A digital caliper connected to a tablet computer

Custom Interface Adds USB And Wi-Fi To Digital Calipers

October 17, 2022 by 25 Comments

Although old-school machinists typically prefer the mechanical vernier scale on their trusty calipers, many users nowadays buy calipers with a digital readout. These models often come with additional features like differential measurements, or a “hold” function for those situations where you have to maneuver the instrument somewhere deep inside a machine. Another useful feature is a data link that lets you log your measurements on a computer directly instead of manually entering all the values.

The VINCA-branded caliper that [Liba2k] bought has such a data link feature, which requires a USB adapter that’s sold separately. There is a micro-USB connector on the tool itself, but instead of implementing a USB interface, this is used to carry a proprietary serial protocol — a design decision that ought to be classified as a felony if you ask us. Rather than buying the official USB adapter, [Liba2k] decoded the protocol and built his own interface called VINCA Reader that can connect through either USB or Wi-Fi.

The serial format turned out to be a simple serial bus that clocks out 24 bits at a time. In order to adapt its 1.2 V signal level to the 3.3 V used by an ESP32, [Liba2k] designed a simple level shifter circuit using a handful of discrete components. The ESP can communicate with the computer through its Wi-Fi interface, for which [Liba2k] wrote a spreadsheet-like application; alternatively, an ordinary USB cable can be connected to emulate a keyboard for use with any other software.

With its added Wi-Fi feature, the VINCA Reader is actually more complete than the official USB adapter, and will probably be cheaper as well. The serial interface appears to be common to all caliper manufacturers, although many went for a more sensible connector than micro-USB. An automated readout system is particularly handy if you have to make thousands of similar measurements.

HunterCatNFC tool

Hunt Down NFC Signals With This NFC Multi Tool

October 17, 2022 by 6 Comments

NFC hacking can be a daunting task with many specialized tools, a proliferation of protocols, and a multitude of different devices. [ElectronicCats] has done a lot of work to try to make this investigation accessible by creating an open-source, hardware-certified NFC tool called the HunterCatNFC that can read and emulate a multitude of NFC devices.

The HunterCatNFC device is meant to be portable and self contained, with LED indicator lights that can give information about the various modes, and feedback about what data is being received. At its core, the HunterCatNFC has an NXP PN7150 NFC controller chip to handle the NFC communication. The main processing controller is a Microchip SAMD21 which also provides USB functionality, and the whole device is powered by a 3.7V 150mAh Li-ion battery.

The HunterCatNFC has three main modes, ’emulation’, ‘read/write’ and ‘peer-to-peer’. Emulation mode allows the HunterCatNFC to mimic the functionality of a passive NFC device, only responding when an NFC reader issues a request. The read/write mode allows it to emulate an NFC reader or writer, with the ability to communicate with nearby passive NFC devices. The peer-to-peer mode gives the device the ability to have two way communication, for instance, between two HunterCatNFC devices.

We’ve covered NFC hacking before, including the Flipper Zero. The HunterCatNFC is a fine addition to the NFC hackers arsenal of tools with some very nice documentation to learn from. For those not wanting to send out their own boards to be printed and assembled, [ElectronicCats] has them for sale.

Video after the break!

Continue reading “Hunt Down NFC Signals With This NFC Multi Tool”

Tiny Thin Client Is Small But Compatible

October 13, 2022 by 10 Comments

We were impressed with [moononournation’s] tiny thin client project. It claims to use an Arduino, but as you might guess it is using the Arduino software along with a network-enabled microcontroller like an ESP32. The impressive part is that it is standards-compliant and implements VNC’s RFB protocol.

The original coding for RFB on Arduino is from [Links2004] and armed with that, the thin client is probably easier to create than you would guess. However, this project wanted to use a larger screen and found that it led to certain problems. In particular, the original code had a 320×240 display. This project was to use an 800×480 display, but with the limits on the ESP32, the frame rate possible would be under 7 frames per second. The answer was to combine a 16-bit parallel interface with better compression back to the VNC server.

The little keyboard is probably not very practical, but it is compact. That would be another easy thing to modify. Currently, the keyboard uses I2C, but it would be straightforward to change things up. This would be a worthy base to build a bigger project on top. A 3D printed enclosure would be nice, too.

We’ve seen a number of projects built around commercial thin clients. Some from defunct businesses are good sources for obscure parts, too.

Continue reading “Tiny Thin Client Is Small But Compatible”

A 3d printed ghost next to the base of an LED tea light that has 4 LEDs poking out and the IR receiver port and micro-USB connector showing.

A Cold Light To Warm Your Heart

October 9, 2022 by 1 Comment

Halloween is coming fast and what better way to add to your Halloween ornamentation than [Wagiminator]’s cute NeoCandle tea light simulator.

[Wagiminator] has modified a 3D printed ghost along with extending [Mark Sherman]’s light simulation code to create a cute light that’s perfect for the holiday season. The NeoCandle uses an ATtiny85 chip to power four WS2812 NeoPixel jelly bean LEDs. The device has an infrared (IR) receiver to be able to control it from a remote that speaks the NEC protocol. There is a light sensor that allows the unit to dim when it detects ambient light and the whole unit is powered off of a micro-USB connection.

