Spinning 3D POV Display: A High School Term Project

November 16, 2016 by 25 Comments

If you are a fan of sci-fi shows you’ll be used to volumetric 3D displays as something that’s going to be really awesome at some distant point in the future. It’s been about forty years since a virtual 3D [Princess Leia] was projected to Star Wars fans from [R2D2]’s not-quite-a-belly-button, while in the real world it’s still a technology with some way to go. We’ve seen LED cubes, spinning arrays, and lasers projected onto spinning disks, but nothing yet to give us that Wow! signaling that the technology has truly arrived.

We are starting to see these displays move from the high-end research lab into the realm of hackers and makers though, and the project we have for you here is a fantastic example. [Balduin Dettling] has created a spinning LED display using multiple sticks of addressable LEDs mounted on a rotor, and driven by a Teensy 3.1. What makes this all the more remarkable is that he’s a secondary school student at a Gymnasium school in Germany (think British grammar school or American prep school).

volumetric-pov-display-built-by-high-schooler-led-boardsThere are 480 LEDs in his display, and he addresses them through TLC5927 shift registers. Synchronisation is provided by a Hall-effect sensor and magnet to detect the start of each rotation, and the Teensy adjusts its pixel rate based on that timing. He’s provided extremely comprehensive documentation with code and construction details in the GitHub repository, including a whitepaper in English worth digging into. He also posted the two videos we’ve given you below the break.

What were you building in High School? Did it involve circuit design, mechanical fabrication, firmware, and documentation? This is an impressive set of skills for such a young hacker, and the type of education we like to see available to those interested in a career in engineering.

Continue reading “Spinning 3D POV Display: A High School Term Project”

Solving Hackaday’s Crypto Challenge

November 16, 2016 by 4 Comments

Although I’ve been to several DEF CONs over the past few years, I’ve never found time to devote to solving the badge. The legendary status of all the puzzles within are somewhat daunting to me. Likewise, I haven’t yet given DefCon DarkNet a try either — a real shame as the solder-your-own-badge nature of that challenge is right up my alley.

But at the Hackaday SuperCon I finally got my feet wet with the crypto challenge created by [Marko Antonic]. The challenge was built into a secondary firmware which anyone could easily flash to their conference badge (it enumerates as a USB thumb drive so just copy it over). This turned it into a five-puzzle challenge meant to take two days to solve, and it worked perfectly.

If you were at the con and didn’t try it out, now’s the time (you won’t be the only one late to the game). But even if you weren’t there’s still fun to be had.

Thar’ be spoilers below. I won’t explicitly spill the answers, but I will be discussing how each puzzle is presented and the different methods people were using to finish the quest. Choose now if you want to continue or wait until you’ve solved the challenge on your own.

Continue reading “Solving Hackaday’s Crypto Challenge”

PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers

November 16, 2016 by 53 Comments

[Samy Kamkar], leet haxor extraordinaire, has taken a treasure trove of exploits and backdoors and turned it into a simple hardware device that hijacks all network traffic, enables remote access, and does it all while a machine is locked. It’s PoisonTap, and it’s based on the Raspberry Pi Zero for all that awesome tech blog cred we crave so much.

PoisonTap takes a Raspberry Pi Zero and configures it as a USB Gadget, emulating a network device. When this Pi-come-USB-to-Ethernet adapter is plugged into a computer (even a locked one), the computer sends out a DHCP request, and PoisonTap responds by telling the machine the entire IPv4 space is part of the Pi’s local network. All Internet traffic on the locked computer is then sent over PoisonTap, and if a browser is running on the locked computer, all requests are sent to this tiny exploit device.

With all network access going through PoisonTap, cookies are siphoned off, and the browser cache is poisoned with an exploit providing a WebSocket to the outside world. Even after PoisonTap is unplugged, an attacker can remotely send commands to the target computer and force the browser to execute JavaScript. From there, it’s all pretty much over.

Of course, any device designed to plug into a USB port and run a few exploits has a few limitations. PoisonTap only works if a browser is running. PoisonTap does not work on HTTPS cookies with the Secure cookie flag set. PoisonTap does not work if you have filled your USB ports with epoxy. There are a thousand limitations to PoisonTap, all of which probably don’t apply if you take PoisonTap into any office, plug it into a computer, and walk away. That is, after all, the point of this exploit.

As with all ub3r-1337 pen testing tools, we expect to see a version of PoisonTap for sale next August in the vendor area of DEF CON. Don’t buy it. A Raspberry Pi Zero costs $5, a USB OTG cable less than that, and all the code is available on Github. If you buy a device like PoisonTap, you are too technically illiterate to use it.

[Samy] has a demonstration of PoisonTap in the video below.

Continue reading “PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers”

How To Control Your Instruments From A Computer: It’s Easier Than You Think

November 16, 2016 by 49 Comments

There was a time when instruments sporting a GPIB connector (General Purpose Interface Bus) for computer control on their back panels were expensive and exotic devices, unlikely to be found on the bench of a hardware hacker. Your employer or university would have had them, but you’d have been more likely to own an all-analogue bench that would have been familiar to your parents’ generation.

