Python Web Proxy Convinces Sonos To Stream YouTube

February 4, 2022 by Dave Rowntree 22 Comments

[Maurice-Michel Didelot] owns a Sonos smart speaker, and was lamenting the devices inability (or plain unwillingness) to stream music from online sources without using a subscription service. YouTube Music will work, but being a subscription product there is a monthly fee, which sucks since you can listen to plenty of content on YouTube for free. [Maurice] decided that the way forward was to dig into how the Sonos firmware accesses ‘web radio’ sources, and see if that could be leveraged to stream audio from YouTube via some kind of on-the-fly stream conversion process.

What? No MP4 support for web radio? Curses!

So let’s dig in to how [Maurice] chose to approach this. The smart speaker can be configured to add various streaming audio sources, and allows you add custom sources for those. The Sonos firmware supports a variety of audio codecs, besides MP3, but YouTube uses the MP4 format. Sonos won’t handle that from a web radio source, so what was there to do, but make a custom converter?

After a little digging, it was determined that Sonos supports AAC encoding (which is how MP4 encodes audio) but needs it wrapped in an ADTS (Audio Data Transport Stream) container. By building a reverse web-proxy application, in python using Flask, it was straightforward enough to grab the YouTube video ID from the web radio request, forward a request to YouTube using a modified version of pytube tweaked to not download the video, but stream it. Pytube enabled [Maurice] to extract the AAC audio ‘atoms’ from the MP4 container, and then wrap them up with ADTS and forward them onto the Sonos device, which happily thinks it’s just a plain old MP3 radio stream, even if it isn’t.

Sonos doesn’t have the best reputation, let’s say, but you can’t deny that there’s some pretty slick tech going on inside. Here’s a neat hack we covered last year, adding Sonos support to an old school speaker, and a nice teardown of a IKEA Sonos-compatible unit, which uses some neat design hacks.

Thanks [mip] for the tip!

Featured image by Charles Deluvio on Unsplash.

The Fifteen Dollar Linux Computer

February 4, 2022 by Jenny List 66 Comments

Over the years we’ve seen many small computer boards of various abilities, among them many powerful enough to be almost-useful Linux general purpose computers. We’ve also seen more than a few computers that claimed the impossible, usually an amazing spec for a tiny price tag. Here for once is a small computer that’s neither of those two; a minimum viable Linux handheld terminal whose $15 USD price tag is openly discussed as a target price for a large production run rather than touted as its retail price.

It’s the work of legendary former Hackaday writer [Brian Benchoff], and instead of being merely a PCB it’s a fully usable computer with case, keyboard and display. It’s based upon an Allwinner F1C100s SoC, it’s powered by AAA cells, and it sports a split rubber keyboard that likely builds on his previous experience with the VT-69 portable RS-232 terminal. On the back is a USB port and an SD reader, and in the centre of the front panel lies a 320 x 240 pixel display. It’s important to note that this is not intended to run a GUI, while it’s DOOM-capable it remains very much a command-line Linux tool. Perhaps most interestingly it’s claimed that all the parts are available in quantity here in the chip shortage, so maybe there’s even a chance we might see it as more than a project. We can hope.

Thanks [Sathish Guru V] for the tip.

Copyright, What You Need To Know

February 4, 2022 by Jenny List 54 Comments

Last week brought the story of a group of crypto enthusiasts who paid well over the going rate for a rare sci-fi book, then proposed encoding scans of all its pages in a blockchain before making and selling NFTs of them. To guarantee their rarity the book was then to be burned. Aside from the questionable imagery surrounding book burning in general, one of the sources of mirth in the story was their mistaken idea that in buying a copy of a rare book they had also acquired its copyright rather than simply paying too much for a book.

