Hackaday Podcast 083: Soooo Many Custom Peripherals, Leaving Bluetooth Footprints, And A Twirlybird On Mars

September 4, 2020 by Mike Szczys 3 Comments

Hackaday editors Mike Szczys and Elliot Williams ogle the greatest hacks from the past 168 hours. Did you know that Mars Rover didn’t get launched into space all alone? Nestled in it’s underbelly is a two-prop helicopter that’s a fascinating study in engineering for a different world. Fingerprinting audio files isn’t a special trick reserved for Shazam, you can do it just as easily with an ESP32. A flaw in the way Bluetooth COVID tracing frameworks chirp out their anonymized hashes means they’re not as perfectly anonymized as planned. And you’re going to love these cool ways to misuse items from those massive parts catalogs.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 083: Soooo Many Custom Peripherals, Leaving Bluetooth Footprints, And A Twirlybird On Mars” →

An Arduino Controller For Hot Air Handles

September 4, 2020 by Tom Nardi 3 Comments

In general, the cost of electronic components and the tools used to fiddle with them have been dropping steadily over the last decade or so. But there will always be bargain-hunting hackers who are looking to get things even cheaper. Case in point, hot air rework stations. You can pick up one of the common 858D stations for as little as $40 USD, but that didn’t keep [MakerBR] from creating an Arduino controller that can be used with its spare handles.

Now to be fair, it doesn’t sound like price was the only factor here. After all, a spare 858D handle costs about half as much as the whole station, so there’s not a lot of room for improvement cost-wise. Rather, [MakerBR] says the Arduino version is designed to be more efficient and reliable than the stock hardware.

The seven wires in the handle connector have already been mapped out by previous efforts, though [MakerBR] does go over the need to verify everything matches the provided circuit diagrams as some vendors might have fiddled with the pinout. All the real magic happens in the handle itself, the controller just needs to keep an eye on the various sensors and provide the fan and heating element with appropriate control signals. An Arduino Pro Mini is more than up to the task, and a custom PCB makes for a fairly neat installation.

This isn’t the first time we’ve seen somebody replace the controller on one of these entry-level hot air stations, but because there are so many different versions floating around, you should do some careful research before cracking yours open and performing a brain transplant.

Continue reading “An Arduino Controller For Hot Air Handles” →

This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More

September 4, 2020 by Jonathan Bennett 5 Comments

Honeypots are an entertaining way to learn about new attacks. A simulated vulnerable system is exposed to the internet, inviting anyone to try to break into it. Rather than actually compromising a deployed device, and attacker just gives away information about how they would attack the real thing. A honeypot run by 360Netlab found something interesting back in April: an RCE attack against QNAP NAS devices. The vulnerability is found in the logout endpoint, which takes external values without properly sanitizing them. These values are used as part of an snprintf statement, and then executed with a system() call. Because there isn’t any sanitization, special characters like semicolons can be injected into the final command to be run, resulting in a trivial RCE.

QNAP has released new firmware that fixes the issue by replacing the system() call with execv(). This change means that the shell isn’t part of the execution process, and the command injection loses its bite. Version 4.3.3 was the first firmware release to contain this fix, so if you run a QNAP device, be sure to go check the firmware version. While this vulnerability was being used in the wild, there doesn’t seem to have been a widespread campaign exploiting it.

Continue reading “This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More” →

Autonomous Off-Road Food Delivery With Pixhawk

September 4, 2020 by Tom Nardi 1 Comment

It should come as no surprise that the COVID-19 pandemic has sparked renewed interest in robotic deliveries. Amazon saying they would some day land Prime orders in your backyard with a drone sounded pretty fanciful a few years ago, but now that traditional delivery services are under enormous strain and people are looking to avoid as much human contact as possible, it’s starting to make a lot more sense.

Pro Tip: Avoid drifting while towing seafood.

Now to be clear, we don’t think you’ll be seeing this modified RC truck rolling up your driveway with a pizza in tow anytime soon. But the experiments that [Sean] has been doing with it are certainly interesting, and show just how far autonomous rover technology has progressed at the hobbyist level. Whether you need to move some sushi or a sensor package, his build is a great starting point for anyone interested in DIY robotic ground vehicles.

Especially if you want to take things off the beaten path once and awhile. By combining the Pixhawk autopilot system with an off-road RC truck by Traxxas, [Sean] has created a delivery bot that’s not afraid of a little mud. Or even the occasional jump, should the need arise. Just don’t expect your shrimp cocktail and champagne to arrive in one piece after they’ve been given the Dukes of Hazzard treatment.

In the video after the break [Sean] goes over some of the lessons learned on this build, including how he managed to keep the electronics from cooking themselves in the Texas heat. He also goes over the realities of building an autonomous driving system that doesn’t actually have a camera onboard; sure you can plan a route for it in advance, but all bets are off if an unexpected obstacle blocks the path. It’s a pretty serious shortcoming he’s looking to address in the future, as well as upgrading to a far more accurate RTK-GPS receiver.

