Hackaday Links Column Banner

Hackaday Links: September 12, 2021

The last thing an astronaut or cosmonaut on the International Space Stations wants to hear from one of their crewmates is, “Do you smell plastic burning?” But that’s apparently what happened this week aboard the increasingly problematic spacecraft, as the burning smell and visible smoke spread from the Russian Zvezda module to the American side of town. The reports say it occurred while charging the station’s batteries, and we all know how dicey that can get. But apparently, the situation resolved itself somehow, as normal operations continued soon after the event. Between reports of cracks, air leaks, problems with attitude control, and even accusations of sabotage, the ISS is really starting to show its age.

Speaking of burning and batteries, normally a story about burning Tesla batteries wouldn’t raise our eyebrows much. But this story out of California introduces a potential failure mode for Tesla batteries that we hadn’t considered before. It seems a semi-truck with a load of Tesla batteries lost its brakes on Interstate 80 in the Sierra Nevada mountains and ended up flipping across the highway. Video from the scene shows the cargo, which looks like replacement batteries or perhaps batteries salvaged from wrecked cars, scattered across the highway on their shipping pallets. A fire was reported, but it’s not clear whether it was one of the batteries which had gotten compromised in the crash, or if it was something other than the batteries. Still, we hadn’t considered the potential for disaster while shipping batteries like that.

Attention all GNURadio fans — GRCon21 is rapidly approaching. Unlike most of the conferences over the last year and half, GRCon21 will actually be both live and online. We always love the post-conference dump of talks, which cover such a wide range of topics and really dive deeply into so many cool areas. We’re especially looking forward to the SETI talks, and we’re pleased to see our friend Hash, who was on the Hack Chat a while back, scheduled to talk about his smart-meter hacking efforts. The conference starts on September 20 and is being held in Charlotte, North Carolina, and virtually of course. If you attend, make sure to drop tips to your favorite talks in the tips line so we can share them with everyone.

We got a tip this week on a video about how 1/4-wave tuning stubs work. It’s a simple demonstration using a length of coax, a signal generator, and an oscilloscope to show how an unterminated feedline can reflect RF back to the transmitter, and how that can be used to build super-simple notch filters and impedance transformers. We love demos that make the mysteries of RF a little simpler — W2AEW’s videos come to mind, like this one on standing waves.

Continue reading “Hackaday Links: September 12, 2021”

Hackaday Links Column Banner

Hackaday Links: September 13, 2020

Like pretty much every other big conference, the Chaos Communication Conference is going virtual this year. What was supposed to be 37C3 has been rebranded as rC3, the remote Chaos Experience. It’s understandable, as a 17,000 person live event would have not only been illegal but a bit irresponsible in the current environment. The event appears to be a hybrid of small local events hosted in hackerspaces linked with streamed talks and a program of workshops and “online togetherness.” rC3 is slated to run in the week between Christmas and New Year, and it seems like a great way to wrap up 2020.

Speaking of remote conferences, don’t forget about our own Remoticon. While it won’t be quite the same as everyone getting together in sunny — historically, at least — Pasadena for a weekend of actual togetherness, it’s still going to be a great time. The event runs November 6 to 8; we’ve had a sneak peek at the list of proposed workshops and there’s some really cool stuff. Prepare to be dazzled, and make sure you keep up on the Remoticon announcements — you really don’t want to miss this.

Continue reading “Hackaday Links: September 13, 2020”

Mitigating Con Deprivation: Disobey 2020

While the Coronavirus-induced lockdown surely makes life easier for the socially anxious and awkward ones among us, it also takes away the one thing that provides a feeling of belonging and home: conferences. Luckily, there are plenty of videos of past events available online, helping to bypass the time until we can mingle among like-minded folks again. To put one additional option on the list, one event you probably never even heard of is Disobey, Finland’s annual security conference that took place for its fifth time in Helsinki earlier this year, and they recently published the playlist of this year’s talks on their YouTube channel.

With slightly under 1500 hackers, makers, and generally curious people attending this year, Disobey is still on the smaller side of conferences, but comes with everything you’d expect: talks, workshops, CTF challenges, and a puzzle-ridden badge. Labeling itself as “The Nordic Security Event”, its main focus is indeed on computer and network security, and most of the talks are presented by professional security researchers, oftentimes Red Teamers, telling about some of their real-world work.

In general, every talk that teaches something new, discusses important matters, or simply provides food for thought and new insight is worth watching, but we also don’t want to give everything away here either. The conference’s program page offers some outline of all the talks if you want to check some more information up front. But still, we can’t just mention a random conference and not give at least some examples with few details on what to expect from it either, so let’s do that.

Continue reading “Mitigating Con Deprivation: Disobey 2020”

The Ultimate Game Boy Talk

It is absolutely no exaggeration to say that [Michael Steil] gave the Ultimate Game Boy talk at the 33rd Chaos Communication Congress back in 2016. Watch it, and if you think that there’s been a better talk since then, post up in the comments and we’ll give you the hour back. (As soon as we get this time machine working…)

We were looking into the audio subsystem of the Game Boy a while back, and scouring the Internet for resources, when we ran across this talk. Not only does [Michael] do a perfect job of demonstrating the entire audio system, allowing you to write custom chiptunes at the register level if that’s your thing, but he also gets deep into the graphics engine. You’ll never look at a low-bit Pole Position clone the same again. The talk even includes some new (in 2016, anyway) hacks on the pixel pipeline in the last 15 minutes, and a quick review of the hacking tools and even the Game Boy camera.

