Design Review: USB-C PD Input For Yaesu FRG7700

May 23, 2024 by Arya Voronova 21 Comments

Today is another board from a friend, [treble], who wants to convert a Yaesu FRG7700 radio to USB-C PD power. It’s yet another review that I’ve done privately, and then realized I’ve made more than enough changes to it, to the point that others could learn from this review quite a bit. With our hacker’s consent, I’m now sharing these things with you all, so that we can improve our boards further and further.

This board’s idea is thought-out and executed well – it replaces a bespoke barrel jack assembly, and is mechanically designed to fit the screw holes and the free space inside the chassis. For USB-PD, it uses a CH32V003 coupled with FUSB302 – I definitely did help pick the latter! For mechanical reasons, this board is split into two parts – one has the USB-C port, whereas the other has the MCU and the PD PHY.

In short, this board is a PD trigger. Unlike the usual PD triggers, however, this one is fully configurable, since it has a 32-bit MCU with good software support, plus, the PD PHY is also well known and easily controllable. So, if you want special behavior like charger-power-dependent profile selection for powering a static resistance load, you can implement it easily – or, say, you can do PPS for variable voltage or even lithium ion battery charging! With a bit of extra code, you could even do EPR (28 V = 140 W power) with this board, instantly making it into a pretty advanced PD trigger, beyond the ones available on the market.

Also, the board has some PCB art, and a very handy filter to get some of the USB-C charger noise out. Let’s take a look at all of these!

Current Flow Improvements

Continue reading “Design Review: USB-C PD Input For Yaesu FRG7700” →

FLOSS Weekly Episode 784: I’ll Buy You A Poutine

May 22, 2024 by Jonathan Bennett No comments

This week Jonathan Bennett and Dan Lynch talk with François Proulx about Poutine, the Open Source security scanner for build pipeline vulnerabilities. This class of vulnerability isn’t as well known as it should be, and threatens to steal secrets, or even allow for supply chain attacks in FLOSS software.

Poutine does a scan over an organization or individual repository, looking specifically for pipeline issues. It runs on both GitHub and GitLab, with more to come!

Continue reading “FLOSS Weekly Episode 784: I’ll Buy You A Poutine” →

Supercon 2023: Exploring The Elegance Of The Voja4

May 20, 2024 by Tom Nardi 7 Comments

When you design an electronic badge, the goal is to make a device that’s interesting and has enough depth to keep your attendees engaged for the duration of the con but not so complicated that they can’t become proficient with it before they have to head home. It’s a difficult balance to nail down, and truth be told, not every Supercon badge has stuck the landing in this regard.

But if you’ve really done things right, you’ll create a piece of hardware that manages to outlive the event it was designed for. A badge that attendees continue to explore for months, and potentially even years, afterward. If the talk “Inside the Voja4” by Nathan Jones is any indication, we think it’s safe to say that goal was achieved with the Supercon 2022 badge.

During this forty-minute presentation, Nathan discusses what makes the 4-bit badge so fascinating from a technical standpoint and how it could theoretically be expanded to accomplish far more complex tasks than one might assume at first glance.

Continue reading “Supercon 2023: Exploring The Elegance Of The Voja4” →

Hackaday Links: May 19, 2024

May 19, 2024 by Dan Maloney 5 Comments

If there was one question we heard most often this week, it was “Did you see it?” With “it” referring to the stunning display of aurora borealis — and australis, we assume — on and off for several days. The major outburst here in North America was actually late last week, with aurora extending as far south as Puerto Rico on the night of the tenth. We here in North Idaho were well-situated for prime viewing, but alas, light pollution made things a bit tame without a short drive from the city lights. Totally worth it:

Hat tip to Tom Maloney for the pics. That last one is very reminiscent of what we saw back in 1989 with the geomagnetic storm that knocked Québec’s grid offline, except then the colors were shifted much more toward the red end of the spectrum back then.

Continue reading “Hackaday Links: May 19, 2024” →

About Right

May 18, 2024 by Elliot Williams 2 Comments

I really enjoyed reading Anne Ogborn’s piece on making simple DIY measurement devices for physical quantities like force, power, and torque. It is full of food for thought, if you’re building something small with motors and need to figure out how to spec them out.