Continue reading “Autonomous Off-Road Food Delivery With Pixhawk” →

The Screwdriver You Don’t Need, But Probably Want

September 4, 2020 by Danie Conradie 50 Comments

Screwdrivers are simple devices with a simple purpose, and there is generally little fanfare involved with buying yourself a new set. We’ve never seen one marketed as an object of desire, but we have to admit that [Giaco] managed to do precisely that. He created the Kinetic Driver, a ~~fidget spinner~~ precision screwdriver designed to use its rotational momentum to loosen and tighten screws.

The main difference between the Kinetic Driver and other screwdrivers is a big brass mass at the front end for high rotational inertia and a high-quality ceramic bearing at the back end for minimal drag. It uses 4 mm precision bits, so its utility will be limited to small screws, which makes it perfect for working on small electronics.

[Giaco] says the idea came after running a successful Kickstarter campaign for a utility knife, where he found that his favorite screwdriver for the many small screws was one with a fat metal body which allowed it to spin easily. In the video after the break, he gives an excellent insight into the development process. He started by creating a series of 3D printed prototypes to figure out the basic shape, before making the first metal prototype. [Giaco] also shows the importance of figuring out the order of operation for machining, which is often glossed over in other machining videos. Be sure to check out the beautiful launch video at 17:52. Continue reading “The Screwdriver You Don’t Need, But Probably Want” →

YARH.IO Is The Hackable Pi Portable Of Our Dreams

September 3, 2020 by Tom Nardi 23 Comments

Less than a decade ago, building a completely custom portable computer was more or less out of the question. Sure you could have cobbled something together with a Gumstix board and the dinky NTSC/PAL screen pulled from a portable DVD player, but it wouldn’t exactly have been a daily driver. But now we have cheap high definition LCD panels, desktop 3D printers, and of course, the Raspberry Pi.

We’ve seen these elements combined into bespoke personal computing devices too many times to count now, but very few of them can compare to the incredible YARH.IO. It’s been designed from the ground up for easy assembly and customization; you don’t have to worry about getting custom PCBs made or tracking down some piece of unobtanium hardware. Everything inside of the 3D printed enclosure is an off-the-shelf module, needing little more than the occasional scrap of protoboard to tie them all together.

One glance at the rugged design of the YARH.IO, and it’s clear this device wasn’t meant to live on a shelf. Whether it’s getting tossed around the workbench or thrown into a bag on the way to a hacker con, the militarized design of this portable is ready for action. Using appropriately strong materials such as PETG and ABS, we have no doubt the enclosure will survive whatever the on-the-go hacker can throw at it.

But what’s arguably the best feature of the YARH.IO also happens to be the least obvious: the modular design of the enclosure allows you to remove the lower keyboard section and use it as a battery powered Linux tablet (albeit a rather chunky one). Whether the keyboard is attached or not, you still have access to the Pi’s expansion header thanks to a clever pass-through.

Like with the Mil-Plastic that [Jay Doscher] released recently, we know these 3D printed kits will never be as strong as the real military gear they’re emulating. But let’s be realistic, none of us keyboard warriors will be taking them into an actual battlefield anytime soon. What’s more important is that their modular construction allows them to be easily modified for whatever the user’s needs might be. With as far as the state-of-the-art in DIY bespoke computing as come in the last decade, we can’t wait to see what the future holds.

E4 Empatica device for measuring location, temperature, skin conductance, sleep, etc. on arm

Choosing The Optimal Sampling Rate For Your DIY Heart Rate Monitor

September 3, 2020 by Orlando Hoilett 19 Comments

With wearables still trying to solidify themselves in the consumer health space, there are a number of factors to consider to improve the reliability of such devices in monitoring biometrics. One of the most critical such parameters is the sampling rate. By careful selection of this figure, developers can minimize errors in the measurement, preserve power, and reduce costs spent on data storage. For this reason, [Brinnae Bent] and [Dr. Jessilyn Dunn] wanted to determine the optimal sampling rate for wrist-worn optical heart rate monitors. We’ve shared their earlier paper on analyzing the accuracy of consumer health devices, so they’ve done a lot of work in this space.

The results of their paper probably don’t surprise anyone. The lower the sampling rate, the lower the accuracy of the measurement, and the higher the sampling rate the more accurate the measurement when compared to the gold standard electrocardiogram. They also found that metrics such as root mean square of successive differences (RMSSD), used for calculating heart rate variability, requires sampling rates greater than 64 Hz, the nominal sampling rate of the wearable they were investigating and of other similar devices. That might suggest why your wearable is a bit iffy when monitoring your sleeping habits. They even released the source code for their heart rate variability analysis, so there’s a nice afternoon read if you were looking for one.

What really stood out to us about their work is how they thoroughly backed up their claims with data. Something crowdfunding campaigns could really learn from.