Build Yourself A Little Mangonel, You Deserve One

March 1, 2024 by 17 Comments

If you’re of a certain age, you almost certainly learned about mangonels by playing Age of Empires II. Any intermediate player will tell you they are a powerful siege weapon that nevertheless cannot destroy trees (in game). However, why limit yourself to experiencing this capable siege engine in digital form? With the help of [Arry Koster’s] design, you can build a little mangonel of your very own!

A good-looking siege engine is, more often than not, a well-performing one.

The build is intended for a student or hobbyist audience, and is for a mangonel roughly the size of a shoebox. That’s big enough to have some fun, without being so large as to get you into trouble. The project also comes complete with a useful spreadsheet that lets you simulate the performance of a mangonel hurling a projectile so you can better understand the physics involved.

The mangonel is constructed out of wood, just as medieval examples were. The guide explains how to put the the design together, including the use of graphite to lubricate moving parts — a technique also used historically. Beyond building the siege weapon itself, there are also instructions on how to instrument it with an Arduino to measure its performance accurately.

The only thing this project is missing is a brilliant video of the titchy siege machine in action. We want to see it knocking down some appropriately-sized castles! If you happen to be building your own siege engines, miniature or otherwise, don’t hesitate to drop us a line. Do include some excellent footage of your antics, to boot!

Hackaday Podcast Episode 260: KiCad 8, Two Weather Stations, And Multiple I2Cs

March 1, 2024 by 1 Comment

It’s a leap year, so Elliot and Dan put the extra day to good use tracking down all the hottest hacks from the past week and dorking out about them. There’s big news in the KiCad community, and we talked about all the new features along with some old woes. Great minds think alike, apparently, since two different e-ink weather stations made the cut this week, as did a floating oscilloscope, an automated film-developing tank, and some DIY solar panels.

We talked about a hacker who figured out that water makes a pretty good solar storage medium, and it’s cheaper than lithium, another who knows that a crappy lathe is better than no lathe, and what every hacker should know about Ethernet. Is there a future for room-temperature superconductors? Maybe it just depends on how cold the room is.

 

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Grab a copy for yourself if you want to listen offline.

Continue reading “Hackaday Podcast Episode 260: KiCad 8, Two Weather Stations, And Multiple I2Cs”

If You Thought Sega Only Made Electronic Games, Think Again

March 1, 2024 by 4 Comments

Most of us associate the name Sega with their iconic console gaming systems from the 1980s and 1990s, and those of us who maintain an interest in arcade games will be familiar with their many cabinet-based commercial offerings. But the company’s history in its various entities stretches back as far as the 1950s in the world of slot machines and eventually electromechanical arcade games. [Arcade Archive] is starting to tell the take of how one of those games is being restored, it’s a mid-1960s version of Gun Fight, at the Retro Collective museum in Stroud, UK.

The game is a table-style end-to-end machine, with the two players facing each other with a pair of diminutive cowboys over a game field composed of Wild West scenery. The whole thing is very dirty indeed, so a substantial part of the video is devoted to their carefully dismantling and cleaning the various parts.

This is the first video in what will become a series, but it still gives a significant look into the electromechanical underpinnings of the machine. It’s beautifully designed and made, with all parts carefully labelled and laid out with color-coded wiring for easy servicing. For those of us who grew up with electronic versions of Sega Gun Fight, it’s a fascinating glimpse of a previous generation of gaming, which we’re looking forward to seeing more of.

This is a faithful restoration of an important Sega game, but it’s not the first time we’ve featured old Sega arcade hardware.

Continue reading “If You Thought Sega Only Made Electronic Games, Think Again”

This Week In Security: Forksquatting, RustDesk, And M&Ms

March 1, 2024 by 14 Comments

Github is struggling to keep up with a malware campaign that’s a new twist on typosquatting. The play is straightforward: Clone popular repositories, add malware, and advertise the forks as the original. Some developers mistake the forks for the real projects, and unintentionally run the malware. The obvious naming choice is forksquatting, but the researchers at apiiro went with the safer name of “Repo Confusion”.

The campaign is automated, and GitHub is aware of it, with the vast majority of these malicious repositories getting removed right away. For whatever reason, the GitHub algorithm isn’t catching all of the new repos. The current campaign appears to publishing millions of forks, using code from over 100,000 legitimate projects. It’s beginning to seem that the squatting family of attacks are here to stay.