A GPIB/IEEE488 plug. Alkamid [CC BY-SA 3.], via Wikimedia Commons
A GPIB/IEEE488 plug. Alkamid [CC BY-SA 3.], via Wikimedia Commons.
The affordable instruments in front of you today may not have a physical GPIB port, but the chances are they will have a USB port or even Ethernet over which you can exert the same control. The manufacturer will provide some software to allow you to use it, but if it doesn’t cost anything you’ll be lucky if it is either any good, or available for a platform other than Microsoft Windows.

So there you are, with an instrument that speaks a fully documented protocol through a physical interface you have plenty of spare sockets for, but if you’re a Linux user and especially if you don’t have an x86 processor, you’re a bit out of luck on the software front. Surely there must be a way to make your computer talk to it!

Let’s give it a try — I’ll be using a Linux machine and a popular brand of oscilloscope but the technique is widely applicable.

Continue reading “How To Control Your Instruments From A Computer: It’s Easier Than You Think”

Crowdfunding: Oh Great, Now Anyone Can Invest In An Indiegogo Campaign

November 16, 2016 by 18 Comments

Crowdfunding site Indiegogo has partnered with equity crowdfunding startup Microventures to allow anyone to invest in startups.

The comment sections of crowdfunding sites are almost as bad as YouTube. For every crowdfunding campaign that ships on time, you’ll find dozens that don’t. Thousands of people are angry their Bluetooth-enabled Kitten Mittens won’t be delivered before Christmas. Deep in the comments for these ill-conceived projects, you’ll find a common thread. The backers of these projects invested, and they demand a return. This, of course, is idiotic. Backing a project on Indiegogo or Kickstarter isn’t an investment. It is effectively burning money with the hope Kitten Mittens will eventually show up in your mailbox. Until now.

For an actual investment, there are regulations that must be met. The groundwork for this appeared last year when the Securities and Exchange Commission (SEC) introduced rules for equity crowdfunding. These rules include limitations on how much an individual may invest per year (a maximum of $2,000 or 5% of income, whichever is greater, for individuals with an income less than $100,000 per year), how much money these companies can raise ($1M in a 12-month period), and how an individual can invest in these companies.

Right now, the startups shown on Indiegogo and Microventures include an MMORPG, a distillery and cocktail bar in Washington, DC, a ‘social marketplace for music collaboration’, and a Bluetooth-enabled supercapacitor-powered “Gameball™”. All of these projects actually have documentation, and while the legitimacy of each crowdfunding project is highly dependent on the individual investor, there is a lot more data here than your traditional Indiegogo campaign.

This isn’t fire and brimstone and physics-defying electronic baubles raining down on the common investor, as you would expect from a traditional crowdfunding site tapping into the SEC rules on equity crowdfunding. This is, after all, only a partnership between Indiegogo and Microventures, one of the investment ‘funding portals’ that grew out of the equity crowdfunding regulations. In short, putting an investment opportunity up on Indiegogo will require more effort than a project that is just a few renders of a feature-packed smartphone or a video game with stolen assets.

If anything, this is just the continuation of what we’ve had for the past year. Since the SEC released the final regulations for equity crowdfunding, there have been a number of startups wanting to get in on the action. This partnership between Microventures and Indiegogo was perhaps inevitable, and we can only wonder who Kickstarter is about to team up with.

Direct To Object 3D Printing

November 16, 2016 by 17 Comments

As the patents for fused-filament 3D printers began to expire back in 2013, hackers and makers across the globe started making 3D objects in their garages, workshops and hackerspaces. Entire industries and businesses have sprung up from the desktop 3D printing revolution, and ushered in a new era for the do-it-yourself community. Over the past couple of years, hackers have been pushing the limits of the technology by working with ever more exotic filament materials and exploring novel and innovative ways to make multi-colored 3D prints. One of the areas lagging behind the revolution, however, is finishing the 3D print into a final product. We’d be willing to bet a four meter reel of 5 V three-and-a-half amp NeoPixels that there are just as many artists and craftsman using 3D printers as there are traditional hackers and makers. These brave souls are currently forced to use the caveman technique of paint-and-brush in order to apply color to their print. We at Hackaday hereby declare this unacceptable.

Continue reading “Direct To Object 3D Printing”

Star Trek Phone Dock Might As Well Be From Picard’s Night Stand

November 16, 2016 by 12 Comments

Star Trek is often credited with helping spur the development of technologies we have today — the go-to example being cell phones. When a Star Trek April Fool’s product inspires a maker to build the real thing? Well, that seems par for the course. [MS3FGX] decided to make it so. The 3D printed Star Trek-themed phone dock acts as a Bluetooth speaker and white noise generator. The result is shown off in the video below and equals the special effects you expect to find on the silver screen.

Taking a few liberties from the product it’s based on — which was much larger and had embedded screens — makes [MS3FGX]’s version a little more practical. Two industrial toggle switches control a tech cube nightlight and the internal Bluetooth speaker. An NFC tag behind the phone dock launches the pre-installed LCARS UI app and turns on the phone’s Bluetooth. Despite being a challenge for [MS3FGX] to design, the end product seems to work exactly as intended.

Continue reading “Star Trek Phone Dock Might As Well Be From Picard’s Night Stand”