Hackaday Links: August 25, 2019

August 25, 2019 by Dan Maloney 7 Comments

Doesn’t the Z-axis on 3D-printers seem a little – underused? I mean, all it does is creep up a fraction of a millimeter as the printer works through each slice. It would be nice if it could work with the other two axes and actually do something interesting. Which is exactly what’s happening in the nonplanar 3D-printing methods being explored at the University of Hamburg. Printing proceeds normally up until the end, when some modifications to Slic3r allow smooth toolpaths to fill in the stairsteps and produce a smooth(er) finish. It obviously won’t work for all prints or printers, but it’s nice to see the Z-axis finally pulling its weight.

If you want to know how something breaks, best to talk to someone who looks inside broken stuff for a living. [Roger Cicala] from LensRentals.com spends a lot of time doing just that, and he has come to some interesting conclusions about how electronics gear breaks. For his money, the prime culprit in camera and lens breakdowns is side-mounted buttons and jacks. The reason why is obvious once you think about it: components mounted perpendicular to the force needed to operate them are subject to a torque. That’s a problem when the only thing holding the component to the board is a few SMD solder pads. He covers some other interesting failure modes, too, and the whole article is worth a read to learn how not to design a robust product.

In the seemingly neverending quest to build the world’s worst Bitcoin mining rig, behold the 8BitCoin. It uses the 6502 processor in an Apple ][ to perform the necessary hashes, and it took a bit of doing to port the 32-bit SHA256 routines to an 8-bit platform. But therein lies the hack. But what about performance? Something something heat death of the universe…

Contributing Editor [Tom Nardi] dropped a tip about a new online magazine for people like us. Dubbed Paged Out!, the online quarterly ‘zine is a collection of contributed stories from hackers, programmers, retrocomputing buffs, and pretty much anyone with something to say. Each article is one page and is formatted however the author wants to, which leads to some interesting layouts. You can check out the current issue here; they’re still looking for a bunch of articles for the next issue, so maybe consider writing up something for them – after you put it on Hackaday.io, of course.

Tipline stalwart [Qes] let us know about an interesting development in semiconductor manufacturing. Rather than concentrating on making transistors smaller, a team at Tufts University is making transistors from threads. Not threads of silicon, or quantum threads, or threads as a metaphor for something small and high-tech. Actual threads, like for sewing. Of course, there’s plenty more involved, like carbon nanotubes — hey, it was either that or graphene, right? — gold wires, and something called an ionogel that holds the whole thing together in a blob of electrolyte. The idea is to remove all rigid components and make truly flexible circuits. The possibilities for wearable sensors could be endless.

And finally, here’s a neat design for an ergonomic utility knife. It’s from our friend [Eric Strebel], an industrial designer who has been teaching us all a lot about his field through his YouTube channel. This knife is a minimalist affair, designed for those times when you need more than an X-Acto but a full utility knife is prohibitively bulky. [Eric’s] design is a simple 3D-printed clamshell that holds a standard utility knife blade firmly while providing good grip thanks to thoughtfully positioned finger depressions. We always get a kick out of watching [Eric] design little widgets like these; there’s a lot to learn from watching his design process.

Thanks to [JRD] and [mgsouth] for tips.

Airport Runways And Hashtags — How To Become A Social Engineer

August 23, 2019 by Sharon Lin 11 Comments

Of the $11.7 million companies lose to cyber attacks each year, an estimated 90% begin with a phone call or a chat with support, showing that the human factor is clearly an important facet of security and that security training is seriously lacking in most companies. Between open-source intelligence (OSINT) — the data the leaks out to public sources just waiting to be collected — and social engineering — manipulating people into telling you what you want to know — there’s much about information security that nothing to do with a strong login credentials or VPNs.

There’s great training available if you know where to look. The first time I heard about WISP (Women in Security and Privacy) was last June on Twitter when they announced their first-ever DEFCON Scholarship. As one of 57 lucky participants, I had the chance to attend my first DEFCON and Black Hat, and learn about their organization.

Apart from awarding scholarships to security conferences, WISP also runs regional workshops in lockpicking, security research, cryptography, and other security-related topics. They recently hosted an OSINT and Social Engineering talk in San Francisco, where Rachel Tobac (three-time DEFCON Social Engineering CTF winner and WISP Board Member) spoke about Robert Cialdini’s principles of persuasion and their relevance in social engineering.

Cialdini is a psychologist known for his writings on how persuasion works — one of the core skills of social engineering. It is important to note that while Cialdini’s principles are being applied in the context of social engineering, they are also useful for other means of persuasion, such as bartering for a better price at an open market or convincing a child to finish their vegetables. It is recommended that they are used for legal purposes and that they result in positive consequences for targets. Let’s work through the major points from Tobac’s talk and see if we can learn a little bit about this craft.

Continue reading “Airport Runways And Hashtags — How To Become A Social Engineer” →

Hackaday Podcast 032: Meteorite Snow Globes, Radioactive Ramjet Rockets, Autonomous Water Boxes, And Ball Reversers

August 23, 2019 by Mike Szczys No comments

Hackaday Editors Mike Szczys and Elliot Williams recorded this week’s podcast live from Chaos Communication Camp, discussing the most interesting hacks on offer over the past week. I novel locomotion news, there’s a quadcopter built around the coanda effect and an autonomous boat built into a plastic storage bin. The radiation spikes in Russia point to a nuclear-powered ramjet but the idea is far from new. Stardust (well… space rock dust) is falling from the sky and it’s surprisingly easy to collect. And 3D-printed gear boxes and hobby brushless DC motors have reached the critical threshold necessary to mangle 20/20 aluminum extrusion.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 032: Meteorite Snow Globes, Radioactive Ramjet Rockets, Autonomous Water Boxes, And Ball Reversers” →

This Week In Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, And More

August 23, 2019 by Jonathan Bennett 12 Comments

Bluetooth is a great protocol. You can listen to music, transfer files, get on the internet, and more. A side effect of those many uses is that the specification is complicated and intended to cover many use cases. A team of researchers took a look at the Bluetooth specification, and discovered a problem they call the KNOB attack, Key Negotiation Of Bluetooth.

