Software Hacks

999 Articles

FreeCAD Takes Off With A Rocket Design Workbench

April 2, 2021 by 25 Comments

Here’s how FreeCAD works: the program’s design space is separated into different “workbenches”, each of which is intended for a particular set of operations, and a piece of work can be moved between them as needed. There is a sketching workbench, a part design workbench, and now a Rocket workbench has been added to the healthy ecosystem of FreeCAD add-ons. There’s even a series of video tutorials; ain’t open source grand?

It all started when [concretedog] posted on the FreeCAD forums, making a strong case for a Rocket-themed workbench. People got interested, and a short while later [DavesRocketShop] had some useful tools up and running. Here’s a blog post by [concretedog] which goes into detail and background, and while the Rocket workbench is available via FreeCAD’s add-on manager, the very latest experimental builds are available for manual installation on [Dave]’s GitHub repository.

This sort of development and utility is exactly the kind of thing our own Elliot Williams was describing when he made the point that one of open source’s greatest strengths is in the little things, like the FreeCAD ecosystem letting people scratch strange and specific itches, and the ability to share those solutions with others.

Web Tool Cranks Up The Power On DJI’s FPV Drone

March 31, 2021 by 22 Comments

Apparently, if the GPS on your shiny new DJI FPV Drone detects that it’s not in the United States, it will turn down its transmitter power so as not to run afoul of the more restrictive radio limits elsewhere around the globe. So while all the countries that have put boots on the Moon get to enjoy the full 1,412 mW of power the hardware is capable of, the drone’s software limits everyone else to a paltry 25 mW. As you can imagine, that leads to a considerable performance penalty in terms of range.

But not anymore. A web-based tool called B3YOND promises to reinstate the full power of your DJI FPV Drone no matter where you live by tricking it into believing it’s in the USA. Developed by the team at [D3VL], the unlocking tool uses the new Web Serial API to send the appropriate “FCC Mode” command to the drone’s FPV goggles over USB. Everything is automated, so this hack is available to anyone who’s running a recent version of Chrome or Edge and can click a button a few times.

There’s no source code available yet, though the page does mention they will be putting up a GitHub repository soon. In the meantime, [D3VL] have documented the command packet that needs to be sent to the drone over its MODBUS-like serial protocol for others who might want to roll their own solution. There’s currently an offline Windows-only tool up for download as well, and it sounds like stand-alone versions for Mac and Android are also in the works.

It should probably go without saying that if you need to use this tool, you’ll potentially be violating some laws. In many European countries, 25 mW is the maximum unlicensed transmitter power allowed for UAVs, so that’s certainly something to keep in mind before you flip the switch. Hackaday isn’t in the business of dispensing legal advice, but that said, we wouldn’t want to be caught transmitting at nearly 60 times the legal limit.

Even if you’re not interested in fiddling with drone radios, it’s interesting to see another practical application of the Web Serial API. From impromptu oscilloscopes to communicating with development boards and conference badges, clever developers are already finding ways to make hardware hacking easier with this new capability.

[Thanks to Jules for the tip.]

Code Talkers: Programming With Voice

March 28, 2021 by 18 Comments

IEEE Spectrum had an interesting post covering several companies trying to sell voice programming interfaces. Not programming APIs for speech recognition, but the replacement of the traditional text editor to produce programs.

The companies, Serenade and Talon, have very different styles. Serenade has fairly normal-sounding language, whereas Talon has you use very specific phrases and can even use eye tracking to figure out what you are looking at when you issue a command. There’s also mention of two open-source products (Aenae and Caster) that require you to use a third-party speech engine.

For an example of Talon’s input, imagine you want this line of code in your program:

name=extract_word(m)

You’d say this out loud: “Phrase name op equals snake extract word paren mad.” Not exactly how Star Trek envisioned voice programming.

For accessibility, this might be workable. It is hard for us to imagine a room full of developers all talking to make their computers enter C or Python code. Until we can say, “Computer, build a graphic using the data in file hackaday-27,” we think this is not going to go mainstream.

The actual speech recognition part is pretty much a commodity now. Making a reasonable set of guesses about what people will say and what they mean by it is something else. It seems like this works best when you have a very specific and limited vocabulary, like operating a 3D printer.

Undocumented X86 Instructions Allow Microcode Access

March 26, 2021 by 19 Comments

For an old CPU, finding all the valid instructions wasn’t very hard. You simply tried them all. Sure, really old CPUs might make it hard to tell what the instruction did, but once CPUs got illegal instruction traps, you could quickly just scan possible op codes and see what didn’t throw an exception. Modern processors, though, are quite another thing. For example, you might run a random instruction that locks up the machine or miss an instruction that would have been valid but the CPU is in the wrong mode. [Can Bölük] has a novel solution: By speculatively executing the target instruction and then monitoring the microcode sequencer, he can determine if the CPU is decoding an instruction even if it refuses to execute it.

Some unknown instructions may have power for good or evil, such as the recently announced undocumented instructions that can apparently rewrite the microcode. We expect to see a post soon on how to reprogram your Intel processor to run as a 6502 natively.

