Hackaday Columns

4662 Articles

This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.

Hacking Is Hacking

January 15, 2022 by 5 Comments

Tom Nardi and I had a good laugh this week on the Podcast when he compared the ECU hacks that enabled turning a VW with steering assist into a self-driver to a hack last week that modified a water cooler to fill a particular cup. But it’s actually no joke — some of the very same techniques are used in both efforts, although the outcome of one is life-and-death, and the other is just some spilled ice-cold water.

This reminded me of Travis Goodspeed’s now-classic talk “In Praise of Junk Hacking” from way back in 2016. For background, this was a time when IoT devices and their security were in their relative infancy, and some members of the security community were throwing shade on the dissection of “mere” commercial crap. (Looked back on from today, where every other member of a Botnet is an IP camera, that argument didn’t age well.)

Travis’ response was that hacking on junk lets us focus on the process — the hack itself — rather than getting distracted by the outcome. Emotions run high when a security flaw affects millions of individuals, but when it’s a Tamagotchi or a pocket calculator, well, it doesn’t really matter, so you focus on the actual techniques. And as Travis points out, many of these techniques learned on junk will be useful when it counts. He learned about methods to defeat address-space randomization, for instance, from an old hack on the TI-85 calculator, which garbage-collected the variables that needed to be overwritten.

So I had junk hacking in the back of my mind when I was re-watching Hash Salehi’s great talk on his work reverse engineering smart meters. Funnily enough, he started off his reverse engineering journey eleven years ago with work on a robot vacuum cleaner’s LIDAR module. Junk hacking, for sure, but the same techniques taught him to work on devices that are significantly more serious. And in the craziest of Hackaday synergies, he even hat-tipped Travis’ talk in his video! Hacking is hacking!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
Art of 3D printer in the middle of printing a Hackaday Jolly Wrencher logo

3D Printering: Getting Started With Universal Bed Leveling

January 14, 2022 by 10 Comments

Last time we talked about how Marlin has several bed leveling mechanisms including unified bed leveling or UBL. UBL tries to be all things to all people and has provisions to create dense meshes that model your bed and provides ways for you to adjust and edit those meshes.

We talked about how to get your printer ready for UBL last time, but not how to use it while printing. For that, you’ll need to create at least one mesh and activate it in your startup code. You will also want to correctly set your Z height to make everything work well. Continue reading “3D Printering: Getting Started With Universal Bed Leveling”

Hackaday Podcast 151: The Hackiest VR Glove, Plotting Boba Fett With Shoelaces, ECU Hacking, And Where Does Ammonia Come From?

January 14, 2022 by No comments

Hackaday Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi are back again to talk about all the weird and wonderful stories from our corner of the tech world. Canon had to temporarily give up on chipping their ink cartridges due to part shortages, and that’s just too perfect to ignore. There’s also some good news for the International Space Station as the White House signals they’re ready to support the orbiting outpost until 2030.

We’ll also look at an extremely promising project to deliver haptic feedback for VR, programming bare-metal x86 with the Arduino IDE, and the incredible reverse engineering involved in adding a DIY autonomous driving system to a 2010 Volkswagen Golf. Finally we’ll find out why most of the human life on this planet depends on a process that many people have never heard of, and learn about the long history of making cars heavier than they need to be.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 151: The Hackiest VR Glove, Plotting Boba Fett With Shoelaces, ECU Hacking, And Where Does Ammonia Come From?”

This Week In Security: NPM Vandalism, Simulating Reboots, And More

January 14, 2022 by 33 Comments

We’ve covered quite a few stories about malware sneaking into NPM and other JavaScript repositories. This is a bit different. This time, a JS programmer vandalized his own packages. It’s not even malware, perhaps we should call it protestware? The two packages, colors and faker are both popular, with a combined weekly download of nearly 23 million. Their author, [Marak] added a breaking update to each of them. These libraries now print a header of LIBERTY LIBERTY LIBERTY, and then either random characters, or very poor ASCII art. It’s been confirmed that this wasn’t an outside attacker, but [Marak] breaking his own projects on purpose. Why?

It seems like this story starts back in late 2020, when [Marak] lost quite a bit in a fire, and had to ask for money on Twitter. Edit: Thanks to commenter [Jack Dansen] for pointing out an important detail that was missing. Marak was charged for reckless endangerment, and was suspected for possible terrorism aspirations, as bomb-making materials were found in his burned-out apartment. Two weeks later, he tweeted that billions were being made off open source devs’ work, citing a FAANG leak. FAANG is a reference to the big five American tech companies: Facebook, Apple, Amazon, Netflix, and Google. The same day, he opened an issue on Github for faker.js, throwing down an ultimatum: “Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it.”
Continue reading “This Week In Security: NPM Vandalism, Simulating Reboots, And More”

Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter

January 13, 2022 by 27 Comments

Smart meters form mesh networks among themselves and transmit your usage data all around. Some of them even allow the power company to turn off your power remotely, through the mesh. You might want to know if any of this information is sensitive, or if the power shutdown system has got glaring security flaws and random people could just turn your house off. Hash Salehi has set out to get inside these meters, and luckily for the rest of us, he was kind enough to share his findings during Remoticon 2021. It’s a journey filled with wonderful tidbits about GNU Radio, embedded devices, and running your own power company inside a Faraday cage.

The smart meter in question is deployed by a power company known as Oncor in the Dallas, Texas, area. These particular meters form an extensive mesh network using a ZigBee module onboard that allows them to to pass messages amongst themselves that eventually make their way to a collector or aggregator to be uploaded to a more central location. Hash obtained his parts via everyone’s favorite online auction house and was surprised to see how many parts were available. Then, with parts in hand, he began all the usual reverse engineering tricks: SDR, Faraday cages, flash chip readers, and recreating the schematic. Continue reading “Remoticon 2021 // Hash Salehi Outsmarts His Smart Meter”

It's a keyboard!

The Charachorder Keyboard Is Too Fast For Competition

January 12, 2022 by 50 Comments

We interrupt the flow of Keebin’ with Kristina to bring you this special bulletin. When three different people alert you to a keyboard within 48 hours or so, it calls for more than just a paragraph in the roundup column. So here are several paragraphs, an animated GIF, and some extended commentary about the Charachorder, a new kind of input that came up through Kickstarter in 2021.

Driving this hype train are some short viral videos that show the founder hitting 500+ WPM on this crazy thing. FYI, that is fast enough to get you banned from typing competitions, including the monkeytype leaderboard. Those apes forbid chorded input altogether, and automatically throw out entries above 300 WPM. It acheives these insane speeds through clever mechanical design and, of course, firmware.

Continue reading “The Charachorder Keyboard Is Too Fast For Competition”

Art of 3D printer in the middle of printing a Hackaday Jolly Wrencher logo

3D Printering: Soldering A Heated Bed

January 11, 2022 by 62 Comments

There’s an old saying about something being a “drop in the ocean.” That’s how I felt faced with the prospect of replacing a 12 V heated bed on my printer with a new 24 V one. The old bed had a nice connector assembled from the factory, although I had replaced the cable long ago due to heating issues with that particular printer. The new bed, however, just had bare copper pads.

I’m no soldering novice: I made my first solder joint sometime in the early 1970s. So I felt up to the challenge, but I also knew I wouldn’t be able to use my usual Edsyn iron for a job like this. Since the heated bed is essentially a giant heatsink for these pads, I knew it would require the big guns. I dug out my old — and I mean super old — Weller 140 W soldering gun. Surely, that would do the trick, right?

Continue reading “3D Printering: Soldering A Heated Bed”