Reverse-Engineering A Shahed-136 Drone Air Data Computer

July 15, 2024 by 22 Comments
Top of the air data computer module, with pressure sensors, RS232 driver and DC-DC converter visible. (Credit: Le Labo de Michel, YouTube)

An air data computer (ADC) is a crucial part of an avionics package that can calculate the altitude, vertical speed, air speed and more from pressure (via pitot tubes) and temperature inputs. When your airplane is a one-way attack drone like Iran’s Shahed-136, you obviously need an ADC as well, but have to focus on making it both cheap and circumvent a myriad of sanctions. As [Michel] recently found out while reverse-engineering one of these ADCs. Courtesy of the Russo-Ukrainian war, hundreds of these Shahed drones are being destroyed every month, with some making it back down again intact enough for some parts to end up on EBay.

The overall design as captured in the schematic is rather straightforward, with the component choice probably being the most notable, as it uses an STM32G071 MCU and Analog Devices ADM3232 RS-232 driver, in addition to the two pressure sensors (by Silicon Microstructures Inc., now owned by TE). The DC-DC converter is a Mornsun URB24055-6WR3.

With the board in working condition, [Michel] hooks it up to a test setup to see the output on the serial interface when applying different pressures to the pressure sensor inputs. This results in a lot of ASCII data being output, all containing different values that were calculated by the firmware on the STM32 MCU. In the drone this data would then be used by the flight computer to make adjustments. Overall it’s a rather basic design that doesn’t seem to have a dedicated temperature sensor either, though [Michel] is still analyzing some details. A firmware dump would of course be rather fascinating as well.

Continue reading “Reverse-Engineering A Shahed-136 Drone Air Data Computer”

Nitric Acid Is The Hot New Way To Pick Locks

July 15, 2024 by 60 Comments

Lockpicking is a grand skill to have, and one that’s often presumed to be one of the dark arts of the burglar. However, a new technique has come to the fore in some European contexts. It appears nitric acid is being used to damage locks to allow criminals to gain entry into residential premises.

Germany’s Bild has covered this matter, as has Feuerwehr Magazine. The technique has apparently come to prominence in the last couple of years. Attackers pour the corrosive liquid into the keyway of a typical door lock. This damages the cylinder, and perhaps the pins inside as well. Once the metal has been eaten away and the structure of the lock is sufficiently degraded, it can presumably be forced open quite easily with hand tools. The technique is apparently especially effective in Germany, where locks are typically installed with the pins facing down. This makes it easy for any liquid trickled into the lock to eat away at the pins in the bottom.

German authorities advised people to be on the look out for discoloration around door locks. If seen, it’s important to avoid contact with any corrosive liquid that may have been used on the lock.

It’s a nasty technique that doesn’t just damage locks, but doors as well! Meanwhile, if you’re learning the art of lockpicking, just remember not to practice on any important locks you might actually need. More pictures after the break.

Continue reading “Nitric Acid Is The Hot New Way To Pick Locks”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The 24-Hour Macro Pad

July 15, 2024 by 2 Comments

They say Rome wasn’t built in a day, but this great little music-controlling macro pad by [nibbler] actually was. Why? Because as Hackaday’s own [Donald Papp] reminded us, we all need a win sometimes, especially as projects drag on and on without any end in sight.

A small macro pad with six buttons.
Image by [nibbler] via Toxic Antidote
As [nibbler] points out, what really constitutes a win? Set the bar too low and it won’t feel like one at all. Too high, and you may become too discouraged to cross the finish line. With that in mind, [nibbler] set the bar differently, limiting themselves to what could be done in the one day per week they have to devote time to electronic matters.

One-day turnaround usually means using parts on hand and limiting oneself to already-learned skills and techniques. No problem for [nibbler], who, armed with an Arduino Leonardo Tiny and a some colorful push buttons, set about designing a suitable enclosure, and then putting it all together. Was this a win? [nibbler] says yes, and so do I.

Continue reading “Keebin’ With Kristina: The One With The 24-Hour Macro Pad”

Linksys Velop Routers Caught Sending WiFi Creds In The Clear

July 15, 2024 by 14 Comments

A troubling report from the Belgian consumer protection group Testaankoop: several models of Velop Pro routers from Linksys were found to be sending WiFi configuration data out to a remote server during the setup process. That would be bad enough, but not only are these routers reporting private information to the mothership, they are doing it in clear text for anyone to listen in on.

Testaankoop says that while testing out the Pro WiFi 6E and Pro 7 versions of Velop routers, they discovered that unencrypted packets were being sent to a server hosted by Amazon Web Services (AWS). In these packets, they discovered not only the SSID of the user’s wireless network, but the encryption key necessary to join it. There were also various tokens included that could be used to identify network and user.

