News

3612 Articles

Go In All The Directions With Omniwheeled ESP32 Bot

May 18, 2023 by 18 Comments

The ability to change direction without turning is the specialty of omnidirectional wheels, which [maker.moekoe] used to their full potential on a pair of ESP32-controlled robots. Video after the break.

Thanks to the rollers on the wheels, the wheels could be arranged at 120° in relation to each other on the 3-wheeler and 90° 4-wheeler. [maker.moekoe] used ChatGPT and a simple python simulation to find and verify the motor control algorithm required for smooth omnidirectional driving.

A single custom PCB incorporates all the electronics, and doubles as the robot’s chassis, with the geared brushed motors bolted directly to it. An ESP32-S2 runs the show, and can also stream FPV video from the same OV2640 camera used on the popular ESP32-cam modules. The LiPo battery is held by a 3D-printed support plate screws to the bottom of the PCB. The robots can controlled by a simple web-app served by the ESP32, or a using the IMU on custom controller also built around an ESP32-S2 which uses the ESP-NOW wireless protocol.

Even though the robots’ software is still in the early stages, the movement looks extremely smooth and effortless. Plus, their all-in-one PCB chassis makes for an elegant and clean build

Continue reading “Go In All The Directions With Omniwheeled ESP32 Bot”

Mark Your Calendars, NASA Is Holding A Public Meeting On UFOs

May 15, 2023 by 22 Comments

We’re sorry, the politically correct term these days is “unidentified anomalous phenomena” (UAP), as it’s less likely to excite those with a predilection for tinfoil hats. But whether you call them flying objects or anomalous phenomena, it’s that unidentified part that has us interested.

Which is why we’ll be tuned into NASA TV at 10:30 a.m. EDT on May 31 — that’s when the agency has announced they’ll be broadcasting a meeting of an independent study team tasked with categorizing and evaluating UAP data. The public can even submit their own questions, the most popular of which will be passed on to the team.

Before you get too excited, the meeting is about how NASA can “evaluate and study UAP by using data, technology, and the tools of science”, and the press release explains that they won’t be reviewing or assessing any unidentifiable observations. So if you’re hoping for the US government’s tacit acknowledgment that we’re not alone in the universe, you’ll probably be disappointed. That said, they wouldn’t have to assemble a team to study these reports if they were all so easily dismissed. As always, interstellar visitors are dead last on the list of possible explanations, but some cases have too much hard evidence to be dismissed out of hand. They might not be little green men, but they are something.

Continue reading “Mark Your Calendars, NASA Is Holding A Public Meeting On UFOs”

ESA Juice’s RIME Antenna Breaks Free After Some Jiggling And Percussive Action

May 13, 2023 by 22 Comments

After ESA’s Jupiter-bound space probe Juice (Jupiter Icy Moons Explorer) launched on April 14th of this year, it initially looked as if it had squeezed out a refreshingly uneventful deployment, until it attempted to unfurl its solar panels and antennae. One of these antennae, for the RIME (Radar for Icy Moons Exploration) instrument that uses ice-penetrating radar to get a subsurface look at Jupiter’s moons, ended up being rather stuck. Fortunately, on May 12th it was reported that ESA engineers managed to shock the sticky pin loose.

Release of the jammed antenna coinciding with the actuation of the NEA ('NEA 6 Release'). The antenna wobbles about before settling in a locked position. (Credit: ESA)
Release of the jammed antenna coinciding with the actuation of the NEA (‘NEA 6 Release’). The antenna wobbles about before settling in a locked position. (Credit: ESA)

We previously covered the discovery of Juice’s  RIME antenna troubles, with one of the retaining pins that hold the antenna in place in its furled position stubbornly refusing to shift the few millimeters that would have allowed for full deployment. Despite the high-tech nature of the Juice spacecraft, the optimal solution to make the pin move was simply to try and shake it loose.

Attempts were initially made using the spacecraft’s thrusters to shake the whole vehicle, as well as by warming it in sunlight. Each of these actions seemed to help a little bit, but the breakthrough came when a non-explosive actuator (NEA) was actuated in the jammed bracket. This almost fully fixed the problem, leading the team in charge to decide to fire another NEA, which finally allowed the pin to fully shift and the antenna to fully deploy and lock into place.

Assuming no further issues occur during Juice’s long trip through the Solar System, Juice is expected to arrive at Jupiter after four gravity assists in July of 2031. There it will perform multiple science missions until a planned deorbit on Ganymede by late 2035.

3D Design With Text-Based AI

May 12, 2023 by 8 Comments

Generative AI is the new thing right now, proving to be a useful tool both for professional programmers, writers of high school essays and all kinds of other applications in between. It’s also been shown to be effective in generating images, as the DALL-E program has demonstrated with its impressive image-creating abilities. It should surprise no one as this type of AI continues to make in-roads into other areas, this time with a program from OpenAI called Shap-E which can render 3D images.

Like most of OpenAI’s offerings, this takes plain language as its input and can generate relatively simple 3D models with this text. The examples given by OpenAI include some bizarre models using text prompts such as a chair shaped like an avocado or an airplane that looks like a banana. It can generate textured meshes and neural radiance fields, both of which have various advantages when it comes to available computing power, training methods, and other considerations. The 3D models that it is able to generate have a Super Nintendo-style feel to them but we can only expect this technology to grow exponentially like other AI has been doing lately.

For those wondering about the name, it’s apparently a play on the 2D rendering program DALL-E which is itself a combination of the names of the famous robot WALL-E and the famous artist Salvador Dali. The Shap-E program is available for anyone to use from this GitHub page. Even though this code comes from OpenAI themselves, plenty are speculating that the AI revolution to come will largely come from open-source sources rather than OpenAI or Google, something for which the future is somewhat hazy.

