Hackaday Podcast Episode 275: Mud Pulse Telemetry, 3D Printed Gears In Detail, And Display Hacking In Our Future

June 14, 2024 by Tom Nardi No comments

Join Hackaday Editors Elliot Williams and Tom Nardi for a review of the best stories to grace the front page of Hackaday this week. Things kick off with the news about Raspberry Pi going public, and what that might mean for everyone’s favorite single-board computer. From there they’ll cover the technology behind communicating through mud, DIY pressure vessels, pushing the 1983 TRS-80 Model 100 to its limits, and the reality of 3D printing how that the hype has subsided. You’ll also hear about modifying Nissan’s electric vehicles, bringing new life to one of the GameCube’s oddest peripherals, and an unusually intelligent kayak.

The episode wraps up with some interesting (or depressing) numbers that put into perspective just how much copper is hiding in our increasingly unused telephone network, and a look at how hardware hackers can bend the display technology that’s used in almost all modern consumer electronics to our advantage.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Grab the Collector’s Edition MP3 of this week’s episode right here. Certificate of authenticity not included.

Continue reading “Hackaday Podcast Episode 275: Mud Pulse Telemetry, 3D Printed Gears In Detail, And Display Hacking In Our Future” →

This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More

June 14, 2024 by Jonathan Bennett 7 Comments

There’s a popular Sysadmin meme that system problems are “always DNS”. In the realm of security, it seems like “it’s always Unicode“. And it’s not hard to see why. Unicode is the attempt to represent all of Earth’s languages with a single character set, and that means there’s a lot of very similar characters. The two broad issues are that human users can’t always see the difference between similar characters, and that libraries and applications sometimes automatically convert exotic Unicode characters into more traditional text.

This week we see the resurrection of an ancient vulnerability in PHP-CGI, that allows injecting command line switches when a web server launches an instance of PHP-CGI. The solution was to block some characters in specific places in query strings, like a query string starting with a dash.

The bypass is due to a Windows feature, “Best-Fit”, an automatic down-convert from certain Unicode characters. This feature works on a per-locale basis, which means that not every system language behaves the same. The exact bypass that has been found is the conversion of a soft hyphen, which doesn’t get blocked by PHP, into a regular hyphen, which can trigger the command injection. This quirk only happens when the Windows locale is set to Chinese or Japanese. Combined with the relative rarity of running PHP-CGI, and PHP on Windows, this is a pretty narrow problem. The XAMPP install does use this arrangement, so those installs are vulnerable, again if the locale is set to one of these specific languages. The other thing to keep in mind is that the Unicode character set is huge, and it’s very likely that there are other special characters in other locales that behave similarly.

Downloader Beware

The ComfyUI project is a flowchart interface for doing AI image generation workflows. It’s an easy way to build complicated generation pipelines, and the community has stepped up to build custom plugins and nodes for generation. The thing is, it’s not always the best idea to download and run code from strangers on the Internet, as a group of ComfyUI users found out the hard way this week. The ComfyUI_LLMVISION node from u/AppleBotzz was malicious.

The node references a malicious Python package that grabs browser data and sends it all to a Discord or Pastebin. It appears that some additional malware gets installed, for continuing access to infected systems. It’s a rough way to learn. Continue reading “This Week In Security: Unicode Strikes Again, Trust No One (Redditor), And More” →

FLOSS Weekly Episode 787: VDO Ninja — It’s A Little Bit Hacky

June 12, 2024 by Jonathan Bennett No comments

This week Jonathan Bennett and Katherine Druckman chat with Steve Seguin about VDO.Ninja and Social Stream Ninja, tools for doing live WebRTC video calls, recording audio and video, wrangling comments on a bunch of platforms, and more!

Continue reading “FLOSS Weekly Episode 787: VDO Ninja — It’s A Little Bit Hacky” →

Supercon 2023: Reverse Engineering Commercial Coffee Machines

June 12, 2024 by Jenny List 15 Comments

There was a time when a coffee vending machine was a relatively straightforward affair, with a basic microcontroller doing not much more than the mechanical sequencer it replaced. A modern machine by contrast has 21st century computing power, with touch screens, a full-fat operating system, and a touch screen interface. At Hackaday Supercon 2023, [Kuba Tyszko] shared his adventures in the world of coffee, after reverse engineering a couple of high-end dispensing machines. Sadly he doesn’t reveal the manufacturer, but we’re sure readers will be able to fill in the gaps.

Under the hood is a PC running a Linux distro from a CF card. Surprisingly the distros in question were Slax and Lubuntu, and could quite easily be investigated. The coffee machine software was a Java app, which seems to us strangely appropriate, and it communicated to the coffee machine hardware via a serial port. It’s a tale of relatively straightforward PC reverse engineering, during which he found that the machine isn’t a coffee spy as its only communication with its mothership is an XML status report.

In a way what seems almost surprising is how relatively straightforward and ordinary this machine is. We’re used to quirky embedded platforms with everything far more locked down than this. Meanwhile if hacking vending machines is your thing, you can find a few previous stories on the topic.

