New Part Day: Bouffalo Labs BL602 RISC-V Wi-Fi/Bluetooth SoC

November 20, 2020 by 20 Comments

We should all by now be used to microcontrollers with wireless hardware on board, with Espressif or Nordic Labs dominating the hacker scene. There have been several other contenders in this arena over the years that haven’t really caught the attention of our community, usually because of the opacity of their available information.

A new contender should be worth a second look though. The BL602 from Bouffalo Labs is a Wi-Fi- and Bluetooth LE-capable microcontroller with a 32-bit RISC-V derived core. If that doesn’t interest you much, perhaps news that the PINE64 folks are spearheading an effort to reverse engineer it for a fully open-source blob-free wireless implementation might sharpen your attention.

So where can you get your hands on one? Hold your horses, this chip is at an early stage in its gestation. We can see that there are some exciting possibilities in store, but we’re still figuring out the hardware interfaces and other software required to make it work. A community is hard at work reverse engineering it, which leads us back to the PINE64 story we mentioned earlier.

You can find BL602 modules from AliExpress vendors, but the PINE64 folks will offer you a free one if you join their blob reverse engineering effort. Take note though, this offer is for those prepared to show commitment to the project, so don’t spam them in the hope of free stuff if you won’t be helping deliver the goods.

We might see the BL602 gaining an open-source toolchain and internal blobs over the coming months thanks to the efforts of those working on it. Just as the ESP8266 did back in 2014, it’s starting as a black box with a relative scarcity of information. But if this hacking effort pays off, we’ll have a cheap RISC-V Wi-Fi and Bluetooth module with entirely open-source software from the silicon upwards. What a time to be alive!

Thanks [Renze] for the tip.

This Week In Security: SAD DNS, Incident Documentation Done Well, And TCL Responds

November 20, 2020 by 6 Comments

One of the big stories from the past few days is the return of DNS cache poisoning. The new attack has been dubbed SADDNS, and the full PDF whitepaper is now available. When you lookup a website’s IP address in a poisoned cache, you get the wrong IP address.

This can send you somewhere malicious, or worse. The paper points out that DNS has suffered a sort of feature creep, picking up more and more responsibilities. The most notable use of DNS that comes to mind is LetsEncrypt using DNS as the mechanism to prove domain ownership, and issue HTTPS certificates.

DNS Cache poisoning is a relatively old attack, dating from 1993. The first iteration of the attack was simple. An attacker that controlled an authoritative DNS server could include extra DNS results, and those extra results would be cached as if they came from an authoritative server. In 1997 it was realized that the known source port combined with a non-random transaction ID made DNS packet spoofing rather trivial. An attacker simply needs to spoof a DNS response with the appropriate txID, at the appropriate time to trick a requester into thinking it’s valid. Without the extra protections of TCP connections, this was an easy task. The response was to randomize the txID in each connection.

I have to take a moment to talk about one of my favorite gotchas in statistics. The Birthday paradox. The chances that two randomly selected people share a birthday is 1 in 365. How many people have to be in a room together to get a 50% chance of two of them sharing a birthday? If you said 182, then you walked into the paradox. The answer is 23. Why? Because we’re not looking for a specific birthday, we’re just looking for a collision between dates. Each non-matching birthday that walks into the room provides another opportunity for the next one to match.

This is the essence of the DNS birthday attack. An attacker would send a large number of DNS requests, and then immediately send a large number of spoofed responses, guessing random txIDs. Because only one collision is needed to get a poisoned cache, the chances of success go up rapidly. The mitigation was to also randomize the DNS source port, so that spoof attempts had to have both the correct source port and txID in the same attempt. Continue reading “This Week In Security: SAD DNS, Incident Documentation Done Well, And TCL Responds”

3D Printable Cloth Takes Advantage Of Defects

November 20, 2020 by 24 Comments

Normally, a 3D printer that under extrudes is a bad thing. However, MIT has figured out a way to deliberately mix full extrusions with under extruded layers to print structures that behave more like cloth than normal 3D printed items. The mesh-like structure apparently doesn’t require any modification to a normal 3D printer, just different software to create special code sequences to create the material.

Called DefeXtiles, [Jack Forman] is producing sheets and complex structures that appear woven. The process is known as “blob-stretch” because of the way the plastic makes blobs connected by fine filaments of plastic.

Continue reading “3D Printable Cloth Takes Advantage Of Defects”

Mushroom Canoe Is Rooted In Nature

November 20, 2020 by 38 Comments

Mushrooms might be the most contested pizza topping after pineapple, but can you build a boat from pineapples? Probably not, but you can from mushrooms. Mushrooms, or rather their mycelium root systems, can be used for things like packaging, insulation, and furniture, and it could be the next thing in floatation, too. Just ask [Katy Ayers], a Nebraska college student who built an eight-foot canoe molded almost entirely of mycelium.

[Katy] got into mushrooms when she was tasked with researching solutions to climate change. She loves to fish and has always wanted a boat, so when she found out that mycelium are naturally buoyant and waterproof, she decided to try using it as a building material.

[Katy] floated the idea by the owner of a local mushroom company and they got to work, building a frame suspended in the air by a hammock-like structure. Then they covered the boat’s skeleton with spores and let it proliferate in a hot, humid growing room. Two weeks later, they had a boat made of live mycelium, which means that every time it goes out on the water, it spawns mushrooms. The total cost including tools was around $500. The boat experiment spawned even more mycelium projects. [Katy] has since experimented with making lawn chairs and landscaping bricks from mycelium.

