Slider

4355 Articles

Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames

December 29, 2023 by 1 Comment

This week in the Podcast, Elliot Williams is off at Chaos Communication Congress, hearing tales of incredible reverse engineering that got locomotives back up and running, while Al Williams is thinking over what happened in 2023. There’s a lot of “how things work” in this show, from data buoys to sewing machines to the simulated aging of ICs.

Whether you’re into stacking bricks, stacking Pi Picos, or stacking your 3D prints to make better use of precious bed space, this episode is for you. Enjoy.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

This is your last chance to download a new podcast this year. Take it!

Continue reading “Hackaday Podcast Episode 250: Trains, RC Planes, And EEPROMS In Flames”

This Week In Security: Triangulation, ProxyCommand, And Barracuda

December 29, 2023 by 6 Comments

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Kaspersky, which just happens to be headquartered in Moscow, that’s exactly what we have today. The name Operation Triangulation was picked, based off part of the device fingerprinting code that rendered a yellow triangle on an HTML canvas.

The entire talk is available, given this week at the 37th Chaos Communication Congress, 37c3. The exploit starts with an iMessage attachment, delivered silently, that exploits an undocumented TrueType font instruction. Looking at the source code implies that it was a copy-paste error where a programmer didn’t quite get the logic right for a pointer calculation. That vulnerability gives a memory write primitive that pivots into code execution. What’s particularly interesting is that Apple silently fixed this bug January 2023, and didn’t make any public statements. Presumably there were an uptick of crash logs that pointed to this problem, but didn’t conclusively show attempted exploitation.

The exploits then moves to using NSExpression as a next stage. NSExpression is an ugly way to write code, but it does allow the exploit chain to get to the next stage, running JavaScript as an application, without Just In Time compilation. The JS payload is quite a beast, weighing in at 11,000 lines of obfuscated code. It manages to call native APIs directly from JS, which then sets up a kernel exploit. This is multiple integer overflow flaws that result in essentially arbitrary system memory reads and writes. Continue reading “This Week In Security: Triangulation, ProxyCommand, And Barracuda”

Linux Fu: Preprocessing Beyond Code

December 28, 2023 by 15 Comments

If you glanced at the title and thought, “I don’t care — I don’t write C code,” then hang on a minute. While it is true that C has a preprocessor and you can notoriously do strange and — depending on your point of view — horrible or wonderful things with it, there are actually other options and you don’t have to use any of them with a C program. You can actually use the C preprocessor with almost any kind of text file. And it’s not the only preprocessor you can abuse this way. For example, the m4 preprocessor is wildly complex, vastly underused, and can handle C source code or anything else you care to send to it.

Definitions

I’ll define a preprocessor as a program that transforms its input file into an output file, reacting to commands that are probably embedded in the file itself. Most often, that output is then sent to some other program to do the “real” work. That covers cpp, the C preprocessor. It also covers things like sed. Honestly, you can easily create custom preprocessors using C, awk, Python, Perl, or any other programming language. There are many other standard programs that you could think of as preprocessors, for example, tr. However, one of the most powerful is made to preprocess complex input files called m4. For some reason — maybe because of its complexity — you don’t see much m4 in the wild.

Continue reading “Linux Fu: Preprocessing Beyond Code”

Keeping Watch Over The Oceans With Data Buoys

December 28, 2023 by 12 Comments

When viewed from just the right position in space, you’d be hard-pressed to think that our home planet is anything but a water world. And in all the ways that count, you’d be right; there’s almost nothing that goes on on dry land that isn’t influenced by the oceans. No matter how far you are away from an ocean, what’s going on there really matters.

But how do we know what’s going on out there? The oceans are trackless voids, after all, and are deeply inhospitable to land mammals such as us. They also have a well-deserved reputation for eating anything that ventures into them at the wrong time and without the proper degree of seafarer’s luck, and they also tend to be places where the resources that run our modern technological society are in short supply.

Gathering data about the oceans is neither cheap nor easy, but it’s critically important to everything from predicting what the weather will be next week to understanding the big picture of what’s going on with the climate. And that requires a fleet of data buoys, outnumbering the largest of the world’s navies and operating around the clock, keeping track of wind, weather, and currents for us.

Continue reading “Keeping Watch Over The Oceans With Data Buoys”

Beyond The Basics: Exploring More Exotic Scope Trigger Modes

December 27, 2023 by 2 Comments

Last time, we looked at some powerful trigger modes found on many modern scopes, including the Rigol DHO900 series we used as an example. Those triggers were mostly digital or, at least, threshold-based. This time, we’ll look at some more advanced analog triggers as well as a powerful digital trigger that can catch setup and hold violations. You can find the Raspberry Pi code to create the test waveforms online.

In addition to software, you’ll need to add some simple components to generate the analog waveform. In particular, pin 21 of the Pi connects to  2uF capacitor through a 10K resistor. The other side of the capacitor connects to ground. In addition, pin 22 connects directly to the capacitor, bypassing the 10K resistor. This allows us to discharge the capacitor quickly. The exact values are not especially important.

Runt Triggers

A runt pulse is one that doesn’t have the same voltage magnitude as surrounding pulses. Sometimes, this is due to a bus contention, for example. Imagine if you have some square waves that go from 0 to 5V. But, every so often, one pulse doesn’t make it to 5V. Instead, it stops at 3V.

Continue reading “Beyond The Basics: Exploring More Exotic Scope Trigger Modes”

Liftoff! The Origin Of The Countdown

December 27, 2023 by 18 Comments

What’s the most thrilling part of rocketry? Well, the liftoff, naturally. But what about the sweet anticipation in those tense moments leading up to liftoff? In other words, the countdown. Where did it come from?

Far from being simply a dramatic device, the countdown clock serves a definite purpose — it lets the technicians and the astronauts synchronize their actions during the launch sequence. But where did the countdown  — those famed ten seconds of here we go! that seem to mark the point of no return — come from? Doesn’t it all seem a little theatrical for scientists?

It may surprise you to learn that neither technicians nor astronauts conceived of the countdown. In their book, “Lunar Landings and Rocket Fever: Rediscovering Woman in the Moon”, media scholars Tom Gunning and Katharina Loew reveal that a little-known Fritz Lang movie called Woman In the Moon both “predicted the future of rocketry” and “played an effective role in its early development”.

Continue reading “Liftoff! The Origin Of The Countdown”

Game Graphics: Rasterization

December 26, 2023 by 4 Comments

Last time, I talked about racing the beam, a type of graphics used when memory was scarce. Now it’s time to step into the future with more memory and talk about what modern 2D games still do to this day: rasterization.

Just in time Memory

Continuing the trend set by racing the beam, rasterized graphics are also on a grid, just a much tinier one. Though not unique to rasterized, the “frame buffer” is the logical conclusion of bitmap mode fidelity: enough memory is allocated so that every pixel can have its own color. What’s different about a frame buffer is that everything is drawn before it is shown and, crucially, this doesn’t have to happen in the same order as the pixels are displayed. Rasterization draws entire shapes — triangles, lines and rectangles — into the frame buffer and the screen is typically updated all at once. Continue reading “Game Graphics: Rasterization”