Ticketmaster SafeTix Reverse-Engineered

July 11, 2024 by Alexander Rowsell 48 Comments

Ticketmaster is having a rough time lately. Recently, a hacker named [Conduition] managed to reverse-engineer their new “safe” electronic ticket system. Of course, they also had the recent breach where more than half a billion accounts had personal and financial data leaked without any indication of whether or not the data was fully encrypted. But we’re going to focus on the former, as it’s more technically interesting.

Ticketmaster’s stated goals for the new SafeTix system — which requires the use of a smartphone app — was to reduce fraud and ticket scalping. Essentially, you purchase a ticket using their app, and some data is downloaded to your phone which generates a rotating barcode every 15 seconds. When [Conduition] arrived at the venue, cell and WiFi service was totally swamped by everyone trying to load their barcode tickets. After many worried minutes (and presumably a few choice words) [Conduition] managed to get a cell signal long enough to update the barcode, and was able to enter, albeit with a large contingent of similarly annoyed fans trying to enter with their legally purchased tickets.

Continue reading “Ticketmaster SafeTix Reverse-Engineered” →

C Compiler Exists Entirely In Vim

July 7, 2024 by Donald Papp 36 Comments

8cc.vim is a C compiler that exists as pure Vimscript. Is it small? It sure is! How about fast? Absolutely not! Efficient? Also no. But does it work and is it neat? You betcha!

Ever typed :wq to write the buffer and exit in Vim? When you do that, you’re using Vimscript. Whenever one enters command mode : in Vim, one is in fact using a live Vimscript interpreter. That’s the space in which this project exists and does its magic. Given enough time, anyway.

Vimscript itself was created by [Bram Moolenaar] in 1991. The idea was to execute batches of vim commands programmatically. It’s been used for a variety of purposes since then.

8cc is a lightweight C compiler that has been supplanted by chibicc, but that doesn’t matter much because as author [rhysd] admits, this is really just a fun concept project more than anything. It may take twenty minutes or more to compile “hello world”, but doing it entirely from within Vim is a trip.

Custom Microcode Compiler, Made In Google Sheets

July 7, 2024 by Donald Papp 12 Comments

When homebrewing a CPU, one has to deal with microcode. Microcode is the low-level nuts and bolts of how, precisely, a CPU executes instructions (like opcodes) and performs functions such as updating the cycle counter or handling interrupt requests. To make this task easier, [Bob Alexander] created a microcode compiler built in Google Sheets to help with his own homebrew work, but it’s flexible and configurable enough to be useful to others, as well.

A CPU’s microcode usually lives in read-only memory, and writing the microcode is only one step in the journey. [Bob]’s tool compiles his microcode into files that can be burned into memory (multiple EEPROM chips, in [Bob]’s case) or used as a Verilog program in the case of implementing the CPU in an FPGA. It’s configurable enough to be adapted for other homebrew CPU projects, though one would of course have to re-write the microcode portion.

A read-only version of the spreadsheet makes for some fun browsing, and if it piques your interest enough to get a copy of your own complete with the compiler script, you can do that here. It uses Google Sheets, and writes the output files into one’s Google Drive.

This kind of low-level project really highlights the finer points of just how the hard work of digital computing gets done. A good example is the Gigatron which implemented a RISC CPU using only microcode, memory, and logic gates in the late 70s. We’ve even seen custom microcode used to aid complex debugging.

A Second OctoPrint Plugin Has Been Falsifying Stats

July 4, 2024 by Tom Nardi 34 Comments

The ongoing story of bogus analytical data being submitted to the public OctoPrint usage statistics has taken a surprising turn with the news that a second plugin was being artificially pushed up the charts. At least this time, the developer of the plugin has admitted to doing the deed personally.

Just to recap, last week OctoPrint creator [Gina Häußge] found that somebody had been generating fictitious OctoPrint usage stats since 2022 in an effort to make the OctoEverywhere plugin appear to be more popular than it actually was. It was a clever attempt, and if it wasn’t for the fact that the fake data was reporting itself to be from a significantly out of date build of OctoPrint, there’s no telling how long it would have continued. When the developers of the plugin were confronted, they claimed it was an overzealous user operating under their own initiative, and denied any knowledge that the stats were being manipulated in their favor.

Presumably it was around this time that Obico creator [Kenneth Jiang] started sweating bullets. It turns out he’d been doing the same thing, for just about as long. When [Gina] contacted him about the suspicious data she was seeing regarding his plugin, he owned up to falsifying the data and published what strikes us as a fairly contrite apology on the Obico blog. While this doesn’t absolve him of making a very poor decision, we respect that he didn’t try to shift the blame elsewhere.