This is actually one of the simpler vulnerabilities to understand. Randomly generated keys are only as good as the entropy that goes into the key generation. The Bluetooth specification allows negotiating how many bytes of entropy is used in generating the shared session key. By necessity, this negotiation happens before the communication is encrypted. The real weakness here is that the specification lists a minimum entropy of 1 byte. This means 256 possible initial states, far within the realm of brute-forcing in real time.

The attack, then, is to essentially man-in-the-middle the beginning of a Bluetooth connection, and force that entropy length to a single byte. That’s essentially it. From there, a bit of brute forcing results in the Bluetooth session key, giving the attacker complete access to the encrypted stream.

One last note, this isn’t an implementation vulnerability, it’s a specification vulnerability. If your device properly implements the Bluetooth protocol, it’s vulnerable.

CenturyLink Unlinked

You may not be familiar with CenturyLink, but it maintains one of the backbone fiber networks serving telephone and internet connectivity. On December 2018, CenturyLink had a large outage affecting its fiber network, most notable disrupting 911 services for many across the United States for 37 hours. The incident report was released on Monday, and it’s… interesting.
Continue reading “This Week In Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, And More” →

The Badgies: Clever, Crazy, And Creative Ideas In Electronic Design

August 21, 2019 by Mike Szczys 1 Comment

Engineering creativity comes to life when you have to design around a set of constraints. We can do just about anything with enough time, talent, and treasure, but what can you do when shackled with limitations? Some of the most creative electronic manufacturing tricks spring to life when designing conference badges, as the ability to built multiples, to come in under budget, and most importantly to have the production finished in time are all in play.

This happens at conferences throughout the year and all over the globe, but the highest concentration I’ve seen for these unique pieces of art is at DEF CON every year. I loved seeing dozens of interesting projects this year, and have picked a handful of the coolest features on a badge to show off in this article. I still love all the rest, and have a badge supercut article on the way, but until then let’s take a look at an RC car badge, a different kind of blinky bling, and a few other flourishes of brilliance.

Continue reading “The Badgies: Clever, Crazy, And Creative Ideas In Electronic Design” →

Fail Of The Week: How Not To Light Pipe

August 19, 2019 by Dan Maloney 17 Comments

You’d think that something made out of glass and epoxy would transmit a decent amount of light. Unfortunately for [Jeremy Ruhland], it turns out that FR4 is not great light pipe material, at least in one dimension.

The backstory on this has to do with #badgelife, where it has become popular to reverse mount SMD LEDs on areas of PCBs that are devoid of masking, allowing the light to shine through with a warm, diffuse glow – we’ve even featured a through-PCB word clock that uses a similar technique to wonderful effect. [Jeremy]’s idea was to use 0603 SMD LEDs mounted inside non-plated through-holes to illuminate the interior of the board edgewise. It seems like a great idea, almost like the diffusers used to illuminate flat displays from the edge.

Sadly, the light from [Jeremy]’s LEDs just didn’t make it very far into the FR4 before being absorbed – about 15 mm max. That makes for an underwhelming appearance, but all is certainly not lost. Valuable lessons about PCB design were had, like exactly how to get a fab to understand what you’re trying to do with non-plated holes and why you want to fence the entire edge of the board in vias. But best of all, [Jeremy] explored what’s possible with Oreo construction, and came away with ideas for other uses of the method. That counts as a win in our book.

Milspec Teardown: ID-2124 Howitzer Data Display

August 19, 2019 by Tom Nardi 29 Comments

It’s time once again for another installment in “Milspec Teardown”, where we get to see what Uncle Sam spends all those defense dollars on. Battle hardened pieces of kit are always a fascinating look at what can be accomplished if money is truly no object. When engineers are given a list of requirements and effectively a blank check, you know the results are going to be worth taking a closer look.

Today, we have quite a treat indeed. Not only is this ID-2124 Howitzer Deflection-Elevation Data Display unit relatively modern (this particular specimen appears to have been pulled from service in June of 1989), but unlike other military devices we’ve looked at in the past, there’s actually a fair bit of information about it available to us lowly civilians. In a first for this ongoing series of themed teardowns, we’ll be able to compare the genuine article with the extensive documentation afforded by the ever fastidious United States Armed Forces.

For example, rather than speculate wildly as to the purpose of said device, we can read the description directly from Field Manual 6-50 “TACTICS, TECHNIQUES, AND PROCEDURES FOR THE FIELD ARTILLERY CANNON BATTERY”:

The gun assembly provides instant identification of required deflection to the gunner or elevation to the assistant gunner. The display window shows quadrant elevation or deflection information. The tenths digit shows on the QE display only when the special instruction of GUNNER’S QUADRANT is received.

From this description we can surmise that the ID-2124 is used to display critical data to be used during the aiming and firing of the weapon. Further, the small size of the device and the use of binding posts seem to indicate that it would be used remotely or temporarily. Perhaps so the crew can put some distance between themselves and the artillery piece they’re controlling.

Now that we have an idea of what the ID-2124 is and how it would be used, let’s take a closer look at what’s going on inside that olive drab aluminum enclosure.

Continue reading “Milspec Teardown: ID-2124 Howitzer Data Display” →