Software Hacks

997 Articles

Blinky Project Is 6502s All The Way Down

December 24, 2022 by 19 Comments

Virtually any platform you might find yourself programming on has some simple method of running a delay. [Joey Shepard] got rather creative on a recent project, though, relying on a rather silly nesting method that we’re calling 6502s All The Way Down.

The project in question was a simple PCB that was shaped like a robot, with blinking LED eyes. Typically, you’d simply reach for the usual sleep() or delay() function to control the blink rate, but [Joey] went off-piste for this one. Instead, the PIC32 on the board runs a 6502 emulator written in MIPS assembly. This emulated 6502 is then charged with running a further 6502 emulator coded in 6502 assembly, and so on, until there’s 6502 emulators running six-deep on the humble microcontroller. The innermost emulator runs a simple program that blinks the LED eyes in a simple loop. With the overhead of running six emulators, though, the eyes only blink at a rate of roughly once every two seconds.

It’s an amusing and complicated way to write a blink program, and we applaud [Joey] for going to all that trouble. We imagine it was a great way to learn about programming the PIC32 as well as emulation in general. Meanwhile, if you’re working on your own emulator feats, be sure to let us know!

GitHub ESP32 OTA Updates, Now In MicroPython Flavor

December 23, 2022 by 5 Comments

Wouldn’t it be great if you could keep all of your small Internet-connected hacks up to date with a single codebase? A couple of weeks ago, we wrote up a project that automagically pulls down OTA updates to an ESP32 from GitHub, using the ESP32 C SDK. [Pascal] asked in the comments, “but what about MicroPython?” Gauntlet thrown, [TURFPTAx] wrote ugit.pya simple library that mirrors all of the code from a public GitHub Python repo straight to your gizmo running Micropython.

[Damped] wrote in about Senko, another library that does something very similar, but by then [TURFPTAx] was already done. Bam! Part of the speed is that MicroPython includes everything you need to get the job done – parsing streamed JSON was the hard part with the original hack. MicroPython makes those sorts of things easy.

This is one of those ideas that’s just brilliant for a hacker with a small flock of independent devices to herd. And because ugit.py itself is fairly simple and readable, if you need to customize it to do your own bidding, that’s no problem either. Just be sure that when you’re storing your WiFi authentication info, it’s not publicly displayed. ([TURFPTAx], could I log into your home WiFi?)

What’s [TURFPTAx] going to be using this for? We’re guessing it’s going to be deploying code to his awesome Open Muscle sensing rigs. What will we be using it for? Blinky Christmas decorations for the in-laws, now remotely updatable without them having to even learn what a “repo” is.

Continue reading “GitHub ESP32 OTA Updates, Now In MicroPython Flavor”

This Week In Security: Scamming The FBI, In The Wild, And AI Security

December 16, 2022 by 16 Comments

If you’re part of a government alphabet agency, particularly running a program to share information to fight cybercrime, make sure to properly verify the identity of new members before admission. Oh, and make sure the API is rate-limited so a malicious member can’t scrape the entire user database and sell it on a dark web forum.

Putting snark aside, this is exactly what has happened to the FBI’s InfraGuard program. A clever user applied to the program using a CEO’s name and phone number, and a convincing-looking email address. The program administrators didn’t do much due diligence, and approved the application. Awkward.

BSD Ping

First off, the good folks at FreeBSD have published some errata about the ping problem we talked about last week. First off, note that while ping does elevate to root privileges via setuid, those privileges are dropped before any data handling occurs. And ping on FreeBSD runs inside a Capsicum sandbox, a huge obstacle to system compromise from within ping. And finally, further examination of the bug in a real-world context casts doubt on the idea that Remote Code Execution (RCE) is actually possible due to stack layouts.

If someone messes up somewhere, go look if you messed up in the same or similar way somewhere else.

Sage advice from [Florian Obser], OpenBSD developer. So seeing the ping problem in FreeBSD, he set about checking the OpenBSD ping implementation for identical or similar problems. The vulnerable code isn’t shared between the versions, so he reached for afl++, a fuzzing tool with an impressive list of finds. Connect afl++ to the function in ping that handles incoming data, and see what shakes out. The conclusion? No crashes found in this particular effort, but several hangs were identified and fixed. And that is a win. Continue reading “This Week In Security: Scamming The FBI, In The Wild, And AI Security”

VHS-Decode Project Could Help Archival Efforts

December 13, 2022 by 47 Comments

Archiving data from old storage media can be a highly complex process. It can be as simple as putting a disk in an old drive and reading out the contents. These days, though, the state of the art is more complex, with advanced techniques helping to recover the most data possible. The VHS-Decode project is an effort to improve the archiving of old analog video tapes.

