Hackaday Podcast 115: AI Is Bad At Linux Terminal, Puppeting Pico In Python, 3D Scanning Comes Up Short

Hackaday editors Mike Szczys and Elliot Williams pull back the curtain on a week of excellent hacks. We saw an awesome use of RGB LEDs as a data channel on a drone, and the secrets of an IP camera’s OS laid bare with some neat reverse engineering tools. There’s an AI project for the Linux terminal that guesses at the commands you actually want to run. And after considering how far autopilot has come in the aerospace industry, we jump into a look at the gotchas you’ll find when working with models of 3D scanned objects.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~60 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 115: AI Is Bad At Linux Terminal, Puppeting Pico In Python, 3D Scanning Comes Up Short”

This Week In Security: NAME:WRECK, Signal Hacks Back, Updates, And More

NAME:WRECK is a collection of vulnerabilities in DNS implementations, discovered by Forescout and JSOF Research. This body of research can be seen as a continuation of Ripple20 and AMNESIA:33, as it builds on a class of vulnerability discovered in other network stacks, problems with DNS message compression.

Their PDF Whitepaper contains a brief primer on the DNS message format, which is useful for understanding the class of problem. In such a message, a DNS name is encoded with a length-value scheme, with each full name ending in a null byte. So in a DNS Request, Hackaday.com would get represented as [0x08]Hackaday[0x03]com[0x00]. The dots get replaced by these length values, and it makes for an easily parsable format.

Very early on, it was decided that continually repeating the same host names in a DNS message was wasteful of space, so a compression scheme was devised. DNS compression takes advantage of the maximum host/domain length of 63 characters. This max size means that the binary representation of that length value will never contain “1”s in the first two digits. Since it can never be used, length values starting with a binary “11” are used to point to a previously occurring domain name. The 14 bits that follow this two bit flag are known as a compression pointer, and represent a byte offset from the beginning of the message. The DNS message parser pulls the intended value from that location, and then continues parsing.

The problems found were generally based around improper validation. For example, the NetX stack doesn’t check whether the compression pointer points at itself. This scenario leads to a tight infinite loop, a classic DoS attack. Other systems don’t properly validate the location being referenced, leading to data copy past the allocated buffer, leading to remote code execution (RCE). FreeBSD has this issue, but because it’s tied to DHCP packets, the vulnerability can only be exploited by a device on the local network. While looking for message compression issues, they also found a handful of vulnerabilities in DNS response parsing that aren’t directly related to compression. The most notable here being an RCE in Seimens’ Nucleus Net stack. Continue reading “This Week In Security: NAME:WRECK, Signal Hacks Back, Updates, And More”

Hands-On With PineCube: An Open IP Camera Begging For Better Kernel Support

When the PineCube was announced by the Pine64 project in 2020, it created a fair bit of interest. Most of this was due to the appeal of a single-board computer (SBC) in a network-based (IP) camera form factor with integrated camera module, for a mere $29.99. Add an enclosure to it, and you would have a neat little package combining a 5 MP camera module with 100 Mbit Ethernet and WiFi. As a bonus, the system could be powered either via an optional battery pack as well as passive PoE, in addition to MicroUSB.

A few weeks ago I bought two of these boards, as part of a client project, and set out to use it for a custom IP camera implementation. With existing Linux-on-SBC and MIPI (CSI) camera experience on my end ranging from the Raspberry Pi to the Odroid, Orange Pi and Banana Pi boards, I felt fairly confident that I could make it work with minimal fuss.

Unfortunately, my experiences were anything but positive. After spending many hours with the PineCube, I’m not able to recommend it for those seeking an IP camera. There are many reasons for this, which I’ll try to explain in this article.

Continue reading “Hands-On With PineCube: An Open IP Camera Begging For Better Kernel Support”

Hacking An Air Assist For The Ortur Laser

Getting great results from a laser cutter takes a bit of effort to make sure all of the settings are just right. But even then, if the air between the material and the laser source is full of smoke and debris it will interfere with the laser beam and throw off the results. The solution is to add air assist which continuously clears that area.

Earlier this year I bought an Ortur laser engraver/cutter and have been hacking on it to improve the stock capabilities. last month I talked about putting a board under the machine and making the laser move up and down easily. But I still didn’t have an air assist. Since then I found a great way to add it that will work for many laser cutter setups.

