The date was September 26, 1983. A lieutenant colonel in the Soviet Air Defence Forces sat at his command station in Serpukhov-15 as sirens blared, indicating nuclear missiles had been launched from the United States. As you may have surmised by the fact you’re reading this in 2021, no missiles were fired by either side in the Cold War that day. Credit for this goes to Stanislav Petrov, who made the judgement call that the reports were a false alarm, preventing an all-out nuclear war between the two world powers. Today, we’ll look at what caused the false alarm, and why Petrov was able to correctly surmise that what he was seeing was an illusion.
Hackaday editors Elliot Williams and Mike Szczys marvel at the hacks that surfaced over the past week. An eye-popping webcam hack comes in the form of an animatronic that gives that camera above your screen an eyeball to look around, an eyelid to blink with, and the skin, eyelashes, and eyebrow to complete the illusion (and make us shudder at the same time).
Dan did a deep dive on Zinc Flu — something to avoid when welding parts that contain zinc, like galvanized metals. A robot arm was given a chainsaw, leading to many hijinks; among them the headache of path planning such a machine. And we got to hear a really awesome story about resurrecting a computer game lost to obscurity, by using one of the main tools of the copyright office.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
The Nintendo DS family encompasses a dizzying array of portable game systems released over a span of 17 years. The original DS received several refreshes and special editions, and when the next generation 3DS came along, it spawned a whole new collection of spin-offs. But even among all those machines there’s a name that even Mario himself would never have heard of: the Nintendo DS ML.
In a recent video, [The Retro Future] says he discovered this oddball system selling for around $25 USD on Chinese shopping site Taobao and bought one so he could get a closer look at it. Externally the system looks quite a bit like the refreshed DS Lite, but it’s notably larger and the screens look quite dated. That was already a strong hint to its true identity, as was the placement of its various buttons and controls.
Note the conspicuous absence of Nintendo’s name.
But it wasn’t until [The Retro Future] cracked the system open that he could truly confirm what he had on his hands. This was an original Nintendo DS, potentially a new old stock unit that had never been distributed, which was transplanted into a custom enclosure designed to look like one of the later upgraded models. As for what this seller meant by calling this chimera the DS ML is anyone’s guess, though one of the commenters on the video thought “Maybe Legal” had a nice ring to it.
Now assuming these really are brand new systems that were simply installed in fresh cases, $25 is arguably a good deal. So long as you aren’t concerned with playing the latest titles, anyway. But at the same time its a reminder that you get what you pay for when dealing with shady overseas sellers. It’s just as likely, perhaps even more so, that these were used systems that got spruced up to make a quick buck.
Fake components are everywhere. In fact there’s an excellent chance most of the people reading this site have received some fake parts over the years, even if they didn’t realize it at the time. When there’s fly by night companies willing to refurbish a nearly 20 year old Nintendo handheld for $25, what are the chances that Bosch actually made that $2 temperature sensor you just ordered on eBay?
Our first story this week comes courtesy of the Pwn2own contest. For anyone not familiar with it, this event is held twice a year, and features live demonstrations of exploits against up-to-date software. The one exception to this is when a researcher does a coordinated release with the vendor, and the update containing the fix drops just before the event. This time, the event was held virtually, and the attempts are all available on Youtube. There were 23 attacks attempted, and only two were outright failures. There were 5 partial successes and 16 full successes.
One of the interesting demonstrations was a zero-click RCE against Zoom. This was a trio of vulnerabilities chained into a single attack. The only caveat is that the attack must come from an accepted contact. Pwn2Own gives each exploit attempt twenty minutes total, and up to three attempts, each of which can last up to five minutes. Most complex exploits have an element of randomness, and exploits known to work sometimes don’t work every time. The Zoom demonstration didn’t work the first time, and the demonstration team took enough time to reset, they only had enough time for one more try.
BleedingTooth
We first covered BleedingTooth almost exactly six months ago. The details were sparse then, but enough time has gone by to get the full report. BleedingTooth is actually a trio of vulnerabilities, discovered by [Andy Nguyen]. The first is BadVibes, CVE-2020-24490. It’s a lack of a length check in the handling of incoming Bluetooth advertisement packets. This leads to a buffer overflow. The catch here is that the vulnerability is only possible over Bluetooth 5. Continue reading “This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree”→
Has it really come to this? Are we really at the point that dishwashers have proprietary detergent cartridges that you’re locked into buying at inflated prices?
