Hands On: The Hacker Pager

July 31, 2025 by 27 Comments

It should come as no surprise that the hacker community has embraced the Meshtastic project. It’s got a little bit of everything we hold dear: high quality open source software, fantastic documentation, a roll-your-own hardware ethos, and just a dash of counterculture. An off-grid communications network cobbled together from cheap parts, some of which being strategically hidden within the urban sprawl by rogue operators, certainly sounds like the sort of thing you’d read about it in a William Gibson novel.

But while the DIY nature of Meshtastic is one of its most endearing features for folks like us, it can also be seen as one of its weak spots. Right now, the guidance for those looking to get started is to pick a compatible microcontroller development board, 3D print a case for it, screw on an antenna from AliExpress, flash your creation with the latest firmware, and then spend some quality time with the documentation and configuration tools to actually get it on the air. No great challenge for the average Hackaday reader, but a big ask for the weekend adventurer that’s just looking for a way to keep in touch with their friends while camping.

Quality hardware that offers a turn-key experience will be critical to elevating Meshtastic from a hobbyist’s pastime to something that could actually be fielded for applications such as search and rescue. Plus, let’s be honest, even those of us who like to put together our own gadgets can appreciate a more consumer-oriented piece of hardware from time to time. Especially if that hardware happens to be open source and designed to empower the user rather than hold them back.

Enter the Hacker Pager from exploitee.rs. As the name implies, it’s still very much a device intended for hackers — a piece of hardware designed for the halls of DEF CON rather than trekking through the wilderness. But it’s also an important step towards a new generation of Meshtastic hardware that meets the high standard of quality set by the software itself.

Continue reading “Hands On: The Hacker Pager”

Everyone’s Invited To The Copyparty

July 30, 2025 by 48 Comments

Setting up a file server can be intimidating to the uninitiated. There are many servers to choose from, and then you need to decide how to install it — Docker? Kubernates? Well, what’s all that then? [9001] has come to the rescue with Copyparty, a full-featured file server in a single Python script.

It’s light enough to run on nearly anything, and getting it running could not be easier: run copyparty-sfx.py, and you’ve got a server. There’s even a 32-bit .exe for older Windows machines — Windows 2000 seems to be the oldest version tested.

Browsers supported: almost all of them.

It’ll connect to anything, both in terms of the variety of protocols supported, and the browsers its web interface loads in. The GitHub documentation says browser support : “Yes”, which is pretty accurate going down the list. Sadly Copyparty’s pages do not work in NCSA Mosaic, but IE4 is A-OK.

There’s, FTP, TFTP, HTTP/HTTPS, WebDAV, SMB/CIFS, with unp/zeroconf/mdns/ssdp, etc etc. You need to check the readme for all features, some of which — like transcoding — are only available when dependencies such as ffmpeg installed on the server. Alternatively you can watch the video embedded below to get walked through the features. If the video whets your appetite, can also visit a read-only Copyparty server being demoed on a NUC sitting in [9001]’s basement.

Over the years we’ve seen plenty of folks create personal servers, but the focus is generally on the hardware side of things. While those with more software experience might prefer to configure the various services involved manually, we can definitely see the appeal of a project like Copyparty. In some ways it’s the inverse of the UNIX Philosophy: instead of doing one thing perfectly, this program is doing everything [9001] could think of, and doing it “good enough”.

Thanks to [pedropolis] for inviting us to the Copyparty via the tips line. Building a NAS? Writing software? Hardware?Whatever you do, the tips line is for you.

Continue reading “Everyone’s Invited To The Copyparty”

Wayland Will Never Be Ready For Every X11 User

July 28, 2025 by 140 Comments

After more than forty years, everyone knows that it’s time to retire the X Window System – X11 for short – on account of it being old and decrepit. Or at least that’s what the common narrative is, because if you dig into the chatter surrounding the ongoing transition there are some real issues that people have with the 16-year old spring chicken – called Wayland – that’s supposed to replace it.

Recently [Brodie Robertson] did some polling and soliciting commentary from the community, breaking down the results from over 1,150 comments to the YouTube community post alone.

The issues range from the expected, such as applications that haven’t been ported yet from X11 to Wayland, to compatibility issues – such as failing drag and drop – when running X11 and Wayland applications side by side. Things get worse when support for older hardware, like GeForce GT610 and GT710 GPUs, and increased resource usage by Wayland are considered.

From there it continues with the lack of global hotkeys in Wayland, graphics tablet support issues, OBS not supporting embedded browser windows, Japanese and other foreign as well as onscreen keyboard support issues that are somehow worse than on X11, no support for overscanning monitors or multiple mouse cursors, no multi-monitor fullscreen option, regressions with accessibility, inability of applications to set their (previously saved) window position, no real automation alternative for xdotool, lacking BSD support and worse input latency with gaming.

Some users also simply say that they do not care about Wayland either way as it offers no new features they want. Finally [Brodie] raises the issue of the Wayland developers not simply following standards set by the Windows and MacOS desktops, something which among other issues has been a point of hotly debated contention for years.

Even if Wayland does end up succeeding X11, the one point that many people seem to agree on is that just because X11 is pretty terrible right now, this doesn’t automatically make Wayland the better option. Maybe in hindsight Mir was the better choice we had before it pivoted to Wayland.

Continue reading “Wayland Will Never Be Ready For Every X11 User”

FrogFind Grabs The WAP

July 23, 2025 by 25 Comments

Yes, the Wireless Application Protocol! What other WAP could there possibly be? This long-dormant cellphone standard is now once again available on the web, thanks to [Sean] over at ActionRetro modifying his FrogFind portal as a translation engine. Now any web site can be shoved through the WAP!