While the report doesn’t go into too much detail, it seems this information is being sent as part of the configuration process when using the official Linksys mobile application. If you want to avoid having your information bounced around the Internet, you can still use the router’s built-in web configuration menus from a browser on the local network — just like in the good old days.

The real kicker here is the response from Linksys, or more accurately, the lack thereof. Testaankoop says they notified them of their discovery back in November of 2023, and got no response. There’s even been firmware updates for the affected routers since then, but the issue is still unresolved.

Testaankoop ends the review by strongly recommending users avoid these particular models of Linksys Velop routers, which given the facts, sounds like solid advice to us. They also express their disappointment in how the brand, a fixture in the consumer router space for decades, has handled the situation. If you ask us, things started going downhill once they stopped running Linux on their hardware.

Simple Version Of Pong Played On A Row Of LEDs

July 15, 2024 by 5 Comments

As far as video games go, Pong is already about as simple as it gets. But if even two dimensions is a bit more than you’re looking to tackle, [mircemk] shows how you can distill the core gameplay of this iconic title to its absolute minimum using an Arduino and a row of LEDs.

While [mircemk] brings their usual design aesthetic and flash to the project, this one could truly be done as a parts bin build. All you really need is a microcontroller with enough I/O pins (here, an Arduino Nano is used), a couple of buttons, and the aforementioned LEDs. A 16×2 LCD and a buzzer have been added to improve on the user interface a bit, but even that isn’t strictly required.

To play, each user holds their button and gets ready to hit it as soon as the LED closest to them lights up. Again, [mircemk] spruces this build up by offering both integrated buttons on the front panel of the game, as well as a pair of external “controllers” so you don’t have to crowd around the main unit. In this incarnation the score is shown on the LCD, but swapping that out for a pair of seven-segment LEDs could give the whole thing a bit more of a retro flair.

This isn’t the first time [mircemk] has tackled 1D Pong — if you can spring for addressable LEDs, you can pull the whole thing off with significantly less wiring.

Continue reading “Simple Version Of Pong Played On A Row Of LEDs”

A 64-bit X86 Bootloader From Scratch

July 14, 2024 by 20 Comments

For most people, you turn on your computer, and it starts the operating system. However, the reality is much more complex as [Thasso] discovered. Even modern x86 chips start in 16-bit real mode and there is a bit of fancy footwork required to shift to modern protected mode with full 64-bit support. Want to see how? [Thasso] shows us the ropes.

Nowadays, it is handy to develop such things because you don’t have to use real hardware. An emulator like QEMU will suffice. If you know assembly language, the process is surprisingly simple, although there is a lot of nuance and subtlety. The biggest task is setting up appropriate paging tables to control the memory mapping. In real mode, segments have access to fixed 64 K blocks of memory unless you use some tricks. But in protected mode, segments define blocks of memory that can be very small or cover the entire address space. These segments define areas of memory even though it is possible to set segments to cover all memory and — sort of — ignore them. You still have to define them for the switch to protected mode.

In the bad old days, you had more reason to worry about this if you were writing a DOS Extender or using some tricks to get access to more memory. But still good to know if you are rolling your own operating system. Why do the processors still boot into real mode? Good question.

Using Forward- And Reverse-Osmosis To Let Astronaut EVA Suits Produce Fresh Water From Urine

July 14, 2024 by 34 Comments

An uncomfortable reality with the spacesuits used for extravehicular activities (EVA) – commonly referred to as spacewalks – is that the astronaut spends hours in them, during which normal bodily functions like urinating and defecating continue. The current EVA record at the ISS is currently a hair under nine hours, necessitating a new approach. A team of researchers have now pitched the idea of an in-suit water recovery system with an article by [Sofia Etlin] and colleagues as published in Frontiers in Space Technologies.

For the current Extravehicular Mobility Unit (EMU) EVA spacesuit the current solution is what is called the MAG: the Maximum Absorbency Garment, which is effectively a fancy adult diaper with sodium polyacrylate as absorbent for up to 2 L of fluids. It replaced the urine collection device (UCD) that was used until female astronauts joined the astronaut corps in the 1970s. Generally astronauts aim to not defecate until they finish their EVA, which leaves urinating and the related activity of rehydrating as the spacesuits only have 0.95 L of water that has to last the duration of the spacewalk. Continue reading “Using Forward- And Reverse-Osmosis To Let Astronaut EVA Suits Produce Fresh Water From Urine”