The Inner Machinations Of The Arduino Are An Enigma

September 19, 2022 by 88 Comments

Arduinos have been the microcontroller platform of choice for nearly two decades now, essentially abstracting away a lot of the setup and lower-level functions of small microcontrollers in favor of sensible IDEs and ease-of-use. This has opened up affordable microcontrollers to people who might not be willing to spend hours or days buried in datasheets, but it has also obscured some of those useful lower-level functions. But if you want to dig into them, they’re still working underneath everything as [Jim] shows us in this last of a series of posts about interrupts.

For this how-to, [Jim] is decoding linear timecodes (LTCs) at various speeds. This data is usually transmitted as audio, so the response from the microcontroller needs to be quick. To make sure the data is decoded properly, the first thing to set up is edge detection on the incoming signal. Since this is about using interrupts specifically, a single pin on the Arduino is dedicated to triggering an interrupt on these edges. The rest of the project involves setting up an interrupt service routine, detecting the clock signal, and then doing all of the processing necessary to display the received LTC on a small screen.

The project page goes into great detail about all of this, including all of the math that needs to be done to get it set up correctly. As far as general use of interrupts goes, it’s an excellent primer for using the lower-level functionality of these microcontrollers. And, if you’d like to see the other two projects preceding this one they can be found on the first feature about precision and accuracy, and the second feature about bitbanging the protocol itself.

A black PCB with an ESP32 and an SBM-20 geiger counter

Flexible Radiation Monitoring System Speaks LoRa And WiFi

September 10, 2022 by 12 Comments

Radioactivity has always been a fascinating phenomenon for anyone interested in physics, and as a result we’ve featured many radioactivity-related projects on these pages over the years. More recently however, fears of nuclear disaster have prompted many hackers to look into environmental radiation monitoring. [Malte] was one of those looking to upgrade the radiation monitor on his weather station, but found the options for wireless geiger counters a bit limited.

So he decided to build himself his own Wifi and LoRa compatible environmental radiation monitor. Like most such projects it’s based on the ubiquitous Soviet-made SBM-20 GM tube, although the design also supports the Chinese J305βγ model. In either case, the tube’s operating voltage is generated by a discrete-transistor based oscillator which boosts the board’s 5 V supply to around 400 V with the help of an inductor and a voltage multiplier.

Graphs showing temperature, humidity and radiation levels
Data can be visualized in graphs, together with other data from the weather station like temperature and humidity

The tube’s output signal is converted into clean digital pulses to be counted by either an ESP32 or a Moteino R6, depending on the choice of wireless protocol. The ESP can make its data available through a web interface using its WiFi interface, while the Moteino can communicate through LoRa and sends out its data using MQTT. The resulting data is a counts-per-minute value which can be converted into an equivalent dose in Sievert using a simple conversion formula.

All design files are available on [Malte]’s website, including a PCB layout that neatly fits inside standard waterproof enclosures. Getting more radiation monitors out in the field can only be a good thing, as we found out when we tried to detect a radiation accident using community-sourced data back in 2019. Don’t like WiFi or LoRa? There’s plenty of other ways to connect your GM tubes to the internet.

London Bridge Has Fallen — By Radio

September 10, 2022 by 25 Comments

One of the global news stories this week has been the passing of the British monarch, Queen Elizabeth II. Since she had recently celebrated 70 years on the throne, the changing of a monarch is not something that the majority of those alive in 2022 will have seen. But it’s well known that there are a whole suite of “London Bridge has fallen” protocols in place for that eventuality which the various arms of the British government would have put in motion immediately upon news from Balmoral Castle. When it became obvious that the Queen’s health was declining, [Hackerfantastic] took to the airwaves to spot any radio signature of these plans. [Update 2022-09-11] See the comments below and a fresh Tweet to clarify, it appears these were not the signals they were at first suspected to be.

What he found in a waterfall view of the 4 MHz military band was an unusual transmission, a set of strong QPSK packets that started around 13:40pm on the 8th of September, and continued on for 12 hours before disappearing.  The interesting thing about these transmissions is not that they were a special system for announcing the death of a monarch, but that they present a rare chance to see one of the country’s Cold War era military alert systems in action.

It’s likely that overseas embassies and naval ships would have been the intended recipients and the contents would have been official orders to enact those protocols, though we’d be curious to know whether 2022-era Internet and broadcast media had tipped them off beforehand that something was about to happen. It serves as a reminder: next time world news stories happen in your part of the world, look at the airwaves!

