Tearing Down The Boss Phone

May 11, 2017 by 84 Comments

Poke around enough on AliExpress, Alibaba, and especially Taobao—the Chinese facing site that’s increasingly being used by Westerners to find hard to source parts—and you’ll come across some interesting things. The Long-CZ J8 is one of those, it’s 2.67 inch long and weighs just 0.63 ounces, and it’s built in the form factor of a Bluetooth headset.

A couple of months ago Cory Doctorow highlighted this tiny phone, he’d picked up on it because of the marketing. The lozenge-shaped phone was being explicitly marketed that it could “beat the boss”. The boss in question here being the B.O.S.S chair—a scanning technology that has been widely deployed across prisons in the U.K. in an attempt to put a halt to smuggling of mobile phones to inmates.

The Long-CZ J8 is just 2.67 inch (6.8cm) long.

I wasn’t particularly interested in whether it could make it through a body scanner, or the built-in voice changer which was another clue as to the target market for the phone. However just the size of the thing was intriguing enough that I thought I’d pick one up and take a look inside. So I ordered one from Amazon.

Continue reading “Tearing Down The Boss Phone”

Just In Time For Summer: A Remote Controlled Snowblower

May 11, 2017 by 16 Comments

It’s May, and you know what that means: we’re winding down from a worldwide celebration of the worker, pollen is everywhere, Hackaday readers in the southern hemisphere are somehow offended, and somewhere, someone is finishing up a remote-controlled snow blower build.

In this nine-part, two-hour-long video series, [Dave] covers the planning and fabrication of one of the most coveted of all cold weather yard instruments. It’s a remote-controlled snow blower. Just think: instead of bundling up to go blow the driveway off, [Dave] can get all the snow off his driveway from the comfort of his living room window. Sure, it may not sound like a big deal now that it’s Crocs & Socks weather, but this is going to be a great invention in seven or eight months.

This snow blower robot is built around two motors taken from an electric wheelchair. Most snowblowers already have tracks, so the ever-important traction for this build is already taken care of. A linear actuator takes care of the angle of the ‘scoop’, and a clever confabulation of bicycle sprockets, chain, and a motor allows the ‘chute’ of the snowblower to be pointed in any direction. The electronics are simple enough – a normal, off-the-shelf RC transmitter and receiver handles the wireless communication while an Arduino takes those signals and turns them into something the relays and motors understand.

This is one of the better build vlogs we’ve seen. There are nine parts to this build, we’ve included the final, wrapup video below.

Continue reading “Just In Time For Summer: A Remote Controlled Snowblower”

History Of Git

May 11, 2017 by 89 Comments

Git is one of those tools that is so simple to use, that you often don’t learn a lot of nuance to it. You wind up cloning a repository from the Internet and that’s about it. If you make changes, maybe you track them and if you are really polite you might create a pull request to give back to the project. But there’s a lot more you can do. For example, did you know that Git can track collaborative Word documents? Or manage your startup files across multiple Linux boxes?

Git belongs to a family of software products that do revision (or version) control. The idea is that you can develop software (for example) and keep track of each revision. Good systems have provisions for allowing multiple people to work on a project at one time. There is also usually some way to split a project into different parts. For example, you might split off to develop a version of the product for a different market or to try an experimental feature without breaking the normal development. In some cases, you’ll eventually bring that split back into the main line.

Although in the next installment, I’ll give you some odd uses for Git you might find useful, this post is mostly the story of how Git came to be. Open source development is known for flame wars and there’s at least a few in this tale. And in true hacker fashion, the hero of the story decides he doesn’t like the tools he’s using so… well, what would you do?

Continue reading “History Of Git”

They Have Electronics In Junk Mail Now

May 11, 2017 by 50 Comments

On the way to the mailbox, you might be expecting bills, birthday cards, perhaps a grocery store catalogue or two. [Steve] was like you, once – until an embedded computer showed up in the junk mail.

The mailer turned out to be from the Arconic corporation – some sort of publication trying to sway a board of directors vote one way or the other. But far more interesting is the hardware inside. The device consisted of a 3″ LCD screen within folded cardboard, some buttons and a micro USB port. After the device let the smoke out when [Steve] attempted to charge it, the next step was naturally to perform a full teardown.

It was a simple job to identify the chips inside which still had their factory markings, and [Steve] found that it appeared to share its design with an Audi marketing material from 2014. It’s rather amazing that such technology is cheap enough for this sort of mass mailout, though [Steve] notes that it’s rather an imprudent move to post out a “fire hazard that needs to be specially recycled”.

This reminds us of the e-paper Esquire magazine display from a few years back.

Vintage Portable TV Turned Retro Gaming System

May 11, 2017 by 14 Comments

When [FinnAndersen] found an old TV set by the side of the road, he did what any self-respecting DIY/gaming enthusiast would do: He took it apart and installed a Raspberry Pi 3 running RetroPie in it in order to play retro games on a retro TV!

