Sparklecon: Crappy Robots, Better Robots, Hammer Jenga, Tesla Coils

February 3, 2016 by Brian Benchoff 7 Comments

Last weekend was Sparklecon, the premier meetup in Southern California of dorks dorking around, fire, electricity, welding, and general mischief. Just imagine a party of a hundred or so like-minded individuals at a hackerspace. Now imagine the entire party is the after party. That’s a pretty good idea of what happened.

The event was held at the 23b shop in Fullerton, a true hackerspace tucked away in a small industrial park. The people at 23b are using their location to their advantage: no one in the neighborhood really cares what happens after 5pm on a Friday. This allows for some very loud, very bright, and very dangerous hijinks.

There weren’t many pages missing from the Hackaday Omnibus donated to the 23b shop. Oddly, the only pages missing were the articles written by Benchoff.

There was something for everyone at Sparklecon, including:

Electric Pickle. Take a stick welder, and put a few hundred amps through a pickle. First, the pickle turns into a sodium light. Then, it turns into a carbon arc light. Best done after dark.
FPV drone racing. Flying around and crashing into trees in an abandoned lot. FPV from a few quads were projected onto the side of a building
Live music! Analog synths and Game Boys!
Tesla coils! This was a 300 amp monster, and completely analog. The spark gap was impressive by itself, but it gets really cool when you steal a fluorescent light from a fixture and stand 20 feet away from the Tesla coil.
Hammer Jenga! Cut some 2x4s up and make a tower of Jenga. Get a hammer, some colorful commentators, a dozen people, and make some competition brackets. Hackaday’s own [Jasmine] was the first champion of the night.
Sparklebot Death Battle! It’s like BattleBots, only things break more often and we don’t have [Bil Dwyer].
Hebocon! Battling robots, but much crappier than the Sparklebot Death Battle. These robots broke more often.

Analog synths provided the tunes

The Sparklebot Death Battle ring

Tesla Coils and Spark Gaps

A Hebocon bot, using a mouse trap as a weapon

A lady tribble, vibrating her way across the Hebocon ring

The basic premise of Hammer Jenga

Art was made out of the spare parts left over from the Hebocon build-off. This robot is named Art

The main event was, of course, Sparklecon’s own version of Battlebots. There were only four competitors the entire night, but the competition was fierce.

Three of the bots were wedge designs, in keeping with the ramp-ification of battling robots. The lone exception to this was [Charlie]’s Slow Bot, a cube design equipped with a spinning steel blade. The blade moves fast, but Slow Bot doesn’t. It’s a purely defensive design, meant to destroy bots trying for an easy kill. The test video of Slow Bot can be seen here:

The first fight of Slow Bot did not live up to the hype, unfortunately. After Slow Bot’s primary weapon got up to speed, the opposing bot moved in for the kill. The bolts on Slow Bot‘s blade sheared, ending the match, and leaving five or six people looking around the 23b shop for M5 bolts, or some larger bolts and a tap.

Is it all hilarously unsafe? Well, there were some plexiglas shields in front of the crowd, and most people viewed the fights on the projector beaming against the wall, anyway.

Is it worth it to go to Sparklecon? If you like dangerous experiments, soldering wires directly onto AA batteries, fire, electricity, electromagnetic fields, broken robots, and hanging out by a fire, yes. It’s a party at a proper hackerspace, making it the best kind of party ever. If history repeats itself, there will also be an afterparty at 23b following the LayerOne conference in May.

Hackaday Europe: Call For Proposals

January 21, 2016 by Mike Szczys 38 Comments

Hackaday is coming to Europe in April. The world’s most superb conference on hardware creation starts with you. Please submit your proposal to present a talk or workshop at 2016 Hackaday | Belgrade, Hackaday’s first-ever European conference.

Put it on your calendar: Saturday, April 9th in Belgrade, Serbia. We have a lineup spanning from 10am to 2am, and we’re building on the best of the inaugural SuperConference we held last November: a single track of hardware talks which will run concurrently with a set of hands-on workshops. The surprise hit from that conference was badge hacking, which will be expanded and extended into the wee hours of the morning. While that is in progress, a party with two stages will spin up with performances by Infinite Jest, Grupa TI, and DJ sets.

Tickets go on sale the first week of February. Voja Antonic, who does amazing work with PCBs and badge designs, is building the conference badge. The cost of the admission will be just enough to cover the cost of the badge. We’re keeping the admission cost so low to help offset your travel costs. Belgrade is gorgeous in April, and getting there from other parts of Europe is very affordable. This event will sell out so get organized and make sure you and your fellow hardware hackers get tickets early.

