Hackaday Podcast Episode 303: The Cheap Yellow Display, Self-Driving Under $1000, And Don’t Remix That Benchy

January 10, 2025 by 1 Comment

As the holiday party season fades away into memory and we get into the swing of the new year, Elliot Williams is joined on the Hackaday Podcast by Jenny List for a roundup of what’s cool in the world of Hackaday. In the news this week, who read the small print and noticed that Benchy has a non-commercial licence? As the takedown notices for Benchy derivatives fly around, we muse about the different interpretations of open source, and remind listeners to pay attention when they choose how to release their work.

The week gave us enough hacks to get our teeth into, with Elliot descending into the rabbit hole of switch debouncing, and Jenny waxing lyrical over a crystal oscillator. Adding self-driving capability to a 30-year-old Volvo caught our attention too, as did the intriguing Cheap Yellow Display, an ESP32 module that has (almost) everything. Meanwhile in the quick hacks, a chess engine written for a processor architecture implemented entirely in regular expressions impressed us a lot, as did the feat of sending TOSLINK across London over commercial fibre networks. Enjoy the episode, and see you again next week!

Continue reading “Hackaday Podcast Episode 303: The Cheap Yellow Display, Self-Driving Under $1000, And Don’t Remix That Benchy”

SerenityOS On Real Hardware

January 10, 2025 by 8 Comments

One of the problems facing any developer working on their own operating system is that of hardware support. With many thousands of peripherals and components that can be found in a modern computer, keeping up requires either the commercial resources of Microsoft or the huge community of Linux.

For a small project such as SerenityOS this becomes a difficult task, and for that reason the primary way to run that OS has always been in an emulator. [Sdomi] however has other ideas, and has put a lot of effort to getting the OS to run on some real hardware. The path to that final picture of a laptop with a SerenityOS desktop is long, but it makes for a fascinating read.

The hardware in question is an Intel powered Dell Chromebook. An odd choice you might think, but they’re cheap and readily available, and they have some useful debugging abilities built in. We’re treated to an exploration of the hardware and finding those debug ports, and since the USB debugging doesn’t work, a Pi Pico clone is squeezed into the case. We like that it’s wired up to the flash chip as well as serial.

Getting access to the serial port from the software turned out to be something of a pain, because the emulated UART wasn’t on the port you’d expect. Though it’s an Intel machine it’s not a PC clone, so it has no need. Some epic hackery involving rerouting serial to the PC debug port ensued, enabling work to start on an MMC driver for the platform. The eventual result is a very exclusive laptop, maybe the only one running SerenityOS on hardware.

We like this OS, and we hope this work will lead to it becoming usable on more platforms. We took a look at it back in 2023, and it’s good to hear that it’s moving forward.

This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label

January 10, 2025 by 3 Comments

The mad lads at watchTowr are back with their unique blend of zany humor and impressive security research. And this time, it’s the curious case of backdoors within popular backdoors, and the list of unclaimed domains that malicious software would just love to contact.

OK, that needs some explanation. We’re mainly talking about web shells here. Those are the bits of code that get uploaded to a web server, that provide remote access to the computer. The typical example is a web application that allows unrestricted uploads. If an attacker can upload a PHP file to a folder where .php files are used to serve web pages, accessing that endpoint runs the arbitrary PHP code. Upload a web shell, and accessing that endpoint gives a command line interface into the machine.

The quirk here is that most attackers don’t write their own tools. And often times those tools have special, undocumented features, like loading a zero-size image from a .ru domain. The webshell developer couldn’t be bothered to actually do the legwork of breaking into servers, so instead added this little dial-home feature, to report on where to find all those newly backdoored machines. Yes, many of the popular backdoors are themselves backdoored.

This brings us to what watchTowr researchers discovered — many of those backdoor domains were either never registered, or the registration has been allowed to expire. So they did what any team of researchers would do: Buy up all the available backdoor domains, set up a logging server, and just see what happens. And what happened was thousands of compromised machines checking in at these old domains. Among the 4000+ unique systems, there were a total of 4 .gov. domains from governments in Bangladesh, Nigeria, and China. It’s an interesting romp through old backdoors, and a good look at the state of still-compromised machines.

Continue reading “This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label”

RISC-V Microcontroller Lights Up Synth With LED Level Meter

January 10, 2025 by 8 Comments

The LM3914 LED bar graph driver was an amazing chip back in the day. Along with the LM3915, its logarithmic cousin, these chips gave a modern look to projects, allowing dancing LEDs to stand in for a moving coil meter. But time wore on and the chips got harder to find and even harder to fit into modern projects, what with their giant DIP-18 footprint. What’s to be done when a project cries out for bouncing LEDs? Simple — get a RISC-V microcontroller and roll your own LED audio level meter.

