Hackaday Links: October 8, 2023

October 8, 2023 by Dan Maloney 17 Comments

Too much of a good thing is generally a bad thing, but a surfeit of asteroid material is probably a valid exception to that rule. Such was NASA’s plight as it started to unpack the sample return capsule recently dropped off by the OSIRIS-REx spacecraft as it flew by Earth, only to discover it was packed to overflowing with samples of asteroid Bennu. The spacecraft, which arrived at Bennu in 2018 and spent a good long time mapping the near-Earth asteroid, apparently approached its carefully selected landing site a bit too energetically and really packed the sample container full of BennuBits™ — so much so that they could actually see sample shedding off into space before stowing it for the long trip back to Earth. The container is now safely in the hands of the sample analysis team, who noted that everything in the TAGSAM (Touch and Go Sample Acquisition Module), even the avionics deck, is covered with black particles, each precious one of which needs to be collected and cataloged. The black stuff is especially interesting to planetary scientists, as it might be exactly what they were after when they selected Bennu, which may have broken off a much larger carbon-rich asteroid a billion or so years ago. It’ll be interesting to see if these interplanetary hitchhikers have anything to tell us about the origin of life in the solar system.

Continue reading “Hackaday Links: October 8, 2023” →

This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning

October 6, 2023 by Jonathan Bennett 8 Comments

This week starts out with a nifty vulnerability in the glibc dynamic loader. This is an important step in running a binary executable on Linux, as it pulls the list of required shared libraries, and loads those libraries into memory. Glibc also includes a feature to adjust some runtime settings, via the GLIBC_TUNABLES environment variable. That’s where the vulnerability resides, and researchers from Qualsys obviously had a bit of fun in taking inspiration to pick the vulnerability name, “Looney Tunables”.

The problem is memory handling in the sanitizing parser. This function iterates through the environment variable, looking for strings of tunable1=aa, separated by colons. These strings get copied to the sanitized buffer, but the parsing logic goes awry when handling the malformed tunable1=tunable2=AAA. The first equals sign is taken at face value, copying the rest of the string into the buffer. But then the second equals sign is also processed as another key=value pair, leading to a buffer overflow.

The reason this particular overflow is interesting is that if the binary to be run is a Set-User-ID (SUID) root application, the dynamic loader runs as root, too. If the overflow can achieve code execution, then it’s a straightforward privilege escalation. And since we’re talking about it, you know there’s a way to execute code. It turns out, it’s possible to overwrite the pointer to the library search path, which determines where the dynamic loader will look for libraries. Tell it to look first in an attacker-controlled location, and you can easily load a malicious libc.so for instant code execution.

This vulnerability affects many Linux distros, and there’s already a Proof of Concept (PoC) published. So, it’s time to go check for updates for cve-2023-4911. Continue reading “This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning” →

LittleFS: The Emphasis Is On Little

October 4, 2023 by Al Williams 15 Comments

It used to be that developing for microcontrollers was relatively relaxing. These days, even a cheap micro like the Raspberry Pi Pico has multiple cores, networking (for the W, at least), and file systems. Just like desktop computers. Sort of. I found out about the “sort of” part a few weeks ago when I decided to embark on a little historical project. I wanted a file system with a large file that emulates a disk drive. The Pico supports LittleFS, and I figured that would be the easy thing to do. Turns out the Little in LittleFS might be more literal than you think. On the plus side, I did manage to get things working, but it took a… well — dare I say hack? — to make it all work.

History

I’m an unabashed fan of the RCA 1802 CPU, which is, of course, distinctly retro. The problem is, I keep losing my old computers to moves, natural disasters, and whatnot. I’ve had several machines over the years, but they seem to be a favorite target of Murphy’s law for me. I do currently have a small piece of hardware called an Elf Membership Card (by [Lee Hart]), but it lacks fancy features like disk drives, and while it could be expanded, there’s something charming about its current small size. So that led me to repurpose a 6502 emulator for the KIM-1 to act like an 1802 instead. This is even less capable than the membership card, so it was sort of a toy. But I always thought I should upgrade the Arduino inside the emulator to a processor with more memory, and that’s what I did.

I started out with a Blackpill STM32F board and called the project 1802Black. The code is a little messy since it started out as [Oscar’s] KimUNO code, and then my updates layered with new updates. Also, for now, I shut off the hardware parts so it won’t use the KimUNO hardware — you only need a Blackpill (or a Pico, see below) and nothing else, although I may reenable the hardware integration later.

