Get Hands-On At Supercon: Workshop Tickets Now Available

October 2, 2019 by Mike Szczys 13 Comments

Build something cool and pick up new skills from the workshops at the Hackaday Superconference. But decide right now, workshops will sell out and tickets to the conference itself are nearly gone.

You must have a Superconference ticket in order to purchase a workshop ticket; buy one right now if you haven’t already. We think this is “The Year of the FPGA” and we hope you do too — the badge is based on an FPGA running a RISC-V core and using Open Source tools. Try your hand at FPGA for the first time, hone your skills in the advanced course, or design synthesizer circuits using all of those gates in workshops using the badge itself.

But of course it’s not all about the badge. Jump into quantum computing, learn how to use living hinges in your 3D printed designs, sharpen your low-level C, and sit down at the Scanning Electron Microscope. You can brush up on capacitive touch design, learn about rolling-your-own USB devices, hack together a malicious hardware implant, and get your projects connected to the cloud.

Space in these workshops is limited so make sure to sign up before all the seats are taken. The base price for workshops is $15 (basically a “skin in the game” price to encourage those who register to show up). Any tickets priced above that base is meant to cover the material expense of the workshop. Here’s what we have planned:

Introduction to FPGA Hacking on the Supercon Badge

Piotr Esden-Tempski, Sylvain Munaut, Mike Walters, Sophi Kravitz

In this basic FPGA badge workshop you will get a quick introduction on how to add and program new virtual hardware on your Supercon badge. While a microcontroller always has a fixed set of hardware, the badge has an FPGA that can be reprogrammed and the RISC-V microcontroller inside the FPGA can be changed. In this workshop you will learn how to synthesize an existing IP core to your RISC-V core on the badge and how to use that new added hardware.

(To include as many people as possible, this workshop will be held in a least four identical sessions, please choose one.)

Introduction to Quantum Computing

Kitty Yeung

You’ll learn the basic physics and math concepts needed to get started with quantum computing. There will also be coding so please bring your computers. Instructions on installing Quantum Development Kit will be provided prior to the workshop.

USB Reverse Engineering: Ultra-Low-Cost Edition

Kate Temkin & Mikaela Szekely

Interested in learning more about the inner workings of USB? In this workshop we’ll cover some of the basic, low-level details of USB, then go into detail on how you can interact with (and create!) USB devices as a hobbyist, engineer, or hacker.

SEM Scan Electron Microscope

Adam McCombs

Come get hands-on with an Electron Microscope! In this workshop you will get a chance to get on console on a JEOL JSM-840 Scanning Electron Microscope (SEM) capable of resolving 5nm details. We’ll cover all aspects of running an SEM, be that setup and alignment, sample preparation, or imaging.

Logic Noise: Build Silly Synths in the FPGA Fabric of the Supercon Badge

Elliot Williams

Most FPGA programming classes start off with the basics of logic circuits and how they’re implemented in an FPGA, and then jump 30 years into the present where FPGA design consists of downloading someone else’s IP and ironing out the timing bugs. But not this one! We’re going to stay fully stuck in the past: playing around with the combinatorial logic possibilities inside the Superconference badge’s FPGA fabric to make glitchy musical instruments. If you followed Hackaday’s Logic Noise series, you know how to make crazy noisemakers by abusing silicon on breadboards. In this workshop, we’ll be coding up the silicon and the breadboard. Whoah.

Prototyping Malicious Hardware on the Cheap

Joe FitzPatrick

Alleged multi-million-dollar hardware attacks might catch headlines, but what can we DIY with limited time and budget? We’ll have all the tools you need to prototype, build, and test both the hardware and software of a custom malicious hardware implant.

Advanced FPGA Hacking on the Supercon Badge

Piotr Esden-Tempski

In this advanced FPGA badge workshop you will learn how to develop your own simple FPGA IP core. You already know how to program microcontrollers and how memory-mapped IO works, but you want to go beyond that and develop your own hardware? This class is an introduction on how to write, synthesize and add new hardware periphery on your Supercon badge.

