How A Pentester Gets Root

February 20, 2022 by 9 Comments

Have you ever wanted to be a fly on the wall, watching a penetration tester attack a new machine — working their way through the layers of security, ultimately leveraging what they learned into a login?  What tools are used, what do they reveal, and how is the information applied? Well good news, because [Phani] has documented a step-by-step of every action taken to eventually obtain root access on a machine — amusingly named DevOops — which was set up specifically for testing.

[Phani] explains every command used (even the dead-end ones that reveal nothing useful in this particular case) and discusses the results in a way that is clear and concise. He starts from a basic port scan, eventually ending up with root privileges. On display is an overall process of obtaining general information.  From there, [Phani] methodically moves towards more and more specific elements. It’s a fantastic demonstration of privilege escalation in action, and an easy read as well.

For some, this will give a bit of added insight into what goes on behind the scenes in some of the stuff covered by our regular feature, This Week in Security.

Homemade Panadapter Brings Waterfall To Old Radio

February 20, 2022 by 16 Comments

Ham radio operators can be pretty selective about their gear. Some are old-school tube purists who would never think of touching a rig containing transistors, and others are perfectly happy with the small Software Defined Radio (SDR) hooked up to their PC. The vast majority, though, of us are somewhere in between — we appreciate the classic look and feel of vintage radios as well as the convenience of modern ones. Better yet, some of us even like to combine the two by adding a few modern bells and whistles to our favorite “boat anchor.”

[Scott Baker] is one such Ham. He’s only had his license for a few months now and has already jumped into some great projects, including adding a panadapter to an old Drake R-4B Receiver. What’s a panadapter, you may ask? As [Scott] explains in his excellent writeup and video, a panadapter is a circuit that grabs a wideband signal from a radio receiver that typically has a narrowband output. The idea is that rather than just listen to somebody’s 4kHz-wide transmission in the 40m band, you can listen to a huge swath of the spectrum, covering potentially hundreds of transmissions, all at the same time.

Well, you can’t actually listen to that many transmissions at once — that would be a garbed mess. What you can do with that ultrawide signal, however, is look at it. If you take an FFT of the signal to put it in the frequency domain (by using a spectrum analyzer, or in [Scott]’s case, an SDR), you can see all sorts of different signals up and down the spectrum. This makes it a heck of a lot easier to find something to listen to — rather than spinning the dial for hours, hoping to come across a transmission, you can just see where all of the interesting signals are.

This isn’t the first (or even the twentieth) time that [Scott]’s work has graced our pages, so make sure to check some of his other incredible projects in our archives!

Continue reading “Homemade Panadapter Brings Waterfall To Old Radio”

The inside of a Laser-Induced Breakdown Spectrometer

Spectrometer Detects Chemicals By Zapping Samples With A Laser Beam

February 19, 2022 by 18 Comments

Here at Hackaday, we love projects that result in useful lab equipment for a fraction of the cost of professional gear. [Lorenz], over at Advanced Tinkering, built his own instrument for Laser-Induced Breakdown Spectroscopy, or LIBS, and it’s quite an impressive device. LIBS is a technique for analyzing substances to find their chemical composition. Basically, the idea is to zap a sample with a powerful laser, then look at the little cloud of plasma that results and measure the wavelengths emitted by it.

A plot showing the spectrum of hematite
The spectrum of hematite (iron oxide), compared to that of pure iron

The laser [Lorenz] used is a Nd:YAG unit salvaged from a tattoo removal machine. After it fires a pulse, a photodiode detects the light and triggers a spectrometer, which consists of a diffraction grating, a few lenses and mirrors, and a linear CCD sensor. The grating splits the incoming lights into its constituent components, which fall onto the CCD and trigger its pixels. An STM32 Nucleo board reads out the results and sends them to a PC for further processing.

That processing bit turned out to be a full project on its own. [Lorenz] called upon [g3gg0], who software that simplifies the operation of the spectrometer. First, it helps with the instrument’s calibration. Point the detector at a well-known light source like a laser or a fluorescent lamp, then select the expected wavelengths on the resulting spectral plot. The software then automatically calculates the correct coefficients to map each pixel to a specific wavelength.

The software also contains a database of spectra corresponding to chemical elements: once you’ve taken a spectrum of an unknown sample, you can overlay these onto the resulting plot and try to find a match. The resulting system seems to work quite well. Samples of iron oxide and silver oxide gave a reasonable match to their constituent components.

We’ve seen other types of spectrometers before: if you simply want to characterize a light source, check out this Raspberry Pi-based model. If you’re interested in chemical analysis you might also want to look at this open-source Raman spectrometer.

Continue reading “Spectrometer Detects Chemicals By Zapping Samples With A Laser Beam”

Make Your Own Tabletop Game Organizers With Online Tool

February 19, 2022 by 3 Comments

There is a vibrant cottage industry built around selling accessories to improve the storage and organization of tabletop games, but the more DIY-minded will definitely appreciate [Steve Genoud]’s deckinabox tool, which can create either 3D-printable designs, or ones more suited to folded paper or cardstock. Making your own organizer can be as satisfying as it is economical, and [Steve]’s tool aims to make customization simple and easy.

The tool can also generate models for folded paper or cardstock.

