Back Up Your Data On Paper With Lots Of QR Codes

September 12, 2024 by 55 Comments

QR codes are used just about everywhere now, for checking into venues, ordering food, or just plain old advertising. But what about data storage? It’s hardly efficient, but if you want to store your files in a ridiculous paper format—there’s a way to do that, too!

QR-Backup was developed by [za3k], and is currently available as a command-line Linux tool only. It takes a file or files, and turns them into a “paper backup”—a black-and white PDF file full of QR codes that’s ready to print. That’s legitimately the whole deal—you run the code, generate the PDF, then print the file. That piece of paper is now your backup. Naturally, qr-backup works in reverse, too. You can use a scanner or webcam to recover your files from the printed page.

Currently, it achieves a storage density of 3KB/page, and [za3k] says backups of text in the single-digit megabyte range are “practical.” You can alternatively print smaller, denser codes for up to 130 KB/page.

Is it something you’ll ever likely need? No. Is it super neat and kind of funny? Yes, very much so.

We’ve seen some other neat uses for QR codes before, too—like this printer that turns digital menus into paper ones. If you’ve got your own nifty uses for these attractive squares, let us know!

VR Headset With HDMI Input Invites A New Kind Of Cyberdeck

September 1, 2024 by 30 Comments

Meta’s Quest VR headset recently got the ability to accept and display video over USB-C, and it’s started some gears turning in folks’ heads. [Ian Hamilton] put together a quick concept machine consisting of a Raspberry Pi 400 that uses a VR headset as its monitor, which sure seems like the bones of a new breed of cyberdeck.

With passthrough on, one still sees the outside world.

The computer-in-a-keyboard nature of the Pi 400 means that little more than a mouse and the VR headset are needed to get a functional computing environment. Well, that and some cables and adapters.

What’s compelling about this is that the VR headset is much more than just a glorified monitor. In the VR environment, the external video source (in this case, the Raspberry Pi) is displayed in a window just like any other application. Pass-through can also be turned on, so that the headset’s external cameras display one’s surroundings as background. This means there’s no loss of environmental awareness while using the rig.

[Note: the following has been updated for clarity and after some hands-on testing] Video over USB-C is technically DisplayPort altmode, and both the video source and the USB-C cable have to support it. In [Ian]’s case, the Raspberry Pi 400 outputs HDMI and he uses a Shadowcast 2 capture card to accept HDMI on one end and outputs video over USB-C on the other.

Here’s how it works: the Quest has a single USB-C port on the side, and an app (somewhat oddly named “Meta Quest HDMI link”) running on the headset takes care of accepting video over USB and displaying it in a window within the headset. The video signal expected is UVC (or USB Video Class), which is what most USB webcams and other video devices output. (There’s another way to do video over USB-C which is technically DisplayPort altmode, and both the video source and the USB-C cable have to support it. That is not what’s being used here; the Quest does not support this format. Neither is it accepting HDMI directly.) In [Ian]’s case, the Raspberry Pi 400 outputs HDMI and he uses a Shadowcast 2 capture card to accept HDMI on one end and output UVC video on the other, which is then fed into the Quest over a USB-C cable.

As a concept it’s an interesting one for sure. Perhaps we’ll see decks of this nature in our next cyberdeck contest?

This Week In Security: GhostWrite, Localhost, And More

August 9, 2024 by 5 Comments

You may have heard some scary news about RISC-V CPUs. There’s good news, and bad news, and the whole thing is a bit of a cautionary tale. GhostWrite is a devastating vulnerability in a pair of T-Head XuanTie RISC-V CPUs. There are also unexploitable crashes in another T-Head CPU and the QEMU soft core implementation. These findings come courtesy of a group of researchers at the CISPA Helmholtz Center for Information Security in Germany. They took at look at RISC-V cores, and asked the question, do any of these instructions do anything unexpected? The answer, obviously, was “yes”.

Undocumented instructions have been around just about as long as we’ve had Van Neumann architecture processors. The RISC-V ISA put a lampshade on that reality, and calls them “vendor specific custom ISA extensions”. The problem is that vendors are in a hurry, have limited resources, and deadlines wait for no one. So sometimes things make it out the door with problems. To find those problems, CISPA researchers put together a test framework is called RISCVuzz, and it’s all about running each instruction on multiple chips, and watching for oddball behavior. They found a couple of “halt-and-catch-fire” problems, but the real winner (loser) is GhostWrite.

Now, this isn’t a speculative attack like Meltdown or Spectre. It’s more accurate to say that it’s a memory mapping problem. Memory mapping helps the OS keep programs independent of each other by giving them a simplified memory layout, doing the mapping from each program to physical memory in the background. There are instructions that operate using these virtual addresses, and one such is vs128.v. That instruction is intended to manipulate vectors, and use virtual addressing. The problem is that it actually operates directly on physical memory addresses, even bypassing cache. That’s not only memory, but also includes hardware with memory mapped addresses, entirely bypassing the OS. This instruction is the keys to the kingdom. Continue reading “This Week In Security: GhostWrite, Localhost, And More”

Do Your Research

July 20, 2024 by 7 Comments

We were talking about a sweet hack this week, wherein [Alex] busts the encryption for his IP web cam firmware so that he can modify it later. He got a number of lucky breaks, including getting root on the device just by soldering on a serial terminal, but was faced with having to reverse-engineer a binary that implemented RSA encryption and decryption.

