robots here).

But be warned, this isn’t the easy way to learn AVRs. Not content with simply stripping away every layer of abstraction, this month-long “course” in AVR assembly starts off programming the chip initially with just two pushbuttons in its native machine language of high and low voltages. But still, especially if you can get a few assignments done in one sitting, you’re writing in the relative splendor of assembly language and uploading code with a proper programmer before long, because there’s a real limit to how much code one can toggle in before going mad.

There’s a beautiful minimalism to this entirely ground-up approach, and maybe it’s an appropriate starting point for learning how the machine works at its lowest level. At any rate, you’ll be able to lord it over the Arduino crew that you were able to get blink.ino up and running with just a pair of mechanical contacts and a battery. Real programmers

And once you’ve mastered AVR assembly language, you can recycle those two buttons to learn I2C or SPI. What other protocols are there that don’t have prohibitive timeouts? What’s the craziest code that you’ve ever entered bit by bit?

What Can You Learn From An Eggbot?

An eggbot is probably the easiest introduction to CNC machines that you could possibly hope for, at least in terms of the physical build. But at the same time, an eggbot can let you get your hands dirty with all of the concepts, firmware, and the toolchain that you’d need to take your CNC game to the next level, whatever that’s going to be. So if you’ve been wanting to make any kind of machine where stepper motors move, cut, trace, display, or simply whirl around, you can get a gentle introduction on the cheap with an eggbot.

Did we mention Easter? It’s apparently this weekend. Seasonal projects are the worst for the procrastinator. If you wait until the 31st to start working on your mega-awesome New Year’s Dropping Laser Ball-o-tron 3000, it’s not going to get done by midnight. Or so I’ve heard. And we’re certainly not helping by posting this tutorial so late in the season. Sorry about that. On the other hand, if you start now, you’ll have the world’s most fine-tuned eggbot for 2020. Procrastinate tomorrow!

I had two main goals with this project: getting it done quickly and getting it done easily. That was my best shot at getting it done at all. Secondary goals included making awesome designs, learning some new software toolchains, and doing the whole thing on the cheap. I succeeded on all counts, and that’s why I’m here encouraging you to build one for yourself.

Continue reading “What Can You Learn From An Eggbot?”

Get Great 3D Scans With Open Photogrammetry

Not long ago, photogrammetry — the process of stitching multiple photographs taken from different angles into a 3D whole — was hard stuff. Nowadays, it’s easy. [Mikolas Zuza] over at Prusa Printers, has a guide showing off cutting edge open-source software that’s not only more powerful, but also easier to use. They’ve also produced a video, which we’ve embedded below.

Basically, this is a guide to using Meshroom, which is based on the AliceVision photogrammetry framework. AliceVision is a research platform, so it’s got tremendous capability but doesn’t necessarily focus on the user experience. Enter Meshroom, which makes that power accessible.

Meshroom does all sorts of cool tricks, like showing you how the 3D reconstruction looks as you add more images to the dataset, so that you’ll know where to take the next photo to fill in incomplete patches. It can also reconstruct from video, say if you just walked around the object with a camera running.

The final render is computationally intensive, but AliceVision makes good use of a CUDA on Nvidia graphics cards, so you can cut your overnight renders down to a few hours if you’ve got the right hardware. But even if you have to wait for the results, they’re truly impressive. And best of all, you can get started building up your 3D model library using nothing more than that phone in your pocket.

If you want to know how to use the models that come out of photogrammetry, check out [Eric Strebel]’s video. And if all of this high-tech software foolery is too much for you, try a milk-based 3D scanner.

Continue reading “Get Great 3D Scans With Open Photogrammetry”