Continue reading “Undocumented X86 Instructions Allow Microcode Access”

Machine Learning Current Sensor Snoops On MCUs

March 23, 2021 by 8 Comments

Anyone who’s ever tried their hand at reverse engineering a piece of hardware has wished there was some kind of magic wand you could tap on a PCB to understand what its doing and why. We imagine that’s what put security researcher [Mark C] on the path to developing CurrentSense-TinyML, a fascinating proof of concept that uses machine learning and sensitive current measurements to try and determine what a microcontroller is up to.

Energy consumption as the LED blinks.

The idea is simple enough: just place a INA219 current sensor between the power supply and the microcontroller under observation, and record the resulting measurements as it goes about its business. Of course in this case, [Mark] knew what the target Arduino Nano was doing because he wrote the code that blinks its onboard LED.

This allowed him to create training data for TensorFlow, which was ultimately optimized into a model that could fit onto the Arduino Nano 33 BLE Sense which stands in for our magic wand. The end result is that the model can accurately predict when the Nano has fired up its LED based on the amount of power it’s using. [Mark] has done a fantastic job of documenting the whole process, which also doubles as a great intro for putting machine learning to work on a microcontroller.

Now we already know what you’re thinking: obviously the current would go up when the LED was lit, so the machine learning aspect is completely unnecessary. That may be true in this limited context, but remember, this is just a proof of concept to base further work on. In the future, with more training data, this technique could potentially be used to identify a whole range of nuanced activities. You’d be able to see when the MCU was sitting idle, when it was writing to flash, or when it was reading from sensors. In fact, with a good enough model, it might even be possible to identify the individual sensors that are being polled.

These are early days, but we’re very interested in seeing where this research goes. It might not be magic, but if analyzing the current draw of a coffee maker can tell you how much everyone in the office is drinking, then maybe it can help us figure out what all these unlabeled ICs are doing.

A Crash Course On Sniffing Bluetooth Low Energy

March 23, 2021 by 26 Comments

Bluetooth Low Energy (BLE) is everywhere these days. If you fire up a scanner on your phone and walk around the neighborhood, we’d be willing to bet you’d pick up dozens if not hundreds of devices. By extension, from fitness bands to light bulbs, it’s equally likely that you’re going to want to talk to some of these BLE gadgets at some point. But how?

Well, watching this three part video series from [Stuart Patterson] would be a good start. He covers how to get a cheap nRF52480 BLE dongle configured for sniffing, pulling the packets out of the air with Wireshark, and perhaps most crucially, how to duplicate the commands coming from a device’s companion application on the ESP32.

Testing out the sniffed commands.

The first video in the series is focused on getting a Windows box setup for BLE sniffing, so readers who aren’t currently living under Microsoft’s boot heel may want to skip ahead to the second installment. That’s where things really start heating up, as [Stuart] demonstrates how you can intercept commands being sent to the target device.

It’s worth noting that little attempt is made to actually decode what the commands mean. In this particular application, it’s enough to simply replay the commands using the ESP32’s BLE hardware, which is explained in the third video. Obviously this technique might not work on more advanced devices, but it should still give you a solid base to work from.

In the end, [Stuart] takes an LED lamp that could only be controlled with a smartphone application and turns it into something he can talk to on his own terms. Once the ESP32 can send commands to the lamp, it only takes a bit more code to spin up a web interface or REST API so you can control the device from your computer or other gadget on the network. While naturally the finer points will differ, this same overall workflow should allow you to get control of whatever BLE gizmo you’ve got your eye on.

Continue reading “A Crash Course On Sniffing Bluetooth Low Energy”

An Entire Game Inside Of A Font

March 22, 2021 by 17 Comments

Where’s the last place you’d expect to be able to play a game on your computer? The word processing program? Image editor? How about your text editor? That’s right — you can fight your Fontemons in any program that makes use of fonts, because mad genius [Michael Mulet] has created a game that exists entirely within a single Open Type font file.

[Michael] has harnessed the power of ligatures to create a choose-your-own-adventure-style turn-based game that pokes fun at both Pokemon and various typeface names. You start by choosing between Papyromaniac, Verdanta, and Proggito and face off against enemies like Helvetikhan and Scourier.

This works because there are many ways to draw glyphs on a screen. [Michael] chose Type 2 Charstrings, which is a vector graphics format that Adobe created for PostScript. It can draw pixels with a series of move specifications that tell it to draw up, to the right, and then back down before closing off the pixel with an implicit operator that draws from the starting point to the ending point. [Michael] was able to create two shades of gray by drawing smaller versions of the pixels and making the image by combining white and black pixels.

If you just want to play the game, you can either download the .otf file or just try it out in the browser. You’re supposed to use ‘a’ and ‘b’ to make choices that advance the game, but we soon discovered that spamming other keys like ‘v’ and Enter will lead to strange places. If you play it straight, it takes about 20 minutes, but there are enough secrets built in to make it last five times as long. [Michael] was kind enough to create a tutorial for making font-based games, but if you just want to get going, the game engine is open source.

What other fun things can you do on that locked-down work computer? If it has Excel, you can use it to do animation or just kick back and watch a movie.