Apparently so, at least for some species of the common kitchen appliance. The particular unit in question goes by the friendly name of Bob, and is a compact, countertop unit that’s aimed at the very small kitchen market. [dekuNukem] picked one of these units up recently, and was appalled to learn that new detergent cartridges would cost an arm and a leg. So naturally, he hacked the detergent cartridges. A small PCB with an edge connector and a 256-byte EEPROM sprouts from each Bob cartridge; a little reverse engineering revealed the right bits to twiddle to reset the cartridge to its full 30-wash count, leading to a dongle to attach to the cartridge when it’s time for a reset and a refill.
With the electronics figured out, [dekuNukem] worked on the detergent refill. This seems like it was the more difficult part, aided though it was by some fairly detailed specs on the cartridge contents. A little math revealed the right concentrations to shoot for, and the ingredients in the OEM cartridges were easily — and cheaply — sourced from commercial dishwashing detergents. The cartridges can be refilled with a properly diluted solution using a syringe; the result is that each wash costs 1/75-th of what it would if he stuck with OEM cartridges.
For as much as we despise the “give away the printer, charge for the ink” model, Bob’s scheme somehow seems even worse. We’ve seen this technique used to lock people into everything from refrigerator water filters to cat litter, so we really like the way [dekuNukem] figured everything out here, and that he saw fit to share his solution.
Porting DOOM to run on hardware never meant to run it is a tradition as old as time. Getting it to run on embedded devices, ancient computers, virtual computers, and antique video game consoles are all classic hacks, but what DOOM ports have been waiting for is something with universal applicability that don’t need a bespoke solution for each piece of hardware. Something like DOOM running within a bootloader.
The bootloader that [Ahmad] works with is called Barebox and is focused on embedded systems, often those running Linux. This is the perfect environment for direct hardware access, since the bootloader doubles as a bare metal hardware bring-up toolkit. Now that DOOM runs on this bootloader, it effectively can run anywhere from embedded devices to laptops with minimal work, and although running it in a bootloader takes away a lot of the hard work that would normally need to be done during a port, it may still need some tweaking for specific hardware not otherwise supported.
For those already running Barebox, the bareDOOM code can be found on [Ahmad]’s GitHub page. For those not running Barebox, it does have a number of benefits compared to other bootloaders, even apart from its new ability to play classic FPS games. For those who prefer a more custom DOOM setup, though, we are always fans of DOOM running within an NES cartridge.
We’ll say upfront that we don’t have nearly as much information about this 3D printed Star Trek: The Next Generation tricorder as we’d like. But from the image galleries [Himmelen] has posted we know it’s running on the Raspberry Pi Zero W, has a color LCD in addition to a monochrome OLED, and that it’s absolutely packed with gear.
So far, [Himmelen] has fit an NESDR RTL-SDR dongle, a GPS receiver, an accelerometer, and the battery charging circuitry in the top half of the case. Calling it a tight fit would be something of an understatement, especially when you take into account all the wires snaking around in there. But as mentioned in the Reddit thread about the device, a custom PCB backplane of sorts is in the works so all these modules will have something a little neater to plug into.
There are a lot of fantastic little details in this build that have us very excited to see it cross the finish line. The female USB port that’s been embedded into the top of the device is a nice touch, as it will make it easy to add storage or additional hardware in the field. We also love the keyboard, made up of 30 individual tact switches with 3D printed caps. It’s hard to imagine what actually typing on such an input device would be like, but even if each button just fired off its own program or function, we’d be happy.
Judging by the fact that the LCD shows the Pi sitting at a login prompt in all the images, we’re going to go out on a limb and assume [Himmelen] hasn’t gotten to writing much software for this little gadget yet. Once the hardware is done and it’s time to start pushing pixels though, something like Pygame could be used to make short work of a LCARS-style user interface that would fit the visual style of The Next Generation. In fact, off the top of our heads we can think of a few turn-key projects out there designed for creating Trek UIs, though the relatively limited computational power of the Pi Zero might be a problem.
