ArduWorm: A Malware For Your Arduino Yun

November 11, 2016 by 24 Comments

We’ve been waiting for this one. A worm was written for the Internet-connected Arduino Yun that gets in through a memory corruption exploit in the ATmega32u4 that’s used as the serial bridge. The paper (as PDF) is a bit technical, but if you’re interested, it’s a great read. (Edit: The link went dead. Here is our local copy.)

The crux of the hack is getting the AVR to run out of RAM, which more than a few of us have done accidentally from time to time. Here, the hackers write more and more data into memory until they end up writing into the heap, where data that’s used to control the program lives. Writing a worm for the AVR isn’t as easy as it was in the 1990’s on PCs, because a lot of the code that you’d like to run is in flash, and thus immutable. However, if you know where enough functions are located in flash, you can just use what’s there. These kind of return-oriented programming (ROP) tricks were enough for the researchers to write a worm.

In the end, the worm is persistent, can spread from Yun to Yun, and can do most everything that you’d love/hate a worm to do. In security, we all know that a chain is only as strong as its weakest link, and here the attack isn’t against the OpenWRT Linux system running on the big chip, but rather against the small AVR chip playing a support role. Because the AVR is completely trusted by the Linux system, once you’ve got that, you’ve won.

Will this amount to anything in practice? Probably not. There are tons of systems out there with much more easily accessed vulnerabilities: hard-coded passwords and poor encryption protocols. Attacking all the Yuns in the world wouldn’t be worth one’s time. It’s a very cool proof of concept, and in our opinion, that’s even better.

Thanks [Dave] for the great tip!

An Introduction To CNC Machine Control

November 11, 2016 by 40 Comments

We recently gave you some tips on purchasing your first milling machine, but what we didn’t touch on was CNC (Computer Numerical Control) systems for milling machines (or other machines, like lathes). That’s because CNC is a complex topic, and it’s deserving of its own article. So, today we dive into what CNC is, how it works, and ultimately if it’s right for you as a hobbyist.

Continue reading “An Introduction To CNC Machine Control”

Chemical Hacking At A Store Near You

November 11, 2016 by 56 Comments

Imagine for a minute that you aren’t an electronic-savvy Hackaday reader. But you find an old chemistry book at a garage sale and start reading it. It has lots of interesting looking experiments, but they all require chemicals with strange exotic names. One of them is ferric chloride. You could go find a scientific supply company, but that’s expensive and often difficult to deal with as an individual (for example, 2.5 liters of nitric acid costs over $300 for a case of six at a common lab supply company). Where would you go?

As an astute electronics guy (or gal) you probably know that ferric chloride is common for PCB etching, so you would check the electronic store down the street or maybe Radio Shack if you are lucky enough to find one that still stocks it.

So sometimes knowing where to look for a chemical is a key part of acquiring it, especially when the names are not the same. For example, do you have any amylose? No? That’s corn starch. Want to try making your own cadmium sulfide light sensor? Go to the art supply store and ask for cadmium yellow pigment. Need magnesium carbonate? Stop by a sporting goods store and ask for athlete’s chalk.

Continue reading “Chemical Hacking At A Store Near You”

Crack Mike Tyson’s Punch Out Bang Bang Passwords

November 11, 2016 by 5 Comments

[Bisqwit] has feelings about games that use exclamation points in his idiosyncratic walkthrough of all the nuances of the passwords in the famous Punch Out Bang Bang.

As he states in his deeply weird (though in no way wrong) channel intro, when he’s not driving a bus or teaching Israeli dance, he works hard to understand the things around him. Naturally, a mysterious phone number shaped set of digits in a favorite game was a secret worth extracting.

The digits can represent every possible state in the game.  It uses a pretty simple decoding and encoding scheme, which he walks through. As he says, it all becomes clear when you can see the source code.

After working through all the quirks he is able to arbitrarily generate any state in the game and handle the exceptions (such as Nintendo USA’s phone number). You can see all his code here and try it out for yourself. Video after the break.

We’ve grown to respect [Bisqwit] as the explainer of all things console games. You will like his explanation of how to write a code emulator for an NES CPU.

Continue reading “Crack Mike Tyson’s Punch Out Bang Bang Passwords”

Listening To Jupiter On A DIY Radio

November 10, 2016 by 41 Comments

By Jove, he built a radio!

If you want to get started with radio astronomy, Jupiter is one of the easiest celestial objects to hear from Earth. [Vasily Ivanenko] wanted to listen, and decided to build a modular radio receiver for the task. So far he’s written up six of the eight planned blog posts.

The system uses an LNA, a direct conversion receiver block, and provides audio output to a speaker, output to a PC soundcard, and a processed connection for an analog to digital converter. The modules are well-documented and would be moderately challenging to reproduce.

Continue reading “Listening To Jupiter On A DIY Radio”

ESP Clock Needs More Power

November 10, 2016 by 49 Comments

[Victor-Chew] is tired of setting clocks. After all, here we are in the 21st century, why do we have to adjust clocks (something we just did for daylight savings time)? That’s why [Victor] came up with ESPClock.

Based on a $2 Ikea analog clock, [Victor] had a few design goals for the project:

  • Automatically set the time from the network
  • Automatically adjust for daylight savings time
  • Not cost much more than a regular clock
  • Run for a year on batteries

The last goal is the only one that remains unmet. Even with a large battery pack, [Victor’s] clock runs out of juice in a week or so. You can see some videos of the clock syncing with network time, below.

Continue reading “ESP Clock Needs More Power”

Launitor Saves You From Accidentally Smelly Clothes

November 10, 2016 by 19 Comments

[domiflichi] is human and fallible. So he can’t be blamed for occasionally forgetting the laundry in one of the machines and coming back to a less than stellar result. However, while fallible, he is not powerless.

What if his washer/dryer could email or text him about his laundry? It seemed simple enough. Add a vibration sensor to the side of the machine along with some brains. When the load is done it will bother him until he comes down to push the button or There Will Come Soft Rains.

img_2437cropped-resized_thumbnailHe started off with an Arduino-and-ESP8226 combination and piezo sensors. The piezos had lots of shortcomings, so he switched to accelerometers and things worked much better. We really like the way he mounts them to the side of the washer dryer using the PCB’s mounting screws as angle brackets. The case is a standard project box with some snazzy orange acrylic on the front.

It took some fiddling, but these days [domiflichi]’s clothes are fresher, his cats fed, and his appliances more aware. Video of it in operation after the break.

Continue reading “Launitor Saves You From Accidentally Smelly Clothes”