Wrencher-2: A Bold New Direction For Hackaday

April 1, 2024 by 44 Comments

Over the last year it’s fair to say that a chill wind has blown across the face of the media industry, as the prospect emerges that many content creation tasks formerly performed by humans instead being swallowed up by the inexorable rise of generative AI. In a few years we’re told, there may even be no more journalists, as the computers become capable of keeping your news desires sated with the help of their algorithms.

Here at Hackaday, we can see this might be the case for a gutter rag obsessed with celebrity love affairs and whichever vegetable is supposed to cure cancer this week, but we continue to believe that for quality coverage of the latest and greatest in the hardware hacking world, you can’t beat a writer made of good old-fashioned meat. Indeed, in a world saturated by low-quality content, the opinions of smart and engaged writers become even more valuable. So we’ve decided to go against the trend, by launching not a journalist powered by AI, but an AI powered by journalists.

Announcing Wrencher-2, a Hackaday chat assistant in your browser

Wrencher-2 is a new paradigm in online chat assistants, eschewing generative algorithms in favour of the collective expertise of the Hackaday team. Ask Wrencher-2 a question, and you won’t get a vague and made-up answer from a computer, instead you’ll get a pithy and on-the-nail answer from a Hackaday staffer. Go on – try it! Continue reading “Wrencher-2: A Bold New Direction For Hackaday”

Flipper Zero Panic Spreads To Oz: Cars Unaffected

April 1, 2024 by 15 Comments

A feature of coming to adulthood for any young person in the last quarter of the twentieth century would have been the yearly warnings about the danger of adulterated Halloween treats. Stories were breathlessly repeated of apples with razor blades in them, or of chocolate bars laced with rat poison, and though such tales often carried examples of kids who’d died horrible deaths in other far-away places, the whole panic was (as far as we know) a baseless urban legend.

It’s difficult not to be reminded of those times today then, as we read news from Australia warning about the threat from the Flipper Zero wireless hacking tool. It has the same ingredients, of an imaginary threat earnestly repeated by law enforcement officers, and lapped up by a credulous media with little appetite for verifying what they print.

This is a story which first appeared in mid-February in Canada, when a government minister singled out the Flipper Zero as a car theft tool and promised to ban it. This prompted a storm of derision from tech-savvy Canadians and others who immediately pointed out that vehicle security has long ago eclipsed the capabilities of the Flipper, and that there are far more pertinent threats such as those from CAN bus attacks or even RF boosters. Despite this debunking, it seems to have spread. Where will Flipper Mania pop up next?

Canada and Australia are both countries with a free press; that press should be doing their job on these stories by fact-checking and asking pertinent questions when the facts don’t fit the story. When it comes to technology stories it seems not doing this has become the norm.

Thanks [Peter Caldwell] for the tip.

anfractuosity's test setup showing the Pi under test and a few pieces of equipment used to perform the attack

Cold Boot Attack You Can Do With A Pi

April 1, 2024 by 2 Comments

A cold boot attack is a way to extract RAM contents from a running system by power cycling it and reading out RAM immediately after loading your own OS. How easy is it for you to perform such an attack? As [anfractuosity] shows, you can perform a cold boot attack with a Raspberry Pi, with a reasonably simple hardware setup and a hefty chunk of bare-metal code.

[anfractuosity]’s setup is simple enough. The Pi 4 under attack is set up to boot from USB drive, and a relay board has it switch between two possible USB drives to boot from: one with a program that fills RAM with , and another with a program that extracts RAM out through UART. The process is controlled by another Pi controlling the relays through GPIOs, that also monitors the target Pi’s UART and uses it as a channel to extract memory.

The outcomes are pretty impressive. After 0.75s of power-down, most of the image could be extracted. That’s without any cooling, so abusing a can of electronics duster is likely to improve these results dramatically. Want to play with cold boot attacks? [anfractuosity]’s code is great for getting your feet wet. Furthermore, the code examples provided serve as a wonderful playground for general memory attack research.

Raspberry Pi not fun enough for you anymore? Well then, you can always start playing with Android phones!

3D Printing Computer Space

March 31, 2024 by 6 Comments

The first computer game available as a commercial arcade cabinet is unsurprisingly, a rare sight here in 2024. Nolan Bushnel and Ted Dabney’s 1971 Computer Space was a flowing fiberglass cabinet containing a version of the minicomputer game Spacewar! running on dedicated game hardware. The pair would of course go on to found the wildly successful Atari, leaving their first outing with its meager 1500 units almost a footnote in their history.

