Hackaday Podcast 164: Vintage NASA Soldering, Mouse Bites, ATTiny85 Graphics, And PVC Pontoons

April 15, 2022 by Tom Nardi 1 Comment

Join Hackaday Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi as they review the most interesting hacks and stories of the previous week. This time we’ll start things off by talking about the return of in-person events, and go over several major conventions and festivals that you should add to your calendar now. Then we’ll look at a NASA training film from the Space Race, an interesting radio-controlled quirk that Tesla has built into their cars for some reason, a very promising autonomous boat platform, and some high performance visuals generated by an ATtiny85. Stick around to find out what happens with an interplanetary probe looses its ride to space, and why the best new enclosure for your Raspberry Pi 4 might be a surveillance camera.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments below!

Direct Download

Continue reading “Hackaday Podcast 164: Vintage NASA Soldering, Mouse Bites, ATTiny85 Graphics, And PVC Pontoons” →

This Week In Security: OpenSSH, Git, And Sort-of NGINX 0-day

April 15, 2022 by Jonathan Bennett 20 Comments

OpenSSH has minted their 9.0 release, and it includes a pair of security changes. Unlike most of the releases we cover here, this one has security hardening to prevent issues, not emergency fixes for current ones. First up, the venerable scp/rcp protocol has been removed. Your scp commands will now use SFTP under the hood. The more interesting security change is the new default key exchange, the NTRU algorithm. NTRU is thought to be quantum-hard.
Continue reading “This Week In Security: OpenSSH, Git, And Sort-of NGINX 0-day” →

Remoticon 2021 // Jeroen Domburg [Sprite_tm] Hacks The Buddah Flower

April 14, 2022 by Elliot Williams 10 Comments

Nobody likes opening up a hacking target and finding a black epoxy blob inside, but all hope is not lost. At least not if you’ve got the dedication and skills of [Jeroen Domburg] alias [Sprite_tm].

It all started when [Big Clive] ordered a chintzy Chinese musical meditation flower and found a black blob. But tantalizingly, the shiny plastic mess also included a 2 MB flash EEPROM. The questions then is: can one replace the contents with your own music? Spoiler: yes, you can! [Sprite_tm] and a team of Buddha Chip Hackers distributed across the globe got to work. (Slides here.)

[Jeroen] started off with binwalk and gets, well, not much. The data that [Big Clive] dumped had high enough entropy that it looks either random or encrypted, with the exception of a couple tiny sections. Taking a look at the data, there was some structure, though. [Jeroen] smelled shitty encryption. Now in principle, there are millions of bad encryption methods out there for every good one. But in practice, naive cryptographers tend to gravitate to a handful of bad patterns.

Bad pattern number one is XOR. Used correctly, XORing can be a force for good, but if you XOR your key with zeros, naturally, you get the key back as your ciphertext. And this data had a lot of zeros in it. That means that there were many long strings that started out the same, but they seemed to go on forever, as if they were pseudo-random. Bad crypto pattern number two is using a linear-feedback shift register for your pseudo-random numbers, because the parameter space is small enough that [Sprite_tm] could just brute-force it. At the end, he points out their third mistake — making the encryption so fun to hack on that it kept him motivated!

Decrypted, the EEPROM data was a filesystem. And the machine language turned out to be for an 8051, but there was still the issue of the code resident on the microcontroller’s ROM. So [Sprite_tm] bought one of these flowers, and started probing around the black blob itself. He wrote a dumper program that output the internal ROM’s contents over SPI. Ghidra did some good disassembling, and that let him figure out how the memory was laid out, and how the flow worked. He also discovered a “secret” ROM area in the chip’s flash, which he got by trying some random functions and looking for side effects. The first hit turned out to be a memcpy. Sweet.

Meanwhile, the Internet was still working on this device, and [Neil555] bought a flower too. But this one had a chip, rather than a blob, and IDing this part lead them to an SDK, and that has an audio suite that uses a derivative of WMA audio encoding. And that was enough to get music loaded into the flower. (Cue a short rick-rolling.) Victory!

Well, victory if all you wanted to do was hack your music onto the chip. As a last final fillip, [Sprite_tm] mashed the reverse-engineered schematic of the Buddha Flower together with [Thomas Flummer]’s very nice DIY Remoticon badge, and uploaded our very own intro theme music into the device on a badge. Bonus points? He added LEDs that blinked out the LSFR that were responsible for the “encryption”. Sick burn!

Editor’s Note: This is the last of the Remoticon 2 videos we’ve got. Thanks to all who gave presentations, to all who attended and participated in the lively Discord back channel, and to all you out there who keep the hacking flame alive. We couldn’t do it without you, and we look forward to a return to “normal” Supercon sometime soon.

