BeefBot: Your Robotic Grill Master

December 30, 2017 by 6 Comments

Have you ever been too busy to attend to the proper cooking of a steak? Well, lament no more, and warn your cardiologist. A trio of students from Cornell University have designed and built the steak-grilling BeefBot to make your delicious dinner dreams a reality.

[Jonah Mittler], [Kelsey Nedd], and [Martin Herrera] — electrical and computer engineering students — are the ones you should thank for this robot-chef. It works as follows: after skewering the steak onto the robot’s prongs, BeefBot lowers it onto the grill and monitors the internal temperature in a way that only the well-seasoned grillmaster can replicate. Once a set temperature is reached, the steak is flipped — sorry, no crosshatch grillmarks here — and cooked until a desired doneness. A small screen displays the temperature if you want to babysit BeefBot — some manual adjustment may be needed after the steak flip to ensure it is cooking evenly — but it is otherwise a hands-off affair. If you don’t mind salivating over your screen, check out the project demonstration after the break.

At first glance you might think this a YouTube stunt, but this is real science. The writeup is exquisite, from the design and fabrication, to the math behind temperature calibration and regulation. Kudos to the hungry Cornell students who slaved over a hot griddle bringing this one to life!

Continue reading “BeefBot: Your Robotic Grill Master”

Electromagnet-Powered Pendulum

December 30, 2017 by 44 Comments

We’re always happy to see hackers inspired to try something different by what they see on Hackaday. To [SimpleTronic] has a project that will let you stretch your analog electronics skills in a really fun way. It’s an electromagnet pendulum analog circuit. Whether you’re building it, or just studying the schematics, this is a fun way to brush up on the non-digital side of the craft.

The pendulum is a neodymium magnet on the head of a bolt, dangling on a one foot aluminium chain. Below, a Hall Effect sensor rests atop an electromagnet — 1″ in diameter, with 6/8″ wire coiled around another bolt. As the pendulum’s magnet accelerates towards the electromagnet’s core, the Hall effect sensor registers an increase in voltage. The voltage peaks as the pendulum passes overhead, and as soon as the Hall Effect sensor detects the drop in voltage, the electromagnet flicks on for a moment to propel the pendulum away. This circuit has a very low power consumption, as the electromagnet is only on for about 20ms!

The other major components are a LM358N op-amp, a CD4001B quad CMOS NOR gate, and IRFD-120 MOSFET. [SimpleTronic] even took the time to highlight each part of the schematic in order to work through a complete explanation.

Continue reading “Electromagnet-Powered Pendulum”

Espple: A Wireless Apple 1 On An ESP8266

December 30, 2017 by 23 Comments

The Apple 1 was one of the three big hobbyist computers that burst onto the scene in 1977. Unlike the PET 2001 and the TRS-80, only a couple hundred Apple 1s were ever produced, and with only a handful in existence today, you’ll have to fork out some serious money to get a Wozniak original for yourself.

The Apple 1 experience is easily emulated, of course, but this ESP8266 emulates the Apple 1 on hard mode. Dubbed the Espple by its creator [Hrvoje Cavrak], it emulates the 6502-based original in all its 1-MHz glory, while providing 20-kB of RAM, a considerable upgrade over the 4-kB standard. The complete original character set is provided for that old-timey feel, and there’s a BASIC interpreter ready to go. The kicker here, though, is that the emulator is completely wireless. You telnet into the 8266 rather than connecting a keyboard directly, and video is transmitted over-the-air using a GPIO pin as a 60-MHz PAL transmitter. A short length of wire is all you need to transmit to an analog PAL TV on channel 4; the video below shows a little BASIC code running and a low-res version of Woz himself.

You’ll find Apple emulators aplenty around these parts, everything from an Apple ][ on an Arduino Uno to a tiny Mac on an ESP32. There hasn’t been much in the way of Apple 1 emulations, though, at least until now.

Continue reading “Espple: A Wireless Apple 1 On An ESP8266”

Fresh-Baked Plastic Tiles For All!

