We’ve written about Compressorhead before but we’re writing about them again. Why? Because Compressorhead is the most amazing robot band you’ve ever seen, and because they’ve just opened up a Kickstarter to fund building a lead singer robot and recording an album.
And because they’ve released a bunch of new videos, one of which you’ll find below the break.
We’ve all been there. You’re building up a microcontroller project and you wish that you could just add “one more feature” but you’re limited by the hardware. Time to start thinking. (Or, arguably, buy the next model up.)
[Sam Feller] found himself in this position, adding a knob to set the time and a button to arm the alarm for his Analog Voltmeter Clock, and he came up with a way to implement an on-off switch, and poll a button and a potentiometer with only two pins of a microcontroller.
The problem with potentiometers in low-power designs is that they’re always leaking power. That is, unless you switch them off when you’re not using them. So the ideal solution is to power the potentiometer from one GPIO pin on the microcontroller, and read its value with another. That’s two GPIO pins just for the potentiometer. But [Sam] needed to read input from a button too, and he was out of pins.
His clever solution is to switch two resistors in or out of the circuit depending on the status of the pushbutton, so that the voltage range at the potentiometer is between either VCC and VCC/2 when the switch is pressed, or between VCC/2 and GND when the switch is not pressed.
If the ADC reads something higher than VCC/2, the microcontroller knows that the button is pressed, and vice-versa. The potentiometer’s setting determines exactly where the voltage lies within either range.
Done and done. If you find yourself in the similar situation of needing to read in values from a whole bunch of buttons instead of a potentiometer, then you can try using an R-2R DAC wired up to the pushbuttons and reading the (analog) value to figure out which buttons are pressed. (If you squint your eyes just right, this solution is the same as the R-2R DAC one with the potentiometer replacing all but the most-significant bit of the R-2R DAC.)
Another tool for the toolbox. Thanks [Sam].
Sometimes, you see a lamp shade and you’re just intoxicated enough to put it on your head like a hat and dance around on the table. Other times, you see the same lamp shade, and decide to wire it up with Neopixels, an accelerometer, and an Arduino and make a flowery, motion-activated light show when you wear it as a dress. Or at least that’s what we’ve heard.
[Cheng] gets full marks for the neo-IKEA name for the project and bonus points for clean execution and some nice animations to boot. The build is straightforward: build up the lamp so that it fits around your waist, zip-tie in the RGB LED strip, and connect up accelerometer and microcontroller. A tiny bit of coding later, and you’re off to the disco. It looks like a ridiculous amount of fun, and a sweet weekend build.
At first we thought it was awesome, then we thought it was ridiculous, and now we’re pretty much settled on “ridiculawesome”.
Bitdrones is a prototype of a human-computer interaction that uses tiny quadcopters as pixels in a 3D immersive display. That’s the super-cool part. “PixelDrones” have an LED on top. “ShapeDrones” have a gauzy cage that get illuminated by color LEDs, making them into life-size color voxels. (Cool!) Finally, a “DisplayDrone” has a touchscreen mounted to it. A computer tracks each drone’s location in the room, and they work together to create a walk-in 3D “display”. So far, so awesome.
It gets even better. Because the program that commands the drones knows where each drone is, it can tell when you’ve moved a drone around in space. That’s extremely cool, and opens up the platform to new interactions. And the DisplayDrone is like a tiny flying cellphone, so you can chat hands-free with your friends who hover around your room. Check out the video embedded below the break.
Continue reading “BitDrones Are Awesome, Ridiculous At Same Time”
We’re primarily hardware hackers, but every once in a while we see a software hack that really tickles our fancy. One such hack is Stegosploit, by [Saumil Shah]. Stegosploit isn’t really an exploit, so much as it’s a means of delivering exploits to browsers by hiding them in pictures. Why? Because nobody expects a picture to contain executable code.
[Saumil] starts off by packing the real exploit code into an image. He demonstrates that you can do this directly, by encoding characters of the code in the color values of the pixels. But that would look strange, so instead the code is delivered steganographically by spreading the bits of the characters that represent the code among the least-significant bits in either a JPG or PNG image.
OK, so the exploit code is hidden in the picture. Reading it out is actually simple: the HTML canvas element has a built-in getImageData() method that reads the (numeric) value of a given pixel. A little bit of JavaScript later, and you’ve reconstructed your code from the image. This is sneaky because there’s exploit code that’s now runnable in your browser, but your anti-virus software won’t see it because it wasn’t ever written out — it was in the image and reconstructed on the fly by innocuous-looking “normal” JavaScript.
And here’s the coup de grâce. By packing HTML and JavaScript into the header data of the image file, you can end up with a valid image (JPG or PNG) file that will nonetheless be interpreted as HTML by a browser. The simplest way to do this is send your file myPic.JPG from the webserver with a Content-Type: text/html HTTP header. Even though it’s a totally valid image file, with an image file extension, a browser will treat it as HTML, render the page and run the script it finds within.
The end result of this is a single image that the browser thinks is HTML with JavaScript inside it, which displays the image in question and at the same time unpacks the exploit code that’s hidden in the shadows of the image and runs that as well. You’re owned by a single image file! And everything looks normal.
We like this because it combines two sweet tricks in one hack: steganography to deliver the exploit code, and “polyglot” files that can be read two ways, depending on which application is doing the reading. A quick tag-search of Hackaday will dig up a lot on steganography here, but polyglot files are a relatively new hack.
[Ange Ablertini] is the undisputed master of packing one file type inside another, so if you want to get into the nitty-gritty of [Ange]’s style of “polyglot” file types, watch his talk on “Funky File Formats” (YouTube). You’ll never look at a ZIP file the same again.
Sweet hack, right? Who says the hardware guys get to have all the fun?
Making sound with digital logic usually calls for a Digital to Analog converter. Building one can be very simple, and the sound quality out of an R-2R Ladder is actually pretty good.
In the last edition of Logic Noise, we built up a (relatively) simple VCO — voltage-controlled oscillator — that had roughly one-volt-per-octave response. I even demonstrated it working mostly in tune with another synth’s keyboard. But what if you don’t have a control-voltage keyboard sitting around or you want to combine all of the logic-based circuits that we’ve been building with other circuits under voltage control? That’s where the digital to analog (DAC) voltage converter comes in.
Continue reading “Logic Noise: Digital To Analog With An R-2R DAC”
According to Motherboard, some unspecified (software) hacker just won a $1 million bounty for an iPhone exploit. But this is no ordinary there’s-a-glitch-in-your-Javascript bug bounty.
On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.
But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.
Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.
We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.
And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)
