New Part Day: LED Driver Is FPGA Dev Board In Disguise

January 24, 2020 by Elliot Williams 51 Comments

Our new part of the day is the ColorLight 5A-75B, a board that’s meant to drive eight of those ubiquitous high-density color LED panels over gigabit Ethernet. If you were building a commercial LED wall, you’d screw a bunch of the LED panels together, daisy-chain a bunch of these boards to drive them, supply power, and you’d be done. Because of that high-volume application, these boards are inexpensive, around $15 each, and available as quickly as you can get stuff shipped from China.

But we’re not here to talk commercial applications. Managing fast Ethernet and pushing so many pixels in real time is a task best handled by an FPGA, and [Tom Verbeure] noticed that these things were essentially amazing FPGA development boards and started hacking on them. [q3k] put it up on GitHub, and you can follow along with the chubby75 reverse engineering project to dig into their secrets.

While the first generations of these boards used the old-standby Spartan 6, things got interesting for fans of open FPGA tools when newer versions were found using the Lattice ECP5-25 chips, the little brother of the stonking big chip [Sprite_TM] used on the 2019 Hackaday Supercon badge. If you want to grab one you’re looking for ColorLight boards marked with revision 6 or 7 as of this writing.

What does this mean? For the price of a gourmet hamburger, you get an FPGA that’s big enough to run a RISC-V softcore, two 166 MHz, 2 MB SDRAMS, flash for the FPGA bitstream, a bazillion digital outputs on 5 V level shifters, and two gigabit Ethernet ports. The JTAG port is broken out in 0.1″ headers, and it works with OpenOCD, which is ridiculously convenient. How’s that for a well-stocked budget FPGA dev board that’s served by a completely open toolchain? Continue reading “New Part Day: LED Driver Is FPGA Dev Board In Disguise” →

Hackaday Podcast 051: Pointing With Your Tongue, C64 Touchpad, USB Killcord, And Audacity Does Everything

January 24, 2020 by Mike Szczys 2 Comments

Hackaday editors Mike Szczys and Elliot Williams sort through the hacks you might have missed over the past seven days. In FPGA hacking news, there’s a ton of work being done on a newly discovered FPGA dev board. Kristina has a new column on input devices, kicking it off with tongue-actuated controllers. We wax philosophical about what data you need to backup and what you should let go. Plus Audacity is helping tune up CNC machines, copper tape is the prototyper’s friend, and fans of Open should take note of this laptop project.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 051: Pointing With Your Tongue, C64 Touchpad, USB Killcord, And Audacity Does Everything” →

This Week In Security: Chrome Speech Bug, UDP Fragmentation, And The Big Citrix Vulnerability

January 24, 2020 by Jonathan Bennett 5 Comments

A critical security bug was fixed in Chrome recently, CVE-2020-6378. The CVE report is still marked private, as well as the bug report. All we have is “Use-after-free in speech recognizer”. Are we out of luck, trying to learn more about this vulnerability? If you look closely at the private bug report, you’ll notice it’s in the Chromium bug tracker. Chrome is based primarily on the Chromium project, with a few proprietary features added. Since Chromium is open source, we can go find the code change that fixed this bug, and possibly learn more about it.

Off to the Chromium source, mirrored on Github. We could look at every commit, and eventually find the one we’re looking for, but Chromium commit messages usually include a reference to the bug that is fixed by that commit. So, we can use Github’s search function to find a commit that mentions 1018677. Just like that, we’ve found a single commit and more information.

The shutdown mentioned in the commit message is possibly referring to the browser being closed, but could also refer to the tab doing the speech recognizing, or even the speech system itself. Because multiple parts are being unloaded in parallel, there is a race condition between calling the abort object, and that object being unloaded from memory. This race can result in a classic use-after-free, jumping code execution to a memory location that’s already been freed.

All interesting, but how does this warrant a Critical rating? Enter the Web Speech API. I’m speculating just a bit, but it’s likely that this API uses the speech recognizer code in question. It may even be interacting with the security prompt that triggers the crash. Imagine that an attacking page attempts to use the speech API, and then releases the API object before the user can respond to the prompt. That *might* be the scenario that was discovered, though we’re deep into speculation, now. Continue reading “This Week In Security: Chrome Speech Bug, UDP Fragmentation, And The Big Citrix Vulnerability” →

The Truth Is In There: The Art Of Electronics, The X-Chapters

January 23, 2020 by Ted Yapo 41 Comments

If you’ve been into electronics for any length of time, you’ve almost certainly run across the practical bible in the field, The Art of Electronics, commonly abbreviated AoE. Any fan of the book will certainly want to consider obtaining the latest release, The Art of Electronics: The x-Chapters, which follows the previous third edition of AoE from 2015. This new book features expanded coverage of topics from the previous editions, plus discussions of some interesting but rarely traveled areas of electrical engineering.

For those unfamiliar with it, AoE, first published in 1980, is an unusually useful hybrid of textbook and engineer’s reference, blending just enough theory with liberal doses of practical experience. With its lively tone and informal style, the book has enabled people from many backgrounds to design and implement electronic circuits.

