News

3658 Articles

Hackaday Europe 2025 Tickets On Sale, And CFP Extended Until Friday

January 14, 2025 by 7 Comments

We’re opening up shop for Hackaday Europe, so get your tickets now! We’ve managed to get the ticket price down a bit this year, so you can join in all the fun for $145. And if you’re reading this right now, snap up one of the $75 early bird tickets as fast as you can.

Hackaday Europe is going down again in Berlin this year, on March 15th and 16th at MotionLab. It’s going to be a day and a half of presentations, lightning talks, badge hacking, workshops, and more. This is where Hackaday hangs out in person, and it’s honestly just a great time – if your idea of a great time is trading favorite PCB design tricks, crafting crufty code, and generally trading tales of hardware derring-do.

In short, it’s the best of Hackaday, live and in person. Throughout the weekend, all the meals are catered, we’ve got live music at night, and the soldering irons will be warmed up for you. It’s going to be great!

If you’re in town on Friday the 14th, we’ll be meeting up in the evening to get together over some pre-event food and drink, sponsored by Crowd Supply. It’s a nice opportunity to break the ice, get to know the people you’re going to be spending the next 48 hours with, and just mingle without missing that great talk or wonderful workshop. Continue reading “Hackaday Europe 2025 Tickets On Sale, And CFP Extended Until Friday”

This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label

January 10, 2025 by 3 Comments

The mad lads at watchTowr are back with their unique blend of zany humor and impressive security research. And this time, it’s the curious case of backdoors within popular backdoors, and the list of unclaimed domains that malicious software would just love to contact.

OK, that needs some explanation. We’re mainly talking about web shells here. Those are the bits of code that get uploaded to a web server, that provide remote access to the computer. The typical example is a web application that allows unrestricted uploads. If an attacker can upload a PHP file to a folder where .php files are used to serve web pages, accessing that endpoint runs the arbitrary PHP code. Upload a web shell, and accessing that endpoint gives a command line interface into the machine.

The quirk here is that most attackers don’t write their own tools. And often times those tools have special, undocumented features, like loading a zero-size image from a .ru domain. The webshell developer couldn’t be bothered to actually do the legwork of breaking into servers, so instead added this little dial-home feature, to report on where to find all those newly backdoored machines. Yes, many of the popular backdoors are themselves backdoored.

This brings us to what watchTowr researchers discovered — many of those backdoor domains were either never registered, or the registration has been allowed to expire. So they did what any team of researchers would do: Buy up all the available backdoor domains, set up a logging server, and just see what happens. And what happened was thousands of compromised machines checking in at these old domains. Among the 4000+ unique systems, there were a total of 4 .gov. domains from governments in Bangladesh, Nigeria, and China. It’s an interesting romp through old backdoors, and a good look at the state of still-compromised machines.

Continue reading “This Week In Security: Backdoored Backdoors, Leaking Cameras, And The Safety Label”

3DBenchy Starts Enforcing Its No Derivatives License

January 9, 2025 by 105 Comments

[Editor’s note: A few days later, it looks now like Prusa pulled the models of their own accord, because of their interpretation of the copyright law. Creative Tools and NTI claim that they were not involved.]

Nobody likes reading the fine print, least of all when you’re just downloading some 3D model. While printing a copy for personal use this is rarely an issue, things can get a lot more complicated when you make and distribute a derived version of a particular model.

Case in point the ever popular 3DBenchy model, which was intended to serve as a diagnostic aid by designer [Creative Tools] (recently acquired by [NTI Group] ). Although folks have been spinning up their own versions of this benchmark print for years, such derivative works were technically forbidden by the original model’s license — a fact that the company is now starting to take seriously, with derivative models reportedly getting pulled from Printables.

The license for the 3DBenchy model is (and always has been) the Creative Commons BY-ND 4.0, which requires attribution and forbids distributing of derivative works. This means that legally any derived version of this popular model being distributed on Thingiverse, Printables, etc. is illegal, as already noted seven years ago by an observant user on Reddit. According to the message received by a Printables user, all derived 3DBenchy models will be removed from the site while the license is now (belatedly) being enforced.

Although it’s going to be a bit of an adjustment with this license enforcement, ultimately the idea of Creative Commons licenses was that they set clear rules for usage, which become meaningless if not observed.

Thanks to [JohnU] for the tip.

Flashlight shining through gold leaf on glass

Shining Through: Germanium And Gold Leaf Transparency

January 5, 2025 by 26 Comments

Germanium. It might sound like just another periodic table entry (number 32, to be exact), but in the world of infrared light, it’s anything but ordinary. A recent video by [The Action Lab] dives into the fascinating property of germanium being transparent to infrared light. This might sound like sci-fi jargon, but it’s a real phenomenon that can be easily demonstrated with nothing more than a flashlight and a germanium coin. If you want to see how that looks, watch the video on how it’s done.

The fun doesn’t stop at germanium. In experiments, thin layers of gold—yes, the real deal—allowed visible light to shine through, provided the metal was reduced to a thickness of 100 nanometers (or: gold leaf). These hacks reveal something incredible: light interacts with materials in ways we don’t normally observe.