Many of the Hackaday crew will be on hand. We’re likely to have a less-formal meetup (hangover brunch?) on Sunday. Check out the Hackaday | Belgrade planning page to discuss this and learn more about the conference as it comes together. See you in Belgrade!

Shmoocon 2016: Efficient Debugging For OS X

January 19, 2016 by Brian Benchoff 27 Comments

Developers love their macs, and if you look at the software that comes with it, it’s easy to see why. OS X is a very capable Unix-ey environment that usually comes on very capable hardware. There is one, huge, unbelievable shortcoming in OS X: the debugger sucks. GDB, the standard for every other platform, doesn’t come with OS X and Apple’s replacement, LLDB is very bad. After crashing Safari one too many times, [Brandon Edwards] and [Tyler Bohan] decided they needed their own debugger, so they built one, and presented their work at last weekend’s Shmoocon.

Building a proper tool starts with a survey of existing tools, and after determining that GDB was apparently uninstallable and LLDB sucked, their lit review took a turn for the more esoteric. Bit Slicer is what they landed on. It’s a ‘game trainer’ or something that allows people to modify memory. It sort of works like a debugger, but not really. VDB was another option, but again this was rough around the edges and didn’t really work.

The problems with the current OS X debuggers is that the tools used by debuggers don’t really exist. ptrace is neutered, and the system integrity protection in OS X El Capitan has introduced protected locations that can not be written to by root. Good luck modifying anything in /Applications if you have any recent Mac.

With the goal of an easy-to-use debugger that was readily scriptable, [Brandon] and [Tyler] decided to write their own debugger. They ended up writing the only debugger they’ve seen that is built around kqueue instead of ptrace. This allows the debugger to be non-invasive to the debugged process, inject code, and attach to multiple processes at once.

For anyone who has every stared blankly at the ‘where is GDB’ Stack Overflow answers, it’s a big deal. [Brandon] and [Tyler] have the beginnings of a very nice tool for a very nice machine.

Hackaday At SCaLE 14x

January 19, 2016 by Brian Benchoff 2 Comments

Next weekend we’ll be at the fourteenth annual Southern California Linux Expo, a fantastic four-day event that covers everything from Apache to PHP, installing Ubuntu on old laptops, people who have their control key just to the right of their left hand pinky as god intended, and something about how much Linux sucks.

The event will feature 150 exhibitors, 130 sessions, tutorials, amateur radio tests, and features keynotes from Mark Shuttleworth, Cory Doctorow, and Sarah Sharp. It is the largest community-run open source and free software conference in North America.

The Hackaday crew will be there makin’ it rain stickers, but that’s not all: Supplyframe, the Hackaday overlords, is sponsoring Game Night at SCaLE. Saturday night will be filled with vintage video games, Nerf artillery, Settlers of Catan, Fireball Island (if someone can find it), and a hacker show and tell. This year is the inaugural SCaLE museum. The theme is Rise of the Machines: A Living Timeline, and will display historic engineering, computing devices, and clever gadgets.

If you’re in the area on Thursday, We’ll also be having a meet and greet at the soon-to-be-finished Supplyframe Design Lab in Pasadena. We only recently got the paperwork to have people in the space, so if you’d like to have a few drinks, have a few snacks, and look at a Tormach, come on over.

Shmoocon 2016: Reverse Engineering Cheap Chinese Radio Firmware

January 19, 2016 by Brian Benchoff 128 Comments

Every once in a great while, a piece of radio gear catches the attention of a prolific hardware guru and is reverse engineered. A few years ago, it was the RTL-SDR, and since then, software defined radios became the next big thing. Last weekend at Shmoocon, [Travis Goodspeed] presented his reverse engineering of the Tytera MD380 digital handheld radio. The hack has since been published in PoC||GTFO 0x10 (56MB PDF, mirrored) with all the gory details that turn a $140 radio into the first hardware scanner for digital mobile radio.

The Tytera MD380 is a fairly basic radio with two main chips: an STM32F405 with a megabyte of Flash and 192k of RAM, and an HR C5000 baseband. The STM32 has both JTAG and a ROM bootloader, but both of these are protected by the Readout Device Protection (RDP). Getting around the RDP is the very definition of a jailbreak, and thanks to a few forgetful or lazy Chinese engineers, it is most certainly possible.

