By The Numbers: Which Rapper’s Rhymes Are The Freshest?

May 21, 2019 by Drew Littrell 18 Comments

Beats and rhymes are life in the world of hip-hop. A rapper’s ability to seamlessly merge the two is the mark of a master wordsmith. Ranking a rapper’s contributions to hip-hop will forever remain subjective, however [Matt] sought to apply a more quantitative approach to the matter. He created an interactive data set containing all the lyrics from over 150 rappers in order to determine which rapper’s vocabulary was the largest. Now everyone can know definitively which rapper’s rhymes truly are “the freshest”.

The study encompasses hip-hop artists from the last thirty years, pitting recent hit-makers like Lil Uzi Vert against veteran artists like KRS-One. To ensure everything is on even playing field [Matt] limited the study to the first 35,000 lyrics of each artist including any material on a mixtape, EP, or full album release. Rappers’ vocabulary was then plotted according to the total number of unique words found in their lyrics (i.e.: “shorty” and the alternative spelling “shawty” were each considered to be unique words). Oddly enough, there were some notable exclusions from the list as artists like Chance the Rapper, Queen Latifah, and The Notorious B.I.G’s discography did not exceed the 35,000 lyrics mark.

When digging into the data, there was a downward trend in the vocabulary used amongst popular artists of the last decade. [Matt] attributed this trend to the fact that many of these artists have modeled their music to reflect the pop/rock music structure that makes use of simple, repetitive choruses. While others may attribute this downward trend to a general lack of talent when it comes to lyricism, however, it should be noted that the economics of music streaming platforms have had an effect on the average song length. Though whatever era of hip-hop you subscribe to, it is always interesting to see where your favorite emcees rank.

New Part Day: Espressif Announces ESP32-S2 With USB

May 21, 2019 by Brian Benchoff 60 Comments

Espressif, the company behind the extremely popular ESP8266 and ESP32 microcontrollers has just announced their latest chip. It’s the ESP32-S2. It’s a powerful WiFi-enabled microcontroller, and this one has support for USB OTG.

Compared to the ESP32 we know and love, there are a few differences. The ESP32-S2 uses a single core Xtensa LX7 core running at up to 240 MHz, where the current ESP32 uses either a single or dual core LX6. The differences between these cores is hidden away in marketing speak and press releases, but it appears the LX7 core is capable of many more floating point operations per cycle: apparently 2 FLOPS / cycle for the LX6, but 64 FLOPS / cycle for the LX7. This is fantastic for DSP and other computationally heavy applications. Other features on the chip include 320 kB SRAM, 128 kB ROM, and 16 kB of RTC memory.

Connectivity for the ESP32-S2 is plain WiFi; Bluetooth is not supported. I/O includes 42 GPIOs, 14 capacitive touch sensing IOs, the regular SPI, I2C, I2S, UART, and PWM compliment, support for parallel LCDs, a camera interface, and interestingly full-speed USB OTG support. Yes, the ESP32-S2 is getting USB, let us all rejoice.

Other features include an automatic power-down of the RF circuitry when it isn’t needed, support for RSA and AES256, and plenty of support for additional Flash and SRAMs should you need more memory. The packaging is a 7 mm x 7 mm QFN, so get out the microscope, enhance your calm, and bust out the flux for this one. Engineering samples will be available in June, and if Espressif’s past performance in supplying chips to the community holds true, we should see some projects using this chip by September or thereabouts.

(Banner image is of a plain-old ESP32, because we don’t have any of the new ones yet, naturally.)

Solving The Final Part Of The IClicker Puzzle

May 21, 2019 by Tom Nardi 9 Comments

The regular Hackaday reader might remember the iClicker from our previous coverage of the classroom quiz device, or perhaps you even had some first hand experience with it during your university days. A number of hackers have worked to reverse engineer the devices over the years, and on the whole, it’s a fairly well understood system. But there are still a few gaps in the hacker’s map of the iClicker, and for some folks, that just won’t do.

[Ammar Askar] took it upon himself to further the state of the art for iClicker hacking, and has put together a very detailed account on his blog. While most efforts have focused on documenting and eventually recreating how the student remotes send their responses to the teacher’s base station, he was curious about looking at the system from the other side. Specifically, he wanted to know how the base station was able to push teacher-supplied welcome messages to the student units, and how it informed the clients that their answers had been acknowledged.

