Make Your Own Old School LED Displays

May 31, 2019 by 13 Comments

We live in an era in which all manner of displays are cheap and readily available. A few dollars spent online can net you a two-line alphanumeric LCD, a graphical OLED screen, or all manner of other options. Years ago however, people made do with little monolithic LED devices. [sjm4306] wanted to recreate something similar, and got down to work (Youtube link, embedded below).

The resulting device uses 0603 sized SMD LEDs, soldered onto a tiny PCB. 20 LEDs are used per digit, which can display numbers 0-9 and letters A-F. The LEDs are laid out in a pattern similar to Hewlett-Packard designs from years past. This layout gives the numerals a more pleasant appearance compared to a more-classic 7-segment design. Several tricks are used to make the devices as compact as possible, such as putting vias in the LED pads. This is normally a poor design technique, but it helps save valuable space.

[sjm4306] has developed a breadboard model, and a more advanced version that has a pad on the rear to mount a PIC16F88 microcontroller directly. We look forward to seeing these modules developed further, and can imagine they’d prove useful in a variety of projects.

For reference, check out these Soviet-era 7-segment displays. Video after the break.

Continue reading “Make Your Own Old School LED Displays”

A Work Light For Hacker Events

May 31, 2019 by No comments

If you’ve ever attended a hacker camp, you’ll know the problem of a field of tents lit only by the glow of laser illumination through the haze and set to the distant thump of electronic dance music. You need to complete that project, but the sun’s gone down and you didn’t have space in your pack to bring a floodlight.

In Days of Yore you might have stuck a flickering candle in an empty Club-Mate bottle and carried on, but this is the 21st century. [Jana Marie] has the solution for you, and instead of a candle, her Club-Mate bottle is topped a stack of LED-adorned PCBs with a lithium-ion battery providing a high intensity downlight. It’s more than just a simple light though, it features variable brightness and colour temperature through touch controls on the top surface, as well as the ability to charge extra 18650 cells. At its heart is an STM32F334 microcontroller with a nifty use of its onboard timer to drive a boost converter, and power input is via USB-C.

We first saw an early take on this project providing illumination for a bit of after-dark Hacky Racer fettling at last year’s EMF 2018 hacker camp, since then it has seen some revisions. It’s all open-source so you can give it a go yourself if you like it.

The HackadayPrize2019 is Sponsored by:

 

This Week In Security: Baltimore, MacOS Zipfile Security, And App Store Monopolies

May 31, 2019 by 13 Comments

Baltimore. The city was breached, crippled and held for ransom. The ransomware attack was discovered on May 7th, shutting down a major portion of the city’s infrastructure. The latest news is that an NSA-written tool, EternalBlue, is responsible for the attack. Except maybe it isn’t? First off, digging back through the history of an attack is challenging. It’s often hard to determine the initial attack vector with certainty.

The “initial attack vector” is the patient zero of the attack — how the first machine was compromised. An organization generally has a firewall separating the outside internet from the internal network. Once an attacker has found a way to access a machine inside the network, the separation is not nearly so strict. This takes many forms, but the most common is phishing. Close contenders are RDP and SMB (Remote Desktop and Windows File Sharing). A report at Ars Technica indicates that the initial vector into the Baltimore network was a phishing email.

The second step to consider is what’s called “lateral movement”, which describes an attacker using the compromised machine to target other machines in the organization. Often an attacker will have an entire toolkit of exploits to attempt to compromise other machines. One of the exploits used in this case was the same exploit contained in the NSA tool, EternalBlue. A clever program called psexec is usually part of any lateral movement campaign. While the exploit associated with EternalBlue was probably used to compromise a few of the machines on the Baltimore network, placing all the blame on the shoulders of the NSA is missing the point. The tool is only a small part of this attack.

