There was a time when oscilloscopes were big and expensive. Now you can get scopes of various sizes and capabilities on nearly any budget. Vector network analyzers — VNAs — haven’t had quite the same proliferation, but NanoVNA may change that. [IMSAI Guy] bought one for about $50 and made a series of videos about it. Spoiler alert: he likes it. You can see one of the several videos he’s posted, below.
NanoVNA is tiny but sweeps from 50 kHz to 900 MHz and has a touch screen. The device uses a rechargeable battery if you need to haul it up to an antenna tower, for example. Just as a quick test, you can see early in the video the analysis of a rubber duck antenna. The device shows return loss as a plot and you can use a cursor to precisely measure the values. It also shows a Smith chart of the reactance.
[Hesam Moshiri] has built a variable switch-mode power supply over on hackaday.io. When prototyping a new circuit, often the goal is to get a proof-of-concept working as soon as possible to iron out all of the bugs it might have. The power supply can easily be an afterthought, and for smaller projects we might just reach for an adjustable LM317 voltage regulator to dial in the correct voltage and then move on with the meat of the project. These linear regulators are incredibly inefficient though, so if you find yourself prototyping with one of these often enough, it might be worthwhile to switch to something better.
While it’s easy to simply buy a switch-mode power supply (SMPS) that has everything you need, and rated for 90% or higher efficiency at the same time, getting one with an adjustable output isn’t as easy. This one is based on the relatively popular LM2576-Adj chip which handles the switching frequency part of the circuit automatically. You will also need some large capacitors, an inductor (one of the disadvantages of an SMPS circuit) and a small potentiometer to use as the feedback control for the LM2576. This special pin allows the output voltage of the SMPS to be precisely controlled.
Granted, this project might not be breaking any new grounds, but if you’ve never given serious thought to your small breadboard circuit power supplies, it’s definitely worth looking into. An improvement from a linear regulator’s 30% efficiency to 90% efficiency from an SMPS will not only save you a ton of energy but also solve a lot of heat dissipation problems. If you don’t want to build a switch-mode supply 100% from scratch, though, it might also be possible to modify an existing one to suit your needs as well.
Large machine tools are often built to last a very long time, so it is not uncommon to find a lathe made in the 19th century still providing faithful service. The fundamental job of a lathe has not changed significantly in the intervening years, even though a modern lathe will have more features than its hundred-year-old equivalent.
This is not the case for CNC machine tools. When computer numerical control was wedded with old iron machine tools, the control hardware was doomed to quickly become antique or vintage. From the user interfaces to the control circuitry, in the world of electronics new features quickly become obsolete. [Evan] has a ShopBot CNC wood router from the mid 1990s that he describes as an antique, and his tale of its restoration is both a fascinating look at the changes in small-scale CNC control over two decades as well as something of a primer for anyone considering a similar upgrade.
The controller is a pair of beige-box PC cases that scream “I love the 90’s!”. One contains a socket-7 PC running Windows 95, and the other houses the ShopBot controller; an 80c32 dev board with ShopBot firmware, coupled to a set of motor controller boards, which unlike today’s controllers expect raw quadrature inputs. His aim was to replace the vintage hardware with a modern alternative. An Arduino Mega running grbl to talks to the ShopBot controllers by way of a small piece of electronics to condition quadrature data from the step and direction lines it provided. The result may not be as good as a router from 2019, but it did save this aging tool from retirement.
Who wouldn’t want a robot that can fetch them a glass of water? [Saral Tayal] didn’t just think that, he jumped right in and built his own personal assistant robot. This isn’t just some remote-controlled rover though. The robot actually listens to his voice and recognizes his face.
The body of the robot is the common “Rover 5” platform, to which [Saral] added a number of 3D printed parts. A forklift like sled gives the robot the ability to pick things up. Some of the parts are more about form than function – [Saral] loves NASA’s Spirit and Opportunity Mars rovers, so he added some simulated solar cells and other greebles.
