Hackaday Columns

4628 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hackaday Podcast 175: Moonrocks And Cockroach Chyme, A Raspberry Pi IPad, And A Retro-Respectful Tape Deck

July 1, 2022 by No comments

Join Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos as we cuss and discuss all the gnarliest hacks from the past week. We kick off this episode with a gentle reminder that the Odd Inputs and Peculiar Peripherals Contest ends this Monday, July 4th, at 8:30 AM PDT. We’ve seen a ton of cool entries so far, including a new version of [Peter Lyons]’ Squeezebox keyboard that we’re itching to write up for the blog.

In other contest news, the Round 2 winners of the Reuse, Recycle, Revamp challenge of the 2022 Hackaday Prize have been announced. Elliot is super stoked about [Jason Knight]’s open-source recycled skateboard deck-making apparatus, and Kristina wishes she had the time and money to build some of the fundamental Precious Plastic machines.

Elliot managed to stump Kristina with this week’s What’s That Sound, though she probably should have made a semi-educated guess. From there, it’s on to missing moon rocks and the word of the day before we get into a handful of contest entries, including a mechanical keyboard to end all mechanical keyboards.

This really just scratches the surface of this week’s show, which includes some new hardware stuffed into old, as well as modern implementations of old technology. And in case you didn’t get enough of Kristina’s childhood memoirs, she goes a bit deeper into the teddy bears and telephones rooms of her memory palace.

Direct download, record it to tape, and play it on your boombox.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 175: Moonrocks And Cockroach Chyme, A Raspberry Pi IPad, And A Retro-Respectful Tape Deck”

This Week In Security: Zimbra RCE, Routers Under Attack, And Old Tricks In WebAssembly

July 1, 2022 by 8 Comments

There’s a problem in the unrar utility, and as a result, the Zimbra mail server was vulnerable to Remote Code Execution by simply sending an email. So first, unrar is a source-available command-line application made by RarLab, the same folks behind WinRAR. CVE-2022-30333 is the vulnerability there, and it’s a classic path traversal on archive extraction. One of the ways this attack is normally pulled off is by extracting a symlink to the intended destination, which then points to a location that should be restricted. unrar has code hardening against this attack, but is sabotaged by its cross-platform support. On a Unix machine, the archive is checked for any symbolic links containing the ../ pattern. After this check is completed, a function runs to convert any Windows paths to Unix notation. As such, the simply bypass is to include symlinks using ..\ traversal, which don’t get caught by the check, and then are converted to working directories.

That was bad enough, but Zimbra made it worse by automatically extracting .rar attachments on incoming emails, in order to run a virus and spam check. That extraction isn’t sandboxed, so an attacker’s files are written anywhere on the filesystem the zimbra user can write. It’s not hard to imagine how this turns into a full RCE very quickly. If you have an unrar binary based on RarLab code, check for version 6.1.7 or 6.12 of their binary release. While Zimbra was the application specifically called out, there are likely to be other cases where this could be used for exploitation.
Continue reading “This Week In Security: Zimbra RCE, Routers Under Attack, And Old Tricks In WebAssembly”

Raspberry Pi Pico W Adds Wireless

June 30, 2022 by 63 Comments

News just in from the folks at Raspberry Pi: the newest version of their Pico has WiFi and is called, obviously, the Pico W. We were going to get our hands on a sample unit and kick its tires, but it’s stuck in customs. Boo! So until it shows up, here’s what we can glean from the press releases and documentation.

The Pico is, of course, the Raspberry Pi microcontroller dev board based on their RP2040 microcontroller. This in turn has two Cortex M0+ cores and a good chunk of onboard RAM, which has made it a popular target for MicroPython. They had some extra real estate on the PCB, so they’ve added an Infineon CYW43439 WiFi chip, and voila: Pico W.

As of now, the WiFi is supported in both the C SDK and the pre-baked MicroPython image. It looks trivially easy to get it working, and it’s based on the time-tested lwIP stack, a classic in the embedded world. The CYW43439 is also Bluetooth capable, but there’s no firmware support for that yet, but we wouldn’t be surprised if it showed up soon.

The price? $6 for the whole shooting match. You can view this two ways: a small $2 premium over the old Pico, or a price increase of 50%. How you see things probably depends on your order quantity. Either way, it’s firmly in the ESP32 module price range, so you’ve got some comparison shopping to do if your project needs a microcontroller and WiFi. And in these days of silicon shortages, it’s nice to have a couple of options.

Bare-Metal STM32: Adding An Analog Touch With ADCs

June 29, 2022 by 11 Comments

An Analogue to Digital Converter (ADC) is at its core a straight-forward device: by measuring an analog voltage within a set range and converting the measured level to a digital value we can use this measurement value in our code. Through the use of embedded ADCs in microcontrollers we can address many essential use cases, ranging from measuring the setting on a potentiometer, to reading an analog output line on sensors, including the MCU’s internal temperature and voltage sensors.

