Getting Root Access On A Tesla

January 5, 2024 by 36 Comments

A growing number of manufacturers are locking perfectly good hardware behind arbitrary software restrictions. While this ought to be a bigger controversy, people seem to keep paying for things like printers with ink subscriptions, cameras with features disabled in firmware, or routers with speed restrictions, ensuring that this practice continues. Perhaps the most blatant is car manufacturers that lock features such as heated seats or even performance upgrades in the hopes of securing a higher price for their vehicles. This might be a thing of the past for Teslas, whose software has been recently unlocked by Berlin IT researchers.

Researchers from Technische Universität Berlin were able to unlock Tesla’s driving assistant by inducing a two-microsecond voltage drop on the processor which allowed root access to the Autopilot software. Referring to this as “Elon mode” since it drops the requirement for the driver to keep their hands on the steering wheel, they were able to access the full self-driving mode allowing autonomous driving without driver input. Although this might be a bad idea based on the performance of “full self-driving” in the real world, the hack at least demonstrates a functional attack point and similar methods could provide free access to other premium features.

While the attack requires physical access to the vehicle’s computer and a well-equipped workbench, in the short term this method might allow for owners of vehicles to use hardware they own however they would like, and in the long term perhaps may make strides towards convincing manufacturers that “features as a service” isn’t a profitable strategy. Perhaps that’s optimistic, but at least for Teslas it’s been shown that they’re not exactly the most secured system on four wheels.

Two pictures of the mobo side by side, both with kapton tape covering everything other than the flash chip. On the left, the flash chip is populated, whereas on the right it's not

Enabling Intel AMT For BIOS-over-WiFi

January 5, 2024 by 28 Comments

Intel ME, AMT, SMT, V-Pro… All of these acronyms are kind of intimidating, all we know about them is that they are tied to remote control technologies rooted deep in Intel CPUs, way deeper than even operating systems go. Sometimes though, you want remote control for your own purposes, and that’s what [ABy] achieved. He’s got a HP ProDesk 600 G3 Mini, decided to put it into a hard to reach spot in his flat, somewhere you couldn’t easily fetch a monitor and a keyboard for any debugging needs. So, he started looking into some sort of remote access option in case he’d need to access the BIOS remotely, and went as far as it took to make it work. (Google Translate)

The features he needed are covered by Intel AMT — specifically, BIOS access over a WiFi connection. However, his mini PC only had SMT enabled from the factory, the cut-down version of AMT without features like wireless support. He figured out that BIOS dumping was the way, promptly did just that, found a suitable set of tools for his ME region version, and enabled AMT using Intel’s FIT (Flash Image Tool) software.

Now, dumping the image could be done from a running system fully through software, but apparently, flashing back requires an external programmer. He went with the classic CH341, did the 3.3 V voltmod that’s required to make it safe for flash chip use, and proceeded to spend a good amount of time making it work. Something about the process was screwy, likely the proprietary CH341 software. Comments under the article highlight that you should use flashrom for these tasks, and indeed, you should.

This article goes into a ton of detail when it comes to working with Intel BIOS images — whichever kind of setting you want to change, be it AMT support or some entirely different but just as tasty setting, you will be well served by this write-up. Comments do point out that you might want to upgrade the Intel ME version while at it, and for what it’s worth, you can look into disabling it too; we’ve shown you a multitude of reasons why you should, and a good few ways you could.

Aqueous Battery Solves Lithium’s Problems

January 4, 2024 by 15 Comments

The demand for grid storage ramps up as more renewable energy sources comes online, but existing technology might not be up to the challenge. Lithium is the most popular option for battery storage right now, not just due to the physical properties of the batteries, but also because we’re manufacturing them at a massive scale already. Unfortunately they do have downsides, especially with performance in cold temperatures and a risk of fires, which has researchers looking for alternatives like aqueous batteries which mitigate these issues.

An aqueous battery uses a water-based electrolyte to move ions from one electrode to the other. Compared to lithium, which uses lithium salts for the electrolyte, this reduces energy density somewhat but improves safety since water is much less flammable. The one downside is that during overcharging or over-current situations, hydrogen gas can be produced by electrolysis of the water, which generally needs to be vented out of the battery. This doesn’t necessarily damage the battery but can cause other issues. To avoid this problem, researchers found that adding a manganese oxide to the battery and using palladium as a catalyst caused any hydrogen generated within the battery’s electrolyte to turn back into water and return to the electrolyte solution without issue.

Of course, these batteries likely won’t completely replace lithium ion batteries especially in things like EVs due to their lower energy density. It’s also not yet clear whether this technology, like others we’ve featured, will scale up enough to be used for large-scale applications either, but any solution that solves some of the problems of lithium, like the environmental cost or safety issues, while adding more storage to an increasingly renewable grid, is always welcome.

Diagram from the blog post, showing how GATT communication capture works

Hacking BLE To Liberate Your Exercise Equipment

January 4, 2024 by 17 Comments

It’s a story we’ve heard many times before: if you want to get your data from the Domyos EL500 elliptical trainer, you need to use a proprietary smartphone application that talks to the device over Bluetooth Low-Energy (BLE). To add insult to injury, the only way to the software will export your workout information is by producing a JPG image of a graph. This just won’t do, so [Juan Carlos Jiménez] gives us yet another extensive write-up, which provides an excellent introduction to practical BLE hacking.

