Arbitrary Code Execution Over Radio

April 7, 2023 by Bryan Cockfield 71 Comments

Computers connected to networks are constantly threatened by attackers who seek to exploit vulnerabilities wherever they can find them. This risk is particularly high for machines connected to the Internet, but any network connection can be susceptible to attacks. As highlighted by security researcher and consultant [Rick Osgood], even computers connected to nothing more than a radio can be vulnerable to attacks if they’re using certain digital modes of communication.

The vulnerability that [Rick] found involves exploiting a flaw in a piece of software called WinAPRS. APRS is a method commonly used in the amateur radio community for sending data over radio, and WinAPRS allows for this functionality on a PC. He specifically sought out this program for vulnerabilities since it is closed-source and hasn’t been updated since 2013. After some analysis, he found a memory bug which was used to manipulate the Extended Instruction Pointer (EIP) register which stores the memory address of the next instruction to be executed by the CPU. This essentially allows for arbitrary code execution on a remote machine via radio.

The exploit was found while using Windows XP because it lacks some of the more modern memory protection features of modern operating systems, but the exploit does still work with Windows 10, just not as reliably and with a bit of extra effort required. It’s a good reminder to use open-source software when possible so issues like these can get resolved, and to regularly install security updates when possible. If you’re looking to delve into the world of APRS in more modern times, take a look at this project which adds APRS to budget transceivers. Just make sure you get your license first.

Building The OhSillyScope

April 7, 2023 by Al Williams 6 Comments

If you have a Raspberry Pi connected to an LED matrix, you might think about creating a simple oscilloscope. Of course, the Pi isn’t really well-suited for that and neither is an LED matrix, so [Thomas McDonald] decided to create the OhSillyScope, instead.

The device isn’t very practical, but it does add some flash to live music performances or it makes a cool music visualizer. The matrix is only 64×64 so you can’t really expect it to match a proper scope. Besides that, it pulls its data from the Pi’s ALSA sound system.

You can find a video of the device on [Thomas’] Reddit post and a few additional videos on his Instagram account. Looks like a fun project and it also serves as a nice example if you need to read data from the sound card or drive that particular LED matrix.

We might have opted for PortAudio if we had written the same code, but only because it is more portable, which probably doesn’t matter here. Of course, you could also use GNURadio and some Python to drive the display. As usual, plenty of ways to solve any given problem.

Tube Amplifier Uses Low Voltage, Sips Battery

April 6, 2023 by Bryan Cockfield 25 Comments

Much like vinyl records, tube amplifiers are still prized for their perceived sound qualities, even though both technologies have been largely replaced otherwise. The major drawback to designing around vacuum tubes, if you can find them at all, is often driving them with the large voltages they often require to heat them to the proper temperatures. There are a small handful of old tubes that need an impressively low voltage to work, though, and [J.G.] has put a few of them to work in this battery-powered audio tube amplifier.

The key to the build is the Russian-made 2SH27L battery tubes which are originally designed in Germany for high-frequency applications but can be made to work for audio amplification in a pinch. The power amplifier section also makes use of 2P29L tubes, which have similar characteristics as far as power draw is concerned. Normally, vacuum tubes rely on a resistive heater to eject electrons from a conductive surface, which can involve large amounts of power, but both of these types of tubes are designed to achieve this effect with only 2.2 volts provided to the heaters.

[J.G.] is powering this amplifier with a battery outputting 5V via a USB connection, and driving a fairly standard set of speakers borrowed from a computer. While there aren’t any audio files for us to hear, it certainly looks impressive. And, as it is getting harder and harder to find vacuum tubes nowadays, if you’re determined to build your own amplifier anyway take a look at this one which uses vacuum tubes built from scratch.

ChatGPT Powers A Different Kind Of Logic Analyzer

April 6, 2023 by Dan Maloney 17 Comments

If you’re hoping that this AI-powered logic analyzer will help you quickly debug that wonky digital circuit on your bench with the magic of AI, we’re sorry to disappoint you. But if you’re in luck if you’re in the market for something to help you detect logical fallacies someone spouts in conversation. With the magic of AI, of course.

