Hackaday Podcast 032: Meteorite Snow Globes, Radioactive Ramjet Rockets, Autonomous Water Boxes, And Ball Reversers

August 23, 2019 by Mike Szczys No comments

Hackaday Editors Mike Szczys and Elliot Williams recorded this week’s podcast live from Chaos Communication Camp, discussing the most interesting hacks on offer over the past week. I novel locomotion news, there’s a quadcopter built around the coanda effect and an autonomous boat built into a plastic storage bin. The radiation spikes in Russia point to a nuclear-powered ramjet but the idea is far from new. Stardust (well… space rock dust) is falling from the sky and it’s surprisingly easy to collect. And 3D-printed gear boxes and hobby brushless DC motors have reached the critical threshold necessary to mangle 20/20 aluminum extrusion.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 032: Meteorite Snow Globes, Radioactive Ramjet Rockets, Autonomous Water Boxes, And Ball Reversers” →

This Week In Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, And More

August 23, 2019 by Jonathan Bennett 12 Comments

Bluetooth is a great protocol. You can listen to music, transfer files, get on the internet, and more. A side effect of those many uses is that the specification is complicated and intended to cover many use cases. A team of researchers took a look at the Bluetooth specification, and discovered a problem they call the KNOB attack, Key Negotiation Of Bluetooth.

This is actually one of the simpler vulnerabilities to understand. Randomly generated keys are only as good as the entropy that goes into the key generation. The Bluetooth specification allows negotiating how many bytes of entropy is used in generating the shared session key. By necessity, this negotiation happens before the communication is encrypted. The real weakness here is that the specification lists a minimum entropy of 1 byte. This means 256 possible initial states, far within the realm of brute-forcing in real time.

The attack, then, is to essentially man-in-the-middle the beginning of a Bluetooth connection, and force that entropy length to a single byte. That’s essentially it. From there, a bit of brute forcing results in the Bluetooth session key, giving the attacker complete access to the encrypted stream.

One last note, this isn’t an implementation vulnerability, it’s a specification vulnerability. If your device properly implements the Bluetooth protocol, it’s vulnerable.

CenturyLink Unlinked

You may not be familiar with CenturyLink, but it maintains one of the backbone fiber networks serving telephone and internet connectivity. On December 2018, CenturyLink had a large outage affecting its fiber network, most notable disrupting 911 services for many across the United States for 37 hours. The incident report was released on Monday, and it’s… interesting.
Continue reading “This Week In Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, And More” →

The Badgies: Clever, Crazy, And Creative Ideas In Electronic Design

August 21, 2019 by Mike Szczys 1 Comment

Engineering creativity comes to life when you have to design around a set of constraints. We can do just about anything with enough time, talent, and treasure, but what can you do when shackled with limitations? Some of the most creative electronic manufacturing tricks spring to life when designing conference badges, as the ability to built multiples, to come in under budget, and most importantly to have the production finished in time are all in play.

This happens at conferences throughout the year and all over the globe, but the highest concentration I’ve seen for these unique pieces of art is at DEF CON every year. I loved seeing dozens of interesting projects this year, and have picked a handful of the coolest features on a badge to show off in this article. I still love all the rest, and have a badge supercut article on the way, but until then let’s take a look at an RC car badge, a different kind of blinky bling, and a few other flourishes of brilliance.

Continue reading “The Badgies: Clever, Crazy, And Creative Ideas In Electronic Design” →

Fail Of The Week: How Not To Light Pipe

August 19, 2019 by Dan Maloney 17 Comments

You’d think that something made out of glass and epoxy would transmit a decent amount of light. Unfortunately for [Jeremy Ruhland], it turns out that FR4 is not great light pipe material, at least in one dimension.

The backstory on this has to do with #badgelife, where it has become popular to reverse mount SMD LEDs on areas of PCBs that are devoid of masking, allowing the light to shine through with a warm, diffuse glow – we’ve even featured a through-PCB word clock that uses a similar technique to wonderful effect. [Jeremy]’s idea was to use 0603 SMD LEDs mounted inside non-plated through-holes to illuminate the interior of the board edgewise. It seems like a great idea, almost like the diffusers used to illuminate flat displays from the edge.

Sadly, the light from [Jeremy]’s LEDs just didn’t make it very far into the FR4 before being absorbed – about 15 mm max. That makes for an underwhelming appearance, but all is certainly not lost. Valuable lessons about PCB design were had, like exactly how to get a fab to understand what you’re trying to do with non-plated holes and why you want to fence the entire edge of the board in vias. But best of all, [Jeremy] explored what’s possible with Oreo construction, and came away with ideas for other uses of the method. That counts as a win in our book.

Milspec Teardown: ID-2124 Howitzer Data Display

August 19, 2019 by Tom Nardi 29 Comments

It’s time once again for another installment in “Milspec Teardown”, where we get to see what Uncle Sam spends all those defense dollars on. Battle hardened pieces of kit are always a fascinating look at what can be accomplished if money is truly no object. When engineers are given a list of requirements and effectively a blank check, you know the results are going to be worth taking a closer look.

Today, we have quite a treat indeed. Not only is this ID-2124 Howitzer Deflection-Elevation Data Display unit relatively modern (this particular specimen appears to have been pulled from service in June of 1989), but unlike other military devices we’ve looked at in the past, there’s actually a fair bit of information about it available to us lowly civilians. In a first for this ongoing series of themed teardowns, we’ll be able to compare the genuine article with the extensive documentation afforded by the ever fastidious United States Armed Forces.