RustDesk and Odd Certificates

The RustDesk remote access software is interesting, as it’s open source, allows self-hosting, and written in Rust. I’ve had exploring RustDesk as a todo item for a long time, but a bit of concerning drama has just finished playing out. A user pointed out back in November that a test root certificate was installed as part of the RustDesk installation. That root cert is self-signed with SHA1. There is also concern that the RustDesk binaries are signed with a different certificate.

There have been new events since then. First, there was a Hacker News thread about the issue earlier this month. The next day, CVE-2024-25140 was registered with NIST, ranking an insane CVE 9.8 CVSS. Let’s cut through some FUD and talk about what’s really going on.

Continue reading “This Week In Security: Forksquatting, RustDesk, And M&Ms”

The Thinkpad in question, with a Linux shell open on its screen, showing that the device mode has been successfully enabled

ThinkPad X1 Carbon Turned USB Device Through Relentless Digging

March 1, 2024 by 15 Comments

In what’s perhaps one of the most impressive laptop reverse engineering posts in recent memory, [Andrey Konovalov] brings us an incredibly detailed story of how he’s discovered and successfully enabled a USB device controller in a ThinkPad X1 Carbon equipped with a 6th gen Intel CPU.

If you ever wanted to peek at the dirty secrets of a somewhat modern-day Intel CPU-based system, this write-up spares you no detail, and spans dozens of abstraction layers — from Linux drivers and modifying NVRAM to custom USB cable building and BIOS chip flashing, digging deep into undocumented PCH registers for the dessert.

All [Andrey] wanted was to avoid tinkering with an extra Raspberry Pi. While using a PCIe connected device controller, he’s found a reference to intel_xhci_usb_sw-role-switch in Linux sysfs, and dove into a rabbit hole, where he discovered that the IP core used for the laptop’s USB ports has a ‘device’ mode that can be enabled. A dig through ACPI tables confirmed this, but also highlighted that the device is disabled in BIOS. What’s more, it turned out to be locked away behind a hidden menu. Experiments in unlocking that menu ensued, in particular when it comes to bypassing Intel Boot Guard, a mechanism that checks BIOS image signatures before boot.

Continue reading “ThinkPad X1 Carbon Turned USB Device Through Relentless Digging”

DOOM Runs On Husqvarna’s Robot Lawnmower

March 1, 2024 by 26 Comments

DOOM has been ported to a lot of platforms — to the point where the joke is kind of getting old now. Evidence of that is available in the fact that brands are now getting in on the action. Yes, as reported by The Register, you can now officially play DOOM on your Husqvarna’s Automower.

Nice, right? Speedrun it on this interface.

We had to check if this was some kind of joke; indeed, the April release date had us looking at the calendar. However, it seems to be legit. You’ll be able to download a version of DOOM via the Husqvarna Automower Connect App, and play it on the tiny screen of your robot lawnmower. Hilariously, due to the size of the game, Husqvarna notes it “may take up to a week before the game is playable” due to the time it takes the mower to download it, along with a necessary software update.

Controls are simple. The knob on the robot is used for turning left and right, while pressing start lets you run forward. Firing weapons is done by pressing the control knob.

We’ve seen some quality ports before, including an arcade port that was particularly cool. Really, though, at this stage, you have to work harder to impress. Show us DOOM running on a Minuteman launch console or something. Continue reading DOOM Runs On Husqvarna’s Robot Lawnmower”

Easily Add Link Cable Support To Your Homebrew GBA Game

February 29, 2024 by 7 Comments

The Game Boy Advance (GBA) link cable is the third generation of this feature which originated with the Gameboy. It not only allows for peripherals to be connected, but also for multiplayer between GBAs – even with just one game copy – and item sharing and unlocking of features in specific games. This makes it an interesting feature to support in today’s homebrew GBA games and applications, made easy by libraries such as [Rodrigo Alfonso]’s gba-link-connection.

This C++  library can be used in a number of ways: either limited to just the physical link cable, just the wireless link option or both (universal link). These support either 4 (cable) or 5 (wireless) players to be connected simultaneously. As additional options there are the LinkGPIO.hpp and LinkSPI.hpp headers which allow the link port to be used either as a generic GPIO, or as an SPI link (up to 2 Mb/s). The multiboot feature where a single ROM image is shared among connected GBAs is supported with both wired and wireless links.

It’s heartening to see that a device which this year celebrates its 23rd birthday is still supported so well.

Thanks to [gudenau] for the tip.