The ADCs found in STM32 MCUs have a resolution between 12 to 16 bits, with the former being the most common type. An ADC can be configured to reduce this resolution, set a specific sampling speed, and set up a multi-mode configuration depending on the exact ADC peripheral. STM32 MCUs feature at least a single ADC peripheral, while some have multiple. In this article we will take a look at how to configure and use the basic features of the ADCs in STM32 MCUs, specifically the ADCs found in F0 and the ADC5_V1_1 type as found in most F3-family MCUs.

Continue reading “Bare-Metal STM32: Adding An Analog Touch With ADCs”

2022 Hackaday Prize: Reuse, Recycle, Revamp Finalists

June 28, 2022 by 13 Comments

The 2022 Hackaday Prize is focused on taking care of the planet. The theme of our second challenge round, “Reduce, Recycle, Revamp” is all about tailoring your projects to make use of existing resources and keeping material out of the landfill rather than contributing to it. Our judges have scrutinized the entries and handed me the sealed envelope. All of these ten projects will receive $500 right now and are eligible for the Grand Prize of $50,000, to be announced in November.

We were looking for two broad types of recycling projects in this round, either projects that incorporate a significant recycled component in their build, or projects that facilitate recycling themselves, and frankly we got a good mix of both!
Continue reading “2022 Hackaday Prize: Reuse, Recycle, Revamp Finalists”

Hackaday Links Column Banner

Hackaday Links: June 26, 2022

June 26, 2022 by 13 Comments

Head for the hills!! We’re all doomed! At least that’s the impression you might get from the headlines about the monster Earth-facing sunspot this week. While any sunspot that doubles in size within a matter of days as AR3038 has done is worth looking at, chances are pretty low that it will cause problems here on Earth. About the best this class of sunspot can manage is an M-class solar flare, which generally cause radio blackouts only at the poles, and may present a radiation problem for the crew of the ISS. So no, this sunspot is probably not going to kill us all. But then again, this is the 2020s, and pretty much everything bad seems like it’s possible.

Speaking of bad outcomes, pity the poor Sonos customers and their ongoing battle with the company’s odd “glitches.” For whatever reason, customers have been getting shipments of Sonos products they never ordered, with at least one customer getting over $15,000 worth of products shipped. The customer reports ordering five Sonos items, but the company saw fit to fill the order six times, stuffing their apartment with goods. Sonos doesn’t appear to be doing much to make it right; while offering the customer free shipping labels to return the goods, they were expected to schlep the packages to a UPS store. And then there’s the money — Sonos charged the customer for all the unordered goods, and won’t issue a refund till it’s all returned.

If you’ve ever wondered exactly what the signals going up and down your cable line look like, you’ll want to check out this video from Double A Labs. Using an RTL-SDR dongle and some spectrum analyzer software they probed the RF signals on the cable, with some fascinating results. The first 11 minutes or so of the video are devoted to setting up the hardware and software, although there is some interesting stuff about broadband network architecture right up at the start. The scans are interesting — you can clearly see the 6-MHz quadrature amplitude modulation (QAM) digital channels. We were surprised to learn that these start at just about the FM broadcast band — about 108 MHz. There were a couple of little surprises hiding in the spectrum, like two unmodulated analog TV carriers in one spot, and the fact that there are over 400 virtual channels jammed into 41 6-MHz QAM channels. Broadband indeed.

Continue reading “Hackaday Links: June 26, 2022”

Hackaday Podcast 174: Breaking Into The Nest, The Cheapest 3D Printer, A Spy In Your HDMI, And AI All Over The Place

June 24, 2022 by 2 Comments

Fresh from vacation, Editor-in-Chief Elliot Williams makes his triumphant return to the Hackaday Podcast! He’s joined this week by Managing Editor Tom Nardi, who’s just happy he didn’t have to do the whole thing by himself again. In this episode we’ll talk about tackling BGA components in your custom PCBs, a particularly well executed hack against Google’s Nest Hub, and why you probably don’t really want the world’s cheapest 3D printer. We’ll also take a look at an incredible project to turn the Nokia 1680 into a Linux-powered handheld computer, a first of its kind HDMI firewall, and a robot that’s pretty good at making tacos. Listeners who are into artificial intelligence will be in for quite a treat as well, as is anyone who dreams of elevating the lowly automotive alternator to a more prominent position in the hacker world.

By the way, it seems nobody has figured out the hidden message in last week’s podcast yet. What are you waiting for? One of you out there has to be bored enough to give it a shot.

Direct download, and play it offline. You don’t need no stinkin’ cloud.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 174: Breaking Into The Nest, The Cheapest 3D Printer, A Spy In Your HDMI, And AI All Over The Place”