Fail of the Week: EPROMs, Rats’ Nests, Tanning Lamps, and Cardboard on Fire

It all started when I bought a late-1990s synthesizer that needed a firmware upgrade. One could simply pull the ROM chip, ship it off to Yamaha for a free replacement, and swap in the new one — in 2003. Lacking a time machine, a sensible option is to buy a pre-programmed aftermarket EPROM on eBay for $10, and if you just want a single pre-flashed EPROM that’s probably the right way to go. But I wanted an adventure.

Spoiler alert: I did manage to flash a few EPROMs and the RM1X is happily running OS 1.13 and pumping out the jams. That’s not the adventure. The adventure is trying to erase UV-erasable EPROMS.

And that’s how I ended up with a small cardboard fire and a scorched tanning lamp, and why I bought a $5 LED, and why I left EPROMs out in the sun for four days. And why, in the end, I gave up and ordered a $15 EPROM eraser from China. Along the way, I learned a ton about old-school UV-erasable EPROMs, and now I have a stack of obsolete silicon that’s looking for a new project like a hammer looks for a nail — just as soon as that UV eraser arrives in the mail.

Continue reading “Fail of the Week: EPROMs, Rats’ Nests, Tanning Lamps, and Cardboard on Fire”

35C3: Finding Bugs in Bluetooth

[Jiska Classen] and [Dennis Mantz] created a tool called Internal Blue that aims to be a Swiss-army knife for playing around with Bluetooth at a lower level. The ground for their tool is based in three functions that are common to all Broadcom Bluetooth chipsets: one that lets you read arbitrary memory, on that lets you run it, and one that lets you write it. Well, that was easy. The rest of their work was analyzing this code, and learning how to replace the firmware with their own version. That took them a few months of hard reversing work.

In the end, Internal Blue lets them execute commands at one layer deeper — the LMP layer — easily allowing monitoring and injection. In a series of live (and successful!) demos they probe around on a Nexus 6P from a modified Nexus 5 on their desk. This is where they started digging around in the Bluetooth stack of other devices with Broadcom chipsets, and that’s where they started finding bugs.

As is often the case, [Jiska] was just poking around and found an external code handler that didn’t do bounds checking. And that meant that she could run other functions in the firmware simply by passing the address¬†handler offset. Since they’re essentially calling functions at any location in memory, finding which functions to call with which arguments is a process of trial and error, but the ramifications of this include at least a Bluetooth module crash and reset, but can also pull such tricks as putting the Bluetooth module into “Device Under Test” mode, which should only be accessible from the device itself. All of this is before pairing with the device — just walking by is sufficient to invoke functions through the buggy handler.

All the details of this exploit aren’t yet available, because Broadcom hasn’t fixed the firmware for probably millions of devices in the wild. And one of the reasons that they haven’t fixed it is that patching the bug will disclose where the flaw lies in all of the unpatched phones, and not all vendors can be counted on to push out updates at the same time. While they focused on the Nexus 5 cellphone, which is fairly old now, it’s applicable to any device with a similar Broadcom Bluetooth chipset.

Aside from the zero-day bug here, the big story is their Bluetooth analysis framework which will surely help other researchers learn more about Bluetooth, finding more glitches and hopefully helping make Bluetooth more openly scrutinized and more secure. Now anyone with a Raspberry Pi 3/3+ or a Nexus 5, is able to turn it into a low-level Bluetooth investigation tool.

You might know [Jiska] from her previous FitBit hack. If not, be sure to check it out.

Continue reading “35C3: Finding Bugs in Bluetooth”

Hackaday Assembling At 35C3

Hackaday is going to be at the 35th annual Chaos Communication Congress (35C3), December 27th – 31st, and we’re putting together an assembly. If you’re coming to 35C3, come join us!

If you’ve never been to a Congress before, it’s an amazing scene. This year over 15,000 hackers will take over the Leipzig Congress Hall, bringing whatever they’re working on with them, and showing off their last-minute dazzlers. Congress is awesome in both senses of the word: simultaneously incredible and a little bit intimidating.

With the scale of the Congress approaching absurd proportions, it’s nice to have a home base. “Assemblies”, small-ish gatherings of friends, members of a hackerspace, or even just like-minded folks, join forces and get some table space and Ethernet connections to call their own, and this year we’ll be flying the Jolly Wrencher.

November 28th is the deadline for changing our headcount, so if you’d like to take part, click over to the Hackaday 35C3 Assembly IO project ASAP and leave a comment or join the team so we have a good estimate. If you’ve already got a home away from home, we’ll keep some extra seats warm for you to come by and chat. [Elliot] will also be wearing his press hat, so if you’ve got a project in desperate need of a Hackaday writeup you’ll know where to find him.

Hackaday, assemble!

Move Over Strandbeest, Here’s Strider!

Father-and-son team [Wade] and [Ben Vagle] have developed and extensively tested two great walker designs: TrotBot and the brand-new Strider. But that’s not enough: their website details all of their hard-earned practical experience in simulating and building these critters, on scales ranging from LEGO-Technic to garage-filling¬†(YouTube, embedded below). Their Walker ABC’s page alone is full of tremendously deep insight into the problem, and is a must-read.

These mechanisms were designed to be simpler than the Jansen linkage and smoother than the Klann. In particular, when they’re not taking a stroll down a beach, walker feet often need to clear obstacles, and the [Vagles’] designs lift the toes higher than other designs while also keeping the center of gravity moving at a constant rate and not requiring the feet to slip or slam into the ground. They do some clever things like adding toes to the bots to even out their gaits, and even provide a simulator in Python and in Scratch that’ll help you improve your own designs.

If you wanted a robot that simply moved, you’d use wheels. We like walkers because they look amazing. When we wrote [Wade] saying that one of Trotbot’s gaits looked animal-like, he pointed out that TrotBot got its working name from a horse-style gait (YouTube). Compared to TrotBot, the Strider family don’t have as much personality, but they run smoother, faster, and stronger. There’s already a 3D-printing-friendly TrotBot model out there. Who’s going to work something up for Strider?

How much do we love mechanical walkers? Enough to post about bicycles made with Jansen linkages, remote-controlled toy Strandbeests both with weaponry and without, power-drill-powered walking scooters, and of course basically anything that Theo Jansen is up to.

If a trip to [Wade] and [Ben]’s website doesn’t get you working on a walker project, physical or virtual, we don’t know what will.

(And from the editorial department of deconfusion: the image in the banner is TrotBot, but it was just too cool to not use.)

Continue reading “Move Over Strandbeest, Here’s Strider!”

Tumbleweed Turbine Wins Dyson Foundation Award

Wind turbines are great when the wind flow is predictable. In urban environments, especially in cities with skyscrapers, wind patterns can be truly chaotic. What you need, then, is a wind turbine that works no matter which way the wind blows. And just such a turbine has won the global first prize James Dyson Award. Check out their video below the break.

The turbine design is really neat. It’s essentially a sphere with vents oriented so that it’s always going to rotate one way (say, clockwise) no matter where the wind hits it. The inventors say they were inspired by NASA’s Tumbleweed project, which started off as a brainstorming session and then went on to roll around Antarctica. We tumbled into this PDF, and this summary report, but would love more info if any of you out there know something about Tumbleweeds.

Back to the turbine, though. How efficient is it? How likely is it to scale? How will a 3D-printed version drive a junk-bin brushless motor on my balcony? The jury is still out. But if a significant portion of the wind comes from otherwise unusable directions, this thing could be a win. Who’s going to be the first to 3D print one?

Continue reading “Tumbleweed Turbine Wins Dyson Foundation Award”

An In-Depth Look at Dexter, the Robotic Arm

Dexter, a really great robot arm project, just won top honors in the 2018 Hackaday Prize, and walked away with $50,000 toward continuing their project. As a hat tip to Hackaday and the community, Haddington Dynamics, the company behind Dexter, agreed to open-source their newest version of Dexter as well. As James Newton said when accepting the trophy during the award ceremony, “because of your faith in us, because of this award, we have been moved to open-source the next generation of Dexter.” Some very clever work went into producing Dexter, and we can’t wait to see what further refinements have been made!

Dexter isn’t the only robotic arm in town, by any means. But in terms of hobbyist-level robotics, it’s by far the most complete robot arm that we’ve seen, and it includes a couple of design features that make both its positional accuracy and overall usability stand out above the rest. This is a robot arm with many of the bells and whistles of a hundred-thousand dollar robot, but on a couple-thousand dollar budget. Continue reading “An In-Depth Look at Dexter, the Robotic Arm”

Hackaday Meetup at Electronica: Thursday

Hackaday’s parent company Supplyframe is at Electronica in Munich this week — booth C5-223. On Thursday from 16:00 – 18:00, they’ll be hosting a Hackaday Happy Hour, with a beer and coffee bar, for everyone in the Hackaday community. They’d love to see you and hear what you’re working on, be it for your day job or your night job.

If you missed the #badgelife exhibit at Supercon, it’s here at Electronica. There will also be some of those mysterious cubes you may have heard about. Richard Hogben and Bogdan Rosu will be DJing fresh beats. Stop by and say hi to [Sophi Kravitz], [Majenta Strongheart], [Alek Bradic], and everyone else from the Supplyframe team.

Hackaday’s own [Elliot Williams] will also be wandering around Electronica Wednesday afternoon. He can’t promise free beer, but if you want to crawl around Electronica with [Elliot], meet up at the Supplyframe booth at 14:30 on Wednesday.