After the initial book, the second edition (AoE2) was published in 1989, and the third (AoE3) in 2015, each one renewing and expanding coverage to keep up with the rapid pace of the field. I started with the second edition and it was very well worn when I purchased a copy of the third, an upgrade I would recommend to anyone still on the fence. While the second and third books looked a lot like the first, this new one is a bit different. It’s at the same time an expanded discussion of many of the topics covered in AoE3 and a self-contained reference manual on a variety of topics in electrical engineering.

I pre-ordered this book the same day I learned it was to be published, and it finally arrived this week. So, having had the book in hand — almost continuously — for a few days, I think I’ve got a decent idea of what it’s all about. Stick around for my take on the latest in this very interesting series of books.

Continue reading “The Truth Is In There: The Art Of Electronics, The X-Chapters” →

P-51 Cockpit Recreated With Help Of Local Makerspace

January 22, 2020 by Dan Maloney 22 Comments

It’s surprisingly easy to misjudge tips that come into the Hackaday tip line. After filtering out the omnipresent spam, a quick scan of tip titles will often form a quick impression that turns out to be completely wrong. Such was the case with a recent tip that seemed from the subject line to be a flight simulator cockpit. The mental picture I had was of a model cockpit hooked to Flight Simulator or some other off-the-shelf flying game, many of which we’ve seen over the years.

I couldn’t have been more wrong about the project that Grant Hobbs undertook. His cockpit simulator turned out to be so much more than what I thought, and after trading a few emails with him to get all the details, I felt like I had to share the series of hacks that led to the short video below and the story about how he somehow managed to build the set despite having no previous experience with the usual tools of the trade.

Continue reading “P-51 Cockpit Recreated With Help Of Local Makerspace” →

Fail Of The Week: Padlock Purports To Provide Protection, Proves Pathetic

January 21, 2020 by Dan Maloney 49 Comments

Anyone in the know about IoT security is likely to steer clear of a physical security product that’s got some sort of wireless control. The list of exploits for such devices is a long, sad statement on security as an afterthought, if at all. So it’s understandable if you think a Bluetooth-enabled lock is best attacked via its wireless stack.

As it turns out, the Master 5440D Bluetooth Key Safe can be defeated in a few minutes with just a screwdriver. The key safe is the type a realtor or AirBnB host would use to allow access to a property’s keys. [Bosnianbill] embarked on an inspection of the $120 unit, looking for weaknesses. When physical attacks with a hammer and spoofing the solenoids with a magnet didn’t pay off, he decided to strip off the resilient skin that Master so thoughtfully provided to prevent the box from marring the finish of a door or gate. The denuded device thus revealed its awful secret: two Phillips screws, each securing a locking shackle to the cover. Once those are loose, a little prying with a screwdriver is all that’s need to get the keys to the kingdom.

In a follow-up video posted later, [Bill] took a closer look at another key safe and found that Master had made an anemic effort to fix this vulnerability with a squirt of epoxy in each screw head. It’s weak, at best, since a tap with a hammer compresses the gunk enough to get a grip on the screw.

We really thought [Bosnianbill]’s attack would be electronic, like that time [Dave Jones] cracked a safe with an oscilloscope. Who’d have thought a screwdriver would be the best way past the wireless stack?

Continue reading “Fail Of The Week: Padlock Purports To Provide Protection, Proves Pathetic” →

Teardown: BilBot Bluetooth Robot

January 20, 2020 by Tom Nardi 16 Comments

Historically, the subject of our January teardown has been a piece of high-tech holiday lighting from the clearance rack; after all, they can usually be picked up for pocket change once the trucks full of Valentine’s Day merchandise start pulling up around the back of your local Big Box retailer. But this year, we’ve got something a little different.

Today we’re looking at the BilBot Bluetooth robot, which over the holidays was being sold at Five Below for (you guessed it) just $5 USD. These were clearly something the company hoped to sell a lot of, with stacks of the little two-wheeled bots in your choice of white and yellow livery right by the front door. With wireless control from your iOS or Android device, and intriguing features like voice command, I’d be willing to bet they managed to move quite a few of these at such a low price.

For folks like us, it can be hard to wrap our minds around a product like this. It must have a Bluetooth radio, some kind of motor controller, and of course the motors and gears themselves. Yet they can sell it for the price of a budget hamburger and still turn a profit. If you wanted to pick up barebones robotics platform, with just a couple gear motors and some wheels, it would cost more than that. The economies of scale are a hell of a thing.

Which made me wonder, could hackers take advantage of this ultra-cheap robot for our own purposes? It’s pretty much a given that the software for this robot will be terrible, and that whatever control electronics live inside it will be marginal at best. But what if we write those off and just look at the BilBot as a two-wheeled platform to carry our own electronics? It’s certainly worth $5 to find out.

Continue reading “Teardown: BilBot Bluetooth Robot” →