Arduino Library Brings Rtl_433 To The ESP32

January 13, 2023 by 9 Comments

If you have an RTL-SDR compatible radio there’s an excellent chance you’ve heard of the rtl_433 project, which lets you receive and decode signals from an ever-expanding list of supported devices in the ISM radio bands. It’s an incredibly useful piece of software, but the fact that it requires an external software defined radio and a full-fledged computer to run dictated the sort of projects it could realistically be used for.

But thanks to the rtl_433_ESP Arduino library developed by [NorthernMan54], we’re now able to pack that functionality into a much smaller package. All you need is an ESP32 microcontroller and a CC1101 or SX127X transceiver module. If you’re looking for a turn-key hardware platform, the documentation notes the LILYGO LoRa32 V2 board includes the required hardware, plus adds a handy OLED display and microSD slot. It should be noted that the range of these radios don’t compare particularly well to a full-size RTL-SDR device, but that probably won’t come as much of a surprise. Continue reading “Arduino Library Brings Rtl_433 To The ESP32”

DIY Fiber Laser Adds Metal Cutting To The Mix

January 13, 2023 by 23 Comments

Sadly, the usual CO2-powered suspects in the DIY laser cutter market are woefully incapable of cutting metal. Sure, they’ll cut the heck out of plywood and acrylic, and most will do a decent job at engraving metal. But cutting through a sheet of steel or aluminum requires a step up to much more powerful fiber laser cutters. True, the costs of such machines can be daunting, but not daunting enough for [Travis Mitchell], who has undertaken a DIY fiber laser cutter build that really caught our eye.

Right off the bat, a couple of things are worth noting here. First — and this should be obvious from the fountains of white-hot sparks in the video below — laser cutters are dangerous, and you should really know what you’re doing before tackling such a build. Second, just because [Travis] was able to cut costs considerably compared to a commercial fiber laser cutter doesn’t mean this build was cheap in absolute terms — he reports dropping about $15,000 so far, with considerable ongoing costs to operate the thing.

That said, there doesn’t appear to be anything about this build that anyone with some experience building CNC machines wouldn’t be able to tackle. The CNC side of this is pretty straightforward, although we note that the gantry, servos, and controller seem especially robust.

The laser itself is an off-the-shelf machine, a Raycus RFL-C1000 fiber laser and head that packs a 1,000-Watt punch. There’s also the required cooling system for the laser, and of course there’s an exhaust system to get rid of the nasty fumes.

All that stuff requires a considerable investment, but we were surprised to learn how much the consumables cost. [Travis] opted for bottled gas for the cutter’s gas assist system — low-pressure oxygen for carbon steel and high-pressure nitrogen for everything else. Refills are really pricey, in part because of the purity required, but since the proper compressor for the job is out of the budget for now, the tanks will have to do. And really, the thing cuts like a dream. Check out the cutting speed and precision in the video below.

This is but the first in a series of videos that will detail the build, and if [Travis] thought this would whet our appetites for more, he was right. We really haven’t seen many DIY fiber laser builds, but we have seen a teardown of a 200-kW fiber laser that might tickle your fancy.

Continue reading “DIY Fiber Laser Adds Metal Cutting To The Mix”

A Medieval Gothic Monastery Built Using CAD / CAM

January 13, 2023 by 51 Comments

Just because you’re a monk doesn’t mean you can’t use CAD. The Carmelite monks of Wyoming are building a grandiose Gothic Monastery, and it’s awe inspiring how they are managing to build it.

The Carmelite monks needed a new, larger monastery to house their growing numbers, and found a parcel of land near Meeteetse Creek in Wyoming. The design of their new Gothic monastery was outsourced to an architectural firm. Gothic architecture is characterised by key architectural elements such as pointed arches, large stained glass windows, rib vaults, flying buttresses, pinnacles and spires, elaborate entry portals, and ornate decoration.

After some research, the monks settled on using Kansas Silverdale limestone for the monastery. Cutting and carving the elaborate stone pieces required for such a project, within time and cost constraints, could only be achieved using CNC machines. Hand carving was ruled out as it was a very slow process, would cost a whole lot more, and it wouldn’t be easy to find the artisans for the job. So when it came to shortlisting vendors for the vast amount of stone cutting and carving required for construction, the monks found themselves alarmed at how prohibitively expensive it would turn out to be.

Continue reading “A Medieval Gothic Monastery Built Using CAD / CAM”

Hackaday Podcast 201: Faking A Transmission, Making Nuclear Fuel, And A Slidepot With A Twist

January 13, 2023 by 2 Comments

Even for those with paraskevidekatriaphobia, today is your lucky day as Editor-in-Chief Elliot Williams and Staff Writer Dan Maloney sit under ladders with umbrellas while holding black cats to talk about the week in awesome hacks. And what a week it was, with a Scooby Doo code review, mushrooms in your PCBs, and the clickiest automatic transmission that never was. Have you ever flashed the firmware on a $4 wireless sensor? Maybe you should try. Wondering how to make a rotary Hall sensor detect linear motion? We’ll answer that too. Will AI muscle the dungeon master out of your D&D group? That’s a hard no. We’ll talk about a new RISC-V ESP32, making old video new again, nuclear reactor kibble, and your least satisfying repair jobs. And yes, everyone can relax — I’m buying her a new stove.