MacOS and NFS Shares Inside Zipfiles

MacOS has a sometimes irritating feature, Gatekeeper, that only allows running signed binaries by default. The point of Gatekeeper is to prevent a user from running a malicious binary that has been downloaded from the internet. While it is sometimes an annoyance, it is helpful for some users. [Filippo Cavallarin] announced an exploit that completely bypasses Gatekeeper on the 24th. This exploit takes advantage of the fact that Gatekeeper considers network shares to be trustworthy, and doesn’t run the normal check before executing a binary located there. While interesting, this isn’t useful unless there is a way for an attacker to mount a malicious location as a network share. Enter the Mac’s ability to automatically mount network locations through the use of the /net path. The last piece of this puzzle is the fact that zip files can contain symbolic links. A zip file can be built with a link to the /net location, automounting an arbitrary NFS location. If binary files are located in this location, the OS will happily allow the user to execute those binaries whether signed or not.

This exploit may not be the most serious of the year, but it’s still a problem that needs fixing. [Filippo] contacted Apple back in February and disclosed the problem, even getting an assurance that they would fix it within 90 days. 90 days have passed, and Apple has begun ignoring his emails, so he has made the announcement and published steps to reproduce on his website.

There has been discussion in the comments of this column about vulnerability disclosure and publishing proof of concept code. This is a perfect example of why researchers publish their work. As far as [Filippo] knows, Apple has no intention of fixing the issue he discovered. He also has no reason to believe that no one else has stumbled on this discovery before he did. We mentioned EternalBlue above. The NSA discovered the SMB vulnerability that exploit targeted and used it silently for up to five years before it was stolen and finally disclosed to Microsoft and fixed. Make no mistake, public disclosures and proof of concepts get vulnerabilities fixed. For any given vulnerability, there is no guarantee that someone else hasn’t already found it.

Just a Little Document Leak

OK, maybe not so little. A Fortune 500 company, First American, managed to host millions of private documents in an accessible format. Imagine you upload a document to a company, and get a confirmation link that looks like “test.com/documents.php?id=0252234”. If you’re like me, you’re very curious what is at id=0252233. [Ben Shoval] is a real estate developer who apparently also wanted to know the answer to that question. To his surprise, millions of uploaded documents were available for anyone to view. He tried reaching out to First American, and when there was no response to his emails, he forwarded his findings on to Krebs on Security. After what was likely years of exposure, the database was finally taken offline Friday the 24th.

Walled Garden Monopolies

Staying on the Apple train, the App Store is pretty obviously a monopoly. Someone has finally asked whether it’s an illegal monopoly. As most of these questions go, it’ll take a drawn out court battle to decide. How is this security news? If the court finds that Apple has been violating antitrust laws, one possible remediation is to allow alternative app stores. While there is always the potential for a high quality alternative store like F-droid, sketchy app stores and downloaded are a real possibility. On the other hand, it would be nice to have an iOS app store that is compatible with the GPL.

Hackaday Podcast 021: Chasing Rockets, Tripping On Vintage Synthesizers, A Spectacular IoT Security Fail, And Early Alzheimer’s Detection Via VR

May 31, 2019 by 5 Comments

Mike Szczys is on a well-deserved vacation this week, so staff writer Dan Maloney joins managing editor Elliot Williams for a look at all the great hacks of the week. On this episode we’re talking about licensing fees for MIDI 2.0, a two-way fail while snooping on employees, and the potential for diagnosing Alzheimer’s with virtual reality. We also dive into the well-engineered innards of a robotic cheetah, a personal assistant safe enough for kids to use, and how listening to your monitor reveals more about you than you’d think. You don’t want to miss a space nerd’s quest for fire or a hacker’s guide to solder and soldering. And you’ve got to catch the story of a hapless hacker’s contact high from a vintage synthesizer. It’s quite a trip.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 021: Chasing Rockets, Tripping On Vintage Synthesizers, A Spectacular IoT Security Fail, And Early Alzheimer’s Detection Via VR”

Flex PCB Saves Lens From The Junk Pile

May 31, 2019 by 16 Comments

There’s a piece of tech that many of us own, but very few of us have dissected. This is strange, given our community’s propensity for wielding the screwdriver, but how many of you have taken apart a camera lens. Even though many of us have a decent camera, almost none of us will have taken a lens to pieces because let’s face it, camera lenses are expensive!