This Week In Security: TPM And BootGuard, Drones, And Coverups

May 12, 2023 by 17 Comments

Full disk encryption is the go-to solution for hardening a laptop against the worst-case scenario of physical access. One way that encryption can be managed is through a Trusted Platform Module (TPM), a chip on the motherboard that manages the disk encryption key, and only hands it over for boot after the user has authenticated. We’ve seen some clever tricks deployed against these discrete TPMs, like sniffing the data going over the physical traces. So in theory, an integrated TPM might be more secure. Such a technique does exist, going by the name fTPM, or firmware TPM. It uses a Trusted Execution Environment, a TEE, to store and run the TPM code. And there’s another clever attack against that concept (PDF).

It’s chip glitching via a voltage fault. This particular attack works against AMD processors, and the voltage fault is triggered by injecting commands into the Serial Voltage Identification Interface 2.0 (SVI2). Dropping the voltage momentarily to the AMD Secure Processor (AMD-SP) can cause a key verification step to succeed even against an untrusted key, bypassing the need for an AMD Root Key (ARK) signed board firmware. That’s not a simple process, and pulling it off takes about $200 of gear, and about 3 hours. This exposes the CPU-unique seed, the board NVRAM, and all the protected TPM objects.

So how bad is this in the real world? If your disk encryption only relies on an fTPM, it’s pretty bad. The attack exposes that key and breaks encryption. For something like BitLocker that can also use a PIN, it’s a bit better, though to really offer more resistance, that needs to be a really long PIN: a 10 digit PIN falls to a GPU in just 4 minutes, in this scenario where it can be attacked offline. There is an obscure way to enable an “enhanced PIN”, a password, which makes that offline attack impractical with a secure password.

And if hardware glitching a computer seems to complicated, why not just use the leaked MSI keys? Now to be fair, this only seems to allow a bypass of Intel’s BootGuard, but it’s still a blow. MSI suffered a ransomware-style breach in March, but rather than encrypt data, the attackers simply threatened to release the copied data to the world. MSI apparently refused to pay up, and source code and signing keys are now floating in the dark corners of the Internet. There have been suggestions that this leak impacts the entire line of Intel processors, but it seems likely that MSI only had their own signing keys to lose. But that’s plenty bad, given the lack of a revocation system or automatic update procedure for MSI firmware. Continue reading “This Week In Security: TPM And BootGuard, Drones, And Coverups”

Leaked Internal Google Document Claims Open Source AI Will Outcompete Google And OpenAI

May 5, 2023 by 37 Comments

In the world of large language models (LLM), the focus has for the longest time been on proprietary technologies from companies such as OpenAI (GPT-3 & 4, ChatGPT, etc.) as well as increasingly everyone from Google to Meta and Microsoft. What’s remained underexposed in this whole discussion about which LLM will do more things better are the efforts by hobbyists, unaffiliated researchers and everyone else you may find in Open Source LLM projects. According to a leaked document from a researcher at Google (anonymous, but apparently verified), Google is very worried that Open Source LLMs will wipe the floor with both Google’s and OpenAI’s efforts.

According to the document, after the open source community got their hands on the leaked LLaMA foundation model, motivated and highly knowledgeable individuals set to work to take a fairly basic model to new levels where it could begin to compete with the offerings by OpenAI and Google. Major innovations are the scaling issues, allowing these LLMs to work on far less powerful systems (like a laptop or even smartphone).

An important factor here is Low-Rank adaptation (LoRa), which massively cuts down the effort and resources required to train a model. Ultimately, as this document phrases it, Google and in extension OpenAI do not have a ‘secret sauce’ that makes their approaches better than anything the wider community can come up with. Noted is also that essentially Meta has won out here by having their LLM leak, as it has meant that the OSS community has been improving on the Meta foundations, allowing Meta to benefit from those improvements in their products.

The dire prediction is thus that in the end the proprietary LLMs by Google, OpenAI and others will cease to be relevant, as the open source community will have steamrolled them into fine, digital dust. Whether this will indeed work out this way remains to be seen, but things are not looking up for proprietary LLMs.

(Thanks to [Mike Szczys] for the tip)

This Week In Security: Oracle Opera, Passkeys, And AirTag RFC

May 5, 2023 by 10 Comments

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

It’s a tricky one, where the code does all the right things, but gets the steps out of order. Two parameters, jndiname and username are encrypted for transport, and the sanitization step happens before decryption. The username parameter receives no further sanitization, and is vulnerable to path traversal injection. There are two restrictions to exploitation. The string encryption has to be valid, and the request has to include a valid Java Naming and Directory Interface (JNDI) name. It looks like these are the issues leading Oracle to consider this flaw “difficult to exploit vulnerability allows high privileged attacker…”.

The only problem is that the encryption key is global and static. It was pretty straightforward to reverse engineer the encryption routine. And JDNI strings can be fetched anonymously from a trio of endpoints. This lead Assetnote to conclude that Oracle’s understanding of the flaw is faulty, and a much higher CVSS score is appropriate. Particularly with this Proof of Concept code, it is relatively straightforward to upload a web shell to an Opera system.

The one caveat there is that an attacker has to get network access to that install. These aren’t systems intended to be exposed to the internet, and my experience is that they are always on a dedicated network connection, not connected to the rest of the office network. Even the interconnect between the PMS and phone system is done via a serial connection, making this network flaw particularly hard to get to. Continue reading “This Week In Security: Oracle Opera, Passkeys, And AirTag RFC”