Hackaday Podcast Episode 259: Twin-T, Three-D, And Driving To A Tee

February 23, 2024 by 4 Comments

Hackaday Editors Elliot Williams and Al Williams sat down to compare notes on their favorite Hackaday posts of the week. You can listen in on this week’s podcast. The guys talked about the latest Hackaday contest and plans for Hackaday Europe. Plus, there’s a what’s that sound to try. Your guess can’t be worse than Al’s, so take a shot. You could win a limited-edition T-shirt.

In technical articles, Elliot spent the week reading about brushless motor design, twin-t oscillators, and a truly wondrous hack to reverse map a Nintendo Switch PCB. Al was more nostalgic, looking at the 555 and an old Radio Shack kit renewed. He also talked about a method to use SQL to retrieve information from Web APIs.

Quick hacks were a decided mix with everything from homemade potentiometers to waterproof 3D printing. Finally, the guys talked about Hackaday originals. Why don’t we teach teens to drive with simulators? And why would you want to run CP/M — the decades-old operating system — under Linux?

Download the file suitable for listening, burning on CDs, or pressing on vinyl.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 259: Twin-T, Three-D, And Driving To A Tee”

Tool Demagnetizers And The Magnetic Stray Field

February 23, 2024 by 9 Comments

If you’ve ever found yourself wondering how those tool magnetizer/demagnetizer gadgets worked, [Electromagnetic Videos] has produced a pretty succinct and informative video on the subject.

The magnetizer/demagnetizer gadget after meeting its demise at a cutting disc. (Credit: Electromagnetic Videos, YouTube)
The magnetizer/demagnetizer gadget after meeting its demise at a cutting disc. (Credit: Electromagnetic Videos, YouTube)

While the magnetizing step is quite straightforward and can be demonstrated even by just putting any old magnet against the screwdriver’s metal, it is the demagnetization step that doesn’t make intuitively sense, as the field lines of the magnets are supposed to align the (usually ferromagnetic) material’s magnetic dipole moments and thus create an ordered magnetic field within the screwdriver.

This is only part of the story, however, as the magnetic field outside of a magnet is termed the demagnetizing field (also ‘stray field’). A property of this field is that it acts upon the magnetization of e.g. ferromagnetic material in a way that reduces its magnetic moment, effectively ‘scrambling’ any existing magnetization.

By repeatedly moving a metal tool through this stray field, each time further and further away from the magnet, the magnetic moment reduces until any magnetization has effectively vanished. It is the kind of simple demonstration of magnetism that really should be part of any physics class thanks to its myriad of real-world uses, as this one toolbox gadget shows.

Continue reading “Tool Demagnetizers And The Magnetic Stray Field”

This Week In Security: Wyze, ScreenConnect, And Untrustworthy Job Postings

February 23, 2024 by 7 Comments

For a smart home company with an emphasis on cloud-connected cameras, what could possibly be worse than accidentally showing active cameras to the wrong users? Doing it again, to far more users, less than 6 months after the previous incident.

The setup for this breach was an AWS problem, that caused a Wyze system outage last Friday morning. As the system was restored, the load spiked and a caching library took the brunt of the unintentional DDoS. This library apparently has a fail state of serving images and videos to the wrong users. An official report from Wyze mentions that this library had been recently added, and that the number of thumbnails shown to unauthorized users was around 13,000. Eek. There’s a reason we recommend picking one of the Open Source NVR systems here at Hackaday.

ScreenConnect Exploit in the Wild

A pair of vulnerabilities in ConnectWise ScreenConnect were announced this week, Proof of Concepts were released, and are already being used in active exploitation. The vulnerabilities are a CVSS 10.0 authentication bypass and a CVSS 8.4 path traversal bypass.

Huntress has a guide out, detailing how embarrassingly easy the vulnerabilities are to exploit. The authentication bypass is a result of a .Net quirk, that adding an additional directory on the end of a .aspx URL doesn’t actually change the destination, but is captured as PathInfo. This allows a bypass of the protections against re-running the initial setup wizard: hostname/SetupWizard.aspx/literallyanything

The second vulnerability triggers during extension unpack, as the unzipping process doesn’t prevent path traversal. The most interesting part is that the unzip happens before the extension installation finishes. So an attacker can compromise the box, cancel the install, and leave very little trace of exploitation. Continue reading “This Week In Security: Wyze, ScreenConnect, And Untrustworthy Job Postings”

Your Noisy Fingerprints Vulnerable To New Side-Channel Attack

February 23, 2024 by 28 Comments

Here’s a warning we never thought we’d have to give: when you’re in an audio or video call on your phone, avoid the temptation to doomscroll or use an app that requires a lot of swiping. Doing so just might save you from getting your identity stolen through the most improbable vector imaginable — by listening to the sound your fingerprints make on the phone’s screen (PDF).