Don’t want to wait to grow your own mycelium boat? You can build one out of stretch wrap, packing tape, and tree branches.

Thanks for the tip, [ykr300]!

Main image by Katy Ayers via NBC News

Circuit Boards You Can Stretch: Liquid Metal Nanomaterials Make A Strange Flex

November 19, 2020 by 9 Comments

If you think polyimide-based flexible PCBs are cool, wait until you get a load of what polymerized liquid metal networks can do.

Seems like [CNLohr] has some pretty cool friends, and he recently spent some time with a couple of them who are working with poly LMNs and finding out what they’re good for. Poly LMNs use a liquid metal composed of indium and gallium that can be sprayed onto a substrate through a laser-cut stencil. This results in traces that show the opposite of expected behavior; where most conductors increase in resistance when stretched, pol LMNs stay just as conductive no matter how much they’re stretched.

The video below shows [CNLohr]’s experiments with the stuff. He brought a couple of traditional PCB-based MCU circuits, which interface easily with the poly LMN traces on a thick tape substrate. Once activated by stretching, which forms the networks between the liquid metal globules, the traces act much like copper traces. Attaching SMD components is as simple as sticking them to the tape — no soldering required. The circuits remain impressively stretchy without any apparent effect on their electrical properties — a characteristic that should prove interesting for wearables circuits, biological sensors, and a host of real-world applications.

While poly LMNs aren’t exactly ready for the market yet, they don’t seem terribly difficult to make, requiring little in the way of exotic materials or specialized lab equipment. We’d love to see someone like [Ben Krasnow] pick this up and run with it — it seems right up his alley.

Continue reading “Circuit Boards You Can Stretch: Liquid Metal Nanomaterials Make A Strange Flex”

The Battle For Arecibo Has Been Lost

November 19, 2020 by 98 Comments

It is with a heavy heart that we must report the National Science Foundation (NSF) has decided to dismantle the Arecibo Observatory. Following the failure of two support cables, engineers have determined the structure is on the verge of collapse and that the necessary repairs would be too expensive and dangerous to conduct. At the same time, allowing the structure to collapse on its own would endanger nearby facilities and surely destroy the valuable research equipment suspended high above the 300 meter dish. Through controlled demolition, the NSF hopes to preserve as much of the facility and its hardware as possible.

Section of the Arecibo Message

When the first support cable broke free back in August, we worried about what it meant for the future of this unique astronomical observatory. Brought online in 1963 as part of a Cold War project to study how ICBMs behaved in Earth’s upper atmosphere, the massive radio telescope is unique in that it has the ability to transmit as well as receive. This capability has been used to produce radar maps of distant celestial objects and detect potentially hazardous near-Earth asteroids.

In 1974, it was even used to broadcast the goodwill of humankind to any intelligent lifeforms that might be listening. Known as the “Arecibo Message”, the transmission can be decoded to reveal an assortment of pictograms that convey everything from the atomic numbers of common elements to the shape of the human body. The final icon in the series was a simple diagram of Arecibo itself, so that anyone who intercepted the message would have an idea of how such a relatively primitive species had managed to reach out and touch the stars.

There is no replacement for the Arecibo Observatory, nor is there likely to be one in the near future. The Five hundred meter Aperture Spherical Telescope (FAST) in China is larger than Arecibo, but doesn’t have the crucial transmission capability. The Goldstone Deep Space Communications Complex in California can transmit, but as it’s primarily concerned with communicating with distant spacecraft, there’s little free time to engage in scientific observations. Even when it’s available for research, the largest dish in the Goldstone array is only 1/4 the diameter of the reflector at Arecibo.

Just last week we wondered aloud whether a nearly 60 year old radio telescope was still worth saving given the incredible advancements in technology that have been made in the intervening years. Now, unfortunately, we have our answer.

RadioShack To Be Reborn As Online-First Retailer

November 19, 2020 by 103 Comments

The good news is that as of today RadioShack has officially been purchased by Retail Ecommerce Ventures (REV), giving the troubled company a new lease on life. The downside, at least for folks like us, is that there are no immediate plans to return the iconic electronics retailer to its brick-and-mortar roots. As the name implies, REV specializes in online retail, having previously revamped the Internet presence of other bankrupt businesses such as Pier 1 Imports and Dressbarn.

While the press release doesn’t outright preclude the possibility of new physical RadioShack locations, it’s clear that REV believes the future of retail isn’t to be found in your local strip mall. As the US mulls further lockdowns in response to the continuing COVID-19 pandemic, it’s hard to disagree. There will be millions of bored kids and adults looking for something to do during the long winter nights, and an electronic kit or two shipped to their door might be just the thing.

REV says they plan to relaunch the rather dated RadioShack website just in time for the company’s 100th anniversary in 2021. As of this writing the website currently says that sales have been temporarily halted to allow for inventory restructuring, though it’s unclear if this is directly related to the buyout or not. Getting an accurate count of how much merchandise the company still has on hand after shuttering the majority of their physical locations in 2017 certainly sounds like something the new owners would want to do.

Like most of you, we have fond memories of the Golden Age of RadioShack, back before they thought selling phones and TVs was somehow a good idea. To their credit, they did try and rekindle their relationship with hackers and makers by asking the community what they’d want to see in their stores. But we all know how that story ended. While it doesn’t look like this news will get us any closer to having a neighborhood store that stocks resistors, there’s a certain comfort in knowing that RadioShack kits and books will still be around for the next generation.