Unintentional Emissions

October 1, 2022 by 40 Comments

First, it was the WiFi router: my ancient WRT54G that had given me nearly two decades service. Something finally gave out in the 2.4 GHz circuitry, and it would WiFi no more. Before my tears could dry, our thermometer went on the fritz. It’s one of those outdoor jobbies that transmits the temperature to an indoor receiver. After that, the remote for our office lights stopped working, but it was long overdue for a battery change.

Meanwhile, my wife had ordered a new outdoor thermometer, and it too was having trouble keeping a link. Quality control these days! Then, my DIY coffee roaster fired up once without any provocation. This thing has worked quasi-reliably for ten years, and I know the hardware and firmware as if I had built them myself – there was no way one of my own tremendously sophisticated creations would be faulty. (That’s a joke, folks.) And then the last straw: the batteries in the office light remote tested good.

We definitely had a poltergeist, a radio poltergeist. And the root cause would turn out to be one of those old chestnuts from the early days of CMOS ICs – never leave an input floating that should have a defined logic level. Let me explain.

The WRT54G was the hub of my own home automation system, an accretion of ESP8266 and other devices that all happily speak MQTT to each other. When it went down, none of the little WiFi nodes could boot up right. One of them, described by yours truly in this video, is an ESP8266 connected to a 433 MHz radio transmitter. Now it gets interesting – the thermometers and the coffee roaster and the office lights all run on 433 MHz.

Here’s how it went down. The WiFi-to-433 bridge failed to connect to the WiFi and errored out before the part of the code where it initialized GPIO pins. The 433 MHz transmitter was powered, but its digital input was left flopping in the breeze, causing it to spit out random data all the time, with a pretty decent antenna. This jammed everything in the house, and apparently even once came up with the command to turn on the coffee roaster, entirely by chance. Anyway, unplugging the bridge fixed everything.

This was a fun one to troubleshoot, if only because it crossed so many different devices at different times, some homebrew and some commercial, and all on different control systems. Until I put it together that everything on 433 MHz was failing, I hadn’t even thought of it as one event. And then it turns out to be a digital electronics classic – the dangling input!

Anyway, hope you enjoyed the ride. And spill some copper for the humble pull-down resistor.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Lamp Flashing Module Is Perfect For Automotive Use

October 1, 2022 by 17 Comments

Modern cars tend to have quite advanced lighting systems, all integrated under the control of the car’s computer. Back in the day, though, things like brake lights and indicators were all done with analog electronics. If your classic car needs a good old-fashioned flasher module, you might find this build from [DIY Guy Chris] useful.

It’s an all-analog build, with no need for microcontrollers or other advanced modern contrivances. Instead, a little bipolar PNP transistor and a beefier NPN MOSFET as an oscillator, charging and discharging a capacitor to create the desired flashing behavior. Changing the size of the main capacitor changes the flash rate. The MOSFET is chosen as running 12 volt bulbs requires a decent amount of current. The design as drawn is intended to run up to eight typical automotive bulbs, such as you might find in indicator lamps. However, [Chris] demonstrates the circuit with just four.

Flasher circuits were in regular use well into the 1990s. The original Mazda Miata has a very similar circuit tucked up under the dashboard to run the turn signals. These circuits can be hard to find for old cars, so building your own may be a useful workaround if you’re finding parts hard to come by. Video after the break.

Continue reading “Lamp Flashing Module Is Perfect For Automotive Use”

Make Your Own Color Gradient 3D Printing Filament

September 30, 2022 by 1 Comment

Color gradient filament is fun stuff to play with. It lets you make 3D prints that slowly fade from one color to another along the Z-axis. [David Gozzard] wanted to do some printing with this effect, and learned how to make his own filament to do the job. 

[David] intended to 3D print a spectrogram of a gravity wave, and wanted the graph to go from blue to yellow. Only having a single-color printer, he needed color shift filament, but couldn’t find any blue-to-yellow filament online.

The resulting color-shifting print looks great, demonstrating the value of the technique.