Aside from a few good examples, what I really took home from this piece is how easy it can be to take approximate measurements. Take the push stick, which is a spring-loaded plunger in a transparent barrel. You use it to measure force by, well, squeezing the spring and reading off how far it deflects. That’s obvious, but the real trick is in calibration by pushing it into a weighing scale and marking divisions on the barrel. That quickly and easily turns “it’s pressing this hard” into an actual numerical force measurement.

The accuracy and precision of the push stick are limited by the quality of your scale and the fineness of the pen tip that you use to mark the barrel. But when you’re just looking to choose among two servo motors, this kind of seat-of-the-pants measure is more than enough to buy the right part. Almost any actual measurement is better than a wild-ass guess, so don’t hold yourself to outrageous standards or think that improvised quantitative measurement devices aren’t going to get the job done.

Al Williams quoted a teacher of his as saying that the soul of metrology is “taking something you know and using it to find something you don’t know”, and that sums up this piece nicely. But it’s also almost a hacker manifesto: “take something you can do and use it to do something that you can’t (yet)”.

Got any good measurement hacks you’d like to share?

Hackaday Podcast Episode 271: Audio Delay In A Hose, Ribbon Cable Repair, And DIY Hacker Metrology

May 17, 2024 by Al Williams No comments

What did Hackaday Editors Elliot Williams and Al Williams find interesting on Hackaday this week? Well, honestly, all the posts, but they had to pick some to share with you in the podcast below. There’s news about SuperCon 2024, and failing insulin pumps. After a mystery sound, the guys jump into reverbing garden hoses, Z80s, and even ribbon cable repair.

Adaptive tech was big this week, with a braille reader for smartphones and an assistive knife handle. The quick hacks ranged from a typewriter that writes on toast to a professional-looking but homemade ham radio transceiver.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download a file chock full of podcast here.

Continue reading “Hackaday Podcast Episode 271: Audio Delay In A Hose, Ribbon Cable Repair, And DIY Hacker Metrology” →

This Week In Security: The Time Kernel.org Was Backdoored And Other Stories

May 17, 2024 by Jonathan Bennett 1 Comment

Researchers at Eset have published a huge report on the Ebury malware/botnet (pdf), and one of the high profile targets of this campaign was part of the kernel.org infrastructure. So on one hand, this isn’t new news, as the initial infection happened back in 2011, and was reported then. On the other hand, according to the new Eset report, four kernel.org servers were infected, with two of them possibly compromised for as long as two years. That compromise apparently included credential stealing or password cracking.

The Ebury attackers seem to gain initial access through credential stuffing — a huge list of previously captured credentials are tried one at a time. However, once the malware has a foothold in the network, a combination of automated and manual steps are taken to move laterally. The most obvious is to grab any private SSH keys from that system, and try using them to access other machines on the local network. Ebury also replaces a system library that gets called as a part of sshd, libkeyutils.so. This puts it in a position to quietly capture credentials.

For a targeted attack against a more important target, the people behind Ebury seem to go hands-on-keyboard, using techniques like Man-in-the-Middle attacks against SSH logins on the local network using ARP spoofing. In this case, someone was doing something nasty.

And that doesn’t even start to cover the actual payload. That’s nasty too, hooking into Apache to sniff for usernames and passwords in HTTP/S traffic, redirecting links to malicious sites, and more. And of course, the boring things you might expect, like sending spam, mining for Bitcoin, etc. Ebury isn’t exactly easy to notice, either, since it includes a rootkit module that hooks into system functions to hide itself. Thankfully there are a couple of ways to get a clean shell to look for the malware, like using systemd-run or launching a local shell on the system console.

And the multi-million dollar question: Who was behind this? Sadly we don’t know. A single arrest was made in 2014, and recovered files implicated another Russian citizen, but the latest work indicates this was yet another stolen identity. The rest of the actors behind Ebury have gone to great lengths to remain behind the curtain.

Continue reading “This Week In Security: The Time Kernel.org Was Backdoored And Other Stories” →