Juicero: A Lesson On When To Engineer Less

Ben Einstein, a product designer and founder at Bolt, a hardware-based VC, recently got his hands on a Juicero press. This desktop juice press that only works with proprietary pouches filled with chopped fruits and vegetables is currently bandied in the tech press as evidence Silicon Valley has gone mad, there is no future in building hardware, and the Internet of Things is a pox on civilization. Hey, at least they got the last one right.

This iFixit-style tear down digs into the Juicero mixer in all its gory details. It’s beautiful, it’s a marvel of technology, and given the engineering that went into this machine, it was doomed to fail. Not because it didn’t accomplish the task at hand, but because it does so with a level of engineering overkill that’s delightful to look at but devastating to the production cost.

Continue reading “Juicero: A Lesson On When To Engineer Less”

Ask Hackaday: What About the Diffusers?

Blinky LED projects: we just can’t get enough of them. But anyone who’s stared a WS2812 straight in the face knows that the secret sauce that takes a good LED project and makes it great is the diffuser. Without a diffuser, colors don’t blend and LEDs are just tiny, blinding points of light. The ideal diffuser scrambles the photons around and spreads them out between LED and your eye, so that you can’t tell exactly where they originated.

We’re going to try to pay the diffuser its due, and hopefully you’ll get some inspiration for your next project from scrolling through what we found. But this is an “Ask Hacakday”, so here’s the question up front: what awesome LED diffusion tricks are we missing, what’s your favorite, and why?

Continue reading “Ask Hackaday: What About the Diffusers?”

An Analog Charge Pump Fabrication-Time Attack Compromises A Processor

We will all be used to malicious software, computers and operating systems compromised by viruses, worms, or Trojans. It has become a fact of life, and a whole industry of virus checking software exists to help users defend against it.

Underlying our concerns about malicious software is an assumption that the hardware is inviolate, the computer itself can not be inherently compromised. It’s a false one though, as it is perfectly possible for a processor or other integrated circuit to have a malicious function included in its fabrication. You might think that such functions would not be included by a reputable chip manufacturer, and you’d be right. Unfortunately though because the high cost of chip fabrication means that the semiconductor industry is a web of third-party fabrication houses, there are many opportunities during which extra components can be inserted before the chips are manufactured. University of Michigan researchers have produced a paper on the subject (PDF) detailing a particularly clever attack on a processor that minimizes the number of components required through clever use of a FET gate in a capacitive charge pump.

On-chip backdoors have to be physically stealthy, difficult to trigger accidentally, and easy to trigger by those in the know. Their designers will find a line that changes logic state rarely, and enact a counter on it such that when they trigger it to change state a certain number of times that would never happen accidentally, the exploit is triggered. In the past these counters have been traditional logic circuitry, an effective approach but one that leaves a significant footprint of extra components on the chip for which space must be found, and which can become obvious when the chip is inspected through a microscope.

The University of Michigan backdoor is not a counter but an analog charge pump. Every time its input is toggled, a small amount of charge is stored on the capacitor formed by the gate of a transistor, and eventually its voltage reaches a logic level such that an attack circuit can be triggered. They attached it to the divide-by-zero flag line of an OR1200 open-source processor, from which they could easily trigger it by repeatedly dividing by zero. The beauty of this circuit is both that it uses very few components so can hide more easily, and that the charge leaks away with time so it can not persist in a state likely to be accidentally triggered.

The best hardware hacks are those that are simple, novel, and push a device into doing something it would not otherwise have done. This one has all that, for which we take our hats off to the Michigan team.

If this subject interests you, you might like to take a look at a previous Hackaday Prize finalist: ChipWhisperer.

[Thanks to our colleague Jack via Wired]

ESP32’s Freedom Output Lets You Do Anything

The ESP32 is Espressif’s new wonder-chip, and one of the most interesting aspects of its development has been the almost entirely open-source development strategy that they’re taking. But the “almost” in almost entirely open is important — there are still some binary blobs in the system, and some of them are exactly where a hacker wouldn’t want them to be. Case in point: the low-level WiFi firmware.

So that’s where [Jeija]’s reverse engineering work steps in. He’s managed to decode enough of a function called ieee80211_freedom_output to craft and send apparently arbitrary WiFi data and management frames, and to monitor them as well.

This ability is insanely useful for a WiFi device. With low-level access like this, one can implement custom protocols for mesh networking, low-bandwidth data transfers, or remove the requirement for handshaking entirely. One can also spam a system with so many fake SSIDs that it crashes, deauth everyone, or generally cause mayhem. Snoop on your neighbors, or build something new and cool: with great power comes great responsibility.

Anyway, we reported on [Jeija]’s long distance hack and the post may have read like it was all about the antenna, but that vastly underestimates the role played by this firmware reverse-engineering hack. Indeed, we’re so stoked about the hack that we thought it was worth reiterating: the ESP32 is now a WiFi hacker’s dream.

Life on Contract: Hacking your Taxes

You’re a contractor and people are paying you to work in your pajamas. It’s a life of luxury, but when tax time comes, you are in a world of hurt and you wonder why you even do it. Taxes are tricky, but there are some tools you can use to make it less painful on your pocketbook. With planning and diligence, you can significantly increase the amount of money that stays in your bank account. Continue reading “Life on Contract: Hacking your Taxes”

Neural Networks: You’ve Got It So Easy

Neural networks are all the rage right now with increasing numbers of hackers, students, researchers, and businesses getting involved. The last resurgence was in the 80s and 90s, when there was little or no World Wide Web and few neural network tools. The current resurgence started around 2006. From a hacker’s perspective, what tools and other resources were available back then, what’s available now, and what should we expect for the future? For myself, a GPU on the Raspberry Pi would be nice.

Continue reading “Neural Networks: You’ve Got It So Easy”

ESP32’s Dev Framework Reaches 2.0

We’ve been watching the development of the ESP32 chip for the last year, but honestly we’ve been a little bit cautious to throw all of our friendly ESP8266s away just yet. Earlier this month, Espressif released version 2.0 of their IoT Development Framework (ESP-IDF), and if you haven’t been following along, you’ve missed a lot.

We last took a serious look at the IDF when the chips were brand-new, and the framework was still taking its first baby steps. There was no support for such niceties as I2C and such at the time, but you could get both cores up and running and the thing connected to the network. We wanted to test out the power-save modes, but that wasn’t implemented yet either. In short, we were watching the construction of a firmware skyscraper from day one, and only the foundation had been poured.

But what a difference eight months make! Look through the GitHub changes log for the release, and it’s a totally new ballgame. Not only are their drivers for I2C, I2S, SPI, the DAC and ADCs, etc, but there are working examples and documentation for all of the above. Naturally, there are a ton of bugfixes as well, especially in the complex WiFi and Bluetooth Low Energy stacks. There’s still work left to do, naturally, but Espressif seems to think that the framework is now mature enough that they’ve opened up their security bug bounty program on the chip. Time to get hacking!

Continue reading “ESP32’s Dev Framework Reaches 2.0”