Remote-Controlled Hypercar Slices Through Air

May 23, 2023 by 17 Comments

Almost all entry-level physics courses, and even some well into a degree program, will have the student make some assumptions in order to avoid some complex topics later on. Most commonly this is something to the effect of “ignore the effects of wind resistance” which can make an otherwise simple question in math several orders of magnitude more difficult. At some point, though, wind resistance can’t be ignored any more like when building this remote-controlled car designed for extremely high speeds.

[Indeterminate Design] has been working on this project for a while now, and it’s quite a bit beyond the design of most other RC cars we’ve seen before. The design took into account extreme aerodynamics to help the car generate not only the downforce needed to keep the tires in contact with the ground, but to keep the car stable in high-speed turns thanks to its custom 3D printed body. There is a suite of high-speed sensors on board as well which help control the vehicle including four-wheel independent torque vectoring, allowing for precise control of each wheel. During initial tests the car has demonstrated its ability to  corner at 2.6 lateral G, a 250% increase in corning speed over the same car without the aid of aerodynamics.

We’ve linked the playlist to the entire build log above, but be sure to take a look at the video linked after the break which goes into detail about the car’s aerodynamic design specifically. [Indeterminate Design] notes that it’s still very early in the car’s development, but has already exceeded the original expectations for the build. There are also some scaled-up vehicles capable of transporting people which have gone to extremes in aerodynamic design to take a look at as well.

Continue reading “Remote-Controlled Hypercar Slices Through Air”

AirTags, Tiles, SmartTags And The Dilemmas Of Personal Tracking Devices

May 22, 2023 by 17 Comments

In an ideal world we would never lose our belongings, and not spend a single hour fruitlessly searching for some keys, a piece of luggage, a smartphone or one of the two dozen remote controls which are scattered around the average home these days. Since we do not live in this ideal world, we have had to come up with ways to keep track of our belongings, whether inside or outside our homes, which has led to today’s ubiquitous personal tracking devices.

Today’s popular Bluetooth-based trackers constantly announce their presence to devices set up to listen for them. Within a home, this range is generally enough to find the tracker and associated item using a smartphone, after which using special software the tracker can be made to sound its built-in speaker to ease localizing it by ear. Outside the home, these trackers can use mesh networks formed by smartphones and other devices to ‘phone home’ to paired devices.

This is great when it’s your purse. But this also gives anyone the ability to stick such a tracker device onto a victim’s belongings and track them without their consent, for whatever nefarious purpose. Yet it is this duality between useful and illegal that has people on edge when it comes to these trackers. How can we still use the benefits they offer, without giving stalkers and criminals free reign? A draft proposal by Apple and Google, submitted to the Internet Engineering Task Force (IETF), seeks to address these points but it remains complicated.

Continue reading “AirTags, Tiles, SmartTags And The Dilemmas Of Personal Tracking Devices”

Hackaday Prize 2023: Eye-Tracking Wheelchair Interface Is A Big Help

May 14, 2023 by 2 Comments

For those with quadriplegia, electric wheelchairs with joystick controls aren’t much help. Typically, sip/puff controllers or eye-tracking solutions are used, but commercial versions can be expensive. [Dhruv Batra] has been experimenting with a DIY eye-tracking solution that can be readily integrated with conventional electric wheelchairs.

The system uses a regular webcam aimed at the user’s face. A Python script uses OpenCV and a homebrewed image segmentation algorithm to analyze the user’s eye position. The system is configured to stop the wheelchair when the user looks forward or up. Looking down commands the chair forward. Glancing left and right steers the chair in the given direction.

The Python script then sends the requisite commands via a TCP connection to an ESP32, which controls a bunch of servos to move the wheelchair’s joystick in the desired manner. This allows retrofitting the device on a wheelchair without having to modify it in an invasive manner.

It’s a neat idea, though it could likely benefit from some further development. A reverse feature would be particularly important, after all. However, it’s a great project that has likely taught [Dhruv] many important lessons about human-machine interfaces, particularly those beyond the ones we use every day. 