He started by looking through the base station’s software update tool to find out where it was downloading the firmware files from, a trick we’ve seen used to great effect in the past. With the firmware in hand, [Ammar] disassembled the AVR code in IDA and got to work piecing together how the hardware works. He knew from previous group’s exploration of the hardware that the base station’s Semtech XE1203F radio is connected to the processor via SPI, so he started searching for code which was interacting with the SPI control registers.

This line of logic uncovered how the radio is configured over SPI, and ultimately where the data intended for transmission is stored in memory. He then moved over to running the firmware image in simavr. Just like Firmadyne allows you to run ARM or MIPS firmware with an attached debugger, this tool allowed [Ammar] to poke around in memory and do things such as simulate when student responses were coming in over the radio link.

At that point, all he had to do was capture the bytes being sent out and decode what they actually meant. This process was complicated slightly by the fact the system uses to use its own custom encoding rather than ASCII for the messages, but by that point, [Ammar] was too close to let something like that deter him. Nearly a decade after first hearing that hackers had started poking around inside of them, it looks like we can finally close the case on the iClicker.

Bringing Battle Bots Into The Modern Classroom

May 21, 2019 by Tom Nardi 12 Comments

With the wide array of digital entertainment that’s available to young students, it can be difficult for educators to capture their imagination. In decades past, a “volcano” made with baking soda and vinegar would’ve been enough to put a class of 5th graders on the edge of their seats, but those projects don’t pack quite the same punch on students who may have prefaced their school day with a battle royale match. Today’s educators are tasked with inspiring kids who already have the world at their fingertips.

Hoping to rise to that challenge with her entry into the 2019 Hackaday Prize, [Misty Lackie] is putting together a kit which would allow elementary and middle school students to build their very own fighting robots. Thanks to the use of modular components, younger students don’t have to get bogged down with soldering or the intricacies of how all the hardware actually works. On the other hand, older kids will be able to extend the basic platform without having to start from scratch.

The electronics for the bot consist primarily of an Arduino Uno with Sensor Shield, a dual H-bridge motor controller, and a wireless receiver for a PS2 controller. This allows the students to control the bot’s dual drive motors with an input scheme that’s likely very familiar to them already. By mapping the controller’s face buttons to digital pins on the Arduino, additional functions such as the spinner seen in the bot after the break, easily be activated.

[Misty] has already done some test runs with an early version of the kit, and so far its been a huge success. Students were free to design their own bodies and add-ons for the remote controlled platform, and it’s fascinating to see how unique the final results turned out to be. We’ve seen in the past how excited students can be when tasked with customizing their own robots, so any entry into that field is a positive development in our book.

Continue reading “Bringing Battle Bots Into The Modern Classroom” →

Who Really Has The Largest Aircraft?

May 21, 2019 by Jenny List 33 Comments

We were all glued to our screens for a moment a few weeks ago, watching the Scaled Composites Stratolaunch dual-fuselage space launch platform aircraft make its first flight. The six-engined aircraft represents an impressive technical feat by any standard, and with a wingspan of 385 ft (117 m) and payload weight of 550,000 lb (250 t), is touted as the largest ever flown.

Our own Brian Benchoff took a look at the possibility of hauling more mundane cargo as an alternative (and possibly more popular) use of its lifting capabilities. And in doing so mentioned that “by most measure that matter” this is the largest aircraft ever built. There are several contenders for the title of largest aircraft that depend upon different statistics, so which one really is the largest? Sometimes it’s not as clear as you’d think, but finding out leads us into a fascinating review of some unusual aeronautical engineering.

Continue reading “Who Really Has The Largest Aircraft?” →

How Hard Can It Be To Buy A Computer In Germany And Get It Back Home To The UK?