The Logitech webcam up front is very functional — images are fed to machine learning models, while audio is processed to listen for commands. This robot can find and pick up 90 unique objects.
The robot’s brains are a Raspberry Pi. It uses TensorFlow for object recognition. Some of the models [Saral] is using are pretty large – so big that the Pi could only manage a couple of frames per second at 100% CPU utilization. A Google Coral coprocessor sped things up quite a bit, while only using about 30% of the Pi’s processor.
It takes several motors to control to robot’s tracks and sled. This is handled by two Roboclaw motor controllers which themselves are commanded by the Pi.
We’ve seen quite a few mobile robot rovers over the years, but [Saral’s] ‘bot is one of the most functional designs out there. Even better is the fact that it is completely open source. You can find the code and 3D models on his GitHub repo.
Check out a video of the personal assistant rover in action after the break.
Bluetooth Low Energy (BLE) 5 has been around since 2016 with the most recent version 5.2 published just this year. There’s not much hardware out there that’s using the new hotness. That didn’t stop [Damien Cauquil] from picking apart BLE 5’s new frequency hopping techniques and updating his BtleJack tool to allow sniffing, jamming and hijacking hardware using the new protocol.
As you can imagine, the BLE standard a complicated beast and just one part of it is the topic here: the PRNG-based frequency hopping scheme that is vastly different from BLE 4.x and earlier. The new standard, called Channel Selection Algorithm (CSA) #2 — uses 65535 possible channels, compared to just 37 channels used by its predecessor. Paired devices agree to follow a randomized list of all possible channels in sequence so that they remain in synchronization between hops. This was put in place to help avoid collisions, making it possible for many more BLE devices to operate in close proximity. This is important to note since it quickly becomes obvious that it’s not a robust security measure by any means.
To begin channel hopping the two devices must first agree on an order in which to hop, ensuring they’ll meet one another after each leap. To do so they both run the same 32-bit seed number through a PRNG algorithm, generating a list that will then be followed exactly in order. But it turns out this is not very difficult to figure out. All that’s needed is the access address whose top 16-bits are publicly available if you’re already sniffing packets, and the bottom 16-bits is the counter that increments the hop address list.
If you want to jam or hijack BLE 5 communication you need to establish which “randomized” channel list is being used, and the value of the counter that serves as an index to this list. To do so, [Damien] sniffs packets on two different channels. These channels will be used over and over again as it loops through the channel list, so calculating how much time occurs between each channel indicates how far apart these channels are on the list.
In practice, [Damien] first implemented a sieve (the same concept as the Sieve of Eratosthenes for finding primes) that starts with a list of all possibilities and removes those that don’t contain a matching timing between the two channels. Keep doing this, and eventually, you’ll whittle your list down to one possible channel order.
This certainly worked, but there were timing issues that sometimes meant you could learn the seed but couldn’t then sync with it after the fact. His second approach uses pattern matching. By measuring hops on 11 consecutive channels, he’s able to synchronize with target devices in a minute or less. From there, jamming or hijacking methods come into play. The randomization of this scheme is really marginal. A more robust technique would have used an internal state in both devices to generate the next hopping channel. This would have been much more difficult for an attacker to figure out. From the device perspective, CSA #2 takes very little computation power which is key for power-sipping IoT devices most often using BLE.
As mentioned before, [Damien] had trouble finding any hardware in the wild using the BLE 5 standard. His proof of concept is built on a pair of nRF52840 development boards. Because it needs more testing, the code hasn’t been merged into the main version of BtleJack, but you can still get it right now by heading over to BtleJack repo on GitHub.
Scarcity on the Internet is the siren song of bot writers. Maybe you’ve lost an eBay bid in the last milliseconds, or missed out on a hacker con when tickets sold out in under a minute — your corporeal self has been outperformed by a bot. But maybe you didn’t know bots are on a buying frenzy in the hyped-up world of fashion. From limited-run sneakers to anything with the word Supreme printed on it, people who will not accept any substitute in wearing the rarest and most sought after are turning to resellers who use bots to snag unobtanium items and profit on the secondary market.
