This SDR Uses A Tube

When you think of a software defined radio (SDR) setup, maybe you imagine an IC or two, maybe feeding a computer. You probably don’t think of a vacuum tube. [Mirko Pavleski] built a one-tube shortwave SDR using some instructions from [Burkhard Kainka] which are in German, but Google Translate is good enough if you want to duplicate his feat. You can see a video of [Mirko’s] creation, below.

The build was an experiment to see if a tube receiver could be stable enough to receive digital shortwave radio broadcasts. To avoid AC line hum, the radio is battery operated and while the original uses an EL95 tube, [Mirko] used an EF80.

Continue reading “This SDR Uses A Tube”

Tractor Drives Itself, Thanks to ESP32 and Open Source

[Coffeetrac]’s ESP32-based Autosteer controller board, complete with OLD OLED display for debugging and easy status reference.
Modern agricultural equipment has come a long way, embracing all kinds of smart features and electronic controls. While some manufacturers would prefer to be the sole gatekeepers of the access to these advanced features, that hasn’t stopped curious and enterprising folks from working on DIY solutions. One such example is this self-steering tractor demo by [Coffeetrac], which demonstrates having a computer plot and guide a tractor through an optimal coverage pattern.

A few different pieces needed to come together to make this all work. At the heart of it all is [Coffeetrac]’s ESP32-based Autosteer controller, which is the hardware that interfaces to the tractor and allows for steering and reading sensors electronically. AgOpenGPS is the software that reads GPS data, interfaces to the Autosteer controller, and tells equipment what to do; it can be thought of as a mission planner.

[Coffeetrac] put it all together with everything controlled by a tablet mounted in the tractor’s cab. The video is embedded below, complete with a “cockpit view” via webcam right alongside the plotted course and sensor data.

Continue reading “Tractor Drives Itself, Thanks to ESP32 and Open Source”

Rooting the Amazon Fire TV Cube with an Arduino

Amazon might not be happy about it, but at least part of the success of their Fire TV Stick was due to the large hacking and modification scene that cropped up around the Android-powered device. A quick search on YouTube for “Fire Stick Hack” will bring up a seemingly endless array of videos, some with millions of views, which will show viewers how to install unofficial software on the little media dongle. Now it looks like their latest media device, the Fire TV Cube, is starting to attract the same kind of attention.

The team at [Exploitee.rs] has recently taken the wraps off their research which shows the new Fire TV Cube can be rooted with nothing more than an Arduino and an HDMI cable you’re willing to cut apart. Of course, it’s a bit more complicated than just that, but between the video they’ve provided and their WiKi, it looks like all the information is out there for anyone who wants to crack open their own Cube. Just don’t be surprised if it puts you on the Amazon Naughty List.

The process starts by putting the device’s Amlogic S905Z into Device Firmware Upgrade (DFU) mode, which is done by sending the string “boot@USB” to the board over the HDMI port’s I2C interface. That’s where the HDMI cable comes in: you can cut into one and wire it right up to your Arduino and run the sketch [Exploitee.rs] has provided to send the appropriate command. Of course, if you want to get fancy, you could use an HDMI breakout board instead.

With the board in DFU mode in you gain read and write access to the device’s eMMC flash, but that doesn’t exactly get you in because there’s still secure boot to contend with. But as these things tend to go, the team was able to identify a second exploit which could be used in conjunction with DFU mode to trick the device into disabling signature verification. Now with the ability to run unsigned code on the Fire TV Cube, [Exploitee.rs] implemented fastboot to make it easier to flash their custom rooted firmware images to the hardware.

As with the Fire TV Stick before it, make sure you understand the risks involved when you switch off a device’s security features. They’re often there to protect the end user as much as the manufacturer.

Continue reading “Rooting the Amazon Fire TV Cube with an Arduino”

DMCA Review: Big Win for Right to Repair, Zero for Right to Tinker

This year’s Digital Millennium Copyright Act (DMCA) triennial review (PDF, legalese) contained some great news. Particularly, breaking encryption in a product in order to repair it has been deemed legal, and a previous exemption for reverse engineering 3D printer firmware to use the filament of your choice has been broadened. The infosec community got some clarification on penetration testing, and video game librarians and archivists came away with a big win on server software for online games.

Moreover, the process to renew a previous exemption has been streamlined — one used to be required to reapply from scratch every three years and now an exemption will stand unless circumstances have changed significantly. These changes, along with recent rulings by the Supreme Court are signs that some of the worst excesses of the DMCA’s anti-circumvention clause are being walked back, twenty years after being enacted. We have to applaud these developments.

However, the new right to repair clause seems to be restricted to restoring the device in question to its original specifications; if you’d like to hack a new feature into something that you own, you’re still out of luck. And while this review was generally favorable of opening up technology to enable fair use, they didn’t approve Bunnie Huang’s petition to allow decryption of the encryption method used over HDMI cables, so building your own HDMI devices that display encrypted streams is still out. And the changes to the 3D printer filament exemption is a reminder of the patchwork nature of this whole affair: it still only applies to 3D printer filament and not other devices that attempt to enforce the use of proprietary feedstock. Wait, what?

Finally, the Library of Congress only has authority to decide which acts of reverse engineering constitute defeating anti-circumvention measures. This review does not address the tools and information necessary to do so. “Manufacture and provision of — or trafficking in — products and services designed for the purposes of circumvention…” are covered elsewhere in the code. So while you are now allowed decrypt your John Deere software to fix your tractor, it’s not yet clear that designing and selling an ECU-unlocking tool, or even e-mailing someone the decryption key, is legal.