Thus, he elected to create it himself. He started by creating a spiral model in Fusion 360, with a hexagonal cross-section and slowly tapering off to a point. Slicing and printing this in blue results in a filament that slowly fades down to a point. The opposite shape can then be printed in yellow, tapering from a point up to a full-sized filament. The trick is to print one shape, then the other, by mashing the G-code together and changing the filament from blue to yellow along the way. The result is the blue and yellow plastic gets printed together into a single filament that gradually changes from one to the other.

Notably, the filament is smaller than the original filaments used to create it, so it’s necessary to run slightly different settings when using it. [David] has shared the models on Thingiverse for those eager to recreate the technique at home. His resulting gravity wave print is impressive, demonstrating that this technique works well!

We’ve seen similar different techniques used for creating multi-color filaments before, too. Video after the break.

Continue reading “Make Your Own Color Gradient 3D Printing Filament”

New controller PCB shown below the original one. The new PCB has an ESP module with an antenna, a lot of support circuitry, and all the same connectors that the original board does.

Controller For 946C Hotplate Adds Reflow Profile Upload Over BLE

September 30, 2022 by 7 Comments

Reflow hotplates are a wonderful tool for PCB assembly if you can keep your designs single-sided. The 946C hotplate in particular has been on hackers’ radar for a while – a 200x200mm working surface hotplate available for under $100 is a decent investment. As with other reflow tools, it was a matter of time until someone made a replacement controller for it. This one, you’ll want to keep in mind – it’s a replacement controller project by [Arnaud Durand] and [Elias Rodriguez Martin], called Reflow946.

Keeping to best practices, the board is a drop-in replacement for the stock controller – swap cables over and go. The host processor is an ESP32, and it lets you can program reflow profiles in using BLE, with a Python application to help. The whole design is open-source and on GitHub, of course – keeping with best 3D printing traditions, you can already order the parts and PCBs, and then assemble them using the hotplate you’re about to upgrade. As far as aftermarket controllers go, here’s no doubt this board gives you way more control in reflow and lets you compensate for any possible subpar calibration while at it. Continue reading “Controller For 946C Hotplate Adds Reflow Profile Upload Over BLE”

Matthew [wrongbaud] Alt Is Fighting The Good Fight

September 30, 2022 by 6 Comments

In a perfect world, all of our electronic devices would come with complete documentation, and there’d be open source libraries available for interfacing them with whatever we wanted. There’d never be arbitrary lockouts preventing us from using a piece of hardware in a way the manufacturer didn’t approve of, and the “cloud” wouldn’t be a black-box server in some data center on the other side of the planet, but a transparent and flexible infrastructure for securely storing and sharing information.

Unfortunately, that’s not the world we live in. What’s worse, rather than moving towards that electronic utopia, the industry appears to be heading in the opposite direction. It seems like every month we hear about another service shutting down and leaving viable hardware to twist in the wind. Just yesterday Google announced they’d be retiring their Stadia game streaming service early next year — leaving users with unique Internet-connected controllers that will no longer have a back-end to communicate with.

Matthew Alt

Luckily for us, there’s folks like Matthew [wrongbaud] Alt out there. This prolific hacker specializes in reverse engineering, and has a knack not just for figuring out how things work, but in communicating those findings with others. His conquests have graced these pages many times, and we were fortunate enough to have him helm the Introduction to Reverse Engineering with Ghidra class for HackadayU back in 2020. This week, he stopped by the Hack Chat to talk about the past, present, and future of reverse engineering.

Matthew got his start in reverse engineering during college, when he was working in a shop that specialized in tuning engine control units (ECUs). He was responsible for figuring out how the ECUs functioned, which ultimately would allow them to be modified to improve engine performance beyond the vehicle’s stock configuration. Sometimes that involved uploading modified calibration data, or disabling functions that were detrimental to engine performance. These software changes could potentially increase engine output by as much as 50 HP, though he says that sometimes the goal was to simply increase throttle response so the vehicle would feel more aggressive on the road.

Moving on to the tools of the trade, Matthew explained why he prefers using Ghidra for embedded targets over classic reverse engineering tools like IDA Pro. As an example he points to a recent project where he used Ghidra’s API and intermediary language PCode to crack passwords in Game Boy Advance games. Though he does mention that IDA still has its place if you’re looking to peek into some Windows C++ software.

