Satellite Hunting Hack Chat

October 16, 2023 by 3 Comments

Rescheduled — note new date!

Join us on Wednesday, October 18 at noon Pacific for the Satellite Hunting Hack Chat with Scott Tilley!

From the very first beeps of Sputnik, space has primarily been the domain of nations. It makes sense — for the most part, it takes the resources of a nation to get anything of appreciable size up out of the gravity well we all live in, but more importantly, space is the highest of high ground, and the high ground has always been a place of advantage to occupy. And so a lot of the hardware we’ve sent upstairs in the last 70 years has been in the national interest of this or that country.

join-hack-chatA lot of these satellites are — or were, at least — top secret stuff, with classified payloads, poorly characterized orbits, and unknown communications protocols. This can make tracking them from the ground a challenge, but one that’s worth undertaking. Scott Tilley has been hunting for satellites for years, writing about his exploits on the Riddles in the Sky blog and sometimes being featured on Hackaday. After recently putting his skills to work listening in on a solar observation satellite as its orbit takes it close to Earth again, we asked him to stop by the Hack Chat to share what he’s learned about hunting for satellites, both long-lost and intentionally hidden. Join us as we take a virtual trip into orbit to find out just what’s going on up there.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, October 18 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Hackaday Podcast Ep 240: An Amazing 3D Printer, A Look Inside Raspberry Pi 5, And Cameras, Both Film And Digital

October 13, 2023 by 6 Comments

Date notwithstanding, it’s your lucky day as Elliot and Dan get together to review the best hacks of the week. For some reason, film photography was much on our writers’ minds this week, as we talked about ways to digitalize an old SLR, and how potatoes can be used to develop film (is there a Monty Python joke in there?) We looked at a 3D printer design that really pulls our strings, the custom insides of the Raspberry Pi 5, and the ins and outs of both ferroresonant transformers and ham radio antennas. Learn about the SMD capacitor menagerie, build a hydrogen generator that probably won’t blow up, and listen to the differences between a mess of microphones. And that’s not all; the KIM-1 rides again, this time with disk drive support, Jenny tests out Serenity but with ulterior motives, and Kristina goes postal with a deep dive into ZIP codes.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Ep 240: An Amazing 3D Printer, A Look Inside Raspberry Pi 5, And Cameras, Both Film And Digital”

Meshtastic And Owntracks To Kick Your Google Habit

October 11, 2023 by 20 Comments

I have an admission to make. I have a Google addiction. Not the normal addiction — I have a problem with Google Maps, and the timeline feature. I know, I’m giving my location data to Google, who does who-knows-what-all with it. But it’s convenient to have an easy way to share location with my wife, and very useful to track my business related travel for each month. What we could really use is a self-hosted, open source system to track locations and display location history. And for bonus points, let’s include some extra features, like the ability to track vehicles, kids, and pets that aren’t carrying a dedicated Internet connection.

You can read the title — you know where we’re going with this. We’re setting up an Owntracks service, and then tying it to Meshtastic for off-Internet usability. The backbone that makes this work is MQTT, a network message bus that has really found its niche in the Home Assistant project among others. It’s a simple protocol, where clients send brief messages labeled by topic, and can also subscribe to specific topics. For this little endeavor we’ll use the Mosquito MQTT broker.

One of the nice things about MQTT is that the messages are all text strings, and often take the form of JSON. When trying to get two applications to talking using a shared MQTT server, there may need to be a bit of translation. One application may label a field latitude, and the other shortens it to lat. The glue code to put these together is often known as an MQTT translator, or sometimes an MQTT bridge. This is a program that listens to a given topic, ingests each message, and sends it back to the MQTT server in a different format and topic name.