Now, we love a good side-channel attack as much as anyone, and we’ve covered a lot of them over the years. But things like exfiltrating data by blinking hard drive lights or turning GPUs into radio transmitters always seemed a little far-fetched to be the basis of a field-practical exploit. But PrintListener, as [Man Zhou] et al dub their experimental system, seems much more feasible, even if it requires a ton of complex math and some AI help. At the heart of the attack are the nearly imperceptible sounds caused by friction between a user’s fingerprints and the glass screen on the phone. These sounds are recorded along with whatever else is going on at the time, such as a video conference or an online gaming session. The recordings are preprocessed to remove background noise and subjected to spectral analysis, which is sensitive enough to detect the whorls, loops, and arches of the unsuspecting user’s finger.

Once fingerprint patterns have been extracted, they’re used to synthesize a set of five similar fingerprints using MasterPrint, a generative adversarial network (GAN). MasterPrint can generate fingerprints that can unlock phones all by itself, but seeding the process with patterns from a specific user increases the odds of success. The researchers claim they can defeat Automatic Fingerprint Identification System (AFIS) readers between 9% and 30% of the time using PrintListener — not fabulous performance, but still pretty scary given how new this is.

ESP32 Oscilloscope Skips Screen For The Browser

February 23, 2024 by 29 Comments

An oscilloscope can be an expensive piece of equipment, but not every measurement needs four channels and gigahertz sampling rates. For plenty of home labs, old oscilloscopes with CRTs can be found on the used marketplace for a song that are still more than capable of getting the job done, but even these can be overpowered (not to mention extremely bulky). If you’re looking for something even cheaper, and quite a bit smaller, this ESP32 scope from [BojanJurca] might fit the bill.

The resulting device manages to keep costs extremely low, but not without a trade-off. For this piece of test equipment, sampling is done over the I2C bus on the ESP32, which can manage a little over 700 samples per second with support for two channels. With the ESP32 connected to a wireless network, the data it captures can be viewed from a browser in lieu of an attached screen, which also keeps the size of the device exceptionally small. While it’s not a speed demon, that’s more than fast enough to capture waveforms from plenty of devices or our own circuit prototypes in a form factor that can fit even the smallest spaces.

Of course for work on devices with faster switching times, it’s always good to keep a benchtop oscilloscope around. But as far as we can tell this one is the least expensive, smallest, and most capable we’ve come across that would work for plenty of troubleshooting or testing scenarios in a pinch. We’ve seen others based on slightly more powerful microcontrollers like this one based on the STM32 and this other built around the Wio Terminal with a SAMD51, both of which also include built-in screens.

The Latest Advancements In Portable N64 Modding

February 22, 2024 by 7 Comments

[Chris Downing] has been in the mod scene a long time, and his 5th GeN64 Portable is his most modern portable Nintendo 64 yet. The new build has an improved form factor, makes smart use of 3D printing and CNC cutting, efficiently uses PCBs to reduce wiring, and incorporates a battery level indicator. That last feature is a real quality of life improvement, nicely complementing the ability to charge over USB-C.

What’s interesting about builds like this is that it’s all about the execution. The basic parts required to mod a classic games console into a portable unit are pretty well understood, and off-the-shelf modules like button assemblies exist to make the job far easier than it was back in the day when all had to be done from scratch. We’ve admired [Chris Downing]’s previous builds, and what differentiates one mod from another really comes down to layout and execution, and that’s where the 5th GeN64 Portable shines. Continue reading “The Latest Advancements In Portable N64 Modding”

The ELIZA Archaeology Project: Uncovering The Original ELIZA

February 22, 2024 by 31 Comments

Since ELIZA was created by [Joseph Weizenbaum] in the 1960s, its success had led to many variations and ports being written over the intervening decades. The goal of the ELIZA Archaeology Project by Stanford, USC, Oxford and other university teams is to explore and uncover as much of this history as possible, starting with the original 1960s code. As noted in a recent blog post by [Anthony Hay], most of the intervening ‘ELIZA’ versions seem to have been more inspired by the original rather than accurate replicas or extensions of the original. This raises the question of what the original program really looked like, a question which wasn’t answered until 2020 when the original source code was rediscovered. Continue reading “The ELIZA Archaeology Project: Uncovering The Original ELIZA”