Inside The Mysterious Global Navigation Outage You Probably Didn’t Notice

The entire world has come to depend on satellite navigation systems in the forty or so years since the first Global Positioning System satellites took to orbit. Modern economies have been built on the presumption that people and assets can be located to within a meter or better anywhere on, above, or even slightly under the surface of the planet. For years, GPS was the only way to do that, but billions have been sunk into fielding other global navigation systems, achieving a measure of independence from GPS and to putting in place some badly needed redundancy in case of outages, like that suffered by the European Union’s Galileo system recently.

The problem with Galileo, the high-accuracy public access location system that’s optimized for higher latitudes, seems to be resolved as of this writing. The EU has been tight-lipped about the outage, however, leaving investigation into its root cause to a few clever hackers armed with SDRs and comprehensive knowledge of exactly how a constellation of satellites can use the principles of both general and special relativity to point you to your nearest Starbucks.

Continue reading “Inside The Mysterious Global Navigation Outage You Probably Didn’t Notice”

Hackaday Podcast 027: Confusingly USB-C, Glowey Displays, Logically VGA, Hackers Who Changed Gaming

Hackaday Editors Elliot Williams and Mike Szczys dive into the most interesting hacks of the week. Confused by USB-C? So are we, and so is the Raspberry Pi 4. Learning VGA is a lot easier when abstract concepts are unpacked onto a huge breadboard using logic chips and an EEPROM. Adding vision to a prosthetic hand makes a lot of sense when you start to dig into possibilities of this Hackaday Prize entry. And Elliot gets nostalgic about Counter-Strike, the game that is a hack of Half-Life, grew to eclipse a lot of other shooters, and is now 20 years old.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Direct download (52 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 027: Confusingly USB-C, Glowey Displays, Logically VGA, Hackers Who Changed Gaming”

Making Flexible Overmolded Parts With Urethane Resin

Resin casting videos have taken social media by storm of late. Everything from inlaid driftwood tables to fancy pens are getting the treatment. Pouring some nicely colored epoxy is straightforward enough, but it’s just the tip of the iceberg. [Eric Strebel] has some serious skills in resin casting, and has lately been working on some overmolded electroniics with urethane resin (Youtube link, embedded below).

The build starts with the creation of a silicone mold, using a 3D printed SLA master. The part in question is for a prototype medical device, and requires overmolding, in which a flexible PCB is covered in flexible urethane. Wooden pins are used to allow the flexible PCB to clip into the mold for accurate location, and a small shield is placed over the metal contacts of the PCB to avoid them being covered in silicone.

Initial tests are done with an empty mold to determine the correct material to use, before the actual parts are ready to produce. [Eric] takes great care with the final production, as any mistakes would waste the expensive prototype PCBs provided to him by the client. With the electronics placed in the mold, the resin is degassed and carefully injected, using a syringe to minimise the chance of any air bubbles. With some delicate cleanup by hand, the completed parts are ready for delivery.

It’s a process that covers the basics of overmolding for a prototype part, as well as showing off [Eric]’s skill at producing quality prototype parts. We’ve seen [Eric]’s work before, too – like his discussion of the value of cardboard in product design. Video after the break.

Continue reading “Making Flexible Overmolded Parts With Urethane Resin”

This Week In Security: Ransomware Keys, IOS Woes, And More

Remember the end of GandCrab we talked about a couple weeks back? A new wrinkle to this story is the news that a coalition of law enforcement agencies and security researchers have released a decrypter and the master decryption keys for that ransomware. It’s theorized that researchers were able to breach the command and control servers where the master keys were stored. It’s yet to be known whether this breach was the cause for the retirement, or was a result of it.

Apple’s Secure Enclave is Broken?

A Youtube video and Reddit thread show a way to bypass the iPhone’s TouchID and FaceID, allowing anyone to access the list of saved passwords. The technique for breaking into that data? Tap the menu option repeatedly, and cancel the security prompts. Given enough rapid tries, the OS gives up on the validation and simply shows the passwords!

The iPhone has an onboard security chip, the Secure Enclave, that is designed to make this sort of problem nearly impossible. The design specification dictates that data like passwords are encrypted, and the only way to decrypt is to use the Enclave. The purpose is to mitigate the impact of programming bugs like this one. It seems that the issue is limited to the iOS 13 Beta releases, and you’d expect bugs in beta, but a bug like this casts some doubt on the effectiveness of Apple’s Security Enclave.

URL Scheme Hijacking

Our next topic is also iOS related, though it’s possible the same issue could effect Android phones: URL scheme problems. The researchers at Trend Micro took a look at how iOS handles conflicting app URLs. Outside of the normal http: and https: URLs, applications can register custom URL schemes in order to simplify inter-process communication. The simplest example is something like an email address and the mailto: scheme. Even on a desktop, using one of these links will open a different application to handle that request. What could go wrong?