The last piece is Owntracks, which has a recorder project, which pulls locations from the MQTT server, and stores it locally. Then there’s Owntracks Frontend, which is a much nicer user interface, with some nice features like viewing movement a day at a time. Continue reading “Meshtastic And Owntracks To Kick Your Google Habit”

Decoding The 8088

October 9, 2023 by 2 Comments

There is a lot to like about open software, and in some areas, a well-thought-out piece of software can really make a huge impact. A great example of this is the Sigrok project. Creating simple devices that act like a logic analyzer is relatively easy. What’s hard is writing nice software for such a setup including protocol decoders. Sigrok has done it and since it is open, you can add your device and decode your protocol. [GloriousCow] had done the hardware part of interfacing to the 8088 in an IBM PC using an off-the-shelf logic analyzer that uses a customized version of Sigrok. But the output was a CSV file you had to process in a spreadsheet program. The next step: write a decoder for Sigrok to understand 8088 bus cycles.

The post covers the details of writing such a plug-in for Pulseview, the Sigrok GUI. It will also work for the command line interface if you prefer that. The code is in Python.

Continue reading “Decoding The 8088”

The Oldest Living Torrent Is 20 Years Old

September 28, 2023 by 41 Comments

Twenty years ago, in a world dominated by dial-up connections and a fledgling World Wide Web, a group of New Zealand friends embarked on a journey. Their mission? To bring to life a Matrix fan film shot on a shoestring budget. The result was The Fanimatrix, a 16-minute amateur film just popular enough to have its own Wikipedia page.

As reported by TorrentFreak, the humble film would unknowingly become a crucial part of torrent history. It now stands as the world’s oldest active torrent, with an uptime now spanning a full 20 years. It has become a symbol of how peer-to-peer technology democratized distribution in a fast-changing world.

Continue reading “The Oldest Living Torrent Is 20 Years Old”

This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina

September 22, 2023 by 15 Comments

Last week we covered the latest 0-day from NSO group, BLASTPASS. There’s more details about exactly how that works, and a bit of a worrying revelation for Android users. One of the vulnerabilities used was CVE-2023-41064, a buffer overflow in the ImageIO library. The details have not been confirmed, but the timing suggests that this is the same bug as CVE-2023-4863, a Webp 0-day flaw in Chrome that is known to be exploited in the wild.

The problem seems to be an Out Of Bounds write in the BuildHuffmanTable() function of libwebp. And to understand that, we have to understand libwebp does, and what a Huffman Table has to do with it. The first is easy. Webp is Google’s pet image format, potentially replacing JPEG, PNG, and GIF. It supports lossy and lossless compression, and the compression format for lossless images uses Huffman coding among other techniques. And hence, we have a Huffman table, a building block in the image compression and decompression.

What’s particularly fun about this compression technique is that the image includes not just Huffman compressed data, but also a table of statistical data needed for decompression. The table is rather large, so it gets Huffman compressed too. It turns out, there can be multiple layers of this compression format, which makes the vulnerability particularly challenging to reverse-engineer. The vulnerability is when the pre-allocated buffer isn’t big enough to hold one of these decompressed Huffman tables, and it turns out that the way to do that is to make maximum-size tables for the outer layers, and then malform the last one. In this configuration, it can write out of bounds before the final consistency check.

An interesting note is that as one of Google’s C libraries, this is an extensively fuzzed codebase. While fuzzing and code coverage are both great, neither is guaranteed to find vulnerabilities, particularly well hidden ones like this one. And on that note, this vulnerability is present in Android, and the fix is likely going to wait til the October security update. And who knows where else this bug is lurking. Continue reading “This Week In Security: WebP, Cavium, Gitlab, And Asahi Lina”

Scientists Call Out Apollo 17 After Investigating Moonquakes Past

September 19, 2023 by 35 Comments

In the vast realm of space exploration, new discoveries often emerge from old data. Thanks to advanced algorithms and keen observers, the seismic activities of our closest celestial neighbor, the Moon, have recently been thrust back into the limelight.

Thanks to the effort of the NASA crew involved in the Apollo 17 mission, it’s possible investigate these phenomena today with datasets from the past. Recently, researchers working with this data turned up some intriguing findings, and published them in a new paper. It reveals that one unexpected source of moonquakes could be the very equipment that Earth’s astronauts left behind. Continue reading “Scientists Call Out Apollo 17 After Investigating Moonquakes Past”