Could we hope for more? Sure! But making laws in a country as large as the US is a balancing act among many different interests, and the Library of Congress’s ruling is laudably clear about how they reached their decisions. The ruling itself is worth a read if you want to dive in, but be prepared to be overwhelmed in apparent minutiae. Or save yourself a little time and read on — we’ve got the highlights from a hacker’s perspective.

Continue reading “DMCA Review: Big Win for Right to Repair, Zero for Right to Tinker”

Doing Logic Analysis To Get Around The CatGenie’s DRM

The CatGenie is an amazing device to watch in action, basically a self-cleaning litter box for cats that even does away with the need to replace the litter. It’s comparable to what the indoor flush toilet is for humans compared to maintaining a composting toilet. However, there is a problem. It uses costly soap cartridges which have to be replaced because an RFID reader and a usage counter prevent you from simply refilling them yourself.

CatGenie and Arduino
CatGenie and Arduino

[David Hamp-Gonsalves] reverse engineered the electronics so that he didn’t have to pay for the cartridges anymore. This has been done before and one of those who did it created a product called the CartridgeGenius, but it’s made and sold as a parttime project and there were none in stock. The cartridges have an RFID tag and another solution which we’ve covered before is to replace the RFID reader board with an Arduino. That’s the solution [David] adopted. So why write this post if this isn’t new?

The RFID reader board communicates with the rest of the CatGenie using I2C and he needed to know what was being transmitted. To do that he learned how to use a cheap logic analyzer to read the signals on the I2C wires, which makes this an interesting story. You can see the logic analyser output on his blog and GitHub repository along with mention of a timing issue he ran into. From what he learned, he wrote up Arduino code which sends the same signals. He and his cat are now sitting pretty.

What he didn’t do is make a video. But the CatGenie really is amazing to watch in action as it goes through its rather complex 30-35 minute process so we found a video of it doing its thing, shown at 3.5x speed, and included that below.  If you’re into that sort of thing.

Continue reading “Doing Logic Analysis To Get Around The CatGenie’s DRM”

Rolling Old School with Copy Protection from the 1980s

Oh, for the old days when sailing the seas of piracy was as simple as hooking a couple of VCRs together with a dubbing cable. Sure, the video quality degraded with each generation, but it was so bad to start out with that not paying $25 for a copy of “Ghostbusters” was a value proposition. But then came The Man with all his “rules” and “laws” about not stealing, and suddenly tapes weren’t so easy to copy.

If you’ve ever wondered how copy protection worked in pre-digital media, wonder no more. [Technology Connections] has done a nice primer on one of the main copy protection scheme from the VHS days. It was dubbed “Analog Protection System” or “Analog Copy Protection” by Macrovision, the company that developed it. Ironically, Macrovision the company later morphed into the TiVo Corporation.

The idea for Macrovision copy protection was to leverage the difference between what a TV would accept as a valid analog signal and what the VCR could handle. It used the vertical blanking interval (VBI) in the analog signal, the time during which the electron beam returns to the top of the frame. Normally the VBI has signals that the VCR uses to set its recording levels, but Macrovision figured out that sending extra signals in the VBI fooled the VCR’s automatic gain controls into varying the brightness of the recorded scenes. They also messed with the vertical synchronization, and the effect was to make dubbed tapes unwatchable, even by 1985 standards.

Copy protection was pretty effective, and pretty clever given the constraints. With Digital Rights Management, it’s easier to put limits on almost anything — coffee makers, arcade games, and even kitty litter all sport copy protection these days. It almost makes us nostalgic for the 80s.

Continue reading “Rolling Old School with Copy Protection from the 1980s”

Copyright Exception May Overrule Ability To Jailbreak 3D Printers

At the end of October, the US Patent and Trademark Office renewed a rule allowing anyone to ‘jailbreak’ a 3D printer to use unapproved filament. For those of you following along from countries that haven’t sent a man to the moon, a printer that requires proprietary filament is DRM, and exceptions to the legal enforceability DRM exist, provided these exceptions do not violate US copyright law. This rule allowing for the jailbreaking of 3D printers contains an exception so broad it may overturn the rule.

A few months ago, the US Copyright Office renewed a rule stating that using unapproved filament in a 3D printer does not violate US Copyright law. The language of this rule includes the wording:

‘The exemption shall not extend to any computer program on a 3D printer that produces goods or materials for use in commerce the physical production of which is subject to legal or regulatory oversight…” 

This exception is extraordinarily broad; any 3D printers can produce aircraft parts (subject to FAA approval) and medical devices (subject to FDA approval). In effect, if a 3D printer has the ability to produce objects subject to regulatory oversight, the exception allowing the use of filament not approved by the manufacturer does not apply. Additionally, it should be noted that any object produced on a 3D printer that is subject to regulatory oversight is already regulated — there’s no reason to drag the Copyright Office into the world of 3D printed ventilation masks or turbine blades.

[Michael Weinberg], ‘legal guy’ for Shapeways and President of the Open Source Hardware Association has filed a petition with the US Copyright Office, asking the Office to eliminate this exception to the existing rule surrounding DRM and 3D printers. You are encouraged to submit a comment in support of this petition by March 14th.