Unsurprisingly with so relatively few produced, few made it out of the United States, so in the UK there are none to be found. [Arcade Archive] report on a fresh build of a Computer Space cabinet, this time not in fiberglass but via 3D printed plastic.

The build itself is the work of [Richard Horne], and in the video he takes us through the design process before printing the parts and then sticking them all together to make the cabinet. Without a real machine to scan or measure he’s working from photographs of real machines, working out dimensions by reference to other cabinets such as PONG that appear alongside them. The result is about as faithful a model of the cabinet as could be made, and it’s cut into the many pieces required for 3D printing before careful assembly.

This is the first in a series, so keep following them to see a complete and working Computer Space take shape.

Continue reading “3D Printing Computer Space

Exploit The Stressed-out Package Maintainer, Exploit The Software Package

March 31, 2024 by 10 Comments

A recent security vulnerability — a potential ssh backdoor via the liblzma library in the xz package — is having a lot of analysis done on how the vulnerability was introduced, and [Rob Mensching] felt that it was important to highlight what he saw as step number zero of the whole process: exploit the fact that a stressed package maintainer has burned out. Apply pressure from multiple sources while the attacker is the only one stepping forward to help, then inherit the trust built up by the original maintainer. Sadly, [Rob] sees in these interactions a microcosm of what happens far too frequently in open source.

Maintaining open source projects can be a high stress activity. The pressure and expectations to continually provide timely interaction, support, and updates can easily end up being unhealthy. As [Rob] points out (and other developers have observed in different ways), this kind of behavior just seems more or less normal for some projects.

The xz/liblzma vulnerability itself is a developing story, read about it and find links to the relevant analyses in our earlier coverage here.

Hackaday Links Column Banner

Hackaday Links: March 31, 2024

March 31, 2024 by 5 Comments

Battlelines are being drawn in Canada over the lowly Flipper Zero, a device seen by some as an existential threat to motor vehicle owners across the Great White North. The story started a month or so ago, when someone in the government floated the idea of banning devices that could be “used to steal vehicles by copying the wireless signals for remote keyless entry.” The Flipper Zero was singled out as an example of such a nefarious device, even though relatively few vehicles on the road today can be boosted using the simple replay attack that a Flipper is capable of, and the ones that are vulnerable to this attack aren’t all that desirable — apologies to the 1993 Camry, of course. With that threat hanging in the air, the folks over at Flipper Devices started a Change.org petition to educate people about the misperceptions surrounding the Flipper Zero’s capabilities, and to urge the Canadian government to reconsider their position on devices intended to explore the RF spectrum. That last bit is important, since transmit-capable SDR devices like the HackRF could fall afoul of a broad interpretation of the proposed ban; heck, even a receive-only SDR dongle might be construed as a restricted device. We’re generally not much for petitions, but this case might represent an exception. “First they came for the Flipper Zero, but I did nothing because I don’t have a Flipper Zero…”

Continue reading “Hackaday Links: March 31, 2024”

The board in question, with a Pi Pico soldered on, with old PCBs for macropads being used as captouch electrodes

Give Your Pi Pico Captouch Inputs For All Your Music Needs

March 31, 2024 by 11 Comments

Unlike many modern microcontrollers, RP2040 doesn’t come with a native capacitive touch peripheral. This doesn’t mean you can’t do it – the usual software-driven way works wonderfully, and only requires an external pullup resistor! In case you wanted a demonstration or you have a capacitive touch project in mind, this lighthearted video by [Jeremy Cook] is a must watch, and he’s got a healthy amount of resources for you in store, too!

In this video, [Jeremy] presents you with a KiCad schematic and an PCB design you can use to quickly add whole 23 capacitive touch sensing inputs to a Pi Pico! The board is flexible mechanically, easy to assemble as [Jeremy] demonstrates, and all the pins involved can still be used as regular GPIOs if you’d like. Plus, it’s fully open-source, can easily be assembled on your own, and available on Tindie too!

Of course, such a board doesn’t get created for no reason – [Jeremy] has a healthy amount of musical creations and nifty ideas to show off. We quite liked the trick of using old PCBs as capacitive touch sensing, using copper fills as electrodes – which has helped create an amusing “macropad of macropads”, and, there’s quite a bit more to see.

If capacitive touch projects ever struck a chord with you and you enjoy music-related hacking, [Jeremy]’s got a whole YouTube channel you ought to check out. Oh, and if one of the musical projects in the video caught your eye, it might just be the one we’ve featured previously! Continue reading “Give Your Pi Pico Captouch Inputs For All Your Music Needs”