May 21, 2019 by Jenny List 40 Comments

Some of the best adventures in the world of hardware hacking start in the pub. For three volunteers at the National Museum Of Computing in the UK, [Adam Bradley], [Chris Blackburn], and [Peter Vaughan], theirs started over a pint with an eBay listing for an old computer in Germany. No problem you might think, we’re well used to international parcel shipping. This computer wasn’t a crusty old Commodore 64 though, instead it was a room-sized IBM System/360 Model 20 from the 1960s, complete with the full array of peripherals and what seemed to be a lot of documentation and software media. It would need a Mercedes Sprinter, a large van, to shift it, but that seemed feasible. With a bit of frantic bidding they secured the auction, and set off for Germany to view their purchase.

Arriving at the machine’s location they found a little bit more than they had expected. In an abandoned building on a side street in Nuremburg there was an intact machine room full of the IBM computer cabinets over a false floor with all the machine cabling in place, and the only usable access was through a street door which hadn’t been opened in decades and which was obstructed by the false floor itself. To cap it all they found they’d bought not one but two System/360s, and also unexpectedly a 1970s System/370 Model 125. Clearly this was more than a job for a quick in-and-out with a Sprinter.

What followed became a lengthy saga of repeated trips, van hire, constructing ramps, and moving heavy computer parts to a hastily rented storage unit. Decabling a computer of this size is no easy task at the best of times, and these cables had spent many decades in a neglected machine room. It’s a fascinating read, and a very well-documented one with plenty of photos. The machines now sit in their storage units awaiting a return to the UK, and the trio are soliciting any help they can find to make that happen. So if you happen to own a European haulage company with spare capacity on your Germany — UK route or if you can help them in any way, donate or get in touch with them. We think this project has much more to offer, so we’ll be following their progress with interest.

These three intrepid computer hunters were brought together at The National Museum Of Computing at Bletchley, UK. If you find yourself within range it is an essential place to visit, we did so in 2016.

This Week In Security: What’s Up With Whatsapp, Windows XP Patches, And Cisco Is Attacked By The Thrangrycat

May 21, 2019 by Jonathan Bennett 21 Comments

Whatsapp allows for end-to-end encrypted messaging, secure VoIP calls, and until this week, malware installation when receiving a call. A maliciously crafted SRTCP connection can trigger a buffer overflow, and execute code on the target device. The vulnerability was apparently found first by a surveillance company, The NSO Group. NSO is known for Pegasus, a commercial spyware program that they’ve marketed to governments and intelligence agencies, and which has been implicated in a number of human rights violations and even the assassination of Jamal Khashoggi. It seems that this Whatsapp vulnerability was one of the infection vectors used by the Pegasus program. After independently discovering the flaw, Facebook pushed a fixed client on Monday.

Windows XP Patched Against Wormable Vulnerability

What year is it!? This Tuesday, Microsoft released a patch for Windows XP, five years after support for the venerable OS officially ended. Reminiscent of the last time Microsoft patched Windows XP, when Wannacry was the crisis. This week, Microsoft patched a Remote Desktop Protocol (RDP) vulnerability, CVE-2019-0708. The vulnerability allows an attacker to connect to the RDP service, send a malicious request, and have control over the system. Since no authentication is required, the vulnerability is considered “wormable”, or exploitable by a self-replicating program.

Windows XP through Windows 7 has the flaw, and fixes were rolled out, though notably not for Windows Vista. It’s been reported that it’s possible to download the patch for Server 2008 and manually apply it to Windows Vista. That said, it’s high time to retire the unsupported systems, or at least disconnect them from the network.

The Worst Vulnerability Name of All Time

Thrangrycat. Or more accurately, “😾😾😾” is a newly announced vulnerability in Cisco products, discovered by Red Balloon Security. Cisco uses secure boot on many of their devices in order to prevent malicious tampering with device firmware. Secure boot is achieved through the use of a secondary processor, a Trust Anchor module (TAm). This module ensures that the rest of the system is running properly signed firmware. The only problem with this scheme is that the dedicated TAm also has firmware, and that firmware can be attacked. The TAm processor is actually an FPGA, and researchers discovered that it was possible to modify the FPGA bitstream, totally defeating the secure boot mechanism.

The name of the attack, thrangrycat, might be a satirical shot at other ridiculous vulnerability names. Naming issues aside, it’s an impressive bit of work, numbered CVE-2019-1649. At the same time, Red Balloon Security disclosed another vulnerability that allowed command injection by an authenticated user.