Screenshot of the SDR software in action, with decoded data in a terminal, and a map that shows the location received from the decoded data

Loudmouth DJI Drones Tell Everyone Where You Are

March 26, 2023 by 42 Comments

Back when commercial quadcopters started appearing in the news on the regular, public safety was a talking point. How, for example, do we keep them away from airports? Well, large drone companies didn’t want the negative PR, so some voluntarily added geofencing and tracking mechanisms to their own drones.

When it comes to DJI, one such mechanism is DroneID: a beacon on the drone itself, sending out a trove of data, including its operator’s GPS location. DJI also, of course, sells the Aeroscope device that receives and decodes DroneID data, declared to be for government use. As it often is with privacy-compromising technology, turns out it’s been a bigger compromise than we expected.

Questions started popping up last year, as off-the-shelf quadcopters (including those made by DJI) started to play a part in the Russo-Ukrainian War. It didn’t take long for Ukrainian forces to notice that launching a DJI drone led to its operators being swiftly attacked, and intel was that Russia got some Aeroscopes from Syria. DJI’s response was that their products were not meant to be used this way, and shortly thereafter cut sales to both Russia and Ukraine.

But security researchers have recently discovered the situation was actually worse than we expected. Back in 2022, DJI claimed that the DroneID data was encrypted, but [Kevin Finisterre]’s research proved that to be a lie — with the company finally admitting to it after Verge pushed them on the question. It wouldn’t even be hard to implement a worse-than-nothing encryption that holds up mathematically. However, it seems, DroneID doesn’t even try: here’s a GitHub repository with a DroneID decoder you can use if you have an SDR dongle.

Sadly, the days of companies like DJI standing up against the anti-copter talking points seem to be over, Now they’re setting an example on how devices can subvert their owners’ privacy without reservation. Looks like it’s up to hackers on the frontlines to learn how to excise DroneID, just like we’ve done with the un-nuanced RF power limitations, or the DJI battery DRM, or transplanting firmware between hardware-identical DJI flight controller models.

Continue reading “Loudmouth DJI Drones Tell Everyone Where You Are”

A 1960s Copal flip clock

Classic 1960s Flip Clock Gets NTP Makeover

March 26, 2023 by 14 Comments

Many of the clocks we feature here on Hackaday are entirely built from scratch, or perhaps reuse an unusual display type. But sometimes, an old clock is just perfect as it is, and only needs a bit of an upgrade to help it fit into the modern world. One such example is the lovely 1960s Copal flip clock (in German, Google Translate link) that [Wolfgang Jung] has been working with — he managed to bring it squarely into the 21st century without changing its appearance one bit.

Like most flip clocks from the 60s and 70s, the Copal clock uses a small synchronous AC motor to advance the digits. Because this motor runs in step with the mains frequency, it also acts as the clock’s timing reference. However the original motor had died, and a direct replacement was impossible to find. So [Wolfgang] decided to replace it with a modern stepper motor. He designed a small PCB that fit the original housing, on which he placed a Trinamic TMC2225 stepper motor driver, a Wemos D1 Mini and a small 5 V power supply.

A flip clock mechanism with a PCB attached to itThanks to its WiFi connection, the D1 can find out the correct time by contacting a Network Time Protocol (NTP) server. Displaying that time would be tricky with the original hardware though, because there is no indication of which numbers are displayed at any time. [Wolfgang] cleverly solved this problem by placing an IR proximity sensor near the lowest digit, allowing the D1 to count the number of digits that have flipped over and thereby deduce the current state of the display.

There’s plenty of fun to be had with classic flip clocks like this, and with a bit of hacking any old split-flap display should be usable for your own clock project. If none are available at your local thrift store or yard sales, you can always roll your own.

Showing the dock PCB with a Pi Zero attached and wired up onto it

Is Your USB-C Dock Out To Hack You?

March 26, 2023 by 20 Comments

In today’s installment of Betteridge’s law enforcement, here’s an evil USB-C dock proof-of-concept by [Lachlan Davidson] from [Aura Division]. We’ve seen malicious USB devices aplenty, from cables and chargers to flash drives and even suspicious USB fans. But a dock, however, is new. The gist is simple — you take a stock dock, find a Pi Zero W and wire it up to a USB 2.0 port tapped somewhere inside the dock. Finding a Pi Zero is unquestionably the hardest part in this endeavor — on the software side, everything is ready for you, just flash an SD card with a pre-cooked malicious image and go!

On the surface level, this might seem like a cookie-cutter malicious USB attack. However, there’s a non-technical element to it; USB-C docks are becoming more and more popular, and with the unique level of convenience they provide, the “plug it in” temptation is much higher than with other devices. For instance, in shared workspaces, having a USB-C cable with charging and sometimes even a second monitor is becoming a norm. If you use USB-C day-to-day, the convenience of just plugging a USB-C cable into your laptop becomes too good to pass up on.

This hack doesn’t exactly use any USB-C specific technical features, like Power Delivery (PD) – it’s more about exploiting the convenience factor of USB-C that incentivizes you to plug a USB-C cable in, amplifying an old attack. Now, BadUSB with its keystroke injection is no longer the limit — with a Thunderbolt-capable USB-C dock, you can connect a PCIe device to it internally and even get access to a laptop’s RAM contents. Of course, fearing USB-C cables is not a viable approach, so perhaps it’s time for us to start protecting from BadUSB attacks on the software side.