The ATtiny85 have limited program flash and [Wagiminator] packs in a lot of functionality in such a small package, squeezing in a bit-banging NeoPixel driver in only 18 bytes of flash that can push out a transfer rate 762 kpbs to update the LEDs. The pseudo-random number uses a Galois linear feedback shift register and comes in at 86 bytes of flash, with the IR receiver implementation code being the largest using 234 bytes of flash. The ATtiny85 itself has 8 KB of flash memory so maybe it’s possible to push [Waginminator]’s code to even more restrictive Atmel devices in the ATtiny family.

With microcontrollers and LEDs becoming so cheap and ubiquitous, making realistic flames with them is becoming accessible, as we’ve seen with previous projects on electronic candles.

Continue reading “A Cold Light To Warm Your Heart”

This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis

October 7, 2022 by 1 Comment

If you use PHP, you likely use the Composer tool for managing dependencies, at least indirectly. And the good folks at SonarSource found a nasty, potential supply chain attack in this tool, when used in the Packagist repository. The problem is the support for arbitrary README filenames. When a package update shows up on Packagist, that service uses a Version Control Service (VCS) like Git or Mercurial to pull the specified readme location. That pull operation is subject to argument injection. Name your branch --help, and Git will happily run the help argument instead of doing the pull intended. In the case of Git commands, our intrepid researchers were unable to weaponize the issue to achieve code execution.

Composer also supports projects that use Mercurial as their VCS, and Mercurial has a --config option that has… interesting potential. It allows redefining a Mecurial command as a script snippet. So a project just has to contain a malicious payload.sh, and the readme set to --config=alias.cat=!hg cat -r : payload.sh|sh;,txt. For those keeping track at home, the vulnerability is that this cursed string of ugly is accepted by Composer as a valid filename. This uses the --config trick to redefine cat as a bit of script that executes the payload. It ends in .txt because that is a requirement of Composer.

So let’s talk about what this little hack could have been used for, or maybe still used for on an unpatched, private install of Packagist. This is an unattended attack that jumps straight to remote script execution — on an official package repository. If discovered and used for evil, this would have been a massive supply chain attack against PHP deployments. Instead, thanks to SonarSource, it was discovered and disclosed privately back in April. The official Packagist repo at packagist.org was fixed the day after disclosure, and a CVE and updated packages went out six days later. Great work all around.
Continue reading “This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis”

Intranasal Vaccines: A Potential Off-Ramp For Coronavirus Pandemics

September 29, 2022 by 54 Comments

An interesting and also annoying aspect about the human immune system is that it is not a neat, centralized system where you input an antigen pattern in one spot and suddenly every T and B lymphocyte in the body knows how to target an intruder. Generally, immunity stays confined to specific areas, such as the vascular and lymph system, as well as the intestinal and mucosal (nasal) parts of the body.

The result of this is that specific types of vaccines have a different effect, as is demonstrated quite succinctly with the polio vaccines. The main difference between the oral polio vaccine (OPV) and inactivated vaccine (injected polio vaccine, or IPV) is that the former uses a weakened virus that induces strong immunity in the intestines, something that the latter does not. The effect of this is that while both protect the individual, it does not affect the fecal-oral infection route of the polio virus and thus the community spread.

The best outcome for a vaccine is when it both protects the individual, while also preventing further infections as part of so-called sterilizing immunity. This latter property is what makes the OPV vaccine so attractive, as it prevents community spread, while IPV is sufficient later on, as part of routine vaccinations. The decision to use a vaccine like the OPV versus the IPV is one of the ways doctors can tune a population’s protection against a disease.

This is where the current batch of commonly used SARS-CoV-2 vaccines are showing a major issue, as they do not provide significant immunity in the nasal passage’s mucosal tissues, even though this is where the virus initially infects a host, as well as where it replicates and infects others from. Here intranasal vaccines may achieve what OPV did for polio.

Continue reading “Intranasal Vaccines: A Potential Off-Ramp For Coronavirus Pandemics”

battery powered wall mounted clock with LCD display and 10 capacitive touch buttons

A Peppy Low Power Wall Mounted Display

September 19, 2022 by 18 Comments

[Phambili Tech] creates a battery powered mountable display, called “the Newt”, that can be used to display information about the time, calendar, weather or a host of other customizable items.

The Newt tries to strike a balance between providing long operating periods while still maintaining high refresh rates and having extensive features. Many of the battery powered devices of this sort use E-Ink displays which offer long operating windows but poor refresh rates. The Newt uses an LCD screen that, while not being as low power as an E-Ink display, offers extended battery operation while still being daylight readable and providing high refresh rates.

The display itself is a 2.7 inch 240×400 SHARP “Memory In Pixel” LCD that provides the peppy display at low power. The Newt is WiFi capable through its ESP32-S2-WROVER module with a RV-3028-C7 Real Time Clock, a buzzer for sound feedback and capacitive touch sensors for input and interaction. A 1.85Wh LiPo battery (3.7V, 500mAh) is claimed to last for 1-2 months, with the possibility of using a larger battery for longer life.

Continue reading “A Peppy Low Power Wall Mounted Display”