He walks us through BLE GATT (Generic Attribute Profile), the most common way such devices work, different stages of the connection process, and the tools you can use for sniffing an active connection. Then [Juan] shows us a few captured messages, how to figure out packet types, and moves into the tastiest part — using an ESP32 to man-in-the-middle (MITM) the connection.

Continue reading “Hacking BLE To Liberate Your Exercise Equipment”

Telescope Rides On 3D Printed Equatorial Table

January 4, 2024 by 25 Comments

In the realm of amateur astronomy, enthusiasts find themselves navigating a cosmos in perpetual motion. Planets revolve around stars, which, in turn, orbit within galaxies. But the axial rotation of the Earth and the fact that its axis is tilted is the thing that tends to get in the way of viewing celestial bodies for any appreciable amount of time.

Amateur astronomy is filled with solutions to problems like these that don’t cost an arm and a leg, though, like this 3D printed equatorial table built by [aeropic]. An equatorial table is a device used to compensate for the Earth’s rotation, enabling telescopes to track celestial objects accurately. It aligns with the Earth’s axis, allowing the telescope to follow the apparent motion of stars and planets across the night sky.

Equatorial tables are specific to a location on the Earth, though, so [aeropic] designed this one to be usable for anyone between around 30° and 50° latitude. An OpenSCAD script generates the parts that are latitude-specific, which can then be 3D printed.

From there, the table is assembled, mounted on ball bearings, and powered by a small stepper motor controlled by an ESP32. The microcontroller allows a telescope, in this case a Newtonian SkyWatcher telescope, to track objects in the sky over long periods of time without any expensive commercially-available mounting systems.

Equatorial tables like these are indispensable for a number of reasons, such as long-exposure astrophotography, time lapse imaging, gathering a large amount of observational detail for scientific purposes, or simply as an educational tool to allow more viewing of objects in the sky and less fussing with the telescope. They’re also comparatively low-cost which is a major key in a hobby whose costs can get high quickly, but not even the telescope needs to be that expensive. A Dobsonian telescope can be put together fairly quickly sometimes using off-the-shelf parts from IKEA.

DIY Chemistry Points The Way To Open Source Blood Glucose Testing

January 4, 2024 by 16 Comments

Every diabetic knows that one of the major burdens of the disease is managing supplies. From insulin to alcohol wipes, diabetes is a resource-intensive disease, and running out of anything has the potential for disaster. This is especially true for glucose test trips, the little electrochemical dongles that plug into a meter and read the amount of glucose in a single drop of blood.

As you might expect, glucose test strips are highly proprietary, tightly regulated, and very expensive. But the chemistry that makes them work is pretty simple, which led [Markus Bindhammer] to these experiments with open source glucose testing. It’s all part of a larger effort at developing an open Arduino glucometer, a project that has been going on since 2016 but stalled in part thanks to supply chain difficulties on the chemistry side, mainly in procuring glucose oxidase, an enzyme that oxidizes glucose. The reaction creates hydrogen peroxide, which can be measured to determine the amount of glucose present.

With glucose oxidase once again readily available — from bakery and wine-making suppliers — [Markus] started playing with the chemistry. The first reaction in the video below demonstrates how iodine and starch can be used as a reagent to detect peroxide. A tiny drop of glucose solution turns the iodine-starch suspension a deep blue color in the presence of glucose oxidase.

While lovely, colorimetric reactions such as these aren’t optimal for analyzing blood, so reaction number two uses electrochemistry to detect glucose. Platinum electrodes are bathed in a solution of glucose oxidase and connected to a multimeter. When glucose is added to the solution, the peroxide produced lowers the resistance across the electrodes. This is essentially what’s going on in commercial glucose test strips, as well as in continuous glucose monitors.

Hats off to [Markus] for working so diligently on this project. We’re keenly interested in this project, and we’ll be following developments closely. Continue reading “DIY Chemistry Points The Way To Open Source Blood Glucose Testing”

Sandpaper Alternatives For 3D Prints

January 4, 2024 by 19 Comments

A finished 3D print, especially plastic deposition types, often have imperfections in them from the process of laying down each layer of material and from the printer itself. For small batches or one-off parts, we might reach for a few pieces of sandpaper to smooth out these rough edges. While that might work for a small number of parts, it’s not always the best or lowest-effort option for refining these prints. There are a few alternative methods to try out if your fingers are getting sore, though.

Rather than removing material as sandpaper does, most of these methods involve adding material to the print in order to fill in the rough edges of the print. There is a 3D-print-specific product listed called 3D Gloop! which is generally used as a glue to hold plastic parts together, but can also act as a fill in a pinch. Two other similar methods, one using spray paint and polyurethane and the other using epoxy, are more general-purpose ways of finishing the prints with a more natural texture than the printer will produce on its own. They’re not all additive, though; the final (and perhaps, most toxic) method here to achieve a smooth surface on a print uses solvent to remove some of the material instead.

While sandpaper does have its time and place, certain prints may lend themselves more to being finished by one of these other methods especially if they are overly complex, fragile, or an unusual size. Take note of the safety gear you’ll want to have on hand for most of these methods, though, as gloves and a respirator are highly encouraged and possibly helpful even if using only sandpaper. These aren’t the only ways of finishing 3D prints, either. Some of our other favorites are using glazing putty or silver for the finish.