This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
In the past two weeks, Log4j has continued to drive security news, with more vulnerable platforms being found, and additional CVEs coming out. First up is work done by TrendMicro, looking at electric vehicles and chargers. They found a log4j attack in one of the published charger frameworks, and also managed to observe evidence of vulnerability in the Tesla In-Vehicle Infotainment system. It isn’t a stretch to imagine a piece of malware that could run on both a charger, and an EV. And since those systems talk to each other, they could spread the virus through cars moving from charger to charger.
Log4j is now up to 2.17.1, as there is yet another RCE to fix, CVE-2021-44832. This one is only scored a 6.6 on the CVSS scale, as opposed to the original, which weighed in at a 10. 44832 requires the attacker to first exert control over the Log4j configuration, making exploitation much more difficult. This string of follow-on vulnerabilities demonstrates a well-known pattern, where a high profile vulnerability attracts the attention of researchers, who find other problems in the same code.
There are now reports of Log4j being used in Conti ransomware campaigns. Additionally, a Marai-based worm has been observed. This self-propagating attack seems to be targeting Tomcat servers, among others.
You know how when you’re working on a project, other side quests pop up left and right? You can choose to handle them briefly and summarily, or you can dive into them as projects in their own right. Well, Uri Shaked is the author of Wokwi, an online Arduino simulator that allows you to test our your code on emulated hardware. (It’s very, very cool.) Back in the day, Arduino meant AVR, and he put in some awesome effort on reverse engineering that chip in order to emulate it successfully. But then “Arduino” means so much more than just AVR these days, so Uri had to tackle the STM32 ARM chips and even the recent RP2040.
Arduino runs on the ESP32, too, so Uri put on his reverse engineering hat (literally) and took aim at that chip as well. But the ESP32 is a ton more complicated than any of these other microcontrollers, being based not only on the slightly niche Xtensa chip, but also having onboard WiFi and its associated binary firmware. Reverse engineering the ESP32’s WiFi is the side-quest that Uri embarks on, totally crushes, and documents for us in this standout Remoticon 2021 talk. Continue reading “Remoticon 2021: Uri Shaked Reverses The ESP32 WiFi”→
Bluster around the advent of self-driving cars has become a constant in the automotive world in recent years. Much is promised by all comers, but real-world results – and customer-ready technologies – remain scarce on the street.
Today, we’ll dive in and take a look at the current state of play. What makes a self-driving car, how close are the main players, and what can we expect to come around the corner?
At the time of this writing, the James Webb Space Telescope was perched upon its ride to space, ready for its much-delayed launch from the ESA spaceport in French Guiana. The $10 billion space observatory suffered one final delay (knocks on wood) when predictions of high winds aloft pushed it back from a Christmas Eve launch to a Christmas Day departure, at 12:20 UTC. Given the exigencies of the day, we doubt we’ll be able to watch the launch live — then again, past experience indicates we’ll still be wrapping presents at 4:20 PST. Either way, here’s hoping that everything comes off without a hitch, and that astronomers get the present they’ve been waiting many, many Christmases for.
In other space news, things are getting really interesting on Mars. The ESA announced that their ExoMars Trace Gas Orbiter has detected signs of water in the Valles Marineris. The satellite found a large area of increased hydrogen concentration in the top meter of Martian soil; the assumption is that the hydrogen comes from water, meaning that as much as 40% of the material in the region scanned may be water. If so, that’s a huge find, as we thought most of Mars’ water was locked in the polar regions. The Mariner Valley stretches more than 4,000 km just below the equator, and so may prove to be an important resource for future explorers.
Meanwhile, in Jezero crater, Perseverance has decided to upstage its rotorcraft sidekick for a change by finding signs of organic molecules on Mars. It’s not the first time organic compounds have been found — Perseverance’s cousin Curiosity found some too, ESA’s Mars Express mission spotted methane from on high, and then there were the equivocal but intriguing results from the Viking missions in the 1970s. But the latest evidence is really great news for the scientists who picked Jezero crater as a likely place to search for signs of past life on Mars. The organics found are not proof of life by any means, as there are many ways to make organic molecules abiotically. But then again, if you’re going to find evidence of life on Mars, you’ve got to start with detecting organics.
Back on Earth, getting your laptop stolen would be bad enough. But what if it got yoinked while it was unlocked? Depending on who you are and what you do with that machine, it could be a death sentence. That’s where BusKill could come in handy. It’s a hardware-software approach to securing a laptop when it — or you — suddenly goes missing. A dongle with a breakaway magnetic lanyard gets plugged into a USB port, and the other end of the lanyard gets attached to your person. If you get separated from your machine, the dongle sends customizable commands to either lock the screen or, for the sufficiently paranoid, nuke the hard drive. The designs are all up on GitHub, so check it out and think about what else this could be useful for.
If you like the look of low-poly models but hate the work involved in making them, our friend and Hack Chat alumnus Andrew Sink came up with a solution: an online 3D low-poly generator. The tool is pretty neat; it uses three.js and runs completely in-browser. All you have to do is upload an STL file and set sliders to get rid of as many triangles as you want. Great stuff, and fun to play with even if you don’t need to decimate your polygons.
And finally, what have you done with your oscilloscope for the last three years? Most of us can’t answer that except in the vaguest of terms, but then there’s DrTune, who took three years’ worth of screencaps from this Rigol DS1054z and strung them together into a 60-second movie. He swears he didn’t purposely sync the video to the soundtrack, which is “Flight of the Bumblebee” by Rimsky-Korsakov, but in some places it’s just perfect. See if you can guess what DrTune has been working on by watching the waveforms fly by. And watch for Easter eggs.
It’s a holiday weekend, and the Podcast is taking a break until 2022. But that can’t stop Hackaday’s Elliot Williams from giving out a t-shirt to the winner of last week’s What’s That Sound.
For many DIY hardware projects, the most movement it’s likely to see is when we pick the assembled unit up off the workbench and carry it to wherever it’s destined to spend the rest of its functional life. From weather sensors to smart mirrors, there’s a huge array of devices that don’t need to move one millimeter to function. But eventually, you’re likely to run into a project that’s a bit more dynamic. Maybe you’d like to motorize your window shades, or go all out and build a remote controlled rover. With these more active designs comes a whole slew of new problems you may never have encountered before.
Luckily for us, folks like Jeremy Fielding are out there and willing to share their knowledge. In his fascinating presentation for the 2021 Hackaday Remoticon, Building Hardware that Moves: the Fundamentals that Everyone Should Know, he took viewers on a whirlwind tour of what he’s learned about designing and building complex machines from his years of professional experience. Whether its a relatively simple articulated workbench for the shop, a gargantuan earthmoving machine, or a high-dexterity robotic arm, each project he’s worked on has presented unique challenges that needed to be solved.
Not all of Jeremy’s machines will fit in your average workshop.
A lot of the projects that Jeremy has worked on are on a much larger scale than what your average hobbyist is ever going to run into. When there’s an arrow pointing out the tiny human in a picture of you and the machine you’re currently working on, you know things are getting serious. But as anyone who’s watched his YouTube videos knows, he’s got a real knack for taking these high-level concepts and distilling them into something more digestible for the home gamer.
If you’ve spent any time around the modified car scene in the last few years, you’ve probably heard about E85. Maybe you’ve even noticed a sweet smell emanating from the pitlane, or heard people cracking jokes about “corn juice.”
The blended fuel, which combines alcohol and traditional gasoline, can have significant performance benefits if used properly. Today, we’ll explore what those are, and how you can set your ride up to run on E85.