Why do you care about the Game Boy? It’s probably the last/best 8-bit game machine that was made in mass production. You can get your hands on one, or a clone, for dirt cheap. And if you build a microcontroller-based cartridge, you can hack the whole thing non-destructively live, and in Python! Or emulate either the whole shebang. Either way, when you’re done, you’ve got a portable demo of your hard work thanks to the Nintendo hardware. It makes the perfect retro project.

Continue reading “The Ultimate Game Boy Talk”

Hunting Replicants With The 2019 LayerOne Badge

Blade Runner showed us a dystopian megatropolis vision of Los Angeles in the far-off future. What was a distant dream for the 1982 theater-goes (2019) is now our everyday. We know Los Angeles is not perpetually overcast, flying cars are not cruising those skies, and replicants are not hiding among the population. Or… are they?

The LayerOne conference takes place in greater Los Angeles and this year it adopted a Blade Runner theme in honor of that landmark film. My favorite part of the theme was the conference badge modeled after a Voight-Kampff machine. These were used in the film to distinguish replicants from humans, and that’s exactly what this badge does too. In the movies, replicants are tested by asking questions and monitoring their eyes for a reaction — this badge has an optional eye-recognition camera to deliver this effect. Let’s take a look!

Continue reading “Hunting Replicants With The 2019 LayerOne Badge”

KiCon Gets Our KiCad Conference On

Oh, what’s KiCon you say? KiCon is the first dedicated conference on our favorite libre EDA tool: KiCad, organized by friend of Hackaday Chris Gammell and scheduled for April 26 and 27th in Chicago.

Having stuffed ourselves full of treats through the holidays, followed by sleeping through the calm winter months, we find ourselves once again facing the overwhelming tsunami of conference season. This year things are heating up early, and you’ll find a lot of Hackaday staff are headed to Chicago for KiCon.

Now that early selection of talks has been released, the end of April can’t come soon enough. Being user focused the conference is centered around what people make using the tool, and how it can be leveraged to improve your next project. Wayne Stambaugh, the project lead for KiCad itself, will be on hand to talk about the state of the tool and what the road map looks like from here. There will be a pair of talks on effective version control and applying the practice of continuous integration and deployment to the EDA world. We’ll hear about methods for working with distributed project members and tips for designing easy to learn beginner soldering kits. And there will be two talks on RF and microwave design, one of which we hope will teach us how to use that mysterious toolbar with the squiggly lines.

For an extra dash of flavor there will be a few Hackaday staff participating in the festivities. is making the flight over to present a talk about how to quickly generate and use 3D models in FreeCAD, something we’re very interested in applying to our messy part libraries. Kerry Scharfglass will be around to walk through how to lay out a manufacturing line and design the test tools that sit on it. And our illustrious Editor in Chief Mike Szczys will be roaming the halls in search of excellent hacks to explore and brains to pick.

Interested in attending or volunteering for the conference? Now is the time to buy your tickets and/or apply as a volunteer!

Of course there’s a ton of fun and games that surround KiCon. Hackaday will be hosting another edition of our always exciting bring-a-hack the evening of Saturday April 27th after official activities wrap up. Plan to stop by and enjoy a beverage at this gathering of like minded hackers who are showing off awesome toys. We’ll get more location details out soon, but for now, grab a ticket to the con and make your travel arrangements.

35C3: Finding Bugs In Bluetooth

[Jiska Classen] and [Dennis Mantz] created a tool called Internal Blue that aims to be a Swiss-army knife for playing around with Bluetooth at a lower level. The ground for their tool is based in three functions that are common to all Broadcom Bluetooth chipsets: one that lets you read arbitrary memory, on that lets you run it, and one that lets you write it. Well, that was easy. The rest of their work was analyzing this code, and learning how to replace the firmware with their own version. That took them a few months of hard reversing work.

In the end, Internal Blue lets them execute commands at one layer deeper — the LMP layer — easily allowing monitoring and injection. In a series of live (and successful!) demos they probe around on a Nexus 6P from a modified Nexus 5 on their desk. This is where they started digging around in the Bluetooth stack of other devices with Broadcom chipsets, and that’s where they started finding bugs.

As is often the case, [Jiska] was just poking around and found an external code handler that didn’t do bounds checking. And that meant that she could run other functions in the firmware simply by passing the address handler offset. Since they’re essentially calling functions at any location in memory, finding which functions to call with which arguments is a process of trial and error, but the ramifications of this include at least a Bluetooth module crash and reset, but can also pull such tricks as putting the Bluetooth module into “Device Under Test” mode, which should only be accessible from the device itself. All of this is before pairing with the device — just walking by is sufficient to invoke functions through the buggy handler.

All the details of this exploit aren’t yet available, because Broadcom hasn’t fixed the firmware for probably millions of devices in the wild. And one of the reasons that they haven’t fixed it is that patching the bug will disclose where the flaw lies in all of the unpatched phones, and not all vendors can be counted on to push out updates at the same time. While they focused on the Nexus 5 cellphone, which is fairly old now, it’s applicable to any device with a similar Broadcom Bluetooth chipset.

Aside from the zero-day bug here, the big story is their Bluetooth analysis framework which will surely help other researchers learn more about Bluetooth, finding more glitches and hopefully helping make Bluetooth more openly scrutinized and more secure. Now anyone with a Raspberry Pi 3/3+ or a Nexus 5, is able to turn it into a low-level Bluetooth investigation tool.

You might know [Jiska] from her previous FitBit hack. If not, be sure to check it out.

Continue reading “35C3: Finding Bugs In Bluetooth”