In fairness, “simple” isn’t exactly what comes to mind while reading [svofski]’s write-up of this project. It’s part of a larger build, a wavetable synth called “Pétomane Ringard” which just screams out for lots of blinky LEDs. [svofski] managed to squeeze 20 small SMD LEDs onto the board along with a CH32V003 microcontroller. The LEDs are charlieplexed, using five of the RISC-V chip’s six available GPIO lines, leaving one for the ADC input. That caused a bit of trouble with programming, since one of those pins is needed to connect to the programmer. This actually bricked the chip, thankfully only temporarily since there’s a way to glitch the chip back to life, but only after pulling it out of the circuit. [svofski] recommends adding a five-second delay loop to the initialization routine to allow time to recover if the microcontroller gets into an unprogrammable state. Good tip.

As for results, we think the level meter looks fantastic. [svofski] went for automated assembly of the 0402 LEDs, so the strip is straight and evenly spaced. The meter seems to be quite responsive, and the peak hold feature is a nice touch. It’s nice to know there’s a reasonable substitute for the LM391x chips, especially now that all the hard work has been done.
Continue reading “RISC-V Microcontroller Lights Up Synth With LED Level Meter”

A Low Effort, Low Energy Doorbell

January 10, 2025 by 19 Comments

Bluetooth is a good way to connect devices that are near each other. However, it can drain batteries which is one reason Bluetooth Low Energy — BLE — exists. [Drmph] shows how easy it is to deploy BLE to make, in this case, a doorbell. He even shows how you can refit an existing doorbell to use the newer technology.

Like many projects, this one started out of necessity. The existing wireless doorbell failed, but it was difficult to find a new unit with good review. Cheap doorbells tend to ring spuriously due to interference. BLE, of course, doesn’t have that problem. Common BLE modules make up the bulk of the project. It is easy enough to add your own style to the doorbell like a voice announcement or musical playback. The transmitter is little more than a switch, the module, a coin cell, and an LED.

It is, of course, possible to have a single receiver read multiple doorbells. For example, a front door and back door with different tones. The post shows how to make a remote monitor, too, if you need the bell to ring beyond the range of BLE.

A fun, simple, and useful project. Of course, the cool doorbells now have video. Just be careful not to get carried away.

It’s IP, Over TOSLINK!

January 9, 2025 by 19 Comments

At the recent 38C3 conference in Germany, someone gave a talk about sending TOSLINK digital audio over fiber optic networks rather than the very low-end short distance fibre you’ll find behind your CD player. This gave [Manawyrm] some ideas, so of course the IP-over TOSLINK network was born.

TOSLINK is in effect I2S digital audio as light, so it carries two 44.1 kilosamples per second 16-bit data streams over a synchronous serial connection. At 1544 Kbps, this is coincidentally about the same as a T1 leased line. The synchronous serial link of a TOSLINK connection is close enough to the High-Level Data Link Control, or HDLC, protocol used in some networking applications, and as luck would have it she had some experience in using PPP over HDLC. She could configure her software from that to use a pair of cheap USB sound cards with TOSLINK ports, and achieve a surprisingly respectable 1.47 Mbit/s.

We like this hack, though we can see it’s not entirely useful and we think few applications will be found for it. But she did it because it was there, and that’s the essence of this game. Now all that needs to happen is for someone to use it in conjunction with the original TOSLINK-over network fiber, for a network-over-TOSLINK-over-network abomination.

Engineering Lessons From The Super-Kamiokande Neutrino Observatory Failure

January 9, 2025 by 48 Comments

Every engineer is going to have a bad day, but only an unlucky few will have a day so bad that it registers on a seismometer.

We’ve always had a morbid fascination with engineering mega-failures, few of which escape our attention. But we’d never heard of the Super-Kamiokande neutrino detector implosion until stumbling upon [Alexander the OK]’s video of the 2001 event. The first half of the video below describes neutrinos in some detail and the engineering problems related to detecting and studying a particle so elusive that it can pass through the entire planet without hitting anything. The Super-Kamiokande detector was built to solve that problem, courtesy of an enormous tank of ultrapure water buried 1,000 meters inside a mountain in Japan and lined with over 10,000 supersized photomultiplier tubes to detect the faint pulses of Chernkov radiation emitted on the rare occasion that a neutrino interacts with a water molecule.

Continue reading “Engineering Lessons From The Super-Kamiokande Neutrino Observatory Failure”