For example, rather than speculate wildly as to the purpose of said device, we can read the description directly from Field Manual 6-50 “TACTICS, TECHNIQUES, AND PROCEDURES FOR THE FIELD ARTILLERY CANNON BATTERY”:

The gun assembly provides instant identification of required deflection to the gunner or elevation to the assistant gunner. The display window shows quadrant elevation or deflection information. The tenths digit shows on the QE display only when the special instruction of GUNNER’S QUADRANT is received.

From this description we can surmise that the ID-2124 is used to display critical data to be used during the aiming and firing of the weapon. Further, the small size of the device and the use of binding posts seem to indicate that it would be used remotely or temporarily. Perhaps so the crew can put some distance between themselves and the artillery piece they’re controlling.

Now that we have an idea of what the ID-2124 is and how it would be used, let’s take a closer look at what’s going on inside that olive drab aluminum enclosure.

Continue reading “Milspec Teardown: ID-2124 Howitzer Data Display” →

Life At JPL Hack Chat

August 19, 2019 by Dan Maloney 6 Comments

Join us on Wednesday, August 21st at noon Pacific for the Life at JPL Hack Chat with Arko!

There’s a reason why people use “rocket science” as a metaphor for things that are hard to do. Getting stuff from here to there when there is a billion miles away and across a hostile environment of freezing cold, searing heat, and pelting radiation isn’t something that’s easily accomplished. It takes a dedicated team of scientists and engineers working on machines that can reach out into the vastness of space and work flawlessly the whole time, and as much practice and testing as an Earth-based simulation can provide.

Arko, also known as Ara Kourchians, is a Robotics Electrical Engineer at the Jet Propulsion Laboratory, one of NASA’s research and development centers. Nestled at the outskirts of Pasadena against the flanks of the San Gabriel Mountains, JPL is the birthplace of the nation’s first satellite as well as the first successful interplanetary probe. They build the robots that explore the solar system and beyond for us; Arko gets to work on those space robots every day, and that might just be the coolest job in the world.

Join us on the Hack Chat to get your chance to ask all those burning questions you have about working at JPL. What’s it like to build hardware that will leave this world and travel to another? Get the inside story on how NASA designs and tests systems for space travel. And perhaps get a glimpse at what being a rocket scientist is all about.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, August 21 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links: August 18, 2019

August 18, 2019 by Dan Maloney 28 Comments

To the surprise of nobody with the slightest bit of technical intuition or just plain common sense, the world’s first solar roadway has proven to be a complete failure. The road, covering one lane and stretching all of 1,000 meters across the Normandy countryside, was installed in 2016 to great fanfare and with the goal of powering the streetlights in the town of Tourouvre. It didn’t even come close, producing less than half of its predicted power, due in part to the accumulation of leaves on the road every fall and the fact that Normandy only enjoys about 44 days of strong sunshine per year. Who could have foreseen such a thing? Dave Jones at EEVBlog has been all over the solar freakin’ roadways fiasco for years, and he’s predictably tickled pink by this announcement.

I’m not going to admit to being the kid in grade school who got bored in class and regularly filled pages of my notebook with all the binary numbers between 0 and wherever I ran out of room – or got caught. But this entirely mechanical binary number trainer really resonates with me nonetheless. @MattBlaze came up with the 3D-printed widget and showed it off at DEF CON 27. Each two-sided card has an arm that flops down and overlaps onto the more significant bit card to the left, which acts as a carry flag. It clearly needs a little tune-up, but the idea is great and something like this would be a fun way to teach kids about binary numbers. And save notebook paper.

Is that a robot in your running shorts or are you just sporting an assistive exosuit? In yet another example of how exoskeletons are becoming mainstream, researchers at Harvard have developed a soft “exoshort” to assist walkers and runners. These are not a hard exoskeleton in the traditional way; rather, these are basically running short with Bowden cable actuators added to them. Servos pull the cables when the thigh muscles contract, adding to their force and acting as an aid to the user whether walking or running. In tests the exoshorts resulted in a 9% decrease in the amount of effort needed to walk; that might not sound like much, but a soldier walking 9% further on the same number of input calories or carrying 9% more load could be a big deal.

In the “Running Afoul of the FCC” department, we found two stories of interest. The first involves Jimmy Kimmel’s misuse of the Emergency Alert System tones in an October 2018 skit. The stunt resulted in a $395,000 fine for ABC, as well as hefty fines for two other shows that managed to include the distinctive EAS tones in their broadcasts, showing that the FCC takes very seriously indeed the integrity of a system designed to warn people of their approaching doom.

The second story from the regulatory world is of a land mobile radio company in New Jersey slapped with a cease and desist order by the FCC for programming mobile radios to use the wrong frequency. The story (via r/amateurradio) came to light when someone reported interference from a car service’s mobile radios; subsequent investigation showed that someone had programmed the radios to transmit on 154.8025 MHz, which is 5 MHz below the service’s assigned frequency. It’s pretty clear that the tech who programmed the radio either fat-fingered it or misread a “9” as a “4”, and it’s likely that there was no criminal intent. The FCC probably realized this and didn’t levy a fine, but they did send a message loud and clear, not only to the radio vendor but to anyone looking to work frequencies they’re not licensed for.