A USB dongle is shown connected to a laptop computer. A text box in the lower right corner says "PECKUS is running in DEBUG mode, it is 3x faster in non-DEBUG mode."

A Presence-sensing Drive For Securely Storing Secrets

May 24, 2025 by 24 Comments

When we hear about flash drives in the context of cybersecurity, we tend to think of them more as threats than as targets. When you’re using flash drives to store encryption keys, however, it makes sense to pay more attention to their security. [Juergen] designed the PECKUS (Presence Enforcing Crypto-Key USB-Storage) with this specifically in mind: a few-kilobyte storage device that only unlocks if the owner’s Bluetooth device is in the vicinity.

[Juergen] needed to store an infrequently-used keyfile on an air-gapped system, and commercial encrypted flash drives were rather expensive and left much to be desired in terms of usability. Instead, he designed a CircuitPython custom firmware for MakerDiary’s nRF52840 micro development kit, which provided a BLE-capable system in the form of a USB dongle.

After flashing the firmware to the board, the user sets it up with a particular Bluetooth device and a file to be stored; after writing the file during setup, it cannot be rewritten. Before reading from the device, the user must pair the previously-set device with the board and press a button on the board, and only then does the device appear to the computer.

The limited amount of storage space means that this device will probably only serve its intended purpose, but in those cases, it’ll be handy to have an open-source and inexpensive protected storage device. [Juergen] notes that attackers could theoretically defeat this system by desoldering the microcontroller from the board and extracting the memory contents from the its storage, but if you have enemies that resourceful, you probably won’t be relying on a $20 board anyways.

We’ve previously seen a few flashdrives cross these pages, including one meant to self-destruct, and one made from a rejected microSD card.

A Magic Eye Tube Does All The Work In This Kit

March 11, 2025 by 16 Comments

We’re used to low cost parts and a diversity of electronic functions to choose from in our projects, to the extent that our antecedents would be green with envy. Back when tubes were king, electronics was a much more expensive pursuit with new parts, so designers had to be much more clever in their work. [Thomas Scherrer OZ2CPU] has just such a design on his bench, it’s a Heathkit Capaci-Tester designed in 1959, and we love it for the clever tricks it uses.

It’s typical of Heathkits of this era, with a sturdy chassis and components mounted on tag strips. As the name suggests, it’s a capacitor tester, and it uses a magic eye tube as its display. It’s looking for short circuits, open circuits, and low equivalent resistance, and it achieves this by looking at the loading the device under test places on a 19 MHz oscillator. But here comes that economy of parts; there’s no rectifier so the circuit runs on an AC HT voltage from a transformer, and that magic eye tube performs the task of oscillator as well as display.

He finds it to be in good condition in the video below the break, though he removes a capacitor placed from one of the mains input lines to chassis. It runs, and confirms his test capacitor is still good. It can’t measure the capacitance, but we’re guessing the resourceful engineer would also have constructed a bridge for that.

Continue reading “A Magic Eye Tube Does All The Work In This Kit”

Red and gold bakelite Philco farm radio on a workbench

Hacking A Heavyweight Philco Radio

March 10, 2025 by 6 Comments

There’s something magical about the clunk of a heavy 1950s portable radio – the solid thunk of Bakelite, the warm hum of tubes glowing to life. This is exactly why [Ken’s Lab] took on the restoration of a Philco 52-664, a portable AC/DC radio originally sold for $45 in 1953 (a small fortune back then!). Despite its beat-up exterior and faulty guts, [Ken] methodically restored it to working condition. His video details every crackling capacitor and crusty resistor he replaced, and it’s pure catnip for any hacker with a soft spot for analog tech. Does the name Philco ring a bell? Lately, we did cover the restoration of a 1958 Philco Predicta television.

What sets this radio hack apart? To begin with, [Ken] kept the restoration authentic, repurposing original capacitor cans and using era-appropriate materials – right down to boiling out old electrolytics in his wife’s discarded cooking pot. But, he went further. Lacking the space for modern components, [Ken] fabbed up a custom mounting solution from stiff styrofoam, fibreboard, and all-purpose glue. He even re-routed the B-wiring with creative terminal hacks. It’s a masterclass in patience, precision, and resourcefulness.

If this tickles your inner tinkerer, don’t miss out on the full video. It’s like stepping into a time machine.

Continue reading “Hacking A Heavyweight Philco Radio”

Going Minimal: 64×4, The Fun In Functional Computing

January 22, 2025 by 38 Comments

If you’ve ever wondered what makes a computer tick, the Minimal 64×4 by [Slu4] is bound to grab your attention. It’s not a modern powerhouse, but a thoughtfully crafted throwback to the essence of computing. With just 61 logic ICs, VGA output, PS/2 input, and SSD storage, this DIY wonder packs four times the processing power of a Commodore 64.

What sets [Slu4]’s efforts apart is his refusal to follow the beaten track of CPU development. He imposes strict complexity limits on his designs, sticking to an ultra-minimalist Von Neumann architecture. His journey began with the ‘Minimal Ur-CPU’, a logic-chip-based computer that could crunch numbers but little else. Next came the ‘Minimal 64’, featuring VGA graphics and Space Invaders-level performance. The latest ‘Minimal 64×4’ takes it further, adding incredible speed while keeping the design so simple it’s almost ridiculous. It’s computing stripped to its rawest form—no fancy sound, no dazzling graphics, just raw resourcefulness.

