Custom Pneumatic Cylinders Lock This Monitor Arm In Place

August 9, 2024 by 8 Comments

Few consumer-grade PCs are what you’d categorize as built to last. Most office-grade machines are as likely as not to give up the ghost after ingesting a few too many dust bunnies, and the average laptop can barely handle a few drops of latte and some muffin crumbs before croaking. Sticking a machine like that in the shop, especially a metal shop, is pretty much a death sentence.

And yet, computers are so useful in the shop that [Lucas] from “Cranktown City” built this neat industrial-strength monitor arm. His design will look familiar to anyone with a swing-arm mic or desk light, although his home-brew parallelogram arm is far sturdier thanks to the weight of the monitor and sheet-metal enclosure it supports. All that weight exceeded the ability of the springs [Lucas] had on hand, which led to the most interesting aspect of the build — a pair of pneumatic locks. These were turned from a scrap of aluminum rod and an old flange-head bolt; when air pressure is applied, the bolt is drawn into the cylinder, which locks the arm in place. To make it easy to unlock the arm, a pneumatic solenoid releases the pressure on the system at the touch of a button. The video below has a full explanation and demonstration.

While we love the idea, there are a few potential problems with the design. The first is that this isn’t a fail-safe design, since pressure is needed to keep the arm locked. That means if the air pressure drops the arm could unlock, letting gravity do a number on your nice monitor. Second is the more serious problem [Lucas] alluded to when he mentioned not wanting to be in the line of fire of those locks should something fail and the piston comes flying out under pressure. That could be fixed with a slight design change to retain the piston in the event of a catastrophic failure.

Problems aside, this was a great build, and we always love [Lucas]’ seat-of-the-pants engineering and his obvious gift for fabrication, of which his wall-mount plasma cutter is a perfect example.

Continue reading “Custom Pneumatic Cylinders Lock This Monitor Arm In Place”

This Week In Security: GhostWrite, Localhost, And More

August 9, 2024 by 5 Comments

You may have heard some scary news about RISC-V CPUs. There’s good news, and bad news, and the whole thing is a bit of a cautionary tale. GhostWrite is a devastating vulnerability in a pair of T-Head XuanTie RISC-V CPUs. There are also unexploitable crashes in another T-Head CPU and the QEMU soft core implementation. These findings come courtesy of a group of researchers at the CISPA Helmholtz Center for Information Security in Germany. They took at look at RISC-V cores, and asked the question, do any of these instructions do anything unexpected? The answer, obviously, was “yes”.

Undocumented instructions have been around just about as long as we’ve had Van Neumann architecture processors. The RISC-V ISA put a lampshade on that reality, and calls them “vendor specific custom ISA extensions”. The problem is that vendors are in a hurry, have limited resources, and deadlines wait for no one. So sometimes things make it out the door with problems. To find those problems, CISPA researchers put together a test framework is called RISCVuzz, and it’s all about running each instruction on multiple chips, and watching for oddball behavior. They found a couple of “halt-and-catch-fire” problems, but the real winner (loser) is GhostWrite.

Now, this isn’t a speculative attack like Meltdown or Spectre. It’s more accurate to say that it’s a memory mapping problem. Memory mapping helps the OS keep programs independent of each other by giving them a simplified memory layout, doing the mapping from each program to physical memory in the background. There are instructions that operate using these virtual addresses, and one such is vs128.v. That instruction is intended to manipulate vectors, and use virtual addressing. The problem is that it actually operates directly on physical memory addresses, even bypassing cache. That’s not only memory, but also includes hardware with memory mapped addresses, entirely bypassing the OS. This instruction is the keys to the kingdom. Continue reading “This Week In Security: GhostWrite, Localhost, And More”

Liquid (Reversibly) Solidifies At Room Temperature, Gets Used For 3D Prints

August 9, 2024 by 8 Comments

Researchers demonstrate sustainable 3D printing by using poly(N-isopropylacrylamide) solutions (PNIPAM), which speedily and reliably turn solid by undergoing a rapid phase change when in a salt solution.

This property has been used to 3D print objects by using a syringe tip as if it were a nozzle in a filament-based printer. As long as the liquid is being printed into contact with a salt solution, the result is a polymer that solidifies upon leaving the syringe.

What’s also interesting is that the process by which the PNIPAM-based solutions solidify is entirely reversible. Researchers demonstrate printing, breaking down, then re-printing, which is an awfully neat trick. Finally, by mixing different additives in with PNIPAM, one can obtain different properties in the final product. For example, researchers demonstrate making conductive prints by adding carbon nanotubes.

While we’ve seen the concept of printing with liquids by extruding them into a gel bath or similar approach, we haven’t seen a process that prides itself on being so reversible before. The research paper with all the details is available here, so check it out for all the details.

Fixing A Busted Fluke While Fighting A Wonky Schematic

August 9, 2024 by 16 Comments

Fluke meters have been around for a long, long time. Heck, we’ve got a Fluke 73 that we bought back in 1985 that’s still a daily driver. But just because they’ve been making them forever doesn’t mean they last forever, and getting a secondhand meter back in the game can be a challenge. That’s what [TheHWCave] learned with his revival of a wonky eBay Fluke 25, an effort that holds lessons for anyone in the used Fluke market.

Initial inspection of the meter showed encouragingly few signs of abuse, somewhat remarkable for something built for the military in the early 1980s. A working display allowed a few simple diagnostics revealing that the ammeter functions seemed to work, but not the voltmeter and ohmmeter functions. [TheHWCave]’s teardown revealed a solidly constructed unit with no obvious signs of damage or blown fuses. Thankfully, a service schematic was available online, albeit one with a frustrating lack of detail, confusing test point nomenclature, and contradictory component values.