It’s an excuse for a good laugh, but it’s also an opportunity to talk about copyright as it affects our community. I’m not a lawyer and I’m not here to give legal advice. Instead this is based on the working knowledge gathered over decades working in the content publishing industries. Continue reading “Copyright, What You Need To Know” →

Hackaday Podcast 154: A Good Enough CNC, Stepper Motors Unrolled, Smart Two-Wire LEDs, A Volcano Heard Around The World

February 4, 2022 by Tom Nardi 1 Comment

Join Hackaday Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney for this week’s podcast as we talk about Elliot’s “defection” to another podcast, the pros and cons of CNC builds, and making Nixie clocks better with more clicking. We’ll explore how citizen scientists are keeping a finger on the pulse of planet Earth, watch a 2D stepper go through its paces, and figure out how a minimalist addressable LED strip works. From solving a Rubik’s cube to answering the age-old question, “Does a watched pot boil?” — spoiler alert: if it’s well designed, yes — this episode has something for everyone.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct Download (Less than 60 MB)

Continue reading “Hackaday Podcast 154: A Good Enough CNC, Stepper Motors Unrolled, Smart Two-Wire LEDs, A Volcano Heard Around The World” →

Adafruit Hack Chat Helps You Copy That Floppy

February 4, 2022 by Tom Nardi 22 Comments

You might think the era of the 3.5 inch “floppy” disk is over, and of course, you’d be right. But when has that ever stopped hackers before? Just because these disks are no longer being manufactured doesn’t mean you can’t find them, or that the appropriate drives aren’t readily available. In fact, as [Ladyada] explained during this week’s Floppy Interfacing Hack Chat with Adafruit, the ongoing chip shortages mean its often easier and cheaper to track down old hardware like this than it is modern microcontrollers and other high-tech components.

What awaits the brave hacker that picks up a box of random floppies and a dusty old drive at the local thrift store? More than you might expect. As the Hack Chat goes on, it becomes increasingly obvious that these quaint pieces of antiquated technology can be rather difficult to work with. For one thing there are more formats out there than you’ve probably considered, and maddeningly, not all drives are able to read all types (even if they say they do). That means a disk which might seem like a dud on one drive could work perfectly fine in another, which is why the team at Adafruit recommend having a few on hand if you want to maximize your chances of success.

Now here comes the tricky part: unless you happen to have a 1990s vintage computer laying around, getting these drives hooked up is decidedly non-trivial. Which is why Adafruit have been researching how to interface the drives with modern microcontrollers. This includes the Adafruit_Floppy project, which aims to port the well known Greaseweazle and FluxEngine firmwares to affordable MCUs like the Raspberry Pi Pico. There’s also been promising developments with bringing native floppy support to CircuitPython, which would make reading these disks as easy as writing a few lines of code.

But wait, surely this is a solved problem? Why not just pick up a cheap USB floppy drive from the A to Z online retailer we all love to hate? Unfortunately, these gadgets are something of a mixed bag. [Ladyada] pulls one apart on camera to show that what you’re actually getting with one of these units is a new old stock laptop floppy drive hooked up to a dodgy purpose-built chip that connects to the original 26-pin flex cable and offers up a USB interface. That would be great, if it wasn’t for the fact that the chip is exceedingly selective about what kind of disks it will read. If you’re only worried about bog standard IBM-formatted disks they can work in a pinch, but like they say, you get what you pay for.

So is it all just academic? Is there really any reason to use a floppy disk in 2022? The fine folks at Adafruit would argue that the skills necessary to read usable data out of a stream of magnetic flux changes may very well come in handy in unexpected ways down the road. But even if not, there’s at least one good reason to cultivate the technology required to reliably read from these once ubiquitous storage devices: archiving the data stored on these disks before they invariably succumb to so-called “bit rot” and are potentially lost to history.

Continue reading “Adafruit Hack Chat Helps You Copy That Floppy” →

This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE

February 4, 2022 by Jonathan Bennett 6 Comments

Samba has a very serious vulnerability, CVE-2021-44142, that was just patched in new releases 4.13.17, 4.14.12, and 4.15.5. Discovered by researchers at TrendMicro, this unauthenticated RCE bug weighs in at a CVSS 9.9. The saving grace is that it requires the fruit VFS module to be enabled, which is used to support MacOS client and server interop. If enabled, the default settings are vulnerable. Attacks haven’t been seen in the wild yet, but go ahead and get updated, as PoC code will likely drop soon.