This project has a good lineage as well — a similar project, EyeDriveOMatic won the Hackaday prize back in 2015.

The HackadayPrize 2023 is Sponsored by:

A Look Inside A Vintage Aircraft Altimeter

May 10, 2023 by 21 Comments

There’s a strange synchronicity in the projects we see here at Hackaday, where different people come up with strikingly similar stuff at nearly the same time. We’re not sure why this is, but it’s easily observable, with this vintage altimeter teardown and repair by our good friend [CuriousMarc] as the latest example.

The altimeter that [Marc] dissects in the video below was made by Kollsman, which is what prompted us to recall this recent project that turned a jet engine tachometer into a CPU utilization gauge. That instrument was also manufactured by Kollsman, but was electrically driven. [Marc]’s project required an all-mechanical altimeter, so he ordered a couple from eBay.

Unfortunately, thanks to rough handling in transit they arrived in less than working condition, necessitating the look inside. For which we’re thankful, of course, because the guts of these aneroid altimeters are quite impressive. The mechanism is all mechanical, with parts that look like something [Click Spring] would make for a fine timepiece. [Marc]’s inspection revealed the problem: a broken pivot screw keeping the expansion and contraction of the aneroid diaphragms from transmitting force to the gear train that moves the needles. The repair was a little improvisational, with 0.5-mm steel balls used to stand in for the borked piece. It may not be flight ready, but it worked well enough to get the instrument back in action.

We suspect that [Marc] won’t be able to leave well enough alone on this one, so we’ll be on the lookout for a proper repair. In the meantime, he’ll be able to use this altimeter in the test setup he’s building to test a Bendix air data computer from a 1950s-era jet fighter. Continue reading “A Look Inside A Vintage Aircraft Altimeter”

A 7 GHz Signal Analyser Teardown And A Trivial Repair

May 7, 2023 by 15 Comments

[Shahriar] of The Signal Path is back with another fascinating video teardown and analysis for your viewing pleasure. (Embedded below.) This time the target is an Agilent E5052A 7 GHz signal Source/Analyser which is an expensive piece of kit not many of us are fortunate enough to have on the bench. This particular unit is reported as faulty, with a signal power measurement that is completely off-the-rails wrong, which leads one to not trust anything the instrument reports.

After digging into the service manual of the related E5052B unit, [Shahriar] notes that the phase noise measurement part of the instrument is totally separate from the power measurement, only connected via some internal resistive power splitters, and this simplifies debugging a lot. But first, a short segue into that first measurement subsystem, because it’s really neat.

Cross-correlating time-gated FFT (TG-FFT) subsystem at the top, dodgy power detector at the bottom

A traditional swept-mode instrument works by mixing the input signal with a locally-sourced low-noise oscillator, which when low-pass filtered, is fed into a power meter or digitizer. This simply put, down-converts the signal to something easy to measure. It then presents power or noise as a function of the local oscillator (LO) frequency, giving us the spectral view we require. All good, but this scheme has a big flaw. The noise of the LO is essentially added to that of the signal, producing a spectral noise floor below which signals cannot be resolved.

The E5052 instrument uses a cunning cross-correlation technique enabling it to measure phase noise levels below that of its own internal signal source. The instrument houses an Oven-Compensated Crystal Oscillator (OCXO) for high stability, in fact, two from two different vendors, one for each LO, and mounted perpendicular to each other. The technique splits the input signal in half with a power splitter, then feeds both halves into identical (apart from the LOs) down-converters, the outputs of which are fed into a DSP via a pair of ADCs. Having identical input signals, but different LOs (with different phase noise spectra) turns the two signals from a correlated pair to an uncorrelated pair, with the effects of chassis vibration and gravity effects also rolled in.

The DSP subtracts the uncorrelated signal from the correlated signal, therefore removing the effect of the individual LO’s effect on the phase noise spectrum. This clever technique results in a phase noise spectrum below that of the LOs themselves, and a good representation of the input signal being measured.

