Hackaday Podcast Episode 286: Showing Off SAOs, Hiding From HOAs, And Beautiful Byproducts

August 30, 2024 by 2 Comments

Even when the boss is away, the show must go on, so Dan slid back behind the guest mic and teamed up with Tom to hunt down the freshest of this week’s hacks. It was a bit of a chore, with a couple of computer crashes and some side-quests down a few weird rabbit holes, but we managed to get things together in the end.

Tune in and you’ll hear us bemoan HOAs and celebrate one ham’s endless battle to outwit them, no matter what the golf cart people say about his antennas. Are you ready to say goodbye to the magnetic stripe on your credit card? We sure are, but we’re not holding our breath yet. Would you 3D print a 55-gallon drum? Probably not, but you almost can with a unique Cartesian-polar hybrid printer. And, if you think running MS-DOS on a modern laptop is hard, guess again — or, maybe you just have to get really lucky.

We also took a look at a digital watch with a beautiful display, a hacked multimeter, modern wardriving tools, switchable magnets, and debate the eternal question of v-slot wheels versus linear bearings. And finally, you won’t want to miss our look at what’s new with 3D scanning, and the first installment of Kristina’s new “Boss Byproducts” series, which delves into the beauty of Fordite.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Download the DRM-free MP3.

Continue reading “Hackaday Podcast Episode 286: Showing Off SAOs, Hiding From HOAs, And Beautiful Byproducts”

This Week In Security: The Rest Of The IPv6 Story, CVE Hunting, And Hacking The TSA

August 30, 2024 by 1 Comment

We finally have some answers about the Windows IPv6 vulnerability — and a Proof of Concept! The patch was a single change in the Windows TCP/IP driver’s Ipv6pProcessOptions(), now calling IppSendError() instead of IppSendErrorList(). That’s not very helpful on its own, which is why [Marcus Hutchins]’s analysis is so helpful here. And it’s not an easy task, since decompiling source code like this doesn’t give us variable names.

The first question that needs answered is what is the list in question? This code is handling the option field in incoming IPv6 packets. The object being manipulated is a linked list of packet structs. And that linked list is almost always a single member list. When calling IppSendErrorList() on a list with a single member, it’s functionally equivalent to the IppSendError() in the fixed code. The flaw must be in the handling of this list with multiple members. The only way to achieve that criteria is to send a lot of traffic at the machine in question, so it can’t quite keep up with processing packets one at a time. To handle the high throughput, Windows will assemble incoming packets into a linked list and process them in batch.

So what’s next? IppSendErrorList(), takes a boolean and passes it on to each call of IppSendError(). We don’t know what Microsoft’s variable name is, but [Marcus] is calling it always_send_icmp, because setting it to true means that each packet processed will generate an ICMP packet. The important detail is that IppSendError() can have side effects. There is a codepath where the packet gets reverted, and the processing pointer is set back to the beginning of the packet. That’s fine for the first packet in the list, but because the function processes errors on the entire list of packets, the state of the rest of those packets is now much different from what is expected.

This unexpected but of weirdness can be further abused through IPv6 packet fragmentation. With a bit of careful setup, the reversion can cause a length counter to underflow, resulting in data structure corruption, and finally jumping code execution into the packet data. That’s the Remote Code Execution (RCE). And the good news, beyond the IPv6-only nature of the flaw, is that so far it’s been difficult to actually pull the attack off, as it relies on this somewhat non-deterministic “packet coalescing” technique to trigger the flaw.

Continue reading “This Week In Security: The Rest Of The IPv6 Story, CVE Hunting, And Hacking The TSA”

A Simple 6DOF Hall Effect ‘Space’ Mouse

August 25, 2024 by 14 Comments

The 3DConnexion Space mouse is an interesting device but heavily patent-protected, of course. This seems to just egg people on to reproduce it using other technologies than the optical pickup system the original device uses. [John Crombie] had a crack at building one using linear Hall effect sensors and magnets as the detection mechanism to good — well — effect.

Using the SS49E linear Hall effect sensor in pairs on four sides of a square, the setup proves quite straightforward. Above the fixed sensor plate is a moveable magnet plate centred by a set of springs.  The magnets are aligned equidistant between each sensor pair such that each sensor will report an equal mid-range signal with zero mechanical displacement. With some simple maths, inputs due to displacements in-plane (i.e., left-right or up-down) can be resolved by looking at how pairs compare to each other. Rotations around the vertical axis are also determined in this manner.

Tilting inputs or vertical movements are resolved by looking at the absolute values of groups or all sensors. You can read more about this by looking at the project’s GitHub page, which also shows how the to assemble the device, with all the CAD sources for those who want to modify it. There’s also a detour to using 3D-printed flexures instead of springs, although that has yet to prove functional.

On the electronics and interfacing side of things, [John] utilises the Arduino pro micro for its copious analog inputs and USB functionality. A nice feature of this board is that it’s based on the ATMega32U4, which can quickly implement USB client devices, such as game controllers, keyboards, and mice. The USB controller has been tweaked by adjusting the USB PID and VID values to identify it as a SpaceMouse Pro Wireless operating in cabled mode. This tricks the 3DConnexion drivers, allowing all the integrations into CAD tools to work out of the box.