Crypto Down the Wormhole

One notable selling point to cryptocurrencies and Web3 are smart contracts, little computer programs running directly on the blockchain that can move funds around very quickly, without intervention. It’s quickly becoming apparent that the glaring disadvantage is these are computer programs that can move money around very quickly, without intervention. This week there was another example of smart contracts at work, when an attacker stole $326 million worth of Ethereum via the Wormhole bridge. A cryptocurrency bridge is a service that exists as linked smart contracts on two different blockchains. These contracts let you put a currency in on one side, and take it out on the other, effectively transferring currency to a different blockchain. Helping us make sense of what went wrong is [Kelvin Fichter], also known appropriately as [smartcontracts].

Alright. I figured out the Solana x Wormhole Bridge hack. ~300 million dollars worth of ETH drained out of the Wormhole Bridge on Ethereum. Here's how it happened.

— smartcontracts (@kelvinfichter) February 3, 2022

When the bridge makes a transfer, tokens are deposited in the smart contract on one blockchain, and a transfer message is produced. This message is like a digital checking account check, which you take to the other side of the bridge to cash. The other end of the bridge verifies the signature on the “check”, and if everything matches, your funds show up. The problem is that one one side of the bridge, the verification routine could be replaced by a dummy routine, by the end user, and the code didn’t catch it.

It’s a hot check scam. The attacker created a spoofed transfer message, provided a bogus verification routine, and the bridge accepted it as genuine. The majority of the money was transferred back across the bridge, where other user’s valid tokens were being held, and the attacker walked away with 90,000 of those ETH tokens. Continue reading “This Week In Security: Samba, Wormhole Crypto Heist, And A Bogus CVE” →

A 64-Bit Raspberry Pi OS At Last

February 4, 2022 by Jenny List 42 Comments

Long-term Raspberry Pi watchers will have seen a lot of OS upgrades in their time, from the first Debian Squeeze previews through the Raspbian years to the current Raspberry Pi OS. Their latest OS version is something different though, and could be one of the most important releases in the platform’s history so far, as finally there’s an official release of a 64-bit Raspberry Pi OS.

Would-be 64-bit Pi users have of course had the chance to run 64-bit GNU/Linux operating system builds from other distributions for nearly as long as there have been Pi models with 64-bit processors, but until now the official distribution has only been available as a 32-bit build. In their blog post they outline their reasons for this move in terms of compatibility and performance, and indeed we look forward to giving it a try.

Aside from being a more appropriate OS for a 64-bit Pi, this marks an interesting moment for the folks from Cambridge in that it is the first distribution that won’t run on all Pi models. Instead it requires a Pi 3 or better, which is to say the Pi 3, Zero 2 W, Pi 4, Pi 400, and the more powerful Compute Modules. All models with earlier processors including the original Pi, Pi Zero, and we think the dual-core Pi 2 require a 32-bit version, and while the Pi Zero, B+ and A+ featuring the original CPU are still in production this marks an inevitable move to 64-bit in a similar fashion to that experienced by the PC industry a decade or more ago.

As far as we know the Zero is still flying off the shelves, but this move towards an OS that will leave it behind is the expected signal that eventually there will be a Pi line-up without the original chip being present. We’re sure the 32-bit Pi will be supported for years to come, but it should be clear that the Pi’s future lies firmly in the 64-bit arena. They’ve retained their position as the board to watch oddly not by always making the most impressive hardware but by having the most well-supported operating system, and this will help them retain that advantage by ensuring that OS stays relevant.

On the subject of the future course of the Pi ship, our analysis that the Compute Module 4 is their most exciting piece of hardware still stands.