The Internet Without The Computer: 1990s Style

September 9, 2022 by 18 Comments

We think of the Internet extending to small devices as a modern trend, but it actually is a good example of how everything makes a circle. Today, we want the network to connect to our thermostat and our toaster. But somewhere between the year 1990 and the year 2010, there was a push to make the Internet accessible to the majority of people who didn’t own a computer. The prototypical device, in our mind, was Microsoft’s ill-fated WebTV, but a recent video from [This Does Not Compute] reminded us of another entry in that race: The Audrey from 3COM. Check out the video, below.

Many devices, like the WebTV, wanted to take over your TV set to save on a display. That doesn’t sound bad today, but you have to remember, the typical TV set in those days was not the high-resolution digital monster you have today, so the experience of surfing the Web on one was suboptimal. The Audrey actually had a cute little screen and a compact keyboard.

Continue reading “The Internet Without The Computer: 1990s Style”

This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog

September 9, 2022 by 8 Comments

A couple weeks ago we talked about in-app browsers, and the potential privacy issues when opening content in them. This week Microsoft reveals the other side of that security coin — JavaScript on a visited website may be able to interact with the JS embedded in the app browser. The vulnerability chain starts with a link handler published to Android, where any https://m.tiktok[.]com/redirect links automatically open in the TikTok app. The problem here is that this does trigger a redirect, and app-internal deeplinks aren’t filtered out. One of these internal schemes has the effect of loading an arbitrary page in the app webview, and while there is a filter that should prevent loading untrusted hosts, it can be bypassed with a pair of arguments included in the URI call.

Once an arbitrary page is loaded, the biggest problem shows up. The JavaScript that runs in the app browser exposes 70+ methods to JS running on the page. If this is untrusted code, it gives away the figurative keys to the kingdom, as an auth token can be accessed for the current user. Account modification, private video access, and video upload are all accessible. Thankfully the problem was fixed back in March, less than a month after private disclosure. Still, a one-click account hijack is nothing to sneeze at. Thankfully this one didn’t escape from the lab before it was fixed.

UPnP Strikes Again

It’s not an exaggeration to say that Universal Plug and Play (UPnP) may have been the most dangerous feature to be included in routers with the possible exception of open-by-default WiFi. QNAP has issued yet another advisory of ransomware targeting their devices, and once again UPnP is the culprit. Photo Station is the vulnerable app, and it has to be exposed to the internet to get pwned. And what does UPnP do? Exposes apps to the internet without user interaction. And QNAP, in their efforts to make their NAS products more usable, included UPnP support, maybe by default on some models. If you have a QNAP device (or even if you don’t), make sure UPnP is disabled on your router, turn off all port forwarding unless you’re absolutely sure you know what you’re doing, and use Wireguard for remote access. Continue reading “This Week In Security: One-click, UPnP, Mainframes, And Exploring The Fog”

The TAK Ecosystem: Military Coordination Goes Open Source

September 8, 2022 by 38 Comments

In recent years you’ve probably seen a couple of photos of tablets and smartphones strapped to the armor of soldiers, especially US Special Forces. The primary app loaded on most of those devices is ATAK or Android Tactical Assault Kit. It allows the soldier to view and share geospatial information, like friendly and enemy positions, danger areas, casualties, etc. As a way of working with geospatial information, its civilian applications became apparent, such as firefighting and law-enforcement, so CivTAK/ATAK-Civ was created and open sourced in 2020. Since ATAK-Civ was intended for those not carrying military-issued weapons, the acronym magically become the Android Team Awareness Kit. This caught the attention of the open source community, so today we’ll dive into the growing TAK ecosystem, its quirks, and potential use cases.

Tracking firefighting aircraft in 3D space using ADS-B (Credit: The TAK Syndicate)

Continue reading “The TAK Ecosystem: Military Coordination Goes Open Source”

GP2040: A Configurable Game Pad Firmware

September 4, 2022 by 12 Comments

[feralAI] and fellow GitHub contributors present for your viewing pleasure GP2040: an open source game pad firmware for RP2040-based hardware. The dual-core RP2040 is a good platform to use for gaming inputs, as there is plenty of CPU grunt to get sub-1 ms USB polling time, regardless of any other tasks the controller may be performing. Currently the firmware supports PC, Android, RPi, Nintendo Switch, PS3, PS4 (legacy mode), and the sweet MiSTer FPGA-based retro-gaming platform.

The firmware supports the older DirectInput API and the newer shiny (but rather restrictive) XInput API (no, it’s not the old X11 input extension with the same name) — as well as the usual controller features like SOCD cleaning, D-pad mapping, and RGB support for additional distractions. There is even support for those tiny OLED displays (SSD1306 and friends), although we can’t think of a use case for that at the moment. Configuration is particularly interesting, however, as it is based upon an embedded web application. This is where the pin mappings to your actual hardware are defined, as well as all that RGB bling, if you so desire.

Continue reading “GP2040: A Configurable Game Pad Firmware”