[Finn] took the CRT out of the TV before realizing that it actually worked. It was already too late, so [Finn] ordered a 12″ LCD screen to put in its place. He liked the idea of the curved screen the CRT had, though, so he molded a piece of acrylic around the CRT and, after some cutting and grinding, had it fitting in the screen’s space.

[Finn] also liked the idea of the TV still being able to view a television signal, so he bought a TV tuner card. After a couple of mods to it, he could control the card with the TV’s original channel changer. He used an Arduino to read the status of the rotary encoders the original TV used. After some trial and error, [Finn] was able to read the channel positions and the Arduino would send a signal to the channel up and down buttons on the tuner card in order to change the channel.

Next up was audio. [Finn] found a nicer speaker than came with the TV, so he swapped them and added an amplifier. The original volume knob is still used to control the volume. A USB Hub is hidden in the side of the TV at the bottom, to allow controllers to connect and finally, a power supply converts the mains voltage to 12V DC which runs both the Raspberry Pi and the TV Tuner.

[FinnAndersen] has built a great RetroPie cabinet reusing a great looking vintage TV. It’s unfortunate that he removed the CRT before figuring out that he could use it, but the replacement looks pretty darn good! And the added advantage? It’s portable, sort of. At least, without the CRT inside, it’s much lighter than it was. Here‘s another retro console inside an old TV, and this article is about connecting a Raspberry Pi to every display you can get your hands on.

Continue reading “Vintage Portable TV Turned Retro Gaming System”

Build Your Own Hydroponic Wheel

May 10, 2017 by 21 Comments

Hydroponics is an effective way of growing plants indoors through the use of water medium and artificial lighting. It often involves having a system to raise and lower the water level around the plants to let the roots breathe, however this can require some non-trivial plumbing. [Peter] wanted to instead explore the realm of wheel hydroponics to grow some ingredients for salad.

The idea is to have pods mounted on a rotating assembly, similar to the carriages on a Ferris Wheel. By rotating the wheel slowly, each pod spends a certain amount of time submerged, and a certain amount of time in free air. This allows the water level to remain constant and only the pods need to move.

The tank for the build is a simple plastic storage bin from a local hardware store, with the wheel assembled from various odds and ends and laser cut components, making this a build very possible for those with access to a hackerspace. A stepper motor provides the motive power, with the assembly completing approximately one rotation per hour.

[Peter] has run the device for several months now, noting that there are issues with certain plants maintaining their hold to the wheel, as well as algae growth in the water medium. There’s room for development but overall, it’s a great build and we hope [Peter] will be serving up some delicious fresh salads soon.

For another take, perhaps you’d like your hydroponics solar powered?

[Thanks Nils!]

Git Shell Bypass, Less Is More

May 10, 2017 by 4 Comments

We’ve always been a fans of wargames. Not the movie (well, also the movie) but I’m referring to hacking wargames. There are several formats but usually you have access to an initial shell account somewhere, which is level0, and you have to exploit some flaw in the system to manage to get level1 permissions and so forth. Almost always there’s a level where you have to exploit a legitimate binary (with some shady permissions) that does more than what the regular user thinks.

In the case of CVE-2017-8386, less is more.

[Timo Schmid] details how the git-shell, a restricted shell meant to be used as the upstream peer in a git remote session over a ssh tunnel, can be abused in order to achieve arbitrary file read, directory listing and somewhat restricted file write. The git-shell basic idea is to restrict the allowed commands in an ssh session to the ones required by git (git-receive-pack, git-upload-pack, git-upload-archive). The researcher realized he could pass parameters to these commands, like the flag –help:

$ ssh git@remoteserver "git-receive-pack '--help'"

GIT-RECEIVE-PACK(1)            Git Manual             GIT-RECEIVE-PACK(1)

NAME
 git-receive-pack - Receive what is pushed into the repository
[...]

What the flag does is make the git command open the man page of git, which is passed on to a pager program, usually less. And this is where it get interesting. The less command, if running interactively, can do several things you would expect like searching for text, go to a line number, scroll down and so on. What it can also do is open a new file (:e), save the input to a file (s) and execute commands (!). To make it run interactively, you have to force the allocation of a PTY in ssh like so:

$ ssh -t git@remoteserver "git-receive-pack '--help'"

GIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1)

NAME
 git-receive-pack - Receive what is pushed into the repository

 Manual page git-receive-pack(1) line 1 (press h for help or q to quit)
 

Press h for help and have fun. One caveat is that usual installations the code execution will not really execute arbitrary commands, since the current running login shell is the git-shell, restricted to only some white listed commands. There are, however, certain configurations where this might happen, such as maintaining bash or sh as a login shell and limit the user in ways that they can only use git (such as in shared environments without root access). You can see such example here.

The quickest solution seems to be to enable the no-pty flag server-side, in the sshd configuration. This prevents clients from requesting a PTY so less won’t run in an interactive mode.

$ man less

LESS(1) General Commands Manual LESS(1)

NAME
less - opposite of more

Ironic, isn’t it?