We do like Space Mouse projects. Here’s a fun one from last year, an interesting one using PCB coils and flexures, and a simple hack to interface an old serial-connected unit.

 

An Open Source 6kW GaN Motor Controller

August 19, 2024 by 30 Comments

We don’t know how you feel when designing hardware, but we get uncomfortable at the extremes. High voltage or current, low noise figures, or extreme frequencies make us nervous.  [Orion Serup] from CrabLabs has been turning up a few of those variables and has created a fairly beefy 3-phase motor driver using GaN technology that can operate up to 80V at 70A. GaN semiconductors are a newer technology that enables greater power handling in smaller packages than seems possible, thanks to high electron mobility and thermal conductivity in the material compared to silicon.

The KiCAD schematic shows a typical high-power driver configuration, broken down into a gate pre-driver, the driver itself, and the following current and voltage sense sub-circuits. As is typical with high-power drivers, these operate in a half-bridge configuration with identical N-channel GaN transistors (specifically part EPC2361) driven by dedicated gate drivers (that’s the pre-driver bit) to feed enough current into the device to enable it to switch quickly and reliably.

The design uses the LM1025 low-side driver chip for this task, as you’d be hard-pushed to drive a GaN transistor with discrete components! You may be surprised that the half-bridge driver uses a pair of N-channel devices, not a symmetric P and N arrangement, as you might use to drive a low-power DC motor. This is simply because, at these power levels, P-channel devices are a rarity.

Why are P-channel devices rare? N-channel devices utilise electrons as the majority charge carrier, but P-channel devices utilise holes, and the mobility of holes in GaN is very low compared to that of electrons, resulting in much worse ON-resistance in a P-channel and, as a consequence, limited performance. That’s why you rarely see P-channel devices in a circuit like this.

Continue reading “An Open Source 6kW GaN Motor Controller”

This Week In Security: Three Billion SS Numbers, IPv6 RCE, And Ring -2

August 16, 2024 by 3 Comments

You may have heard about a very large data breach, exposing the Social Security numbers of three billion individuals. Now hang on. Social Security numbers are a particularly American data point, and last time we checked there were quite a few Americans shy of even a half of a billion’s worth. As [Troy Hunt] points out, there are several things about this story that seem just a bit odd.

First up, the claim is that this is data grabbed from National Public Data, and there’s even a vague notice on their website about it. NPD is a legitimate business, grabbing data on as many people as possible, and providing services like background checks and credit checks. It’s not impossible that this company has records on virtually every citizen of the US, UK, and Canada. And while that’s far less than 2.9 billion people, it could feasibly add up to 2.9 billion records as was originally claimed.

The story gets strange as we consider the bits of data that have been released publicly, like a pair of files shared with [Troy] that have names, birthdays, addresses, phone numbers, and social security numbers. Those had a total of 2.69 billion records, with an average of 3 records for each ID number. That math is still just a little weird, since the US has to date only generated 450 million SSNs and change.

So far all we have are partial datasets, and claims on the Internet. The story is that there’s a grand total of 4 TB of data once uncompressed. The rest of the details are unclear, and it’s likely to take some time for the rest of the story to come out. Continue reading “This Week In Security: Three Billion SS Numbers, IPv6 RCE, And Ring -2”

FLOSS Weekly Episode 796: Homebrew, I’m More Of A Whopper Guy

August 14, 2024 by 1 Comment

This week Jonathan Bennett and David Ruggles chat with John Britton and Mike McQuaid about Homebrew! That’s the missing package manager for macOS; and Workbrew, the commercial offering built on top of it. We cover lots of territory, like why the naming scheme sounds like it was conceived during a pub visit, how Workbrew helps businesses actually use Homebrew, and why you might even want to run Homebrew on a Linux machine!

Continue reading “FLOSS Weekly Episode 796: Homebrew, I’m More Of A Whopper Guy”

Be Your Own DJ With QN8066 And An Arduino Library

August 10, 2024 by 5 Comments

The QN8066 is a fun little FM transmitter chip. It covers the full FM broadcast band and has built-in DSP. You would find this sort of part in car cell phone adapters before every vehicle included Bluetooth or an AUX port.  [Ricardo] has created an Arduino library to bring the QN8066 to the masses.

The chip is rather easy to use – control is handled with a common I2C interface. All the complex parts – Phase Locked Loop (PLL), RF front end, power management, and audio processing are all hidden inside. [Ricardo’s] library makes it even easier to use. One of the awesome features of the 8066 is the fact that it handles Radio Data System (RDS). RDS is the subcarrier datastream that allows FM stations to inject information like song title and artist into the signal. The data is then displayed on your radio screen.

You can find the source to [Ricardo’s] library on GitHub. Using it is as simple as picking it up from the Arduino IDE.

If you are looking for an RDS-enabled radio to test out your QN8066 design, you wouldn’t do too bad with this Gameboy cartridge receiver.

Click through the break for a video from [Ricardo] explaining his QN8066 design. Continue reading “Be Your Own DJ With QN8066 And An Arduino Library”