The project is a fork of the LaserDisc-focused ld-decode, started by [Chad Page] back in 2013, which readers may recall was used for the Domesday Duplicator — a device aimed to recover data from the BBC’s ancient Domesday LaserDiscs. VHS-Decode is designed to capture the raw RF signals straight out of a tape head, which are the most direct representation of the signals on the physical media. From there, these signals can be processed in various ways to best recover the original audio and video tracks. It’s much the same technique as is used by floppy disk recovery tools like the FluxEngine.

Despite the VHS name, the code currently works with several tape formats. VHS, S-VHS and U-Matic are supported in PAL and NTSC formats, while Betamax, Video8 and High8 tape capture remains a work in progress. Using the code requires a video tape player with test points or traces that make signals from the head accessible. Capturing those signals is achieved via a Domesday Duplicator hardware device, or alternatively a Conexant CX2388x analog-to-digital converter, often found in many old PCI TV tuner cards. Various techniques can then be used to turn the captured signals into watchable video files.

We love a good archival project, and VHS-Decode is clearly a useful tool when it comes to salvaging old video tapes. Continue reading “VHS-Decode Project Could Help Archival Efforts”

Lisp Runs This Microcontroller Pendant

December 10, 2022 by 20 Comments

As a programming language, Lisp has been around longer than any other active language except for Fortran. To anyone who regularly uses it, it’s easy to see why: the language allows for new syntax and macros to be created fluidly, which makes it easy to adapt it to new situations, like running it on a modern Atmel microcontroller to control the LEDs on this star pendant.

The pendant has simple enough hardware — six LEDs arranged around the points of the star, all being driven by a small ATtiny3227 operating from a coin cell battery. This isn’t especially spectacular on it’s own, but this particular microcontroller is running an integer version of a custom-built Lisp interpreter called uLisp. The project’s creator did this simply because of the whimsy involved in running a high-level programming language on one of the smallest microcontrollers around that would actually support the limited functionality of this version of Lisp. This implementation does stretch the memory and processing capabilities of the microcontroller quite a bit, but with some concessions, it’s able to run everything without issue.

As far as this project goes, it’s impressive if for nothing other than the ‘I climbed the mountain because it was there’ attitude. We appreciate all kinds of projects in that same vein, like this Arduino competitor which supports a programming language with only eight commands, or this drone which can carry a human.

A Tiny RISC-V Emulator Runs Linux With No MMU. And Yes, It Runs DOOM!

December 7, 2022 by 28 Comments

It’s something of an article of faith, that to run Linux your computer must include a hardware memory management unit, or MMU. To an extent it’s true, in that for a Linux-based system to shine it must have that hardware, but in fact there has been support for MMU-less Linux for many years now. Prolific hacker [cnlohr] has created an emulated simple RISCV processor without an MMU, and not only does it run Linux, it also runs DOOM.

The videos below the break go into significant depth on writing and debugging an emulator not to mention the inner workings of DOOM, but fear not if it’s not your thing. Everything can be found in a GitHub repository, and there are straightforward instructions should you wish to try it yourself.

All this is entertaining stuff, but it becomes of much more interest when viewed as part of an ongoing chain of projects working on no-MMU Linux for low-end RISC-V microcontrollers. Imagine the prospect of running Linux on a CPU costing relative pennies, and you can see why that’s an interesting prospect. Even if it’s not the most unexpected way to run Linux without an MMU.

Continue reading “A Tiny RISC-V Emulator Runs Linux With No MMU. And Yes, It Runs DOOM!”

Taking Distance Based CAD To The Next Level

November 28, 2022 by 25 Comments

For those who model CAD models regularly, a pair of calipers is essential as it allows reasonably accurate measurements to fit a specific part. However, [Jason Harris] is taking that concept to the next level with a signed distance function-based CAD tool, SDFX.

For those who don’t know, Signed Distance Functions can tell you from a given point how close the nearest part of the model is. The model is represented as a single function that offers some exciting benefits. For instance, chamfering and fileting are often quite complex in traditional CAD programs and trivial in an SDF setting. SDFX is a golang library that allows you to write golang programs to describe the model. OpenSCAD is a favorite of Hackaday as it is a beautiful parametric code-first CAD package. But the syntax and language are somewhat cludgy, to say the best. The advantage of using golang rather than a DSL is that you can use all the niceties that a full-featured language brings. For example, you can export multiple objects, make network requests, and interface with GUI libraries to recreate something like the customizer for OpenSCAD.

Objects are rendered to STL using Marching squares. Then, they can be printed in whatever slicing software suits your fancy. It’s an excellent project with a great API and almost a hundred examples.

The code is available on GitHub under an MIT License.