Remoticon 2021 // Jeroen Domburg [Sprite_tm] Hacks The Buddah Flower

April 14, 2022 by 10 Comments

Nobody likes opening up a hacking target and finding a black epoxy blob inside, but all hope is not lost. At least not if you’ve got the dedication and skills of [Jeroen Domburg] alias [Sprite_tm].

It all started when [Big Clive] ordered a chintzy Chinese musical meditation flower and found a black blob. But tantalizingly, the shiny plastic mess also included a 2 MB flash EEPROM. The questions then is: can one replace the contents with your own music? Spoiler: yes, you can! [Sprite_tm] and a team of Buddha Chip Hackers distributed across the globe got to work. (Slides here.)

[Jeroen] started off with binwalk and gets, well, not much. The data that [Big Clive] dumped had high enough entropy that it looks either random or encrypted, with the exception of a couple tiny sections. Taking a look at the data, there was some structure, though. [Jeroen] smelled shitty encryption. Now in principle, there are millions of bad encryption methods out there for every good one. But in practice, naive cryptographers tend to gravitate to a handful of bad patterns.

Bad pattern number one is XOR. Used correctly, XORing can be a force for good, but if you XOR your key with zeros, naturally, you get the key back as your ciphertext. And this data had a lot of zeros in it. That means that there were many long strings that started out the same, but they seemed to go on forever, as if they were pseudo-random. Bad crypto pattern number two is using a linear-feedback shift register for your pseudo-random numbers, because the parameter space is small enough that [Sprite_tm] could just brute-force it. At the end, he points out their third mistake — making the encryption so fun to hack on that it kept him motivated!

Decrypted, the EEPROM data was a filesystem. And the machine language turned out to be for an 8051, but there was still the issue of the code resident on the microcontroller’s ROM. So [Sprite_tm] bought one of these flowers, and started probing around the black blob itself. He wrote a dumper program that output the internal ROM’s contents over SPI. Ghidra did some good disassembling, and that let him figure out how the memory was laid out, and how the flow worked. He also discovered a “secret” ROM area in the chip’s flash, which he got by trying some random functions and looking for side effects. The first hit turned out to be a memcpy. Sweet.

[Neil555]’s Rosetta Stone
Meanwhile, the Internet was still working on this device, and [Neil555] bought a flower too. But this one had a chip, rather than a blob, and IDing this part lead them to an SDK, and that has an audio suite that uses a derivative of WMA audio encoding. And that was enough to get music loaded into the flower. (Cue a short rick-rolling.) Victory!

Well, victory if all you wanted to do was hack your music onto the chip. As a last final fillip, [Sprite_tm] mashed the reverse-engineered schematic of the Buddha Flower together with [Thomas Flummer]’s very nice DIY Remoticon badge, and uploaded our very own intro theme music into the device on a badge. Bonus points? He added LEDs that blinked out the LSFR that were responsible for the “encryption”. Sick burn!

Editor’s Note: This is the last of the Remoticon 2 videos we’ve got. Thanks to all who gave presentations, to all who attended and participated in the lively Discord back channel, and to all you out there who keep the hacking flame alive. We couldn’t do it without you, and we look forward to a return to “normal” Supercon sometime soon.

3D Printing Pills All At Once

April 14, 2022 by 7 Comments

To the uninitiated, it might seem like a gimmick to 3D print pharmaceuticals. After all, you take some kind of medicine, pour it in a mold, and you have a pill, right? But researchers and even some commercial companies are 3D printing drugs with unusual chemical or physical properties. For example, pills with braille identification on them or antibiotics with complex drug-release rates. The Universidade de Santiago de Compostela and the University College London can now 3D print pills without relying on a layer-by-layer approach. Instead, the machine produces the entire pill directly.

According to a recent report on the study, there are at least two things holding back printed pills. First, anything medical has to go through rigorous testing for approval in nearly any country. In addition, producing pills at typical 3D printing speeds is uneconomical. This new approach uses multiple beams of light to polymerize an entire tank of resin at once in as little as seven seconds.

With 3D printed drugs, it is possible to tailor release profiles for individual cases and make hybrid drugs such as a French drug that joins anticancer drugs with another drug to manage side effects. Is this a real thing for the future? Will doctors collect enough data to make it meaningful to tailor drugs to patients? Will regulators allow it? For hybrid medicine, is there really an advantage over just taking two pills? Only time will tell.

Sure, technology can help dispense pills. We know, too, that 3D printing can be useful for prostheses and medical devices. We aren’t so sure about pharmaceuticals, but in the meantime you can already order custom-printed vitamins.

Less Is More — Or How To Replace A $25,000 Bomb Sight For 20 Cents

April 14, 2022 by 64 Comments

Depending on who you ask, the Norden bombsight was either the highest of high tech during World War II, or an overhyped failure that provided jobs and money for government contractors. Either way, it was super top secret in its day. It was also expensive. They cost about $25,000 each and the whole program came in at well over a billion dollars. The security was over the top. When not flying, the bombsight was removed from the plane and locked in a vault. There was a pyro device that would self-destruct the unit if it were in danger of being captured. So why did one of the most famous missions of World War II fly with the Norden replaced by 20 cents worth of machined metal? Good question.