The interface for customizing the 3D-printable token tray, for example, begins with a simple filleted receptacle which one can split into additional regions by adding horizontal or vertical separators. The default is to split a given region down the middle, but every dimension can of course be specified.  Things like filleting of edges (for easier token scooping) and other details are all handled automatically. A handy 3D view gives a live render of the design after every change.

[Steve] has a blog post that goes into some added detail about how the tool was made, and it makes heavy use of replicad, [Steve]’s own library for generating browser-based 3D models in code. Intrigued by the idea of generating 3D models programmatically, and want to use it to make your own models? Don’t forget to also check out OpenSCAD; chances are it’s both easier to use and more capable than one might think.

DIY Hydrophone Listens In On The Deep For Cheap

February 19, 2022 by 11 Comments

The microphone is a pretty ubiquitous piece of technology that we’re all familiar with, but what if you’re not looking to record audio in the air, and instead want to listen in on what’s happening underwater? That’s a job for a hydrophone! Unfortunately, hydrophones aren’t exactly the kind of thing you’re likely to find at the big-box electronics store. Luckily for us, [Jules Ryckebusch] picked up a few tricks in his 20-year career as a Navy submariner, and has documented his process for building a sensitive hydrophone without needing a military budget.

Fascinated by all the incredible sounds he used to hear hanging around the Sonar Shack, [Jules] pored over documents related to hydrophone design from the Navy and the National Oceanic and Atmospheric Administration (NOAA) until he distilled it all down to a surprisingly straightforward build. The key to the whole build is a commercially available cylindrical piezoelectric transducer designed for underwater communication that, incredibly, costs less than $20 USD a pop.

The transducer is connected to an op-amp board of his own design, which has been adapted from his previous work with condenser microphones. [Jules] designed the 29 x 26 mm board to fit neatly within the diameter of the transducer itself. The entire mic and preamp assembly can be cast inside a cylinder of resin. Specifically, he’s found an affordable two-part resin from Smooth-On that has nearly the same specific gravity as seawater. This allows him to encapsulate all the electronics in a way that’s both impervious to water and almost acoustically transparent. A couple of 3D-printed molds later, the hydrophone was ready to cast.

Interestingly, this isn’t the first homebrew hydrophone we’ve seen. But compared to that earlier entry, which basically just waterproofed a standard microphone pickup, we think this more thoughtful approach is likely to have far better performance.

Continue reading “DIY Hydrophone Listens In On The Deep For Cheap”

DIY Float Valve For Passive Hydroponics Leverages 3D Printing

February 19, 2022 by 10 Comments

[Billy] has a special interest in passive hydroponics (also known as the Kratky method), which is a way of growing plants in nutrient-rich water that does not circulate. As the plant grows and liquid level drops, only the tips of the roots remain submerged while more and more of the root surface is exposed to oxygen in a harmonious balance. However, “thirsty” plant types (tomatoes, for example) throw off this balance, and the system needs to be modified. To address this, [Billy] designed and printed a passive float valve system that takes care of topping up the reservoir only when needed, without using pumps or any other electrical equipment.

Commercial or industrial float valves are too big to use in his small tanks, which led [Billy] to test dozens of DIY designs. He used everything from plastic water bottles to pipe ends, but nothing quite measured up. With 3D printing, [Billy] was able to create a sealed, lightweight float that exactly matched the housing and tube locations.

A strip of silicone works as a sealing agent.

The way [Billy]’s float valve works is by using a hollow object as a kind of buoyant plug inside a housing. When the water level is high, the buoyant object rises up and presses a strip of silicone against an outlet, preventing water from flowing. If the water level is low, the buoyant plug drops and water is free to flow. With a reservoir of fresh nutrient-rich water placed above the grow tank, gravity takes care of pushing a fresh supply down a tube, so no active pump is needed. Combined with a passive float valve, the system pretty much runs itself.

Watch [Billy] give a tour of his system and valve design in the video embedded below. He’s got a lot of experience when it comes to working with projects involving liquids. Only someone as comfortable as he is would make his own DIY dishwasher.

Continue reading “DIY Float Valve For Passive Hydroponics Leverages 3D Printing”

It’s Bad Apple, But On A 32K EPROM

February 19, 2022 by 12 Comments

The Bad Apple!! video with its silhouette animation style has long been a staple graphics demo for low-end hardware, a more stylish alternative to the question “Will it run DOOM?”. It’s normal for it to be rendered onto a screen by a small microcomputer or similar but as [Ian Ward] demonstrates in an unusual project, it’s possible to display the video without any processor being involved. Instead he’s used a clever arrangement involving a 32K byte EPROM driving a HD44780-compatible parallel alphanumeric LCD display.

While 32K bytes would have seemed enormous back in the days of 8-bit computing, even when driving only a small section of an alphanumeric LCD it’s still something of a struggle to express the required graphics characters. This feat is achieved by the use of a second EPROM, which carries a look-up table.

It’s fair to say that the result which can be seen in the video below the break isn’t the most accomplished rendition of Bad Apple!! that we’ve seen, but given the rudimentary hardware upon which it’s playing we think that shouldn’t matter. Why didn’t we think of doing this in 1988!

Continue reading “It’s Bad Apple, But On A 32K EPROM”