Matthew also pointed to new techniques and tools for working with fault injection which have opened up a lot of exciting possibilities over the last few years. In fact, he says tools like ChipWhisperer will become invaluable as newer devices adopt advanced security features. When gadgets are using secure boot and encrypted firmware, gaining access is going to take a bit more than just finding an unleaded serial port on the board. Glitching attacks will become more commonplace, so you might as well get up to speed now.

Colin O’Flynn’s ChipWhisperer makes side-channel power analysis and glitching attacks far more accessible.

To that end, Matthew pointed out a number of instructional courses that he and other hardware hackers such as Joe Grand have put together for those who want to get started with practical reverse engineering and have some disposable income. For those who’d rather work though it on their own, he dropped links to several Capture-the-Flag (CTF) events and wargames you can use to hone your skills.

We’d like to thank Matthew Alt for not just stopping by the Hack Chat, but for being such a good friend to the Hackaday community. His work has been inspirational for all of us here, and it’s always exciting when he’s penned a new blog post detailing another challenge bested. The next time your favorite MegaCorp releases some anti-consumer gadget, you can take some comfort in knowing he’s still out there bending hardware to his will.

The Hack Chat is a weekly online chat session hosted by leading experts from all corners of the hardware hacking universe. It’s a great way for hackers connect in a fun and informal way, but if you can’t make it live, these overview posts as well as the transcripts posted to Hackaday.io make sure you don’t miss out.

Hackaday Podcast 187: The Sound Of Gleeful Gerbils, The Song Of The Hard Drive, And A Lipstick Pickup Lullaby

September 30, 2022 by 2 Comments

This week, Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos gushed about NASA’s live obliteration of minor planet Dimorphos using a probe outfitted with a camera. Spoiler alert: the probe reaches its rock-dappled rocky target just fine, and the final transmitted image has a decidedly human tinge.

Kristina brought the mystery sound again this week, much to Elliot’s sonic delight. Did he get it? Did he figure it out? Well, no. The important thing is one of you is bound to get it.

We kick off the hacks with a really neat 3D printed linkage that acts as an elevator for a marble run, and then we discuss a mid-century hack that helps you decide whether it’s time to emerge from the fallout shelter using the contents of your typical 1950s pockets. We spent a few minutes comparing our recent radiation exposure levels  — Kristina wins with about a dozen x-rays so far this year, but no full-body CT scans. Then we talk guitars for a bit, remember a forgotten CPU from TI, and spend a few cycles talking about a tone-wheel organ that sounds like a chorus of gleeful gerbils.

Finally, we talk toner transfer for 3D prints, argue in defense of small teams versus large committees, and get all tangled up in cursive.

Direct download.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 187: The Sound Of Gleeful Gerbils, The Song Of The Hard Drive, And A Lipstick Pickup Lullaby”

This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR

September 30, 2022 by 13 Comments

According to researchers at GTSC, there’s an unpatched 0-day being used in-the-wild to exploit fully patched Microsoft Exchange servers. When they found one compromised server, they made the report to Microsoft through ZDI, but upon finding multiple Exchange servers compromised, they’re sounding the alarm for everyone. It looks like it’s an attack similar to ProxyShell, in that it uses the auto-discover endpoint as a starting point. They suspect it’s a Chinese group that’s using the exploit, based on some of the indicators found in the webshell that gets installed.

There is a temporary mitigation, adding a URL-based request block on the string .*autodiscover\.json.*\@.*Powershell.. The exact details are available in the post. If you’re running Exchange with IIS, this should probably get added to your system right now. Next, use either the automated tool, or run the PowerShell one-liner to detect compromise: Get-ChildItem -Recurse -Path -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200. This one has the potential to be another really nasty problem, and may be wormable. As of the time of writing, this is an outstanding, unpatched problem in Microsoft Exchange. Come back and finish the rest of this article after you’ve safed up your systems.

Continue reading “This Week In Security: Exchange 0-day, Doppelgangers, And Python Gets Bit In The TAR”