This is what a DC-7GHz resistive power divider looks like. Notice the inductive matching section before each resistor branch.

Handily for [Shahriar] this complex subsystem is totally separate from the dodgy power measurement. This second system is much simpler, being fed with another copy of the input signal, via the main resistive power splitter. This second feed is then split again with a custom power divider, which upon visual inspection of the input SMA connector was clearly defective. It should not wobble. The root cause of the issue was a cold solder joint of a single SMA footprint, which worked loose over time. A little reflow and reassembly and the unit was fit for recalibration, and back into service.

We’ve seen phase noise measurements a few times on these pages, like debugging this STM32 PLL issue.

Continue reading “A 7 GHz Signal Analyser Teardown And A Trivial Repair”

Inside A Pair Of Smart Sunglasses

May 6, 2023 by 14 Comments

If you’re willing to spend $200 USD on nothing more than 100 grams of plastic, there are a few trendy sunglasses brands that are ready to take your money before you have time to think twice. Sure, you can get a pair of sunglasses for an order of magnitude less money that do the exact same job, but the real value is in the brand stamped into the plastic and not necessarily the sunglasses themselves. Not so with this pair of Ray-Bans, though. Unlike most of their offerings, these contain a little bit more than a few bits of stylish plastic and [Becky Stern] is here to show us what’s hidden inside.

At first glance, the glasses don’t seem to be anything other than a normal pair of sunglasses, if a bit bulky But on closer inspection they hide a pair of cameras and a few other bits of electronics similar to the Google Glass, but much more subtle. The teardown demonstrates that these are not intended to be user-repairable devices, and might not be repairable at all, as even removing the hinges broke the flexible PCBs behind them. A rotary tool was needed to remove the circuit boards from the ear pieces, and a bench vice to remove the camera modules from the front frame. We can presume these glasses will not be put back together after this process.

Hidden away inside is a pair of cameras, a Snapdragon quad-core processor, capacitive touch sensors, an amplifier for a set of speakers. Mostly this is to support the recording of video and playback of audio, and not any sort of augmented reality system like Google Glass attempted to create. There are some concerning ties with Facebook associated with this product as well which will be a red flag for plenty of us around here, but besides the privacy issues, lack of repairability, and lack of features, we’d describe it as marginally less useful as an entry-level smartwatch. Of course, Google Glass had its own set of privacy-related issues too, which we saw some clever projects solve in unique ways.

Continue reading “Inside A Pair Of Smart Sunglasses”

This Week In Security: Oracle Opera, Passkeys, And AirTag RFC

May 5, 2023 by 10 Comments

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

It’s a tricky one, where the code does all the right things, but gets the steps out of order. Two parameters, jndiname and username are encrypted for transport, and the sanitization step happens before decryption. The username parameter receives no further sanitization, and is vulnerable to path traversal injection. There are two restrictions to exploitation. The string encryption has to be valid, and the request has to include a valid Java Naming and Directory Interface (JNDI) name. It looks like these are the issues leading Oracle to consider this flaw “difficult to exploit vulnerability allows high privileged attacker…”.

The only problem is that the encryption key is global and static. It was pretty straightforward to reverse engineer the encryption routine. And JDNI strings can be fetched anonymously from a trio of endpoints. This lead Assetnote to conclude that Oracle’s understanding of the flaw is faulty, and a much higher CVSS score is appropriate. Particularly with this Proof of Concept code, it is relatively straightforward to upload a web shell to an Opera system.

The one caveat there is that an attacker has to get network access to that install. These aren’t systems intended to be exposed to the internet, and my experience is that they are always on a dedicated network connection, not connected to the rest of the office network. Even the interconnect between the PMS and phone system is done via a serial connection, making this network flaw particularly hard to get to. Continue reading “This Week In Security: Oracle Opera, Passkeys, And AirTag RFC”