Flexure Lecture: designing springy and bi-stable mechanisms

Amy Qian

Flexures are used all around us to provide simple spring force, constrain degrees-of-freedom of motion, make satisfying clicky sounds, and much more. In this workshop, you’ll learn about basic flexure design, see lots of examples of how you might use them in your future projects, and assemble your very own laser-cut gripper mechanism.

Microcontrollers the Hard Way: Blink Like a Pro

Shawn Hymel (sponsored by Digi-Key)

Registers, timers, and interrupts, oh my! Get those semicolon-punching fingers ready, because we’re writing some C. Arduino, MicroPython, CircuitPython, and MakeCode have been steadily making microcontrollers easier to use and more accessible for a number of years. While ease-of-use is thankfully making embedded systems available to anyone, it means that writing optimized code still remains somewhat of a mystery, buried beneath layers of abstraction. In this workshop, we’ll write a simple fading LED program using registers, timers, and interrupts in an AVR ATtiny microcontroller. This workshop will help you understand some of the low-level, inner workings of microcontrollers and start to write space efficient and computationally quick code.

DK IoT Studio Using the ST NUCLEO-L476RG Sensor Demo

Robert Nelson (sponsored by Digi-Key)

This workshop is about developing an end-to-end solution, from sensor to the cloud. Learn about all the different elements involved in the design, from the sensor, to the processor, to connectivity, cloud storage, and data visualization. Participants will learn to develop an IoT application using the ST NUCLEO-L476RG Development Board. Learn to use Digi-Key IoT Studio design environment to connect easily to the cloud and visualize your data in real time. The new tool has a graphical user interface that allows for easy drag-and-drop functionality. Participants will be able to send data to the cloud thru the development environment and visualize the data.

From Outdated to Outstanding: Easily Add a Touchpad to Your Next Design

TBD (sponsored by Microchip)

What if you could easily make your design more advanced, and let’s face it, cooler? You can, and we can show you how by replacing your old-school pushbuttons with capacitive touch buttons or touchpad! In this workshop, we will practice how to use Microchip’s graphic code generator to produce the code for a simple water-tolerant touchpad. The capacitive touch sensing expert from Microchip will also introduce some tips and tricks of how to lay out a touch button. Come and find out everything you need to know about adding a touch button to your next design!

Superconference workshops tend to sell out extremely quickly. Don’t wait to get your ticket.

Ask Hackaday: Does Your Car Need An Internet Killswitch?

October 1, 2019 by Lewin Day 103 Comments

Back in the good old days of carburetors and distributors, the game was all about busting door locks and hotwiring the ignition to boost a car. Technology rose up to combat this, you may remember the immobilizer systems that added a chip to the ignition key without which the vehicle could not be started. But alongside antitheft security advances, modern vehicles gained an array of electronic controls covering everything from the entertainment system to steering and brakes. Combine this with Bluetooth, WiFi, and cellular connectivity — it’s unlikely you can purchase a vehicle today without at least one of these built in — and the attack surface has grown far beyond the physical bounds of bumpers and crumple zones surrounding the driver.

Cyberattackers can now compromise vehicles from the comfort of their own homes. This can range from the mundane, like reading location data from the navigation system to more nefarious exploits capable of putting motorists at risk. It raises the question — what can be done to protect these vehicles from unscrupulous types? How can we give the user ultimate control over who has access to the data network that snakes throughout their vehicle? One possible solution I’m looking at today is the addition of internet killswitches.

Continue reading “Ask Hackaday: Does Your Car Need An Internet Killswitch?” →

Alternative Photography Hack Chat

September 30, 2019 by Dan Maloney 3 Comments

Join us on Wednesday, October 2 at noon Pacific for the Alternative Photography Hack Chat with Pierre-Loup Martin!