Especially when they’re done right, and written to avoid side-channel attacks, encryption routines aren’t intuitive, even when you’re looking at the C source. Reversing it from the binary would be a tremendous hurdle.

That’s when [Alex] started plugging in strings he found in the binary into a search engine. And that’s when he found exactly the open source project that the webcam used, which gave him the understanding he needed to crack the rest of the nut.

Never forget! When you’re doing some reverse engineering, whether hardware or software, do a search for every part number and every string you find in memory. If you’re like me, it might feel like cheating a little bit, but it’s just being efficient. It’s what all your hacker heroes say they do, and if you’re lucky, it might just be the break you need too.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Reflecting On The State Of Game Boy Emulation In 2024

May 10, 2024 by 14 Comments

Considering the decades that have passed since Nintendo’s Game Boy was considered the state-of-the-art in mobile gaming, you’d imagine that the community would have pretty much perfected the emulation of the legendary family of handhelds — and on the whole, you’d be right. Today, you can get open source emulators for your computer or even smartphone that can play the vast majority of games that were released between the introduction of the original DMG-1 “brick” Game Boy in 1989 through to the final games published for the Game Boy Advance in the early 2000s.

But not all of them. While all the big name games are handled at this point, there’s still a number of obscure titles (not all of which are games) that require specialized hardware accessories to properly function. To bring the community up to speed on where work is still required, [Shonumi] recently provided a rundown on the emulation status of every commercial Game Boy accessory.

Continue reading “Reflecting On The State Of Game Boy Emulation In 2024”

This Piano Does Not Exist

March 12, 2024 by 9 Comments

A couple of decades ago one of *the* smartphone accessories to have was a Bluetooth keyboard which projected the keymap onto a table surface where letters could be typed in a virtual space. If we’re honest, we remember them as not being very good. But that hasn’t stopped the idea from resurfacing from time to time.

We’re reminded of it by [Mayuresh1611]’s paper piano, in which a virtual piano keyboard is watched over by a webcam to detect the player’s fingers such that the correct note from a range of MP3 files is delivered.

The README is frustratingly light on details other than setup, but a dive into the requirements reveals OpenCV as expected, and TensorFlow. It seems there’s a training step before a would-be virtual virtuoso can tinkle on the non-existent ivories, but the demo shows that there’s something playable in there. We like the idea, and wonder whether it could also be applied to other instruments such as percussion. A table as a drum kit would surely be just as much fun.

This certainly isn’t the first touch piano we’ve featured, but we think it may be the only one using OpenCV. A previous one used more conventional capacitive sensors.

37C3: The Tech Behind Life With Quadraplegia

January 9, 2024 by 21 Comments

While out swimming in the ocean on vacation, a big wave caught [QuadWorker], pushed him head first into the sand, and left him paralyzed from the neck down. This talk isn’t about injury or recovery, though. It’s about the day-to-day tech that makes him able to continue living, working, and travelling, although in new ways. And it’s a fantastic first-hand insight into how assistive technology works for him.

If you can only move your head, how do you control a computer? Surprisingly well! A white dot on [QuadWorker]’s forehead is tracked by a commodity webcam and some software, while two button bumpers to the left and right of his head let him click with a second gesture. For cell phones, a time-dependent scanner app allows him to zero in successively on the X and Y coordinates of where he’d like to press. And naturally voice recognition software is a lifesaver. In the talk, he live-demos sending a coworker a text message, and it’s almost as fast as I could go. Shared whiteboards allow him to work from home most of the time, and a power wheelchair and adapted car let him get into the office as well.

The lack of day-to-day independence is the hardest for him, and he says that they things he misses most are being able to go to the bathroom, and also to scratch himself when he gets itchy – and these are yet unsolved problems. But other custom home hardware also plays an important part in [QuadWorker]’s setup. For instance, all manner of home automation allows him to control the lights, the heat, and the music in his home. Voice-activated light switches are fantastic when you can’t use your arms.

This is a must-watch talk if you’re interested in assistive tech, because it comes direct from the horse’s mouth – a person who has tried a lot, and knows not only what works and what doesn’t, but also what’s valuable. It’s no surprise that the people whose lives most benefit from assistive tech would also be most interested in it, and have their hacker spirit awakened. We’re reminded a bit of the Eyedrivomatic, which won the 2015 Hackaday Prize and was one of the most outstanding projects both from and for the quadriplegic community.

Continue reading “37C3: The Tech Behind Life With Quadraplegia”