December 30, 2017 by 46 Comments

Recycling aims to better the planet, but — taken into the hands of the individual — it can be a boon for one’s home by trading trash for building materials. [fokkejongerden], a student at the [Delft University of Technology] in the Netherlands, proposes one solution for all the plastic that passes through one’s dwelling by turning HDPE into tiles.

Collecting several HDPE containers — widely used and easy enough to process at home — [fokkejongerden] cleaned them thoroughly of their previous contents, and then mulched them with a food processor. An aluminium mold of the tile was  then welded together making sure the sides were taller than the height of the tile. A second part was fabricated as a top piece to compress the tile into shape.

After preheating an oven to no hotter than 200 degrees Celsius, they lined the mold with parchment paper and baked the tile until shiny(90-120 minutes). The top piece was weighed down (clamping works too), compressing the tile until it cooled. A heat gun or a clothes iron did the trick to smooth out any rough edges.

Not only does [fokkejongerden]’s tiles give the recycler plenty of artistic freedom for creating their own mosaic floor, the real gem is the adaptable plastic recycling process for home use. For another method, check out this recycled, recycling factory that turns bottles in to rope and more! There’s even the potential for fueling your 3D printer.

[Via Instructables]

34C3: Hacking The Nintendo Switch

December 29, 2017 by 37 Comments

There’s a natural order to the world of game console hacking: every time a manufacturer releases a new game console they work in security measures that prevent the end user from running anything but commercially released games, and in turn every hacker worth his or her salt tries to break through. The end goal, despite what the manufacturers may have you believe, is not to run “bootleg” games, but rather to enable what is colloquially referred to as “homebrew”. That is to say, enabling the novel concept of actually running software of your choice on the hardware you paid for.

At 34C3, noted console hackers [Plutoo], [Derrek], and [Naehrwert] have demonstrated unsigned code running on Nintendo’s latest and greatest and while they are keeping the actual exploit to themselves for now, they’ve promised that a platform for launching homebrew is coming shortly for those who are on firmware version 3.0.0. From the sound of it, after 9 months on the market, Switch owners will finally have complete access to the hardware they purchased.

The key to running the team’s own code was through a WebKit exploit that was already months old by the time the Switch was released. Loading up an arbitrary webpage was the tricky part, as the Switch generally uses its web browser for accessing official sources (like the online game store). But hidden away in the help menus of Tetris, the developers helpfully put a link to their website which the Switch will dutifully open if you select it. From there it’s just a matter of network redirection to get the Switch loading a webpage from your computer rather than the Internet.

It’s easier to ask for forgiveness than permission.

But as the more security-minded of our readers may have guessed already, that just gets you into the browser’s sandbox. The team now had to figure out a way to break out and get full control of the hardware. Through a series of clever hacks the team was able to learn more about the Switch’s internal layout and operating system, slowly working their way up the ladder.

A particularly interesting hack was used to get around a part of the Switch’s OS that is designed to check which services code is allowed to access. It turns out that if code doesn’t provide this function with its own process ID (PID), the system defaults to PID 0 because the variable is not initialized. In other words, if you don’t ask the operating system which functions you have access to, you will get access to them all. This is a classic programming mistake, and a developer at Nintendo HQ is likely getting a very stern talking to right about now.

But not everything was so easy. When trying to get access to the boot loader, the team sniffed the eMMC bus and timed the commands to determine when it was checking the encryption keys. They were then able to assemble a “glitcher” which fiddled with the CPU’s power using FPGA controlled MOFSETs during this critical time in an attempt to confuse the system.

The rabbit hole is pretty deep on this one, so we’d recommend you set aside an hour to watch the entire presentation to see the long road it took to go from a browser bug to running their first complete demo. It’s as much a testament to the skill of  [Plutoo], [Derrek], and [Naehrwert] as it is the lengths at which Nintendo went to keep people out.

We’ve seen other attempts at reverse engineering Nintendo’s hardware, but by the looks of it, the Switch has put up a much harder fight than previous console generations. Makes you wonder what tricks Nintendo will have up their sleeves for the next generation.

