Author: Elliot Williams

1436 Articles

Do Your Research

July 20, 2024 by 7 Comments

We were talking about a sweet hack this week, wherein [Alex] busts the encryption for his IP web cam firmware so that he can modify it later. He got a number of lucky breaks, including getting root on the device just by soldering on a serial terminal, but was faced with having to reverse-engineer a binary that implemented RSA encryption and decryption.

Especially when they’re done right, and written to avoid side-channel attacks, encryption routines aren’t intuitive, even when you’re looking at the C source. Reversing it from the binary would be a tremendous hurdle.

That’s when [Alex] started plugging in strings he found in the binary into a search engine. And that’s when he found exactly the open source project that the webcam used, which gave him the understanding he needed to crack the rest of the nut.

Never forget! When you’re doing some reverse engineering, whether hardware or software, do a search for every part number and every string you find in memory. If you’re like me, it might feel like cheating a little bit, but it’s just being efficient. It’s what all your hacker heroes say they do, and if you’re lucky, it might just be the break you need too.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Show Us Your Minimalist Games, And Win

July 16, 2024 by 16 Comments

Sometimes the tightest constraints inspire the highest creativity. The 2024 Tiny Games Challenge invites you to have the most fun with the most minimal setup. Whether that’s tiny size, tiny parts count, or tiny code, we want you to show us that big fun can come in small packages.

The Tiny Games Challenge starts now and runs through September 10th, with the top three entries receiving a $150 gift certificate courtesy of DigiKey.

Continue reading “Show Us Your Minimalist Games, And Win”

Congratulations To The 2024 Business Card Challenge Winners!

July 15, 2024 by 8 Comments

When you ask a Hackaday crowd to design a business card, you should expect to be surprised by what you get. But still, we were surprised by the breadth of entries! Our judges wracked their brains to pick their top ten, and then we compared notes, and three projects rose to the top, but honestly the top ten could have all won. It was a tight field. But only three of the entries get to take home the $150 DigiKey gift certificates, so without further ado…

Continue reading “Congratulations To The 2024 Business Card Challenge Winners!”

Undo Arduino Encryption With An Oscilloscope

July 14, 2024 by 16 Comments

Cryptography ain’t easy. Seemingly small details like how many times a computationally intensive loop runs can give the game away. [Lord Feistel] gives us a demo of how this could work with nothing more than poorly designed code, a resistor, and an oscilloscope.

The hardware side is, as mentioned, really simple. Put a resistor inline with the Arduino and monitor the voltage drop across the resistor with the scope. When the chip is working hard, it consumes more current, and code sections that take longer will show up as longer dips.

On the software end, it’s only a little more complicated.  The RSA encryption scheme involves a lot of exponentiation and modulo-taking. Here, [Lord Feistel] is targeting a naive way of computing the exponents quickly, and demonstrates how you can read the exponent straight out the chip’s power demand.

Implementing this attack against a real-world RSA algorithm, in the context of the Arduino doing other stuff, will be harder. And we don’t know if the algorithm implemented in “standard” Arduino libraries is smarter than this one. (If you know, let us know in the comments.) But still, this is a cool example of just how simple and straightforward it can be to eavesdrop on bad code.

If you only need to bypass encryption instead of breaking it, check out [Lord Feistel]’s other tutorial on power glitching that we featured previously. If you haven’t played around with the hardware side of security, it gets deep pretty quickly, but you can at least dip your toes in the shallow end with what you’ve got in your closet.

It’s Not Unusual To Love Hacking

July 13, 2024 by 22 Comments

Most of what we do here at Hackaday is look out for cool projects and then write them up so that you all know about them. Nothing is better than being really stoked about a clever hack and then being able to share it with tens of thousands of like-minded folks. Sure, it’s our job, but we really do it because we love to share. And it’s clear that you all do too! After all, we write up the hacks that you document for us.