It seems like the physics of silicon long ago replaced the chemistry of silver as the primary means of creating photographs, to the point where few of us even have film cameras anymore, and home darkrooms are a relic of the deep past. Nobody doubts that the ability to snap a quick photo or even to create a work of photographic genius with a tiny device that fits in your pocket is a wonder of the world, but still, digital photographs can lack some of the soul of film photography.

Recapturing the look of old school photography is a passion for a relatively small group of dedicated photographers, who ply their craft with equipment and chemistries that haven’t been in widespread use for a hundred years. The tools of this specialty trade are hard to come by commercially, so practitioners of alternate photographic processes are by definition hackers, making current equipment bend to the old ways. Pierre-Loup is one such artist, working with collodion plates, hacked large-format cameras, pinholes camera, and chemicals and processes galore – anything that lets him capture a unique image. His photographs are eerie, with analog imperfections that Photoshop would have a hard time creating.

Join us as Pierre-Loup takes us on a tour through the world of alternative photography. We’ll look at the different chemistries used in alternative photography, the reasons why anyone would want to try it, and the equipment needed to pull it off. Photography was always a hack, until it wasn’t; Pierre-Loup will show us how he’s trying to put some soul back into it.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, October 2 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Here’s Your First Look At The Talks Of The 2019 Hackaday Superconference

September 27, 2019 by Mike Szczys 21 Comments

The ultimate hardware conference returns this November as the Hackaday Superconference springs to life in Pasadena, California. It is our pleasure to announce the first set of accepted speakers who have confirmed their appearances at Supercon. This reveal is only the tip of the iceberg, so keep your eye on Hackaday as we continue to reveal the rest of the exemplary talks and workshops that make up this year’s conference.

However, don’t wait to get your ticket. Yes, we sell out every year, but the pace of ticket sales has been much faster this year and soon they will all be gone. Don’t miss out, as you can see from the small sample below, Supercon will be packed with amazing people and you need to be one of them!

The Talks (Part One of Many)

Matthias Balwierz aka bitluni

Multimedia Fun with the Esp32

The ESP32 microcontroller is a beast! Everyone knows that already. Composite video and VGA are common now. But a few years ago these capabilities weren’t obvious. This talk will recap the journey of squeezing out every possible bit of performance to generate audio and video with the least amount of additional components. It’s a detail-packed discussion of the projects I’ve documented on my YouTube channel bitluni’s lab.
Sarah Kaiser

Hacking Quantum Key Distribution Hardware or How I Learned to Stop Worrying and Burn Things with Lasers

Quantum devices are the next big addition to the general computing and technology landscape. However, just like classical hardware, quantum hardware can be hacked. I will share some of my (successful) attempts to break the security of quantum key distribution hardware with the biggest laser I could find!

Mohit Bhoite

Building Free-Formed Circuit Sculptures

I’ll be talking about building free-formed circuit sculptures, and how anyone with the right tools can get involved in this art form. We’ll explore ways to make these sculptures interact with the environment around them or with the user.
Thea Flowers

Creating a Sega-Inspired Hardware Synthesizer from the Ground Up.

What makes the Sega Genesis sound chip unique? I’ll share some short history about why the Genesis happened at a very specific moment to have this sort of chip. I’ll talk about designing and building a synthesizer around it and the challenges I encountered by trying to do this as my first hardware project.

Helen Leigh

Sound Hacking and Music Technologies

I will explore the ways in which music is influenced by making and hacking, including a whistle-stop tour of some key points in music hacking history. This starts with 1940s Musique Concrete and Daphne Oram’s work on early electronic music at the BBC, and blossoms into the strange and wonderful projects coming out of the modern music hacker scenes, including a pipe organ made of Furbies, a sound art marble run, robotic music machines and singing plants.
Adam Zeloof

Thermodynamics for Electrical Engineers: Why Did My Board Melt (And How Can I Prevent It)?