For instance, infrared light, with its lower energy, can pass through germanium, while visible light cannot. And while solid gold might seem impenetrable, its ultra-thin form becomes translucent, demonstrating the delicate dance of electromagnetic waves and electrons.

The implications of these discoveries aren’t just academic. From infrared cameras to optics used in space exploration, understanding these interactions has unlocked breakthroughs in technology. Has this article inspired you to craft something new? Or have you explored an effect similar to this? Let us know in the comments!

We usually take our germanium in the form of a diode. Or, maybe, a transistor.

Continue reading “Shining Through: Germanium And Gold Leaf Transparency”

Nottingham Railway departure board in Hackspace

All Aboard The Hack Train: Nottingham’s LED Revival

January 4, 2025 by 4 Comments

Hackerspaces are no strangers to repurposing outdated tech, and Nottingham Hackspace happens to own one of those oddities one rarely gets their hands on: a railway departure board. Left idle for over a decade, it was brought back to life by [asjackson]. Originally salvaged around 2012, it remained unused until mid-2024, when [asjackson] decided to reverse-engineer it. The board now cycles between displaying Discord messages and actual train departures from Nottingham Railway Station every few minutes. The full build story can be found in this blog post.

The technical nitty-gritty is fascinating. Each side of the board contains 4,480 LEDs driven as two parallel chains. [asjackson] dove into its guts, decoding circuits, fixing misaligned logic levels, and designing custom circuit boards in KiCAD. The latest version swaps WiFi for a WizNet W5500 ethernet module and even integrates the Arduino Uno R4 directly into the board’s design. Beyond cool tech, the display connects to MQTT, pulling real-time train data and Discord messages via scripts that bridge APIs and custom Arduino code.

This board is a true gem for any hackerspace, even more so now it’s working. It waited for the exact mix of ingredients why hackerspaces exist in the first place: curiosity, persistence, and problem-solving. Nottingham Hackspace is home to a lot more, as we once wrote in this introductory article.If you don’t have room for the real thing, maybe set your sights a bit smaller.

Do you have a statement piece this cool in your hackerspace or your home? Tip us!

Continue reading “All Aboard The Hack Train: Nottingham’s LED Revival”

High Performance RISC-V

January 3, 2025 by 12 Comments

From the Institute of Computing Technology division of the Chinese Academy of Sciences and Peng Cheng Laboratory comes a high-performance and well-documented RISC-V core called XiangShan.

In the Git repository, you’ll find several branches including at least two stable branches: Yanqihu and Nanhu. The currently developed architecture, Kunminghu, is impressive, with a sophisticated instruction fetch unit, a reorder buffer, and a register renaming scheme.

The point of these types of circuits in a CPU is to allow multiple instructions to process at once. This also implies that instructions can be executed out of order. A cursory glance didn’t show any branch prediction logic, but that may be a limitation of the documentation. If there isn’t one, that would be an interesting thing to add in a fork if you are looking for a project.

On the computing side, the processor contains an integer block, a floating point unit, and a vector processor. Clearly, this isn’t a toy processor and has the capability to compete with serious modern CPUs.

There is a separate GitHub for documentation. It looks like they try to keep documentation in both Mandarin and English. You can also find some of the academic papers about the architecture there, too.

We love CPU design, and this is an interesting chance to contribute to an open CPU while there are still interesting things to do. If you need to start with something easier, plenty of small CPUs exist for educational purposes.

This Week In Security: IOCONTROL, (Location) Leaking Cars, And Passkeys

January 3, 2025 by 11 Comments

Claroty’s TEAM82 has a report on a new malware strain, what they’re calling IOCONTROL. It’s a Linux malware strain aimed squarely at embedded devices. One of the first targets of this malware, surprisingly, is the Iraeli made Orpak gas station pumps. There’s a bit of history here, as IOCONTROL is believed to be used by CyberAv3ngers, a threat actor aligned with Iran. In 2023 a group aligned with Israel claimed to have compromised the majority of the gas stations in Iran. IOCONTROL seems to have been deployed as retribution.

There are a few particularly interesting aspects of this malware, and how TEAM82 went about analyzing it. The first is that they used unicorn to emulate the obscure ARM platform in question. This was quite an adventure, as they were running the malicious binary without the normal Linux OS under it, and had to re-implement system calls to make execution work. The actual configuration data was encrypted as the data section of the executable, presumably to avoid simple string matching detection and analysis.

Then to communicate with the upstream command and control infrastructure, the binary first used DNS-Over-HTTPS to resolve DNS addresses, and then used the MQTT message protocol for actual communications. Once in place, it has the normal suite of capabilities, like code execution, cleanup, lateral scanning, etc. An interesting speculation is that the level of control this malware had over these gas pumps, it was in a position to steal credit card information. This malware family isn’t limited to gas pumps, either, as it’s been spotted in IoT and SCADA devices from a whole host of vendors. Continue reading “This Week In Security: IOCONTROL, (Location) Leaking Cars, And Passkeys”