The Spit-Detecting USB Flash Drive Is Nearly Here

December 25, 2022 by 17 Comments

Regular readers may recall that security researcher and general open source hardware fanatic [Walker] has been planning a rather unusual flash drive for some time — one that will only show its contents if the user makes sure to lick their fingers before plugging it in. We’re pleased to report that theory has recently given way to real hardware, and the Ovrdrive “self-destructing” flash drive is now a step closer to reality.

The last time we checked in with [Walker], he hadn’t yet put any hardware together, though he was fairly sure what components he would need and how it would all go together. This was assisted somewhat by the fact that USB flash drives are such a ubiquitous piece of tech, making their principle parts plentiful and fairly well documented. As explained in the video below, all you really need to spin up your own flash drive is the USB connector, the controller chip, and a nice slab of flash memory for it to access. Though naturally you’re on your own for spit detection.

The build video has some gorgeous camera work.

What we especially like about this project is that [Walker] is releasing the whole thing as open source hardware. So even if you’re not interested in the whole lick-for-access feature, you’ve still got a boilerplate flash drive design to build on. We haven’t seen a lot of DIY projects tackle USB Mass Storage previously, and perhaps this design can change that.

But of course, only if the thing works. According to the video after the break, [Walker] seems to have hit a snag with this revision of the hardware. While it enumerates as a storage device when plugged into the computer, the operating system claims its capacity is zero. He thinks there might be a swapped trace between the controller and flash chip to blame, so hopefully he can get things sorted out before too long. We’ve been covering this project since the summer, and are eager to see it cross the finish line.

Continue reading “The Spit-Detecting USB Flash Drive Is Nearly Here”

A Dungeon Master With A Thermal Printer

December 24, 2022 by 30 Comments

The thermal printer is ubiquitous in today’s world, mostly found whenever we have to get a receipt from somewhere. They’re cheap, fast, and easy to use. Not only that, though, but as [Daniel] found out, they’re also pretty straightforward to re-program and use for other things than a three-foot-long receipt from a drug store. He’s adapted them to serve as a key tool of the dungeon master in his D&D games.

While he has adapted the most common thermal printer standard, the Epson Standard Code, the real fun of this project is in the user interface. He’s made it possible to build templates and other D&D-oriented sheets quickly via HTML, so the dungeon master can print out character sheets, items from the game, maps, or anything else they might possibly need at the time. It’s all highly configurable to whatever needs arise, and the interface works on Mac, Windows, and Linux.

All of the project code is located on Daniel’s GitHub page for anyone looking to try this out. Most thermal printers use this standard too, so cheap ones can easily be found and put to use as long as a roll of thermal paper is available. If the feel of thermal paper is bringing up some childhood nostalgia, it could be because you had the Game Boy Printer as a youth and are looking for ways to recapture that thermal printer magic.

A radio with a white front grate and wood edges sits on a grey surface. Next to the radio are small white disks with colorful edges reminicient of microdisc-sized records. A yellow-ringed disk sits on the radio. The handwritten title says, "Summer of 2011; Holidays in Barcelona"

Spotify Player Brings Back Physical Media

December 24, 2022 by 21 Comments

Digital music has made keeping all your tunes with you a lot more convenient, but have we lost something with dematerialization? [Jordi Parra] felt that there was something lacking with the digital music experience and designed a Spotify player with a tactile interface.

Specific playlists are selected via small RFID tags that look like a cross between a MiniDisc and a vinyl record. As this is a prototype, an Arduino reads the RFID tag, but needs a computer to actually play the Spotify playlist. Future iterations could include an integrated speaker and run libspotify to create a self-contained device.

While there is still work to do for a fully seamless experience, we love the details in the industrial design of this project. Clean simple lines and a combination of wood and more modern materials make this feel like a timeless piece of tech. Definitely check out the full photo gallery including shots of the really impressive packaging.

Want more digital music with a tactile interface? Check out this MP3 Player Shelf or a Simple Internet Radio Transplant.

Blinky Project Is 6502s All The Way Down

December 24, 2022 by 19 Comments

Virtually any platform you might find yourself programming on has some simple method of running a delay. [Joey Shepard] got rather creative on a recent project, though, relying on a rather silly nesting method that we’re calling 6502s All The Way Down.