We recently featured a hack where the guy who did the work in question said that he didn’t think it was “worthy of Hackaday”. (Of course, it was!) And I don’t like that sentiment at all, honestly, because a hack that you enjoyed doing is a hack worth sharing, even if just for sharing the joy of doing it, and that came across fully.

Of course we gladly feature the ultra-bravado hacks where the nearly impossible is made real. But there’s equal value in the simple hacks that inspire others to pursue one odd path or another. Or even pieces where there’s no hack involved, but simply the sharing of something cool.

This week, [Arya Voronova] wrote a piece about her experience using MicroPython on embedded devices, and it apparently resonated with a lot of our readers. It’s not a deep-dive into MicroPython, or a mind-bending abuse of the language. Instead, it’s a simple “this is what I love about doing things this way”, and that’s a great perspective that often gets lost when we get deep in the technical weeds.

I had the same realization a few months back at Hackaday Europe. In the lightning talks, most everyone gave talks about cool projects that they are working on, and they’re absolutely worth watching for that. [Jaap Meijers] gave a wonderful talk about making animated QR codes, but it wasn’t about how he invented animated QR codes, because he was just using someone else’s project. Instead, it was about how neat he thought someone else’s work was, and how he really wanted to share it with us. (And now you know too.)

Epic hacks are fantastic, no question. But the simple expression of the love of hacking, whether in words or in the doing, is equally important. Show us your work, but don’t forget to show us your joy along the way.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Supercon Call For Proposals Extended: July 16th

July 9, 2024 by 4 Comments

Ever since the first Supercon, people have submitted talk proposals at the very last minute, and some even in the minutes after the last minute. We know how it is – we are fully licensed procrastineers ourselves. So with an eye toward tradition, we’re extending the Call for Speakers and the Call for Workshops one more week, until July 16th.

The Hackaday Superconference is really and truly our favorite event of the year. It’s small, but not too small. The ideas everyone brings with them, however, are big. It’s like the absolute best of Hackaday live and in person. If you’re looking for a place to give a technical talk, or just to regale us all with the trials and triumphs of hacking, you won’t find a more receptive audience anywhere. Plus, presenters get in free.

In other news, [Voja] has an alpha version of the badge finished, so all that’s left is 90% of the work disguised as 10%. Some people have asked for clues, and what we’ll say at this point is that “Simple Add Ons have underutilized I2C pins”.

Expect tickets to go on sale in the next weeks – early bird tickets sell out fast. Keep your eyes on Hackaday for the announcement post when it goes live. Or, you can skip straight to the front of the line by giving a talk. But you can’t give a talk if you don’t submit your proposal first. Get on it now, because we’re not going to extend the CFP twice!

Repeatable “One-Click” Fusion, From Your Cellphone

July 6, 2024 by 22 Comments

Sometimes you spend so much time building and operating your nuclear fusor that you neglect the creature comforts, like a simple fusion control profile or a cellphone app to remote control the whole setup. No worries, [Nate Sales] has your back with his openreactor project, your one-click fusion solution!

An inertial electrostatic confinement (IEC) fusor is perhaps the easiest type of fusion for the home gamer, but that’s not the same thing as saying that building and running one is easy. It requires high vacuum, high voltage, and the controlled introduction of deuterium into the chamber. And because it’s real-deal fusion, it’s giving off neutrons, which means that you don’t want to be standing on the wrong side of the lead shielding. This is where remote control is paramount.

While this isn’t an automation problem that many people will be having, to put it lightly, it’s awesome that [Nate] shared his solution with us all. Sure, if you’re running a different turbo pump or flow controller, you might have some hacking to do, but at least you’ve got a start. And if you’re simply curious about fusion on a hobby scale, his repo is full of interesting details, from the inside.

And while this sounds far out, fusion at home is surprisingly attainable. Heck, if a 12-year old or even a YouTuber can do it, so can you! And now the software shouldn’t stand in your way.

Thanks [Anon] for the tip!