At DEF CON 27 [FinalPhoenix] took the stage to share her adventures in writing bots and uncovering a world that buys and sells purchasing automation, forming groups much like cryptocurrency mining pools to generate leads on when the latest fashion is about to drop. This is no small market either. If your bots are leet enough, you can make a ton of cash. Let’s take a look at what it takes to write a bot, and at the bots-for-sale economy that has grown up around these concepts.
The internet is built with bots in mind and we have Google to thank for this. Their major innovation was moving us off of a curated internet to one that is machine crawled. Everyone wants good Google juice and that means building a site that is friendly to the Google bots that crawl and index the internet. This makes automation for your own purposes quite a bit easier. Namely, the monitor-bots that are used to detect when a retailer has the latest in stock. [FinalPhoenix] demonstrated a simple script that grabs the XML site map, parsing it for newly in-stock items, flagging them when found. But here’s the killer — if your monitor bot is a good one, you can turn it into a discord channel and sell subscriptions to others playing the reseller game, to the tune of $15-30 a month per subscriber.
Example slide of code used in a web-based buy-bot
Once your bot reports stock, the race is on to buy it before anyone else can. For this, you could use the APIs of the site, but that’s time-consuming and a lot easier for retailers to detect and block bot usage. For this part of her botting tools [FinalPhoenix] likes to use web-based bots that go through a browser framework like Chromium and allow obfuscation techniques like scrolling, clicking other items, random pauses, and other simple-minded actions that make your bot appear to be only human. In the examples for this talk, the Puppeteer framework was used for this purpose. In the end, the main role of this part of the bot is to use a verified account to complete the purchase as fast as robotically possible, which is why they’re called buy-bots. Retailers do have some tricks to combat these web-based attacks like adding secret keys in the DOM that need to be sent with the next post, but these are easy to discover and incorporate into the scripts.
This raises up another interesting part of the scheme, the verified accounts. For the best chance at profit, you need multiple accounts, each used just one time to avoid your buy-bot being detected by the retailer. For this, [FinalPHoenix] turns to services that sell accounts in packages of 500-10,000 and cost around just $5-10 per batch.
But wait, here’s where it gets really wild as recursion takes hold. Yes, these buy-bots are for sale (from sites like AIO Bot and usually around $300-1500), but they’re sold in limited quantities so that it’s harder for retailers to notice and take countermeasures. Just like how the clothing was limited release and incentivized bots-wielding resellers to enter the market, there is a secondary market for the bots themselves. [FinalPhoenix] reports that reselling one of these bots can yield $1000-1500 in profit. The same principles apply, and so what we’ve ended up with is bots buying bots to buy clothes. Who knows how many levels of bot-bot transactions there are, but it certainly feels like turtles all the way down.
Bot-based high-speed trading is the real way to make major bank on the securities market. Your average hacker is shut out of that “legitimate” business, but any enterprising programmer has the option of automating whichever reseller market they find most interesting. This breaks the public trust in commerce — buying quality products from a seller connected to their production for a reasonable price. If frustrates the manufacturer, alienates the consumer, but there appears to be little in place preventing it.
The interface between humans and machines has been a constantly evolving field. Sure the computer mouse was a game-changer, but time moves on. We are now looking at integrating machines via soft HMIs for personal applications. A research team led by the University of California, San Diego has presented a paper interfacing a soft lens with the human eye.
The lens itself is a pair of electroactive elastomer films that encapsulates a small quantity of saltwater. These films constitute the muscle and are controlled by an external source of electrical pulses. The signals are generated when electrodes placed around the eye of a subject and detect movement. Actions such as blinking are converted to a zoom-in-zoom-out activity which is designed to mimic human squinting.
The suggested potential applications are visual prostheses, adjustable glasses, VR, and even soft robots eyes. Yes, we are heading from whirring robots to squishy robots, but that also means that people with disabilities can get a second chance. This approach is non-invasive as opposed to brain implants.
