Hacking A Xiaomi Air Purifier’s Filter DRM To Extend Its Lifespan

January 26, 2024 by 10 Comments

When [Unethical Info] was looking at air purifiers a while back, their eye fell on a Xiaomi 4 Pro, with a purchase quickly made. Fast-forward a while and suddenly the LCD on top of the device was showing a threatening ‘0% filter life remaining’ error message. This was traced back to an NFC (NTAG213) tag stuck to the filter inside the air purifier that had been keeping track of usage and was now apparently the reason why a still rather clean filter was forcibly being rejected. Rather than give into this demand, instead the NFC tag and its contents were explored for a way to convince it otherwise, inkjet cartridge DRM-style.

While in the process of reverse-engineering the system and doing some online research, a lucky break was caught in the form of earlier research by [Flamingo Tech] on the Xiaomi Air Purifier 3, who had obtained the password-generating algorithm used with the (password-locked) NFC tag, along with the target area of the filter’s NFC tag to change. Using the UID of the NFC tag, the password to unlock the NFC tag for writing was generated, which requires nothing more than installing e.g. ‘NFC Tools’ on an NFC-capable Android/iOS smartphone to obtain the tag’s UID and reset the usage count on the filter.

A password generating tool is provided with the [Unethical Info] article, and this approach works across a range of Xiaomi air purifiers, making it an easy fix for anyone who owns such a device but isn’t quite ready yet to shell out the big bucks for a fresh DRM-ed filter. This approach also saves one from buying more NFC tags, which was the case with the previous solution.

Building A Cable-Driven Delta Printer

January 26, 2024 by 11 Comments

Most of us have played with a Cartesian-style 3D printer. Maybe you’ve even built a rigid delta. In this case, [Diffraction Limited] decided to a little further away from the norm with a cable-based delta design.

This delta design uses direct cable drives to control the end effector, with preloading rods effectively decoupling the preload from the drive force. Thus, the motors only have to provide enough power to move the end effector around without fighting the tension in the cables. The end effector is nice and light, because the motors remain stationary. With lightly-loaded motors and a lightweight effector, rapid accelerations are possible for faster printing. The video does a great job of explaining how the winch-based actuation system works to move the mechanism quickly and accurately. It’s a pleasure to watch the delta robot bouncing around at high speed as it executes a print.

The video notes that it was a successful build, though difficult to calibrate. The strings also wore out regularly. The truth of the matter is, delta printers are just more fun to watch at work than their less-controversial Cartesian cousins. Video after the break.

Continue reading “Building A Cable-Driven Delta Printer”

A DIY E-Ink Tank Watch

January 26, 2024 by 9 Comments

[Augusto Marinucci] liked the classic Cartier Tank series of dress watches aesthetic, but wanted something a bit more techy, with a decent runtime on a single battery. E-Ink displays are often used in such applications, but finding one to fit a custom case design, is a tall order. When ordering one off the shelf is not easy, the solution is to make one from scratch.

Building a programming jig is a great idea for small-scale production

The article doesn’t have much information on the E-Ink side of things, which is a bit of a shame. But from what we can glean, the segment shapes — in this case, based on the famous Apollo DSKY — are formed in the top copper of a four-layer PCB, using filled and capped vias to connect invisibly from below.

A donor E-Ink display is cut to size with scissors (we don’t know much more than this!) and glued in place around the edge to make the common electrode connection. The display PCB attaches to the control PCB, at the rear using low-profile board-to-board connectors. This board hosts a PIC16 micro, as well as an RV-3028-C7 RTC which keeps time whilst consuming a paltry 45 nA.

Five volts are provided via a MAX1722 low-power boost converter which is fed power from the CR1616 cell via a couple of logic-controllable load switches. With a low-power design such as this, it’s critical to get this correct. Any mistakes here can easily result in a very low runtime. It is easy to over-stress small button cells and kill them prematurely.

The case looks like it’s printed in a translucent resin, with the PCB stack sealed inside with a UV-cured resin pour. It’s not immediately obvious if the rear panel can be removed to access the battery and programming port. There are what appear to be screw holes, so maybe that’s possible, or maybe they’re the rear side of the PCB mounting posts. Who can tell?

If DIY hardware is but too much effort for you, then there’s the option of hacking new firmware onto an existing watch, or perhaps meeting in the middle and making something out of all those junk E-ink tags you can get from time to time?

Thanks to [JohnU] for the tip!

Hackaday Podcast Episode 254: AI, Hijack Guy, And Water Rockets Fly

January 26, 2024 by 1 Comment

This week Hackaday Editors Elliot Williams and Al Williams chew the fat about the Haier IOT problem, and all other top Hackaday stories of the week. Want to prove your prowess at C programming? Take a quiz! Or marvel at some hairy display reverse engineering or 3D-printed compressor screws. On the lighter side, there’s an immense water rocket.