Despite these hurdles, [TheHWCave] was able to locate the culprit: a bad fusible power resistor. Finding a direct replacement wasn’t easy given the vagaries of the schematic and the age of the instrument, but he managed to track down a close substitute cheap enough to buy in bulk. He searched through 40 units to find the one closest to the listed specs, which got the meter going again. Fixing the bent pin also gave the meter back its continuity beeper, always a mixed blessing.

If you’re in the market for a meter but can’t afford the Fluke name, picking up a busted meter and fixing it up like this might be one way to go. But are they really worth the premium? Well, kinda yes.

Continue reading “Fixing A Busted Fluke While Fighting A Wonky Schematic”

Mouse Doesn’t Play Pong… It IS Pong!

August 8, 2024 by 1 Comment

From the “why didn’t we think of that” department comes [dupontgu’s] pong mouse project. The mouse appears and acts like a normal computer mouse until you click the scroll wheel. When you do, the mouse rapidly moves the cursor on the connected computer to play pong. Obviously, though, the paddles and the ball all look like your cursor, whatever that happens to be. So, how do you tell the score? Well, when a score happens, the cursor shows between the two paddles. In the middle means the game is tied. Otherwise, the player closest to the score indicator is winning. Continue reading “Mouse Doesn’t Play Pong… It IS Pong!”

Kickflips And Buffer Slips: An Exploit In Tony Hawk’s Pro Skater

August 8, 2024 by 7 Comments

[Ryan Miceli] wanted to build some reverse engineering skills by finding a new exploit for an original Xbox. Where he ended up was an exploit that worked across the network, across several games, and several different consoles. But it all started with an unbounded strcpy in Tony Hawk Pro Skater (THPS).

Xbox, PlayStation 2, and Gamecube (often referred to as the sixth generation) are wonderful hacking targets as they don’t possess many of the security enhancements of the seventh generation, like hypervisors, privilege levels, and hardware executability protections. The console launches the game, and control is fully within the game, so once you get your code executing, you’re done. The exploit started with a feature in many Tony Hawk games, the custom map editor. In the editor, you can create gaps between jumps with a name so that when a player completes the gap, it can flash “you jumped x” in big letters. However, on Xbox, the gap name is copied with an unbounded strcpy to the stack, meaning you can overwrite the return pointer. Additionally, there are no stack cookies for THPS, which meant nothing stopped [Ryan] from smashing his way through. He includes a small memcpy stub in the header of the level, which the gap name jumps to, which then copies and executes his full payload.

The other games in the series, like Tony Hawk’s Pro Skater 3 (THPS3), had the bug, but the gap name was copied to the heap, not the stack. However, he could overflow into a vtable of the next object that would call his code when the object was freed. However, the level save data wasn’t an executable region of memory, which meant he needed ROP (return-oriented programming). Just a few gadgets later, and [Ryan] had another exploit working.

Tony Hawk’s Underground 1 and 2 had stack cookies turned on. This meant a random value was placed on the stack before a function, then popped off and checked. This meant the program could check if its stack had been smashed. Unfortunately for [Ryan], this proved to be a major roadblock. However, the PC and PS2 versions of these games do not have stack cookies, which means they can be exploited in the same manner.

The beauty of the exploit is that the game allows you to invite a friend to play a custom level. This means once the level is transferred over the network, their console is hacked as well. However, the full payload wasn’t sent to the client console, which meant the exploit had to send the payload to the other console using the game’s existing net code. The exploit sets up an asynchronous file transfer then hands control back to the game. Of course, there was a memory leak in the netcode, because the game had never sent large amounts of data over the network before. So, part of the exploit was a hot patch for a memory leak.

As a last hurrah, [Ryan] ported the hack to Gamecube, PS2, and PC. The code is on GitHub, and the video is after the break. We love the attention the Xbox has been getting, and if you’re curious about a hardware hack, this 256MB ROM mod goes deep into the internals.

Continue reading “Kickflips And Buffer Slips: An Exploit In Tony Hawk’s Pro Skater”

Building AI Models To Diagnose HVAC Issues

August 8, 2024 by 10 Comments

HVAC – heating, ventilation, and air conditioning – can account for a huge amount of energy usage of a building, whether it’s residential or industrial. Often it’s the majority energy consumer, especially in places with extreme climates or for things like data centers where cooling is a large design consideration. When problems arise with these complex systems, they can go undiagnosed for a time and additionally be difficult to fix, leading to even more energy losses until repairs are complete. With the growing availability of platforms that can run capable artificial intelligences, [kutluhan_aktar] is working towards a system that can automatically diagnose potential issues and help humans get a handle on repairs faster.

The prototype system is designed for hydronic (water-based) systems and uses two separate artificial intelligences, one to analyze thermal imagery of the system and look for problems like leaks, hot spots, or blockages, and the other to listen for anomalous sounds especially relating to the behavior of cooling fans. For the first, a CNC-like machine was built to move a thermal camera around a custom-built model HVAC system and report its images back to a central system where they can be analyzed for anomalies. The second system which analyses audio runs its artificial intelligence on a XIAO ESP32C6 and listens to the cooling fans running in the model.

One problem that had to be tackled before any of this could be completed was actually building an open-source dataset to train the AI on. That’s part of the reason for the HVAC model in this project; being able to create problems to train the computer to detect before rolling it out to a larger system. The project’s code and training models can be found on its GitHub page. It seems to be a fairly robust solution to this problem, though, and we’ll be looking forward to future versions running on larger systems. Not everyone has a hydronic HVAC system, though. As heat pumps become more and more popular and capable, you’ll need systems to control those as well.