The STM32 in the radio implements a USB Device Firmware Upgrade (DFU), probably because of some example code from ST. Dumping the memory from the standard DFU protocol just repeated the same binary string, but with a little bit of coaxing and investigating the terrible Windows-only official client application, [Travis] was able to find non-standard DFU commands, write a custom DFU client, and read and write the ‘codeplug’, an SPI Flash chip that stores radio settings, frequencies, and talk groups.

Further efforts to dump all the firmware on the radio were a success, and with that began the actual reverse engineering of the radio. It runs an ARM port of MicroC/OS-II, a real-time embedded operating system. This OS is very well documented, with slightly more effort new functions and patches can be written.

In Digital Mobile Radio, audio is sent through either a public talk group or a private contact. The radio is usually set to only one talk group, and so it’s not really possible to listen in on other talk groups without changing settings. A patch for promiscuous mode – a mode that puts all talk groups through the speaker – is just setting one JNE in the firmware to a NOP.

The Tytera MD-830 ships with a terrible Windows app used for programming the radio — The Tytera MD-380 ships with a terrible Windows app used for programming the radio

With the help of [DD4CR] and [W7PCH], the entire radio has been reverse engineered with rewritten firmware that works with the official tools, the first attempts of scratch-built firmware built around FreeRTOS, and the beginnings of a very active development community for a $140 radio. [Travis] is looking for people who can add support for P25, D-Star, System Fusion, a proper scanner, or the ability to send and receive DMR frames over USB. All these things are possible, making this one of the most exciting radio hacks in recent memory.

Before [Travis] presented this hack at the Shmoocon fire talks, intuition guided me to look up this radio on Amazon. It was $140 with Prime, and the top vendor had 18 in stock. Immediately after the talk – 20 minutes later – the same vendor had 14 in stock. [Travis] sold four radios to members of the audience, and there weren’t that many people in attendance. Two hours later, the same vendor had four in stock. If you’re looking for the best hardware hack of the con, this is the one.

Shmoocon 2016: Hackers For Charity

January 18, 2016 by Mike Szczys 4 Comments

To one side of the “Chill Room” at this year’s Shmoocon were a few tables for Hackers for Charity. This is an initiative to make skills-training available for people in Uganda. The organization is completely supported by the hacker community.

Hackers for Charity was founded by Johnny Long about seven years ago. He had been working as a penetration tester but you perhaps know him better from his many books on hacking. Having seen the lack of opportunity in some parts of the world, Johnny started Hackers for Charity as a way to get used electronics and office equipment into the hands of people who needed it most. This led to the foundation of a school in Uganda that teaches technology skills. This can be life-changing for the students who go on to further schooling, or often find clerical or law enforcement positions. Through the charity’s donations the training center is able to make tuition free for about 75% of the student body.

The education is more than just learning to use a word processor. The group has adopted a wide range of equipment and digital resources to make this an education you’d want for your own children. Think Chromebooks, Raspberry Pi, robotics, and fabrication. One really interesting aspect is the use of RACHEL, which is an effort to distribute free off-line educational content. This is a searchable repository of information that doesn’t require an Internet connection. Johnny told me that it doesn’t stop at the schoolroom door; they have the system on WiFi so that anyone in the village can connect and use the resources whether they’re students or not.

Shmoocon does something interesting with their T-shirt sales. They’re not actually selling shirts at all. They’re soliciting $15 donations. You donate, and you get a shirt and a chit — drop you chit in a box to decide where your $15 should go. This year, Hackers for Charity, the EFF, and World Bicycle Relief were the charities to choose from. If you want to help out this 501c3 organization, consider clicking the donate button you’ll find on the sidebar and footer of their webpage.

Shmoocon 2016: GPUs And FPGAs To Better Detect Malware

January 17, 2016 by Mike Szczys 40 Comments

One of the big problems in detecting malware is that there are so many different forms of the same malicious code. This problem of polymorphism is what led Rick Wesson to develop icewater, a clustering technique that identifies malware.

Presented at Shmoocon 2016, the icewater project is a new way to process and filter the vast number of samples one finds on the Internet. Processing 300,000 new samples a day to determine if they have polymorphic malware in them is a daunting task. The approach used here is to create a fingerprint from each binary sample by using a space-filling curve. Polymorphism will change a lot of the bits in each sample, but as with human fingerprints, patterns are still present in this binary fingerprints that indicate the sample is a variation on a previously known object.
Continue reading “Shmoocon 2016: GPUs And FPGAs To Better Detect Malware” →