You often hear the expression “less is more” and, in this case, it is an accurate idea. I frequently say, though, that “just enough is more.” In this case, though, less was actually just enough. There were three reasons that one famous mission in the Pacific theater didn’t fly the Norden. It all had to do with morale, technology, and secrecy.

Continue reading “Less Is More — Or How To Replace A $25,000 Bomb Sight For 20 Cents”

Great Beginnings: The Antikythera Mechanism Gets A “Day Zero”

April 14, 2022 by 29 Comments

When an unknown genius sat down more than 2,000 years ago to design and build an astronomical instrument, chances are good that he or she didn’t think that entire academic institutions devoted to solving its mysteries would one day be established. But such is the enduring nature of the Antikythera mechanism, the gift from antiquity that keeps on giving long after being dredged up from a shipwreck in the Aegean Sea.

And now, new research on the ancient mechanism reveals that like other mechanical calendars, the Antikythera mechanism has a “day zero,” or a minimum possible date that it can display. The analysis by a team led by [Aristeidis Voulgaris] gets deep into the weeds of astronomical cycles, which the mechanism was designed to simulate using up to 37 separate gears, 30 of which have been found. The cycle of concern is the saros, a 223 lunar month cycle of alignments between the Earth, Sun, and Moon. The saros can be used to predict eclipses, astronomical events of immense importance in antiquity, particularly annular eclipses, which occur when the Moon is at apogee and therefore eclipses less of the Sun’s surface.

The researchers looked at historical annular eclipse data and found that saros cycle 58 had a particularly long annular eclipse, on 23 December 178 BCE. The eclipse would have been visible at sunrise in the eastern Mediterranean, and coupled with other astronomical goodies, like the proximity to the winter solstice, the Sun entering Capricorn, and the Moon being new and at apogee, was probably so culturally significant to the builder that it could serve as the initial date for calibrating all the mechanisms pointers and dials.

Others differ with that take, of course, saying that the evidence points even further back, to a start date in the summer of 204 BCE. In any case, if like us you can’t get enough Antikythera, be sure to check out our overview of the mechanism, plus [Clickspring]’s exploration of methods perhaps used to build it.

Versatile Reflow Oven Controller Uses ESP32-S2

April 14, 2022 by 12 Comments

[Maker.Moekoe] wanted a single controller board that was usable with different reflow ovens or hotplates. The result is a versatile board based on the ESP32-S2. You can see a video of the board’s assembly in the video below.

The board sports several inputs and outputs including:

  • 2x MAX6675 thermocouple sensor input
  • 2x Fan output with flyback diodes
  • 2x Solid state relay output
  • 3x Buttons
  • 1x LED
  • 1x Buzzer
  • 1x Servo motor output
  • 0.96 inch OLED display

You could probably find a use for the board for other similar applications, not just ovens.

The video is oddly relaxing, watching parts reflow. It is like watching a 3D printer, no matter how many times we see it, we still find it soothing to watch. You can also see how he integrated the board with a toaster oven.

Overall, the board looks great and the workmanship is also very good. If you’ve never seen anyone set heat-set threaded inserts into a 3D printed piece, be sure to watch around the four minute mark.

We’ve seen plenty of oven projects. You can even use an Easy Bake oven.

Continue reading “Versatile Reflow Oven Controller Uses ESP32-S2”

PiSquare Lets You Run Multiple HATs On A Raspberry Pi

April 13, 2022 by 8 Comments

The Raspberry Pi’s venerable 40-pin header and associated HAT ecosystem for upgrades has been a boon for the platform. It’s easy to stack extra hardware on to a Pi, even multiple times in some cases. However, if you want to run multiple HATs, and wirelessly at that, the PiSquare might just be the thing for you.

The PiSquare consists of a board featuring both RP2040 and ESP-12E microcontrollers. It interfaces with Raspberry Pi HATs and even lets you run multiple of the same HAT on a single Raspberry Pi, as it’s not actually directly using the UART, SPI, or I2C interfaces on the host Pi itself. Instead, the PiSquare communicates wirelessly with the Pi, handling the IO with the HAT itself.

It’s unclear how this works on a software level. Simply using existing software tools and libraries for a given Raspberry Pi HAT probably won’t work with the wireless PiSquare setup. However, for advanced users, it could serve a useful purpose, allowing one Raspberry Pi to command multiple HATs without the fuss of having to run more single-board computers where just one will do. Boards will be available on Kickstarter for those interested in the device.

We’ve seen other creative things done with the Raspberry Pi and the HAT system, too. If you’ve been cooking up your own neat hacks for the platform, drop us a line!

Reducing Warping In Metal 3D Prints

April 13, 2022 by 9 Comments

We are used to dealing with warping when printing with thermoplastics like ABS, but metal printers suffer from this problem, too. The University of Michigan has a new technology, SmartScan, that promises to reduce this problem. You can see a video about the technique, below.

The idea is to develop a thermal model of the printed part before laser sintering and then move the laser in such a way that heat doesn’t accumulate. The video shows how engraving metal in the traditional way causes the metal to warp as the laser heats up areas. Using the SmartScan thermal model, they were able to reduce deformation by almost half.

Continue reading “Reducing Warping In Metal 3D Prints”