[Anthony Kouttron] has taken that particular plunge though, because in cleaning his Olympus lens he tore its internal ribbon cable  from the camera connector to the PCB. Modern lenses are not merely optics in a metal tube, their autofocus systems are masterpieces of miniaturised electronics that penetrate the entire assembly.

In normal circumstances this would turn the lens from a valued photographic accessory into so much junk, but his solution was to take the bold path of re-creating the torn cable in KiCad and have it made as a flexible PCB, and to carefully solder  it back on to both connector and autofocus PCB. We applaud both the quality of his work, and thank him for the unusual glimpse into a modern lens system.

Lens repairs may be thin on the ground here, but we’ve had another in 2015 with this Nikon aperture fix.

See Starlink’s “Space Train” Before It Leaves The Station

May 31, 2019 by 34 Comments

Have you looked up into the night sky recently and seen a bizarre line of luminous dots? Have you noticed an uptick in the number of UFO reports mentioned in the news and social media? If so, you may have already been touched by what many have come to affectionately call Elon Musk’s “Space Train”: a line of tightly grouped Starlink satellites that are making their way around the globe.

Some have wondered what’s so unique about the Starlink satellites that allows them to be visible from the ground by the naked eye, but that’s actually nothing new. It’s all about being in the right place at the right time, for both the observer and the spacecraft in question. The trick is having the object in space catch the light from the Sun when it has, from the observer’s point of view, already set. It’s essentially the same reason the Moon shines at night, but on a far smaller scale.

The ISS as it travels through Earth’s night and day

The phenomena is known as “satellite flare”, and chasing them is a favorite pastime of avid sky watchers. If you know when and where to look on a clear night, you can easily spot the International Space Station as it zips across the sky thanks to this principle. NASA even offers a service which uses email or SMS to tell you when the ISS should be visible from your location.

What makes the Starlink satellites unique isn’t that we can see them from the ground, but that there’s so many of them flying in a straight line. The initial launch released 60 satellites in a far tighter formation than we’ve ever seen before; Elon even warned that collisions between the individual Starlink satellites wasn’t out of the realm of possibility. The cumulative effect of these close proximity satellite flares is a bit startling, and understandably has people concerned about what the night sky might look like when all 12,000 Starlink satellites are in orbit.

The good news is, the effect is only temporary. As the satellites spread out and begin individual maneuvers, that long line in the sky will fade away. But before Elon’s “Space Train” departs for good, let’s look at how it was created, and how you can still catch a glimpse of this unique phenomena.

Continue reading “See Starlink’s “Space Train” Before It Leaves The Station”

A Doppler Radar Module From First Principles

May 31, 2019 by 5 Comments

If you’ve ever cast your eyes towards experimenting with microwave frequencies it’s likely that one of your first ports of call was a cheaply-available Doppler radar module. These devices usually operate in the 10 GHz band, and the older ones used a pair of die-cast waveguide cavities while the newer ones use a dielectric resonator and oscillator on a PCB. If you have made your own then you are part of a very select group indeed, as is [Reed Foster] and his two friends who made a Doppler radar module their final project for MIT’s 6.013 Applications of Electromagnetics course.

Their module runs at 2.4 GHz and makes extensive use of the notoriously dark art of PCB striplines, and their write-up offers a fascinating glimpse into the world of this type of design. We see their coupler and mixer prototypes before they combined all parts of the system into a single PCB, and we follow their minor disasters as their original aim of a frequency modulated CW radar is downgraded to a Doppler design. If you’ve never worked with this type of circuitry before than it makes for an interesting read.

We’ve shown you a variety of commercial Doppler modules over the years, of which this teardown is a representative example.