In this presentation I will provide circuit designers with the foundation they need to consider thermal factors in their designs. Heat transfers through on-board components and knowing how to characterize this means we can choose the right heat sink for any application. Learn about free simulation tools that can be used to perform these analyses and boost your knowledge of thermodynamics and heat transfer (although those who are already familiar with the subject will find some utility in it as well).

Samy Kamkar

FPGA Glitching & Side Channel Attacks

I will explore some of the incredible work that has been done by researchers, academics, governments, and the nefarious in the realm of side channel analysis. We’ll inspect attacks that were once secret and costly, but now accessible to all of us using low cost hardware such as FPGAs. We’ll learn how to intentionally induce simple yet powerful faults in modern systems such as microcontrollers.
Daniel Samarin

Debugging Electronics: You Can’t Handle the Ground Truth!

Root-causing quickly is all about having the right tools, having the right infrastructure in place, and knowing how to use them. Is it the firmware, the circuit, a bad crimp, or backlash in the gears? I will outline strategies for finding out what the issue is, so that you can focus on fixing the right thing.

You Miss It, You’ll Miss It

If there’s any way you can make it to Supercon in person, you should. One of the two talk stages will be live-streamed, and the other recorded, but there is no substitute for hanging out with these eight awesome people, plus five hundred of our closest friends. Anyone who’s made it to the conference before can tell you that the intimate atmosphere is packed with opportunities to meet new people, connect with those you’ve only seen on the internet, and learn about the newest developments happening in the world of hardware creation. See you in November!

Hackaday Podcast 037: Two Flavors Of Robot Dog, Hacks That Start As Fitness Trackers, Clocks That Wound Themselves, And Helicopter Chainsaws

September 27, 2019 by Mike Szczys No comments

Hackaday Editors Mike Szczys and Elliot Williams take a look at the latest hacks from the past week. We keep seeing awesome stuff and find ourselves wanting to buy cheap welders, thermal camera sensors, and CNC parts. There was a meeting of the dog-shaped robots at ICRA and at least one of them has super-fluid movements. We dish on 3D printed meat, locking up the smartphones, asynchronous C routines, and synchronized clocks.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 037: Two Flavors Of Robot Dog, Hacks That Start As Fitness Trackers, Clocks That Wound Themselves, And Helicopter Chainsaws” →

This Week In Security: Patch Monday Mysteries, CentOS 8 And CentOS Stream, Russian Surveillance, And CSRF

September 27, 2019 by Jonathan Bennett 5 Comments

So first off this week is something of a mystery. Microsoft released an out-of-cycle patch for Internet Explorer. The exploitability assessment from Microsoft indicates that this bug is under active exploitation, but not many details are available. Let’s take a look at what information has been released, and see what we can learn.

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

It’s a remote code execution vulnerability, it affects Internet Explorer, it’s in the scripting engine, and it happens due to objects in memory being mishandled. We could take some guesses, but later in this document we’re given a few other clues. The workaround is to disable jscript.dll, and the impact is limited, as jscript9.dll is the default JavaScript engine. jscript.dll is apparently a legacy JavaScript engine that a website can request.

“Jscript” is what Microsoft called their ~~shameless copy~~ implementation of JavaScript. The older jscript.dll seems to be present in newer versions of Internet Explorer for compatibility reasons. So it’s a problem in how the older JavaScript library handles objects. Any website can request this legacy engine, so the attack vector is basically unlimited.

The urgency implied by the out-of-cycle patch, combined with the otherwise eery silence surrounding this patch, suggests this 0-day was possibly being used in a targeted attack. We hope the details will eventually be revealed.

CentOS 8 and CentOS Stream

CentOS 8 was released this week, the community repackage of Red Hat Enterprise Linux (RHEL) 8. In 2014, Red Hat announced that CentOS was officially becoming a Red Hat sponsored project. This week, CentOS Stream was also announced.