Continue reading “34C3: Hacking The Nintendo Switch”

Arduino Trivia Box Is A Gift Unto Itself

December 29, 2017 by 3 Comments

There’s something about impressing strangers on the Internet that brings out the best in us. Honestly, we wouldn’t be able to run this site otherwise. A perfect example of this phenomenon is the annual Reddit Secret Santa, where users are challenged to come up with thoughtful gifts for somebody they’ve never even met before.

For his entry into this yearly demonstration of creativity, [Harrison Pace] wanted to do something that showcased his improving electronic skills while also providing something entertaining to the recipient. So he came up with a box of goodies which is unlocked by the successful completion of a built-in trivia game tailored around their interests. If this is how he treats strangers, we can’t wait to see what he does for his friends.

Hardware packed into the lid so the box itself remains empty.

There’s quite a bit of hardware hidden under the hood of this bedazzled gift box. The primary functions of the box are handled by an Arduino Nano; which runs the trivia game and provides user interaction via a 16×2 LCD, three push buttons, and a buzzer. Once the trivia game is complete, a servo is used to unlock the box and allow the recipient access to the physical gifts.

But that’s not the only trick this box has hidden inside. Once the main trivia game is complete, a ESP8266 kicks into action and advertises an access point the user can connect to. This starts the second level of challenges and gifts, which includes a code breaking challenge and gifted software licenses.

The project wasn’t all smooth sailing though. [Harrison] admits that his skills are still developing, and there were a few lessons learned during this project he is unlikely to forget in the future. Some Magic Smoke managed to escape when he connected his 5V Arduino directly to the 3.3V ESP8266, but at least it was a fairly cheap mistake and he had spares on hand to get the project completed anyway.

This project is reminiscent of reverse geocache boxes which only open when moved to a certain location, but the trivia aspect makes it perfect even for those of us who don’t want to put pants on just to receive our Internet gifts.

Continue reading “Arduino Trivia Box Is A Gift Unto Itself”

34C3: Fitbit Sniffing And Firmware Hacking

December 29, 2017 by 19 Comments

If you walked into a gym and asked to sniff exercise equipment you would get some mighty strange looks. If you tell hackers you’ve sniffed a Fitbit, you might be asked to give a presentation. [Jiska] and [DanielAW] were not only able to sniff Bluetooth data from a run-of-the-mill Fitbit fitness tracker, they were also able to connect to the hardware with data lines using test points etched right on the board. Their Fitbit sniffing talk at 34C3 can be seen after the break. We appreciate their warning that opening a Fitbit will undoubtedly void your warranty since Fitbits don’t fare so well after the sealed case is cracked. It’s all in the name of science.

There’s some interesting background on how Fitbit generally work. For instance, the Fitbit pairs with your phone which needs to be validated with the cloud server. But once the cloud server sends back authentication credentials they will never change because they’re bound to to the device ID of the Fitbit. This process is vulnerable to replay attacks.

Data begin sent between the Fitbit and the phone can be encrypted, but there is a live mode that sends the data as plain text. The implementation seemed to be security by obscurity as a new Bluetooth handle is used for this mode. This technique prevents the need to send every encrypted packet to the server for decryption (which would be for every heartbeat packet). So far the fix for this has been the ability to disable live mode. If you have your own Fitbit to play with, sniffing live mode would be a fun place to start.

The hardware side of this hack begins by completely removing the PCB from the rubber case. The board is running an STM32 and the team wanted to get deep access by enabling GDB. Unfortunately, the debug pins were only enabled during reset and the stock firmware disables them at startup (as it should). The workaround was to rewrite the firmware so that the necessary GPIO remain active and there’s an interesting approach here. You may remember [Daniel Wegemer] from the Nexmon project that reverse engineered the Nexus 5 WiFi. He leveraged the binary patching he used on Nexmon to patch the Fitbit firmware to enable debugging support. Sneaky!

For more about 34C3 we have a cheatsheet of the first day and for more about Fitbit security, check out this WAV file.

Continue reading “34C3: Fitbit Sniffing And Firmware Hacking”