Java Is Now On The Nintendo 64!

Whether it’s your favorite programming language, or your favorite beverage, there’s no denying Java is everywhere. Now, it’s even on the Nintendo 64, thanks to the valiant efforts of [Mike Kohn]. Even better, he’s coded a demo to show off its capabilities!

The project took plenty of work. [Mike] went all the way down to the assembly level to get Java code running on the N64. The project builds on the work that he did previously to get Java running on the PlayStation 2. Notably, both the Sony and Nintendo consoles do have some similarities — both are based on MIPS CPUs.

The demo itself is a work of art. It features the typical “3 billion devices run Java” screen, followed by some truly chunky bass and wailing guitar sounds. It’s followed by all the dancing shapes, sinusoidal text, and bright colors you could shake a stick at.

For those interested in the nitty gritty, [Mike] delves deep into the details of what it took to get everything running. That includes both using the code in an emulator, as well as how to get it going on real Nintendo hardware, something we’ve looked at before.

Continue reading “Java Is Now On The Nintendo 64!”

ImHex: An Open Hex Editor For The Modern Hacker

It’s little surprise that most hackers have a favorite text editor, since we tend to spend quite a bit of time staring at the thing. From writing code to reading config files, the hacker’s world is filled with seemingly infinite lines of ASCII. Comparatively, while a hex editor is a critical tool to have in your arsenal, many of us don’t use one often enough to have a clear favorite.

But we think that might change once you’ve taken ImHex for a spin. Developer [WerWolv] bills it specifically as the hex editor of choice for reverse engineering, it’s released under the GPL v2, and runs on Windows, Linux, and macOS. Oh, and did we mention it defaults to a slick dark theme designed to be easy on the eyes during those late night hacking sessions — just like your favorite website? Continue reading “ImHex: An Open Hex Editor For The Modern Hacker”

Chataigne: An Open-Source Swiss Army Knife

[Ben Kuper] is a developer with a history of working on art installations, and had hit upon a common problem often cited by artists. When creating installations involving light, sound, and motion, they often spend too much time on the nuts and bolts of electronics, programming, and so on. Such matters are a huge time sink with a steep learning curve and oftentimes just a plain distraction from the actual artistic intent they’re trying to focus upon. [Ben] has been working for a few years on a software tool, Chataigne which is designed as the glue between various software tools and hardware interfaces, enabling complex control of the application using simple building blocks. Continue reading “Chataigne: An Open-Source Swiss Army Knife”

Screenshot of the framework-built app, showing it running through Firefox

Turn A Webpage Into A Desktop App With Gluon

Electron is software for running web-written apps in the same way as native ones, and has gotten plenty of bad press for its RAM appetite around these parts. But while the execution might leave something to be desired, the concept itself is quite solid —  if you’ve already got code written for the web, a quick and easy way to bring it over to the desktop would be very valuable.

Which is why [CanadaHonk] is building a framework called Gluon, which aims to turn your web pages into desktop apps with little to no effort. We’ve seen their work a few months ago with the OpenASAR project, hacking the Discord desktop app to speed it up. Drawing from that experience, Gluon is built to be lean – with apps having low RAM and storage footprints, lightning-speed build times, and a no-nonsense API.

One of the coolest parts is that it’s able to use your system-installed browser, and not a bundled-in one like Electron. Firefox support is firmly on the roadmap, too, currently in experimental stage. Linux support is being worked on as well — the framework is Windows-born, but that’s to change. There’s also room to innovate; [CanadaHonk] recently added a hibernation feature with aggressive RAM and CPU footprint reduction when the app is minimized, something that other frameworks like this aren’t known for.

If you want to write user-facing software, JavaScript’s a decent language, and quite a few of you are going to be familiar with it. You aren’t limited to the software side of the tech world, either — tools like WebUSB and WebSerial will let you write a user interface for a board that you’ve just developed. For instance, here’s a WebSerial-based oscilloscope, a nifty serial terminal, or a hacker conference badge programming toolkit. For all that browsers have gotten wrong, they certainly don’t seem to become less abundant, and if that means you can quickly develop cross-platform hardware-facing apps, it’s certainly a useful addition to one’s toolkit.