The project in question was a simple PCB that was shaped like a robot, with blinking LED eyes. Typically, you’d simply reach for the usual sleep() or delay() function to control the blink rate, but [Joey] went off-piste for this one. Instead, the PIC32 on the board runs a 6502 emulator written in MIPS assembly. This emulated 6502 is then charged with running a further 6502 emulator coded in 6502 assembly, and so on, until there’s 6502 emulators running six-deep on the humble microcontroller. The innermost emulator runs a simple program that blinks the LED eyes in a simple loop. With the overhead of running six emulators, though, the eyes only blink at a rate of roughly once every two seconds.

It’s an amusing and complicated way to write a blink program, and we applaud [Joey] for going to all that trouble. We imagine it was a great way to learn about programming the PIC32 as well as emulation in general. Meanwhile, if you’re working on your own emulator feats, be sure to let us know!

Your Next Airport Meal May Be Delivered By Robot

December 23, 2022 by 26 Comments

Robot delivery has long been touted as a game-changing technology of the future. However, it still hasn’t cracked the big time. Drones still aren’t airdropping packages into our gutters by accident, nor are our pizzas brought to us via self-driving cars.

That’s not to say that able minds aren’t working on the problem. In one case, a group of engineers are working ton a robot that will handle the crucial duty of delivering food to hungry flyers at the airport.

Continue reading “Your Next Airport Meal May Be Delivered By Robot”

Working With I2S-Compatible FM Tuners

December 23, 2022 by 9 Comments

While the Internet is a great place to get access to any music or audio you can dream of, there’s still a place for broadcast radio. [mit41301] has recently been exploring implementing a simple FM tuner chip in various projects.

The chip in question is the RDA7088, which is designed to require the bare minimum in external components, and is available in a compact SOP16 package. As per the datasheet, it was intended for use in applications like portable radios, PDAs, cell phones, and MP3 players.

[mit41301]’s first attempt involved using the chip as a simple tuner, hooked up to a PIC10F200 for control. Investigation revealed it was capable of outputting digital audio via I2S, while being commanded via I2C. By default, it spits out audio at a low sample rate of 8 kHz, but reconfiguration will jump that up to 44.1 or 48 kHz. Piping that digital I2S stream out to a DAC then delivers analog output that can be fed to an amplifier. The build also got remote control, with the PIC handling decoding IR signals and outputting commands to the radio chip.

Following this success, [mit41301] then went further, hooking up an ESP-01 to the chip to try and get RDS going. If you’re unfamiliar with the Radio Data System, it’s a way for short textual messages to be sent out by FM broadcasters. In addition to the duties carried out by the PIC module, the ESP-01 is also charged with receiving RDS data from the RDA7088, and outputting it to a display.

While using such chips is routine in industry, it’s always great to see a DIY guide to interfacing with specific hardware. If you want to integrate FM radio into your own projects, the RDA7088 is a simple and easy way to do so. We’ve seen similar work before, adding FM radio to the Raspberry Pi.

Continue reading “Working With I2S-Compatible FM Tuners”

This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability

December 23, 2022 by 6 Comments

It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever a pull request is opened. But that pull request is run in some part of the target’s development environment, and there’s been a few clever attacks found over the years that take advantage of that. There’s now another one, what Legit Security calls Github Environment Injection, and there were some big-name organizations vulnerable to it.

The crux of the issue is the $GITHUB_ENV file, which contains environment variables to be set in the Actions environment. Individual variables get added to this file as part of the automated action, and that process needs to include some sanitization of data. Otherwise, an attacker can send an environment variable that includes a newline and completely unintended environment variable. And an unintended, arbitrary environment variable is game over for the security of the workflow. The example uses the NODE_OPTIONS variable to dump the entire environment to an accessible output. Any API keys or other secrets are revealed.

This particular attack was reported to GitHub, but there isn’t a practical way to fix it architecturally. So it’s up to individual projects to be very careful about writing untrusted data into the $GITHUB_ENV file.

Continue reading “This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability”