Pushing Crates In 8-bit Color

February 24, 2023 by 6 Comments

Moore’s law isn’t strictly holding anymore, but it is still true that most computing systems are at least trending towards lower cost over time, if not also slightly smaller size. This means wider access to less expensive hardware, even if that hardware is still an 8-bit microcontroller. While some move on to more powerful platforms as a result of this trend, there are others still fighting to push these platforms to the edge. [lcamtuf] has been working to this end, stretching a small AVR microcontroller to not only play a classic video game, but to display it on a color display. Continue reading “Pushing Crates In 8-bit Color”

Two pairs of steel parallel pliers sit on a rough wooden benchtop. The pair on the left is open and the pair on the right is closed, demonstrating the parallel nature of the pliers' jaws over their entire range of motion. There are three brass pins flush with the steel surface of the handles and you can just barely make out the brass and copper filler material between the steel outer surfaces of the handles.

Producing A Pair Of Parallel Pliers

February 24, 2023 by 10 Comments

A regular pair of pliers is fine most of the time, but for delicate work with squarish objects you can’t go wrong with a pair of parallel pliers. [Neil Paskin] decided to make his own pair from scratch. (YouTube)

The jaws were machined down from round stock in [Paskin]’s mill before heat treating and tempering. The steel portions of the handles were cut from 16 gauge plate steel and half of them were stamped on a fly press to make the bridging section around the pivot bolt. The filler for the handles is copper on one side and brass on the other as [Paskin] didn’t have enough brass of the correct size to do both.

The steel and filler were joined with epoxy and copper pins before beveling the edges and sanding to give a comfortable contour to the handles. The bolts for the pliers started as ordinary hex bolts before being machined down on the lathe to a more aesthetically-pleasing shape and size. The final touches included electrolytically etching a logo into the bridge and then spraying down the pliers with a combination lubricant and corrosion preventative spray. This is surely a pair of pliers worth handing down through the generations.

For more mesmerizing machining, checkout this pocket safe or this tiny adjustable wrench.

Continue reading “Producing A Pair Of Parallel Pliers”

A clock with an e-paper display in a 3D-printed case

Low Power Challenge: E-Paper Shelf Label Becomes Ultra-Frugal Clock

February 24, 2023 by 12 Comments

Over the past two decades, e-paper has evolved from an exotic and expensive display technology to something cheap enough to be used for supermarket price tags. While such electronic shelf labels are now easy to find, actually re-using them is often tricky due to a lack of documentation. Luckily, [Aaron Christophel] has managed to reverse engineer many types of shelf labels, and he’s demonstrated the results by turning one into an ultra-low-power clock called Triink. It’s based on a 128×296 pixel e-ink display paired with an nRF52832 BlueTooth Low-Energy SoC and uses just 65 micro-amperes on average: low enough to keep it running for more than a year on a single battery charge.

A PCB for an e-ink clock
Power on the left, e-ink on the right: the custom PCB is clever and compact, too

The clock is housed in an enclosure that’s simple but effective: a 3D-printed triangular prism with a slot for the screen and space for the 18650 lithium battery. One side can be opened to access the internal components, although that’s really only needed to charge the battery. You can see how cleverly everything snaps together in the video embedded below. Continue reading “Low Power Challenge: E-Paper Shelf Label Becomes Ultra-Frugal Clock”

Toroid Transformers Explained

February 24, 2023 by 34 Comments

HF radios often use toroidal transformers and winding them is a rite of passage for many RF hackers. [David Casler, KE0OG] received a question about how they work and answered it in a recent video that you can see below.

Understanding how a conventional transformer works is reasonably simple, but toroids often seem mysterious because the thing that makes them beneficial is also what makes them confusing. The magnetic field for such a transformer is almost totally inside the “doughnut,” which means there is little interaction with the rest of the circuit, and the transformer can be very efficient.

The toroid itself is made of special material. They are usually formed from powdered iron oxide mixed with other metals such as cobalt, copper, nickel, manganese, and zinc bound with some sort of non-conducting binder like an epoxy. Ferrite cores have relatively low permeability, low saturation flux density, and low Curie temperature. The powder also reduces the generation of eddy currents, a source of loss in transformers. Their biggest advantage is their high electrical resistivity, which helps reduce the generation of eddy currents.

If you haven’t worked through how these common little transformers work, [David]’s talk should help you get a grip on them. These aren’t just for RF. You sometimes see them in power supplies that need to be efficient, too. If you are too lazy to wind your own, there’s always help.

Continue reading “Toroid Transformers Explained”

Hackaday Podcast 207: Modular Furniture, Plastic Prosthetics, And Your Data On YouTube

February 24, 2023 by 6 Comments

Join Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi as they explore the best and most interesting stories from the last week. The top story if of course the possibility that at least some of the unidentified flying objects the US Air Force valiantly shot down were in fact the work of amateur radio enthusiasts, but a quantitative comparison of NASA’s SLS mega-rocket to that of popular breakfast cereals is certainly worth a mention as well.

Afterwards the discussion will range from modular home furnishings to the possibility of using YouTube (or maybe VHS tapes) to backup your data and AI-generated Pong. Also up for debate are cheap CO2 monitors which may or may not be CO2 monitors, prosthetic limbs made from locally recycled plastic, and an answer to Jenny’s Linux audio challenge from earlier this month.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download it your own bad self!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 207: Modular Furniture, Plastic Prosthetics, And Your Data On YouTube”

Hunting For Space Pirates

February 24, 2023 by 14 Comments

Ever since the first artificial satellite was launched into orbit, radio operators around the world have been tuning in to their space-based transmissions. Sputnik 1 only sent back pulses of radio waves, but in the decades to follow ever more advanced radio satellites were put into service that could support two-way communications from Earth to space and back again.

Some of these early satellites were somewhat lacking in security, though, and have been re-purposed by various pirates around the world for their own ends. [Gabe] aka [saveitforparts] is here to show us how to hunt for those pirates and listen in on their radio traffic.

Pirates on these satellites have typically used them for illicit activities, and it is still illegal to use them for non-governmental or non-military purposes, so [Gabe] notes that he will only be receiving, not transmitting. The signals he is tuning in to are VHF transmissions, specifically around 220 MHz. That puts them easily within the reach of the RTL-SDR and common ham radio equipment, but since they are coming from space a more directional antenna is needed. [Gabe] quickly builds a Yagi antenna from scrap, tuned specifically to 255 MHz, and mounts it to an old remote-controlled security camera mount which allows him to point it exactly at the satellite and monitor transmissions.

From there he is able to pick up what looks like a few encrypted and/or digital transmissions, plus analog transmissions of likely pirates speaking a language he guesses to be Portuguese. He also hears what he thinks is a foreign TV broadcast, but oddly enough turns out to be NPR. These aren’t the only signals in space to tune to, either. There are plenty of purpose-built ham radio satellites available for any licensed person to use, and we’ve also seen this other RTL-SDR configured to snoop on Starlink signals.

Continue reading “Hunting For Space Pirates”

This Week In Security: GoDaddy, Joomla, And ClamAV

February 24, 2023 by 1 Comment

We’ve seen some rough security fails over the years, and GoDaddy’s recent news about a breach leading to rogue website redirects might make the highlight reel. The real juicy part is buried on page 30 of a PDF filing to the SEC.

Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.

That multi-year campaign appears to goes back to at least October 2019, when an SSH file was accessed and altered, leading to 28,000 customer SSH usernames and passwords being exposed. There was also a 2021 breach of the GoDaddy WordPress environment, that has been linked to the same group.

Reading between the lines, there may be an implication here that the attackers had an ongoing presence in GoDaddy’s internal network for that entire multi-year period — note that the quote above refers to a single campaign, and not multiple campaigns from the same actor. That would be decidedly bad.

Joomla’s Force Persuasion

Joomla has a critical vulnerability, CVE-2023-23752, which is a trivial information leak from a web endpoint. This flaw is present in all of the 4.x releases, up to 4.2.8, which contains the fix. The issue is the Rest API, which gives access to pretty much everything about a given site. It has an authentication component, of course. The bypass is to simply append ?public=true. Yes, it’s a good old “You don’t need to see his identification” force suggestion.

There’s even a PoC script that runs the request and spits out the most interesting data: the username, password, and user id contained in the data. It’s not quite as disastrous as that sounds — the API isn’t actually leaking the administrative username and password, or even password hash. It’s leaking the SQL database information. Though if your database is accessible from the Internet, then that’s pretty much as bad as it could be. Continue reading “This Week In Security: GoDaddy, Joomla, And ClamAV”