First, a quick review: logic fallacies are errors in reasoning that lead to the wrong conclusions from a set of observations. Enumerating the kinds of fallacies has become a bit of a cottage industry in this age of fake news and misinformation, to the extent that many of the common fallacies have catchy names like “Texas Sharpshooter” or “No True Scotsman”. Each fallacy has its own set of characteristics, and while it can be easy to pick some of them out, analyzing speech and finding them all is a tough job.

Continue reading “ChatGPT Powers A Different Kind Of Logic Analyzer” →

Fast Scanning Bed Leveling

April 6, 2023 by Al Williams 29 Comments

The bane of 3D printing is what people commonly call bed leveling. The name is a bit of a misnomer since you aren’t actually getting the bed level but making the bed and the print head parallel. Many modern printers probe the bed at different points using their own nozzle, a contact probe, or a non-contact probe and develop a model of where the bed is at various points. It then moves the head up and down to maintain a constant distance between the head and the bed, so you don’t have to fix any irregularities. [YGK3D] shows off the Beacon surface scanner, which is technically a non-contact probe, to do this, but it is very different from the normal inductive or capacitive probes, as you can see in the video below. Unfortunately, we didn’t get to see it print because [YGK3D] mounted it too low to get the nozzle down on the bed. However, it did scan the bed, and you can learn a lot about how the device works in the video. If you want to see one actually printing, watch the second, very purple video from [Dre Duvenage].

Generally, the issues with probes are making them repeatable, able to sense the bed, and the speed of probing all the points on the bed. If your bed is relatively flat, you might get away with probing only 3 points so you can understand how the bed is tilted. That won’t help you if your bed has bumps and valleys or even just twists in it. So most people will probe a grid of points.

Continue reading “Fast Scanning Bed Leveling” →

Reviving A Legend: Mamiya RB67 Repair

April 6, 2023 by Maya Posch 26 Comments

The damaged parts in the camera are circled in red. Original graphic is from the Mamiya service manual.

When it comes to professional medium format analog cameras, the Mamiya RB67 is among the most well-known and loved, ever since its introduction in 1970. Featuring not only support for 120 and 220 film options, but also a folding and ‘chimney’ style view finder and a highly modular body, these are just some reasons that have made it into a popular – if costly – reflex system camera even today. This is one reason why [Anthony Kouttron] chose to purchase and attempt to repair a broken camera, in the hopes of not only saving a lot of money, but also to save one of those amazing cameras from the scrap heap. Continue reading “Reviving A Legend: Mamiya RB67 Repair” →

Even Amstrad Spectrums Need Their Bugs Fixing

April 6, 2023 by Jenny List 2 Comments

The history of the Sinclair ZX Spectrum is one that mirrors the fortunes of the British home computer industry, one of an early 8-bit boom followed by a sharp decline as manufacturers failed to capitalise on the next generation of 16-bit machines. The grey ZX Spectrum on [Keri Szafir]’s bench is one that encapsulates that decline perfectly, being one of the first models produced under the ownership of Amstrad after Sir Clive’s company foundered. Amstrad made many improvements to the Spectrum, but as she demonstrates, there are still some fixes needed.

The machine came her way because of a hum from the tape deck circuitry. The read amplifier was picking up electrical noise, and she fixed it without mods to the circuit but with the simple expedient of powering the analogue circuit from the tape motor switch so it only works when needed.

Beyond that, this machine demonstrates another ’80s innovation, the SCART/Peritel AV connector. These first appeared on early-80s French TV sets, but by the later half of the decade had made it to the UK where Amstrad included support for an adapter cable from the DIN socket on the back of their Spectrum. Even then they didn’t get it quite right, and she modifies some links on the board to better support it.

Sinclair were famous for on-board bodges, and even in new ownership continued. There’s a reversed transistor and at least one bodged-on component, but of course, it wouldn’t be a Spectrum without bugs, would it!

Continue reading “Even Amstrad Spectrums Need Their Bugs Fixing” →