It wasn’t that hard to get it running with just more memory. Still, I wanted to run [Mike Riley’s] Elf/OS operating system and I also had a pair of Raspberry Pi Picos mocking me for not using them in a project yet. The chip has excellent Arduino board support. But what sealed the deal was noticing that you can partition the Pico’s flash drive to use some of it for your program and the rest for a file system. You can get other RP2040 dev boards with 16 MB of flash, which would let me have a nearly 15 MB “hard drive,” which would have been huge in the 1802’s day. Sounds simple. If it were, though, we wouldn’t be talking.

Continue reading “LittleFS: The Emphasis Is On Little” →

Hackaday Prize 2023: The Wildcard Finalists Are Here

October 4, 2023 by Tom Nardi 5 Comments

We’re in the endgame now — there’s just about a month to go before the final results are announced for the 2023 Hackaday Prize, which means all of our finalists are in a mad rush to put the finishing touches on their respective projects. Today, ten more hackers are about to feel the heat as we announce our final group of finalists from the Save the World Wildcard round.

As finalists, each of these projects has been awarded $500 to help further their development. But perhaps more importantly, they are now officially in the running for one of the final six awards, which includes the Grand Prize of $50,000 and a residency at the Supplyframe DesignLab.

Continue reading “Hackaday Prize 2023: The Wildcard Finalists Are Here” →

Robotic Mic Swarm Helps Pull Voices Out Of Crowded Room Of Multiple Speakers

October 4, 2023 by Lewin Day 27 Comments

One of the persistent challenges in audio technology has been distinguishing individual voices in a room full of chatter. In virtual meeting settings, the moderator can simply hit the mute button to focus on a single speaker. When there’s multiple people making noise in the same room, though, there’s no easy way to isolate a desired voice from the rest. But what if we ‘mute’ out these other boisterous talkers with technology?

Enter the University of Washington’s research team, who have developed a groundbreaking method to address this very challenge. Their innovation? A smart speaker equipped with self-deploying microphones that can zone in on individual speech patterns and locations, thanks to some clever algorithms.

Continue reading “Robotic Mic Swarm Helps Pull Voices Out Of Crowded Room Of Multiple Speakers” →

Review: LibrePCB Hits Version 1.0

October 3, 2023 by Jenny List 53 Comments

Nearly three years ago at the start of 2020 and before the pandemic hit, we took a look at an up-and-coming player in the world of PCB design. LibrePCB is by no means as old as the more established players, but at the time it was joining the ranks of open-source EDA packages with its first early stable releases. It showed a lot of promise but was still a little rough around the edges back then, but in the years since it’s advanced to the extent that in September they released version 1.0. That’s a significant moment for any open source package, so it’s time to return and take another look. It’s a cross-platform package with builds available for Linux, Windows, MacOS and FreeBSD, of which I needed the Linux version. There are one or two options to choose from, I went for the appImage as probably the least trouble. Very quickly I was in a new EDA package, and I set out to make a simple Schmitt trigger oscillator as a test project. Continue reading “Review: LibrePCB Hits Version 1.0” →

Displays We Love Hacking: The HD44780 Family

October 2, 2023 by Arya Voronova 31 Comments

There are too many different kinds of displays – some of them, you already know. I’d like to help you navigate the hobbyist-accessible display world – let’s take a journey together, technology by technology, get a high-level overview of everything you could want to know about it, and learn all the details you never knew you needed to know. In the end, I’d like you to be able to find the best displays for any project you might have in mind, whatever it could be.

There’s a HD44780 clone IC under this epoxy blob! CC0 1.0

Today, let’s take a look at a well-known LCD technology – the HD44780 displays, a type of display that we hobbyists have been working with since the 1980s. Its name comes from the HD44780 driver chip – a character display driver IC that connects to a raw display panel and provides an easy interface.

HD44780 displays are not known for power efficiency, cutting-edge technology, ultimate flexibility, or small size, for that matter. However, they’re tried and true, easy to drive, require little to no computing power on your MCU, and you will be able to buy them for the foreseeable future. They’re not about to get taken off the market, and they deserve a certain kind of place in our parts boxes, too.

If you work with HD44780 displays for a project or two, you might acquire a new useless superpower – noticing just how many HD44780 displays are still in use in all sorts of user-facing devices, public or private. Going out and about in your day-to-day life, you can encounter a familiar 16 x 2 grid of characters in cash registers, public transport ticket machines, home security panels, industrial and factory equipment, public coffee machines, and other microcontroller-assisted places of all kinds! Continue reading “Displays We Love Hacking: The HD44780 Family” →