Blinky Project Is 6502s All The Way Down

Virtually any platform you might find yourself programming on has some simple method of running a delay. [Joey Shepard] got rather creative on a recent project, though, relying on a rather silly nesting method that we’re calling 6502s All The Way Down.

The project in question was a simple PCB that was shaped like a robot, with blinking LED eyes. Typically, you’d simply reach for the usual sleep() or delay() function to control the blink rate, but [Joey] went off-piste for this one. Instead, the PIC32 on the board runs a 6502 emulator written in MIPS assembly. This emulated 6502 is then charged with running a further 6502 emulator coded in 6502 assembly, and so on, until there’s 6502 emulators running six-deep on the humble microcontroller. The innermost emulator runs a simple program that blinks the LED eyes in a simple loop. With the overhead of running six emulators, though, the eyes only blink at a rate of roughly once every two seconds.

It’s an amusing and complicated way to write a blink program, and we applaud [Joey] for going to all that trouble. We imagine it was a great way to learn about programming the PIC32 as well as emulation in general. Meanwhile, if you’re working on your own emulator feats, be sure to let us know!

GitHub ESP32 OTA Updates, Now In MicroPython Flavor

Wouldn’t it be great if you could keep all of your small Internet-connected hacks up to date with a single codebase? A couple of weeks ago, we wrote up a project that automagically pulls down OTA updates to an ESP32 from GitHub, using the ESP32 C SDK. [Pascal] asked in the comments, “but what about MicroPython?” Gauntlet thrown, [TURFPTAx] wrote ugit.pya simple library that mirrors all of the code from a public GitHub Python repo straight to your gizmo running Micropython.

[Damped] wrote in about Senko, another library that does something very similar, but by then [TURFPTAx] was already done. Bam! Part of the speed is that MicroPython includes everything you need to get the job done – parsing streamed JSON was the hard part with the original hack. MicroPython makes those sorts of things easy.

This is one of those ideas that’s just brilliant for a hacker with a small flock of independent devices to herd. And because ugit.py itself is fairly simple and readable, if you need to customize it to do your own bidding, that’s no problem either. Just be sure that when you’re storing your WiFi authentication info, it’s not publicly displayed. ([TURFPTAx], could I log into your home WiFi?)

What’s [TURFPTAx] going to be using this for? We’re guessing it’s going to be deploying code to his awesome Open Muscle sensing rigs. What will we be using it for? Blinky Christmas decorations for the in-laws, now remotely updatable without them having to even learn what a “repo” is.

Continue reading “GitHub ESP32 OTA Updates, Now In MicroPython Flavor”

This Week In Security: Scamming The FBI, In The Wild, And AI Security

If you’re part of a government alphabet agency, particularly running a program to share information to fight cybercrime, make sure to properly verify the identity of new members before admission. Oh, and make sure the API is rate-limited so a malicious member can’t scrape the entire user database and sell it on a dark web forum.

Putting snark aside, this is exactly what has happened to the FBI’s InfraGuard program. A clever user applied to the program using a CEO’s name and phone number, and a convincing-looking email address. The program administrators didn’t do much due diligence, and approved the application. Awkward.

BSD Ping

First off, the good folks at FreeBSD have published some errata about the ping problem we talked about last week. First off, note that while ping does elevate to root privileges via setuid, those privileges are dropped before any data handling occurs. And ping on FreeBSD runs inside a Capsicum sandbox, a huge obstacle to system compromise from within ping. And finally, further examination of the bug in a real-world context casts doubt on the idea that Remote Code Execution (RCE) is actually possible due to stack layouts.

If someone messes up somewhere, go look if you messed up in the same or similar way somewhere else.

Sage advice from [Florian Obser], OpenBSD developer. So seeing the ping problem in FreeBSD, he set about checking the OpenBSD ping implementation for identical or similar problems. The vulnerable code isn’t shared between the versions, so he reached for afl++, a fuzzing tool with an impressive list of finds. Connect afl++ to the function in ping that handles incoming data, and see what shakes out. The conclusion? No crashes found in this particular effort, but several hangs were identified and fixed. And that is a win. Continue reading “This Week In Security: Scamming The FBI, In The Wild, And AI Security”