Recreating One Of History’s Best Known Spy Gadgets

March 25, 2023 by 22 Comments

[Machining and Microwaves] got an interesting request. The BBC asked him to duplicate the Great Seal Bug — the device the Russians used to listen covertly to the US ambassador for seven years in 1945. Turns out they’re filming a documentary on the legendary surveillance device and wanted to demonstrate how it worked.

The strange thing about the bug is that it wasn’t directly powered. It was actually a resonant cavity that only worked when it was irradiated with an external RF energy. Most of the video is background about the bug, with quite a few details revealed. We particularly liked the story of using a software defined radio (SDR) to actually make the bug work.

As you might expect, things didn’t go smoothly. Did they ever get results on camera? Watch the video, and you can find out. This is just the first of six videos he plans to make on the topic, and we can’t wait for future videos that cover the machining and more technical details.

We’ve examined the Theremin bug before. There’s a definite cat-and-mouse dynamic between creating bugging devices and detecting them.

Continue reading “Recreating One Of History’s Best Known Spy Gadgets”

Single Flex PCB Folds Into A Four-Wheel Rover, Complete With Motors

March 25, 2023 by 3 Comments

You’ve got to hand it to [Carl Bugeja] — he comes up with some of the most interesting electromechanical designs we’ve seen. His latest project is right up there, too: a single PCB that folds up into a four-wheel motorized rover.

The key to [Carl]’s design lies with his PCB brushless motors, which he has been refining since we first spotted them back in 2018. The idea is to use traces on the PCB for the stator coils to drive a 3D printed rotor containing tiny magnets. They work surprisingly well, even if they don’t generate a huge amount of torque. [Carl]’s flexible PCB design, which incorporates metal stiffeners, is a bit like an unfolded cardboard box, with two pairs of motor coils on each of the side panels. This leaves the other surfaces available for all the electronics, with includes a PIC, a driver chip, and a Hall sensor for each motor, an IMU and proximity sensor for navigation, and an ESP32 to run the show.

With machined aluminum rotors and TPU tires mounted to the folded-up chassis, it was off to the races, albeit slowly. The lack of torque from the motors and the light weight of the rover, along with some unwanted friction due to ill-fitting joints, added up to slow progress, especially on anything other than a dead flat surface. But with some tweaking, [Carl] was able to get the buggy working well enough to call this one a win. Check out the build and testing in the video below.

Knowing [Carl], this isn’t the last we’ll see of the foldable rover. After all, he stuck with his two-wheel PCB motor design and eventually got that running pretty well. We’ll be keeping an eye out for progress on this one.

Continue reading “Single Flex PCB Folds Into A Four-Wheel Rover, Complete With Motors”

Inside Digital Image Chips

March 25, 2023 by 8 Comments

Have you ever thought how amazing it is that every bit of DRAM in your computer requires a teeny tiny capacitor? A 16 GB DRAM has 128 billion little capacitors, one for each bit. However, that’s not the only densely-packed IC you probably use daily. The other one is the image sensor in your camera, which is probably in your phone. The ICs have a tremendous number of tiny silicon photosensors, and [Asianometry] explains how they work in the video you can see below.

The story starts way back in the 1800s when Hertz noticed that light could knock electrons out of their normal orbits. He couldn’t explain exactly what was happening, especially since the light intensity didn’t correlate to the energy of the electrons, only the number of them. It took Einstein to figure out what was going on, and early devices that used the principle were photomultiplier tubes, which are extremely sensitive. However, they were bulky, and an array of even dozens of them would be gigantic.

Semiconductor devices use silicon. Bell Labs was working on bubble memory, which was a way of creating memory that was never very popular. However, as a byproduct, the researchers realized that moving charges around for memory could also move around charges from photosensitive diodes. The key idea was that it was harder to connect many photodiodes than it was to create the photodiodes. Using the charge-coupled device or CCD method, the chip could manipulate the charges to reduce the number of connections to the chip.

CCDs opened up the digital image market, but it has some problems. The next stage was CMOS chips. They’d been around for a while since IBM produced the scanistor, but the sensitivity of these CMOS image chips was poor. Since most people were happy with CCD, there wasn’t as much research on CMOS. However, CMOS sensors would eventually become more capable, and the video explains how it works.

We’ve looked at image sensors before, too. The way you read them can make a big difference in your images.

Continue reading “Inside Digital Image Chips”

How Much Programming Can ChatGPT Really Do?

March 25, 2023 by 50 Comments

By now we’ve all seen articles where the entire copy has been written by ChatGPT. It’s essentially a trope of its own at this point, so we will start out by assuring you that this article is being written by a human. AI tools do seem poised to be extremely disruptive to certain industries, though, but this doesn’t necessarily have to be a bad thing as long as they continue to be viewed as tools, rather than direct replacements. ChatGPT can be used to assist in plenty of tasks, and can help augment processes like programming (rather than becoming the programmer itself), and this article shows a few examples of what it might be used for.

AI comments are better than nothing…probably.

While it can write some programs on its own, in some cases quite capably, for specialized or complex tasks it might not be quite up to the challenge yet. It will often appear extremely confident in its solutions even if it’s providing poor or false information, though, but that doesn’t mean it can’t or shouldn’t be used at all.

The article goes over a few of the ways it can function more as an assistant than a programmer, including generating filler content for something like an SQL database, converting data from one format to another, converting programs from one language to another, and even help with a program’s debugging process.

Some other things that ChatGPT can be used for that we’ve been able to come up with include asking for recommendations for libraries we didn’t know existed, as well as asking for music recommendations to play in the background while working. Tools like these are extremely impressive, and while they likely aren’t taking over anyone’s job right now, that might not always be the case.