That said, there’s at least one part of his version of events that doesn’t quite pass the sniff test for us. According to [Kenneth], he first wrote the script that generated the fake data back in 2022 because he suspected (correctly, it turns out) that the developers of OctoEverywhere were doing something similar. But after that, he says he didn’t realize the script was still running until [Gina] confronted him about it.

Now admittedly, we’re not professional programmers here at Hackaday. But we’ve written enough code to be suspicious when somebody claims a script they whipped up on a lark was able to run unattended for two years and never once crashed or otherwise bailed out. We won’t even begin to speculate where said script could have been running since 2022 without anyone noticing…

But we won’t dwell on the minutiae here. [Gina] has once again purged the garbage data from the OctoPrint stats, and hopefully things are finally starting to reflect reality. We know she was already angry about the earlier attempts to manipulate the stats, so she’s got to be seething right about now. But as we said before, these unfortunate incidents are ultimately just bumps in the road. We don’t need any stat tracker to know that the community as a whole greatly appreciates the incredible work she’s put into OctoPrint.

Fork! Ladybird Browser And SerenityOS To Go Separate Ways

July 2, 2024 by Jenny List 10 Comments

In the monthly Ladybird Browser update video which we’ve placed below, SerenityOS founder [Andreas Kling] announced an interesting development. The browser has been forked from the OS that has been its progenitor, and both projects will now proceed separately. This frees the browser from the SerenityOS insistence on avoiding external libraries, and allows it to take advantage of stable, fast, and mature open source alternatives. This is already paying dividends in compatibility and speed, and is likely to lead further towards a usable everyday browser as time goes by.

As the world of fully-featured web browser engines has contracted from a number of different projects to little more than Google’s Blink and Mozilla’s Gecko, Ladybird has found itself in an unexpected position. It is vital that the browser market retains some competition and does not become a Google monoculture, so while it might not seem so at first glance, the news of Ladybird going alone has the potential to be one of the most far-reaching open source stories of the year.

If you’d like to try Ladybird you’ll have to get your hands slightly dirty and build it yourself, but we’d expect ready-built versions to appear in due course. We took a look at an earlier version of Ladybird last year, as well as SerenityOS itself.

Continue reading “Fork! Ladybird Browser And SerenityOS To Go Separate Ways” →

Modeling Home Heating Systems With Circuit Simulation Software

July 1, 2024 by Bryan Cockfield 6 Comments

Electricity flow is generally invisible, silent, and not something that most humans want to touch, so understanding how charge moves around can be fairly unintuitive at first. There are plenty of analogies to help understand its behavior, such as imagining a circuit as a pipe of water, with pressure standing in for voltage and flow standing in for current. But you can flip this idea in reverse and use electric circuits to model other complex phenomena instead. [Oxx], for example, is using circuit theory to model his home’s heating systems.

To build his model, he’s using LTSpice, a free circuit simulation program. Using voltage to model temperature and current to model heat flow, he’s set up a model for his home to compare the behavior of a heat pump and a propane furnace. A switch model already in LTSpice with built-in hysteresis takes the place of the thermostat. Using temperature data for a single day in January [Oxx] can see how each of his two heating systems might behave, and the model for the heat pump is incredibly close to how the heat pump behaved in real life.

The model includes all kinds of data about the system, including the coefficient of performance of the heat pump and its backup electric resistive heater, and the model is fairly accurate at predicting behavior. Of course, it takes a good bit of work to set up the parameters for all of the components since our homes and heating systems won’t be included in LTSpice by default, but it does show how powerful an electric circuit analog can be when building models of other systems. If you’ve never used this program before, we’ve featured a few guides to getting started that you can take a look at.

Thanks to [Jarvis] for the tip!

Continue reading “Modeling Home Heating Systems With Circuit Simulation Software” →

3D Printing With A Twist

June 30, 2024 by Al Williams 16 Comments

When we think about sending an STL off on the Internet for processing, we usually want someone to print it for us or we want mesh repair. But [Chuck] found an interesting project on GitHub from [Andrew Sink] that will let you add a variable amount of twist to any STL and then return it to you for printing or whatever else you use STLs for. If you don’t get what we mean, check out the video below.

The site that does the work initially loads a little gnome figure if you are too lazy to upload your own model. That’s perfect, though, because the little guy is a good example of why you might want to twist a model. With just a little work, you can make the gnome look in one direction or even look behind him.

[Chuck] shows how to use the tool for artistic effect by twisting his standard cube logo. The result is something that looks like it would be difficult to create, but could hardly be easier. The tool lets you rotate the object, too, so you can get the twist effect in the right orientation for what you want to accomplish. A great little tool for making more artistic 3D prints without learning new software. If you want some fun, you can try the version that uses sound from your microphone to control the twist.

If you’d rather twist in CAD, we can help. If you really want artsy 3D printing, you probably need to learn Blender.

Continue reading “3D Printing With A Twist” →