After Al waxes nostalgic about the world of DOS Extenders and extended memory, the guys talk about detective work: First detecting AI-written material, and finally, a great detective story about using science to finally (maybe) crack the infamous DB Cooper hijacking case.

Follow along with the links below. Don’t forget to tell us what you think about this episode in the comments!

Here’s a string of bits containing the podcast that looks suspiciously like an MP3!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 254: AI, Hijack Guy, And Water Rockets Fly”

Wearable Robot Makes Mountain Climbing A Breeze For Seniors

January 26, 2024 by 23 Comments

You know, it’s just not fair. It seems that even if we stay active, age will eventually get the better of our muscles, robbing them of strength and our bodies of mobility. Canes and walkers do not provide additional strength, just support and reassurance in a treacherous landscape. What people could really benefit from are wearable robots that are able to compensate for a lack of muscle strength.

[Dr. Lee Jongwon] of the Korea Institute of Science and Technology has developed this very thing. MOONWALK-Omni is designed to “actively support leg strength in any direction”, and make one feel like they are walking on the moon. In order to test the wearable robot, [Dr. Jongwon] invited senior citizens to climb Korea’s Mount Yeongbong, which is some 604 meters (1980 feet) above sea level.

The robot weighs just 2 kg (about 4.5 lbs) and can be donned independently by the average adult in under ten seconds. There are four high-powered but ultra lightweight actuators on either side of the pelvis that aid balance and boost leg strength by up to 30%. This is all designed to increase propulsion.

An AI system works to analyze the wearer’s gait in real time in order to provide up-to-the-second effective muscle support in many different environments. One wearer, a formerly active mountain climber, reported feeling 10-20 years younger when reaching the top of Mount Yeongbong.

It’s quite interesting to see mobility robots outside of the simplicity of the rehabilitation setting. We have to wonder about the battery life. Will everyone over 65 be wearing these someday? We can only hope they become so affordable. In the meantime, here’s a wearable robot that travels all over your person for better telemetry.

This Week In Security: MOAB, Microsoft, And Printers

January 26, 2024 by 15 Comments

This week, news has broken of the Mother of All Breaches, MOAB. It’s 12 terabytes and 26 billion records, averaging about 500 bytes each. Now note that a record here is likely not a discrete email address, but simply a piece of data — a row on the database.

Now before we all lose our minds over this, there’s an important detail to take note of: These aren’t new leaks. This is a compilation of leaks, and as far as researchers have checked, there aren’t any new leaks disclosed here. This was someone’s database of accumulated leak data, accidentally re-leaked via an unsecured database. [Troy Hunt] goes so far as to speculate that it could be from a breach search service, which sounds pretty plausible.

There was yet another release of credentials late last week that hasn’t attracted as much attention, but seems to represent a much bigger issue. The Naz.api data set isn’t a breach where a company was hacked, and their entire user database was stolen. Instead, this one is combination of a credential stuffing list and stealer logs.

Credential stuffing is basically a smarter brute force attack, where the credentials from one breach are tried on multiple other sites. Such a list is just the results where guesses were successful. The really interesting bit is that this dataset seems to include stealer logs. Put simply, that’s the results of malware that scrapes victim machines for credentials.

Naz.api has over 70 million unique email addresses, and it looks like about a third of them are new, at least according to the Haveibeenpwned dataset. Now that’s significant, though not really worthy of the MOAB title, either. Continue reading “This Week In Security: MOAB, Microsoft, And Printers”

San Francisco Sues To Keep Autonomous Cars Out Of The City

January 26, 2024 by 32 Comments

Although the arrival of self-driving cars and taxis in particular seems to be eternally ‘just around the corner’ for most of us, in an increasing number of places around the world they’re already operational, with Waymo being quite prevalent in the US. Yet despite approval by the relevant authorities, the city of San Francisco has opted to sue the state commission that approved Google’s Waymo and GM’s Cruise. Their goal? To banish these services from the streets of SF, ideally forever.

Whether they will succeed in this seems highly doubtful. Although Cruise has lost its license to operate in California after a recent fatal accident, Waymo’s track record is actually quite good. Using public information sources, there’s a case to be made that Waymo cars are significantly safer to be in or around than those driven by human operators. When contrasted with Cruise’s troubled performance, it would seem that the problem with self-driving cars isn’t so much the technology as it is the safety culture of the company around it.

Yet despite Waymo’s better-than-humans safety record, it is regarded as a ‘nuisance’, leading some to sabotage the cars. The more reasonable take would seem to be that although technology is not mature yet, it has the overwhelming advantage over human drivers that it never drives distracted or intoxicated, and can be deterministically improved and tweaked across all cars based on experiences.

These considerations have been taken into account by the state commission that has approved Waymo operating in SF, which is why legal experts note that SF case’s chances are very slim based on the available evidence.