Continue reading “Supercon 2023: Reverse Engineering Commercial Coffee Machines” →

Switching Regulator Layout For Dummies

June 10, 2024 by Arya Voronova 43 Comments

Last time, we went over switching regulator basics – why they’re wonderful, how do you find a switching regulator chip for your purpose, and how to easily pick an inductor for one. Your datasheet should also tell you about layout requirements. However, it might not, or you might want to deviate from them – let’s go more in-depth on what those requirements are about.

Appreciate The Feedback

The two resistors on the right decide what your output voltage will be, and their output is noise-sensitive

There’s a few different switching regulator topologies. Depending on your regulator’s topology and how many components your chip contains, you might need some external components – maybe a Schottky diode, maybe a FET, or maybe even a FET pair. It’s often that the FET is built-in, and same goes for diodes, but with higher-current regulator (2 A to 3 A and above), it’s not uncommon to require an external one. For sizing up those, you’ll want to refer to the datasheet or existing boards.

Another thing is input and output capacitors – don’t skimp on those, because some regulators are seriously sensitive to the amount of capacitance they’re operating with. Furthermore, if you fail to consider things like capacitance dropping with voltage, you might make your regulator very unhappy – not that a linear regulator would be happy either, to be clear. We’ve covered an explainer on this recently – do check it out!

One thing you will likely need, is a feedback resistor divider – unless your switching regulator is pre-set for a certain voltage or is digitally controlled, you need to somehow point it to the right voltage, in an analog way. Quite a few switching regulators are set for a certain voltage output, but most of them aren’t, and they will want you to add a resistor divider to know what to output. There’s usually a formula for resistor divider calculation, so, pick a common resistor value, put it in as one of the resistors into the formula, get the other resistor value out of that formula, and see what’s the closest value you can actually buy. Don’t go below about 10 kΩ so that you don’t have unnecessary idle power consumption, but also don’t go too far above 100 kΩ to ensure good stability of the circuit. Continue reading “Switching Regulator Layout For Dummies” →

Hackaday Links: June 9, 2024

June 9, 2024 by Dan Maloney 32 Comments

We’ve been harping a lot lately about the effort by carmakers to kill off AM radio, ostensibly because making EVs that don’t emit enough electromagnetic interference to swamp broadcast signals is a practical impossibility. In the US, push-back from lawmakers — no doubt spurred by radio industry lobbyists — has put the brakes on the move a bit, on the understandable grounds that an entire emergency communication system largely centered around AM radio has been in place for the last seven decades or so. Not so in Japan, though, as thirteen of the nation’s 47 broadcasters have voluntarily shut down their AM transmitters in what’s billed as an “impact study” by the Ministry of Internal Affairs and Communications. The request for the study actually came from the broadcasters, with one being quoted in a hearing on the matter as “hop[ing] that AM broadcasting will be promptly discontinued.” So the writing is apparently on the wall for AM radio in Japan.

Continue reading “Hackaday Links: June 9, 2024” →

Happy Birthday, Tetris!

June 8, 2024 by Elliot Williams 6 Comments

Porting DOOM to everything that’s even vaguely Turing complete is a sport for the advanced hacker. But if you are just getting started, or want to focus more on the physical build of your project, a simpler game is probably the way to go. Maybe this explains the eternal popularity of games like PONG, Tetris, Snake, or even Pac-Man. The amount of fun you can have playing the game, relative to the size of the code necessary to implement them, make these games evergreen.

Yesterday was Tetris’ 40th birthday, and in honor of the occasion, I thought I’d bring you a collection of sweet Tetris hacks.

On the big-builds side of things, it’s hard to beat these MIT students who used colored lights in the windows of the Green Building back in 2012. They apparently couldn’t get into some rooms, because they had some dead pixels, but at that scale, who’s complaining? Coming in just smaller, at the size of a whole wall, [Oat Foundry]’s giant split-flap display Tetris is certainly noisy enough.

Smaller still, although only a little bit less noisy, this flip-dot Tetris is at home on the coffee table, while this one by [Electronoobs] gives you an excuse to play around with RGB LEDs. And if you need a Tetris for your workbench, but you don’t have the space for an extra screen, this oscilloscope version is just the ticket. Or just play it (sideways) on your business card.

All of the above projects have focused on the builds, but if you want to tackle your own, you’ll need to spend some time with the code as well. We’ve got you covered. Way back, former Editor in Chief [Mike Szczys] ported Tetris to the AVR platform. If you need color, this deep dive into the way the NES version of Tetris worked also comes with demo code in Java and Lua. TetrOS is the most minimal version of the game we’ve seen, coming in at a mere 446 bytes, but it’s without any of the frills.

No Tetris birthday roundup would be complete without mentioning the phenomenal “From NAND to Tetris” course, which really does what it says on the package: builds a Tetris game, and your understanding of computing in general, from the ground up.

Can you think of other projects to celebrate Tetris’ 40th? We’d love to see your favorites!