The Fedora distribution has long served as a test-bed for upcoming RHEL releases, with RHEL 8 being based on Fedora 28. CentOS Stream will serve as a “midstream” distribution, a rolling release that pulls updates from Fedora, and will eventually become future RHEL/CentOS releases. It remains to be seen exactly how far ahead of the main CentOS distribution Stream will stay. A long-standing problem with CentOS is that by the time a release hits end-of-life, some of the software versions are very old. Even though security fixes are quickly backported to these older versions, there are security issues that arise as a result. For example, CentOS 7 contains PHP 5.4 with no official path to installing a newer version of PHP. WordPress now requires PHP 5.6.20 as the oldest supported PHP version. Red Hat may backport fixes to PHP 5.4, but that doesn’t help the out-of-date installs of WordPress, running on otherwise up-to-date CentOS machines.

Hopefully CentOS Stream will provide the much needed middle-ground between the bleeding-edge pace of Fedora, and the frustratingly slow march of CentOS/RHEL.

Russian Surveillance

A Nokia employee accidentally backed up a company drive to his home storage device, which was unintentionally Internet accessible. The data contained on this drive was detailed information on Russia’s SORM (System for Operative Investigative Activities), the government’s wiretapping program. The amount of data revealed is staggering, 1.7 terabytes. Passwords, administrative URLs, and even precise physical locations were included. The breadth of information makes one wonder if it was actually an accident, or if this was intended to be another Snowden style data leak. Just an aside, it’s not clear that the revealed wiretapping effort is as broad or onerous as the one Snowden revealed.

PHPMyAdmin CSRF

Running PHPMyAdmin on one of your servers? You should probably go update it. Version 4.9.1 was released on Saturday the 21st, and contains a fix for CVE-2019-12922. This vulnerability is a Cross Site Request Forgery, or CSRF. A CSRF attack can be as simple as an image link on one site, that links to another site, and triggers an action on that second site. Let’s look at the PHPMyAdmin example:

img src="
http://server/phpmyadmin/setup/index.php?page=servers&mode=remove&id=1";
style="display:none;"

A hidden image will actually trigger an HTTP GET request, which asks for the server’s page, and tries to remove the first entry. If a user is logged in to the PHPMyAdmin server that the link is targeting, the command will silently complete. This is one of the reasons that HTTP GET requests should never make state changes, and only ever retrieve information. An HTTP POST message is much harder to generate in this way, though not impossible.

Review: OSEPP STEM Kit 1, A Beginner’s All-in-One Board Found In The Discount Aisle

September 26, 2019 by Al Williams 11 Comments

As the name implies, the OSEP STEM board is an embedded project board primarily aimed at education. You use jumper wires to connect components and a visual block coding language to make it go.

I have fond memories of kits from companies like Radio Shack that had dozens of parts on a board, with spring terminals to connect them with jumper wires. Advertised with clickbait titles like “200 in 1”, you’d get a book showing how to wire the parts to make a radio, or an alarm, or a light blinker, or whatever.

The STEM Kit 1 is sort of a modern arduino-powered version of these kits. The board hosts a stand-alone Arduino UNO clone (included with the kit) and also has a host of things you might want to hook to it. Things like the speakers and stepper motors have drivers on board so you can easily drive them from the arduino. You get a bunch of jumper wires to make the connections, too. Most things that need to be connected to something permanently (like ground) are prewired on the PCB. The other connections use a single pin. You can see this arrangement with the three rotary pots which have a single pin next to the label (“POT1”, etc.).

I’m a sucker for a sale, so when I saw a local store had OSEPP’s STEM board for about $30, I had to pick one up. The suggested price for these boards is $150, but most of the time I see them listed for about $100. At the deeply discounted price I couldn’t resist checking it out.

So does an embedded many-in-one project kit like this one live up to that legacy? I spent some time with the board. Bottom line, if you can find a deal on the price I think it’s worth it. At full price, perhaps not. Join me after the break as I walk through what the OSEPP has to offer.

Continue reading “Review: OSEPP STEM Kit 1, A Beginner’s All-in-One Board Found In The Discount Aisle” →