One weakness in using URL schemes like this is that not all apps properly validate what launched the request, and iOS allows multiple apps to use the same URL scheme. In the example given, a malicious app could register the same URL handler as the target, and effectively launch a man-in-the-middle attack.

Bluekeep, and Patching Systems

It has been five weeks since Bluekeep, the Remote Desktop Protocol vulnerability, was revealed. Approximately 20% of the vulnerable systems exposed to the internet have been patched. Bitsight has been running scans of the remaining vulnerable machines, and estimates about 800,000 remaining vulnerable systems. You may remember this particularl vulnerability was considered so problematic that even the NSA released a statement encouraging patching. So far, there hasn’t been a worm targeting the vulnerability, but it’s assumed that at least some actors have been using this vulnerability in attacks.

Farting Baseball; From The Makers Of Self-Solving Rubik’s Cube

Some hackers have a style all their own that is immediately recognizable from one project to the next. For instance, you can tell a [Takashi Kaburagi] by its insides. The behavior of his Farting Baseball project (machine translation) is amusing, but the joke is only skin deep. Look inside and you’ll gain a huge appreciation for what has been done here. It’s not as mind-boggling as his work on the self-solving Rubiks cube robot, but the creativity and design constraints are similarly impressive.

Clever detail is the square of soft material used to cushion impact

This whimsical project is a curve ball no matter who throws it. While in flight, a jet of compressed gas can alter the trajectory at the press of a button. Inside is a small pressure vessel that is filled with HFC134A refrigerant commonly used on gas blowback pistols. It’s a non-combustible that lies in wait until a solenoid is activated to release the pressure in a powerful jet. The ball carries a CR2032 to power the wireless link for activation, but that solenoid needs more juice so capacitors are charged for this purpose.

It’s worth digging through the details on this one, including the article on measuring discharge time (machine translation). There are numerous nice touches, like the yellow Whoopee Cushion neck that directs the jet, the capacitor discharge materials so there is not an accidental activation when not in use, and clever and clean construction that make everything fit.

Another hacker with an equally iconic style is [Mohit Bhoite]’s work; make his flywire sculptures your next stop.

Continue reading “Farting Baseball; From The Makers Of Self-Solving Rubik’s Cube”

Hybrid Drones Could Have Massively Extended Flight Times

Multirotor drones truly took off with the availability of lithium polymer batteries, brushless motors, and cheap IMUs. Their performance continues to improve, but their flight time remains relatively short due to the limits of battery technology. [Nicolai Valenti] aims to solve the problem by developing a hybrid generator for drones.

The basic concept consists of a small gasoline engine, connected to a brushless motor employed as a generator. The electricity generated is used to run the main flight motors of the multirotor drone. The high energy density of gasoline helps to offset the added weight of the generator set, and [Nicolai] is aiming to reach a goal of two hours of flight time.

There are many engineering problems to overcome. Engine starting, vibration and rectification are all significant challenges, but [Nicolai] is tackling them and has already commenced flight testing. Experiments are ongoing with 500 W, 1,000 W, and 2,000 W designs, and work is ongoing to optimise the engine and electronics package.

It’s a project that holds the potential to massively expand the range of operation for medium to large multirotors, and should unlock certain capabilities that have thus far been limited by short battery runtimes. Gasoline powered drones aren’t a new idea, but we’ve seen precious little in the hybrid space. We look forward to seeiing how this technology develops. Video after the break.

Continue reading “Hybrid Drones Could Have Massively Extended Flight Times”

Turning A Single Bolt Into A Combination Lock

In our search for big-box convenience, we tend to forget that locksmiths once not only copied keys but also created complex locks and other intricate mechanisms from scratch. [my mechanics] hasn’t forgotten, and building a lock is his way of celebrating of the locksmith’s skill. Building a combination lock from a single stainless bolt is probably also showing off just a little, and we’re completely fine with that.

Granted, the bolt is a rather large one – an M20x70 – and a few other materials such as brass rod and spring wire were needed to complete the lock. But being able to look at a single bolt and slice it up into most of the stock needed for the lock is simply amazing. The head became the two endplates, while the shank was split in half lengthwise and crosswise after the threads were turned off; those pieces were later turned down into the tubes and pins needed to create the lock mechanism. The combination wheels probably could have come from another – or longer – bolt, but we like the look of the brass against the polished stainless, as well as the etched numbers and subtle knurling. The whole thing is a locksmithing tour de force, and the video below captures all of it without any fluff or nonsense.

If working in steel and brass isn’t your thing, fear not – a 3D-printed combination lock is probably within your reach. Or laser cut wood. Or even plain paper, if you’re not into the whole security thing.

Continue reading “Turning A Single Bolt Into A Combination Lock”