Noor III Solar Tower of the Ouarzazate Power Station, at dusk. (Credit: Marc Lacoste)

The Future Of Energy Storage On Both Sides Of The Meter

April 13, 2022 by Maya Posch 81 Comments

That energy storage is a hot topic is hardly a surprise to anyone these days. Even so, energy storage can take a lot of different forms, some of which are more relevant to the utility provider (like grid-level storage), while others are relevant to business and home owners (e.g. whole-house storage), and yet other technologies live in this tense zone between utility and personal interest, such as (electric) vehicle-to-grid.

For utilities a lot of noise is being made about shiny new technologies, such as hydrogen-based storage, while home- and business owners are pondering on the benefits of relying solely on the utility’s generosity with feed-in tariffs, versus charging a big battery from the solar panels on the roof and using the produced power themselves. Ultimately the questions here are which technologies will indeed live up to their promises, and which a home owner may want to invest in.

Continue reading “The Future Of Energy Storage On Both Sides Of The Meter” →

Ask Hackaday: Is It Time For Waste Heat And Cold Area Heating To Shine?

April 12, 2022 by Jenny List 82 Comments

It’s difficult to escape the topic of energy supply at the moment, with the geopolitical situation surrounding the invasion of Ukraine leaving the natural gas supply to an entire continent in jeopardy. Fortunately we’re watching the green shoots of an early spring here in the Northern hemisphere so the worst of the winter weather is behind us, but industrial customers can take no such solace from the season and will have to weather whatever price hikes are to come. Every alternative idea for energy supply is on the table, and with the parallel imperative of decarbonising the economy this goes beyond the short term into a future without so much need to rely on gas.

The Future is Cloudy

A district heating plant in Vienna, Austria. Joadl, CC BY-SA 3.0 AT

A collaboration between a Finnish district heating network and Microsoft caught our eye because the location of a new data centre for the tech giant was chosen specifically to supply waste heat to the network, rather than releasing it to the environment. It’s not uncommon at all for European cities to use district heating networks but they are normally supplied by waste incinerators, boilers, or combined heat and power stations. The use of data centre waste heat is a novelty, as is in particular the siting of the data centre being dictated by the network.
Continue reading “Ask Hackaday: Is It Time For Waste Heat And Cold Area Heating To Shine?” →

Review: Vizy Linux-Powered AI Camera

April 11, 2022 by Donald Papp 14 Comments

Vizy is a Linux-based “AI camera” based on the Raspberry Pi 4 that uses machine learning and machine vision to pull off some neat tricks, and has a design centered around hackability. I found it ridiculously simple to get up and running, and it was just as easy to make changes of my own, and start getting ideas.

Person and cat with machine-generated tags identifying them — Out of the box, Vizy is only a couple lines of Python away from being a functional Cat Detector project.

I was running pre-installed examples written in Python within minutes, and editing that very same code in about 30 seconds more. Even better, I did it all without installing a development environment, or even leaving my web browser, for that matter. I have to say, it made for a very hacker-friendly experience.

Vizy comes from the folks at Charmed Labs; this isn’t their first stab at smart cameras, and it shows. They also created the Pixy and Pixy 2 cameras, of which I happen to own several. I have always devoured anything that makes machine vision more accessible and easier to integrate into projects, so when Charmed Labs kindly offered to send me one of their newest devices, I was eager to see what was new.

I found Vizy to be a highly-polished platform with a number of truly useful hardware and software features, and a focus on accessibility and ease of use that I really hope to see more of in future embedded products. Let’s take a closer look.

Continue reading “Review: Vizy Linux-Powered AI Camera” →

2022 Hackaday Prize Hack Chat

April 11, 2022 by Dan Maloney 23 Comments

Join us on Wednesday, April 13 at noon Pacific for the 2022 Hackaday Prize Hack Chat with Majenta Strongheart!

Let’s face it: this world is pretty broken right now. From environmental crisis to disease and famine, shortages of just about everything, infrastructure failures, not to mention wars and social breakdown, things are getting pretty hairy out there. While it’s tempting to just curl up and pretend everything is good, that’s probably not going to work as even a short-term plan.

Luckily, we hackers are uniquely positioned for situations like this. After all, we fix stuff, and we’re certainly living in a target-rich environment of stuff that needs fixing. What’s more, nothing gives us as much fulfillment as taking a situation that everyone else thinks is beyond help and turning it into a solved problem.

These are the times that people like us can really shine, and the 2022 Hackaday Prize is the perfect forum for that. With this year’s theme of Sustainability, Resiliency, and Circularity, there’s plenty of scope for all of us to make a contribution. To help us get kicked off, Majenta Strongheart, Head of Design and Partnerships at Supplyframe, will drop by the Hack Chat with all the details on this year’s Prize.

Come prepared to pick her brain on how the Prize is going to work this year, find out about the different challenge opportunities, and learn everything there is to know about this year’s competition. It’s the Greatest Hardware Design Challenge on Earth, and we need it now more than ever.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, April 13 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.