For enthusiasts of retro-tech and DIY builds, this project is a treasure trove. From text editors to starfield simulations to Sokoban, [Slu4] proves you don’t need complexity to make magic. Continue reading “Going Minimal: 64×4, The Fun In Functional Computing”

close up of a TI-84 Plus CE running custom software

Going Digital: Teaching A TI-84 Handwriting Recognition

December 24, 2024 by 4 Comments

You wouldn’t typically associate graphing calculators with artificial intelligence, but hacker [KermMartian] recently made it happen. The innovative project involved running a neural network directly on a TI-84 Plus CE to recognize handwritten digits. By using the MNIST dataset, a well-known collection of handwritten numbers, the calculator could identify digits in just 18 seconds. If you want to learn how, check out his full video on it here.

The project began with a proof of concept: running a convolutional neural network (CNN) on the calculator’s limited hardware, a TI-84 Plus CE with only 256 KB of memory and a 48 MHz processor. Despite these constraints, the neural network could train and make predictions. The key to success: optimizing the code, leveraging the calculator’s C programming tools, and offloading the heavy lifting to a computer for training. Once trained, the network could be transferred to the calculator for real-time inference. Not only did it run the digits from MNIST, but it also accepted input from a USB mouse, letting [KermMartian] draw digits directly on the screen.

While the calculator’s limited resources mean it can’t train the network in real-time, this project is a proof that, with enough ingenuity, even a small device can be used for something as complex as AI. It’s not just about power; it’s about resourcefulness. If you’re into unconventional projects, this is one for the books.

Continue reading “Going Digital: Teaching A TI-84 Handwriting Recognition”

George Washington Gets Cleaned Up With A Laser

July 27, 2024 by 4 Comments

Now, we wouldn’t necessarily call ourselves connoisseurs of fine art here at Hackaday. But we do enjoy watching [Julian Baumgartner]’s YouTube channel, where he documents the projects that he takes on as a professional conservator. Folks send in their dirty or damaged paintings, [Julian] works his magic, and the end result often looks like a completely different piece. Spoilers: if you’ve ever looked at an old painting and wondered why the artist made it so dark and dreary — it probably just needs to be cleaned.

Anyway, in his most recent video, [Julian] pulled out a piece of gear that we didn’t expect to see unleashed against a painting of one of America’s Founding Fathers: a Er:YAG laser. Even better, instead of some fancy-pants fine art restoration laser, he apparently picked up second hand unit designed for cosmetic applications. The model appears to be a Laserscope Venus from the early 2000s, which goes for about $5K these days.

Now, to explain why he raided an esthetician’s closet to fix up this particular painting, we’ve got to rewind a bit. As we’ve learned from [Julian]’s previous videos, the problem with an old dirty painting is rarely the paining itself, it’s the varnish that has been applied to it. These varnishes, especially older ones, have a tendency to yellow and crack with age. Now stack a few decades worth of smoke and dirt on top of it, and you’ve all but completely obscured the original painting underneath. But there’s good news — if you know what you’re doing, you can remove the varnish without damaging the painting itself.

In most cases, this can be done with various solvents that [Julian] mixes up after testing them out on some inconspicuous corner of the painting. But in this particular case, the varnish wasn’t reacting well to anything in his inventory. Even his weakest solvents were going right through it and damaging the paint underneath.

Because of this, [Julian] had to break out the big guns. After experimenting with the power level and pulse duration of the 2940 nm laser, he found the settings necessary to break down the varnish while stopping short of cooking the paint it was covering. After hitting it with a few pulses, he could then come in with a cotton swab and wipe the residue away. It was still slow going, but it turns out most things are in the art conservation world.

This isn’t the first time we’ve covered [Julian]’s resourceful conservation methods. Back in 2019, we took at look the surprisingly in-depth video he created about the design and construction of his custom heat table for flattening out large canvases.

Continue reading “George Washington Gets Cleaned Up With A Laser”

This Week In Security: Cisco, Mitel, And AI False Flags

April 26, 2024 by 3 Comments

There’s a trend recently, of big-name security appliances getting used in state-sponsored attacks. It looks like Cisco is the latest victim, based on a report by their own Talos Intelligence.

This particular attack has a couple of components, and abuses a couple of vulnerabilities, though the odd thing about this one is that the initial access is still unknown. The first part of the infection is Line Dancer, a memory-only element that disables the system log, leaks the system config, captures packets and more. A couple of the more devious steps are taken, like replacing the crash dump process with a reboot, to keep the in-memory malware secret. And finally, the resident installs a backdoor in the VPN service.

There is a second element, Line Runner, that uses a vulnerability to arbitrary code from disk on startup, and then installs itself onto the device. That one is a long term command and control element, and seems to only get installed on targeted devices. The Talos blog makes a rather vague mention of a 32-byte token that gets pattern-matched, to determine an extra infection step. It may be that Line Runner only gets permanently installed on certain units, or some other particularly fun action is taken.

Fixes for the vulnerabilities that allowed for persistence are available, but again, the initial vector is still unknown. There’s a vulnerability that just got fixed, that could have been such a vulnerability. CVE-2024-20295 allows an authenticated user with read-only privileges perform a command injection as root. Proof of Concept code is out in the wild for this one, but so far there’s no evidence it was used in any attacks, including the one above. Continue reading “This Week In Security: Cisco, Mitel, And AI False Flags”