Download the podcast in case our servers get unlucky.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 201: Faking A Transmission, Making Nuclear Fuel, And A Slidepot With A Twist”

Concrete Coffee Table Can Take A Beating

January 13, 2023 by 30 Comments

A good coffee table should have a hard-wearing surface and some serious heft to it. This build from [designcoyxe] hits both those criteria with its concrete-based design.

To create the table surface, the first step was to create a form. Melamine was used for the job, thanks to its smooth surface. A rectangular form was readily fabbed up, sealed internally and waxed, and then the concrete was poured. For added strength, the form was only half-filled, and a mesh was added for reinforcement. The rest of the concrete was then poured in to complete the tabletop. The table legs themselves were crafted out of maple, formerly used as a butcher’s block. The light wood makes a great contrast to the dark grey concrete. Plus, the stout, thick, wooden legs are a great combination with the strength of the tabletop itself.

It’s hard to overstate how good concrete is as a coffee table material. It’s difficult to damage and difficult to stain. Plus, if you really need to drive a point home, you can be certain slamming down your mug will get everyone’s attention (just be wary of injury). We’ve seen some other great concrete furniture before, too.

Continue reading “Concrete Coffee Table Can Take A Beating”

This Week In Security: Cacti RCE, VMs In The Browser, And SugarCRM

January 13, 2023 by 7 Comments

This week we start with a Remote Code Execution (RCE) vulnerability that has potential to be a real pain for sysadmins. Cacti, the system monitoring and graphing solution, has a pair of bugs that chain together to allow an attacker with unauthenticated access to the HTTP/S port to trivially execute bash commands. The first half of this attack is an authentication bypass, and it’s embarrassingly trivial. The Cacti authentication code trusts the Forwarded-For: header in the request. Set it to the server’s IP, and the authentication code treats it like a localhost request, bypassing any real authentication process.

The second half is found in the remote_agent.php endpoint, where the poller_id is set by the user and treated as a string. Then, if the right host_id and local_data_id item is triggered, that string is concatenated into a proc_open() function call. The string isn’t sanitized, so it’s trivial enough to include a second command to run, dropping a webshell, for instance.

Version 1.2.23 of Cacti contains the fix, and released on the 2nd. This one is likely to be exploited, and if automated exploitation hasn’t started already, it likely will soon. So if you have a Cacti install, go double-check that the interface isn’t exposed to the world.

JSON Web Token

Researchers at Unit 42 found an exploit that can be used to achieve an RCE in the JsonWebToken project. The issue is this library’s verify() function, which takes arguments of the token to check, the key to use, and options. If there aren’t any algorithms specified in the options object, then the key is processed as a PEM string. The toString() method of that key is called during the actual check, and the assumption is that it’s either a string or buffer. But what if the key passed in to the verify() function was actually a complex object, bringing it’s own toString() method along to play. At that point, we have arbitrary code execution. And if this code is running on the server-side under node.js, that means a popped server.

But wait, it’s not that simple, right? It’s not like a valid JWT can contain an arbitrary object — that would be a problem all on its own. So CVE-2022-23529 is a stepping-stone. It’s insecure code, but the rest of the application has to have another vulnerability for this one to be reachable. Continue reading “This Week In Security: Cacti RCE, VMs In The Browser, And SugarCRM”

Fixing An HP 54542C With An FPGA And VGA Display

January 13, 2023 by 11 Comments

Although the HP 54542C oscilloscope and its siblings are getting on in years, they’re still very useful today. Unfortunately, as some of the first oscilloscopes to switch from a CRT display to an LCD they are starting to suffer from degradation. This has led to otherwise perfectly functional examples being discarded or sold for cheap, when all they need is just an LCD swap. This is what happened to [Alexander Huemer] with an eBay-bought 54542C.

Although this was supposed to be a fully working unit, upon receiving it, the display just showed a bright white instead of the more oscilloscope-like picture. A short while later [Alexander] was left with a refund, an apology from the seller and an HP 54542C scope with a very dead LCD. This was when he stumbled over a similar repair by [Adil Malik], right here on Hackaday. The fix? Replace the LCD with an FPGA and VGA-input capable LCD.

While this may seem counter intuitive, the problem with LCD replacements is the lack of standardization. Finding an 8″, 640×480, 60 Hz color LCD with a compatible interface as the one found in this HP scope usually gets you salvaged LCDs from HP scopes, which as [Alexander] discovered can run up to $350 and beyond for second-hand ones. But it turns out that similar 8″ LCDs are found everywhere for use as portable displays, all they need is a VGA input.

Taking [Adil]’s project as the inspiration, [Alexander] used an UPduino v3.1 with ICE40UP5K FPGA as the core LCD-to-VGA translation component, creating a custom PCB for the voltage level translations and connectors. One cool aspect of the whole system is that it is fully reversible, with all of the original wiring on the scope and new LCD side left intact. One niggle was that the scope’s image was upside-down, but this was fixed by putting the new LCD upside-down as well.

After swapping the original cooling fan with a better one, this old HP 545452C is now [Alexander]’s daily scope.