I didn’t design any of these modifications, but I did alter them to fit my particular circumstances. You can find my very simple modifications to other designs on Thingiverse. You’ll also find links to the original designs and you’ll need them for extra parts and instructions, too. It is great to be able to start with work from talented people and build on each other’s ideas.

Continue reading “Hacking An Air Assist For The Ortur Laser”

BMW Pushing Hard For Solid-State Battery Tech; Plans Demo By 2025

Plenty of development is ongoing in the world of lithium batteries for use in electric vehicles. Automakers are scrapping for every little percentage gain to add a few miles of range over their competitors, with efforts to reduce charging times just as frantic as well.

Of course, the real win would be to succeed in bringing a bigger, game-changing battery to market. Solid state batteries fit the bill, potentially offering far greater performance than their traditional lithium counterparts. BMW think there’s merit in the technology, and have announced they intend to show off a solid-state battery vehicle by 2025.

Continue reading “BMW Pushing Hard For Solid-State Battery Tech; Plans Demo By 2025”

Art of 3D printer in the middle of printing a Hackaday Jolly Wrencher logo

What To Expect From 3D Scanning, And How To Work With It

3D scanning and 3D printing may sound like a natural match for one another, but they don’t always play together as easily and nicely as one would hope. I’ll explain what one can expect by highlighting three use cases the average hacker encounters, and how well they do (or don’t) work. With this, you’ll have a better idea of how 3D scanning can meet your part design and 3D printing needs.

How Well Some Things (Don’t) Work

Most 3D printing enthusiasts sooner or later become interested in whether 3D scanning can make their lives and projects easier. Here are a three different intersections of 3D scanning, 3D printing, and CAD along with a few words on how well each can be expected to work.

Goal Examples and Details Does it work?
Use scans to make copies of an object.
  • 3D scan something, then 3D print copies.
  • Objects might be functional things like fixtures or appliance parts, or artistic objects like sculptures.
Mostly yes, but depends on the object
Make a CAD model from a source object.
  • The goal is a 1:1 model, for part engineering purposes.
  • Use 3D scanning instead of creating the object in CAD.
Not Really
Digitize inconvenient or troublesome shapes.
  • Obtain an accurate model of complex shapes that can’t easily be measured or modeled any other way.
  • Examples: dashboards, sculptures, large objects, objects that are attached to something else or can’t be easily moved, body parts like heads or faces, and objects with many curves.
  • Useful to make sure a 3D printed object will fit into or on something else.
  • Creating a CAD model of a part for engineering purposes is not the goal.
Yes, but it depends

In all of these cases, one wants a 3D model of an object, and that’s exactly what 3D scanning creates, so what’s the problem? The problem is that not all 3D models are alike and useful for the same things.

Continue reading “What To Expect From 3D Scanning, And How To Work With It”

AVR Reverse Engineering Hack Chat

Join us on Wednesday, April 21 at noon Pacific for the AVR Reverse Engineering Hack Chat with Uri Shaked!

We’ve all become familiar with the Arduino ecosystem by now, to the point where it’s almost trivially easy to whip up a quick project that implements almost every aspect of its functionality strictly in code. It’s incredibly useful, but we tend to lose sight of the fact that our Arduino sketches represent a virtual world where the IDE and a vast selection of libraries abstract away a lot of the complexity of what’s going on inside the AVR microcontroller.

While it’s certainly handy to have an environment that lets you stand up a system in a matter of minutes, it’s hardly the end of the story. There’s a lot to be gained by tapping into the power of assembly programming on the AVR, and learning how to read the datasheet and really run the thing. That was the focus of Uri Shaked’s recent well-received HackadayU course on AVR internals, and it’ll form the basis of this Hack Chat. Then again, since Uri is also leading a Raspberry Pi Pico and RP2040 course on HackadayU in a couple of weeks, we may end up talking about that too. Or we may end up chatting about something else entirely! It’s really hard to where this Hack Chat will go, given Uri’s breadth of interests and expertise, but we’re pretty sure of one thing: it won’t be boring. Make sure you log in and join the chat — where it goes is largely up to you.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, April 21 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
Continue reading “AVR Reverse Engineering Hack Chat”