WAP was rolled out in 1999 as HTML for phones without the bandwidth to handle actual HTML. The idea of a “mobile” and a “desktop” site accessed via HTTP hadn’t yet been conceived, you see, so phoning into sites with WAP would produce a super-stripped down, paginated, text-only version of the page. Now FrogFind has a WAP version that does the same thing to any site, just as the HTTP (no S!)  FrogFind translates the modern web into pure HTML vintage browsers can read.

Of course you’ll need a phone that can connect to FrogFind with a WAP browser, which for many of us, may be… difficult. This protocol didn’t last much longer than PETS.COM, so access is probably going to be over 2G. With 2G sunset already passed in many areas, that can be a problem for vintage computer enthusiasts who want to use vintage phone hardware. [Sean] does not have an answer — indeed, he’s actively searching for one. His fans have pointed out a few models of handsets that should be able to access WAP via WiFi, but that leaves a lot of retro hardware out in the cold. If you have a good idea for a 2G bridge that can get out to the modern web and not attract the angry attention of the FTC (or its local equivalent), fans of ActionRetro would love to hear it — and so would we!

Vintage phone hacks don’t show up often on Hackaday, and when they do, it’s either much older machines or upgrading to USB-C, not to modern communications protocols. We haven’t seen someone hacking in the WAP since 2008. Given the collective brainpower of the Hackaday commentariat, someone probably has an idea to let everyone dive right into the WAP. Fight it out in the comments, or send us a tip if you have link to a howto.

Continue reading “FrogFind Grabs The WAP”

This image created using GPT-4o on Poe using the prompt “picture of an upright freezer connected to a computer for temperature monitoring, together with a graph and an alarm siren. Suitable for a professional blog. Be humorous and use a vintage theme.”

Freezer Monitoring: Because Ice Cream Is A Dish Best Served Cold

July 21, 2025 by 23 Comments

[Scott Baker] wrote in to let us know about his freezer monitor.

After a regrettable incident where the ice cream melted because the freezer failed [Scott] decided that what was called for was a monitoring and alerting system. We enjoyed reading about this hack, and we’ll give you the details in just a tick, but before we do, we wanted to mention [Scott]’s justifications for why he decided to roll his own solution for this, rather than just using the bundled proprietary service from the white goods manufacturer.

We’re always looking for good excuses for rolling our own systems, and [Scott]’s list is comprehensive: no closed-source, no-api cloud service required, can log with high fidelity, unlimited data retention, correlation with other data possible, control over alerting criteria, choice of alerting channels. Sounds fair enough to us!

Continue reading “Freezer Monitoring: Because Ice Cream Is A Dish Best Served Cold”

Engine Data Displayed Live On Dash

July 20, 2025 by 12 Comments

In the auto world, there are lots of overarching standards that all automakers comply with. There are also lots of proprietary technologies that each automaker creates and uses for its own benefit. [Shehriyar Qureshi] has recently been diving into Suzuki’s Serial Data Line standard, and has created a digital dash using the data gained.

The project started with Python-based scanner code designed to decode Suzuki’s SDL protocol. Armed with the ability to read the protocol, [Shehriyar] wanted to be able to do so without having to haul a laptop around in the car. Thus, the project was ported to Rust, or “oxidized” if you will.

More after the break…

Continue reading “Engine Data Displayed Live On Dash”

A screenshot of the software in action is shown. A sidebar on the left shows an icon of a skull-shaped drone above the text “DAMN VULNERABLE DRONE.” Below this, it lists controls for the simulator, and resources for using the software. In the rest of the screen, a rendered scene is shown. A rendered computer monitor showing “DRONE HACKER” is at the bottom of the scene. Above this is a hovering drone, and behind it is a table labeled “Ground Control Station” with a man sitting at it.

A Vulnerable Simulator For Drone Penetration Testing

July 18, 2025 by 7 Comments

The old saying that the best way to learn is by doing holds as true for penetration testing as for anything else, which is why intentionally vulnerable systems like the Damn Vulnerable Web Application are so useful. Until now, however, there hasn’t been a practice system for penetration testing with drones.

The Damn Vulnerable Drone (DVD, a slightly confusing acronym) simulates a drone which flies in a virtual environment under the command of of an Ardupilot flight controller. A companion computer on the drone gives directions to the flight controller and communicates with a simulated ground station over its own WiFi network using the Mavlink protocol. The companion computer, in addition to running WiFi, also streams video to the ground station, sends telemetry information, and manages autonomous navigation, all of which means that the penetration tester has a broad yet realistic attack surface.

The Damn Vulnerable Drone uses Docker for virtualization. The drone’s virtual environment relies on the Gazebo robotics simulation software, which provides a full 3D environment complete with a physics engine, but does make the system requirements fairly hefty. The system can simulate a full flight routine, from motor startup through a full flight, all the way to post-flight data analysis. The video below shows one such flight, without any interference by an attacker. The DVD currently provides 39 different hacking exercises categorized by type, from reconnaissance to firmware attacks. Each exercise has a detailed guide and walk-through available (hidden by default, so as not to spoil the challenge).

This seems to be the first educational tool for drone hacking we’ve seen, but we have seen several vulnerabilities found in drones. Of course, it goes both ways, and we’ve also seen drones used as flying security attack platforms.

Continue reading “A Vulnerable Simulator For Drone Penetration Testing”