Inkplate Comes Full Circle, Becomes True Open Reader

August 20, 2021 by Tom Nardi 15 Comments

Regular readers will likely remember the Inkplate, an open hardware electronic paper development board that combines an ESP32 with a recycled Kindle screen. With meticulous documentation and full-featured support libraries for both the Arduino IDE and MicroPython, the Inkplate makes it exceptionally easy for hackers and makers to write their own code for the high-quality epaper display.

Now, thanks to the efforts of [Guy Turcotte], the Inkplate family of devices can now boast a feature-rich and fully open source ereader firmware. The project started in October of last year, and since then, the codebase has been steadily updated and refined. Nearing its 1.3 release, EPub-InkPlate has most of the functions you’d expect from a modern ereader, and several that might take you by surprise.

For one thing, [Guy] has taken full advantage of the ESP32 microcontroller at the heart of the Inkplate and implemented a web server that lets you manage the reader’s library from your browser. This allows books in EPUB v2 and v3 formats to be uploaded and saved on the Inkplate’s SD card without any special software. There’s currently support for JPG, PNG, BMP, and GIF images, as well as embedded TTF and OTF fonts.

As of this writing EPub-InkPlate supports both the six and ten inch Inkplate variants, and uses the touch pads on the side of the screen for navigation. While it’s on the wishlist for the final 1.3 release, the project currently doesn’t support the Inkplate 6PLUS; which uses the backlit and touch compatible displays pulled from Kindle Paperwhites. With shipments the new 6PLUS model reportedly going out in November, hopefully it won’t be long before its enhanced features are supported.

With the rising popularity of ebooks, it’s more important than ever that we have open hardware and software readers that work on our terms. While they may never compete with the Kindle in terms of units sold, we’re eager to see projects like EPub-InkPlate and the Open Book from [Joey Castillo] mature to the point that they’re a valid option for mainstream users who don’t want to live under Amazon’s thumb.

Continue reading “Inkplate Comes Full Circle, Becomes True Open Reader” →

Tractors And The Right To Repair: It’s Going Global

June 8, 2021 by Jenny List 65 Comments

For more than a few years now, we’ve been covering the saga of tractors from the larger manufacturers on which all components are locked down by software to the extent that they can only be replaced by officially sanctioned dealers. We’re thus pleased to see a couple of moments when the story has broken out of the field of a few farmers and right-to-repair geeks and into the mainstream. First up: a segment on the subject from NPR is worth a listen, as the US public radio station interviews a Montana farmer hit by a $5k fuel sensor on his John Deere as a hook form which to examine the issue. Then there is a blog post from the National Farmers Union, the body representing UK farmers, in which they too lay out the situation and also highlight the data-grabbing aspects of these machines.

Continue reading “Tractors And The Right To Repair: It’s Going Global” →

Detergent DRM Defeated On Diminutive Dishwasher

April 16, 2021 by Dan Maloney 71 Comments

Has it really come to this? Are we really at the point that dishwashers have proprietary detergent cartridges that you’re locked into buying at inflated prices?

Apparently so, at least for some species of the common kitchen appliance. The particular unit in question goes by the friendly name of Bob, and is a compact, countertop unit that’s aimed at the very small kitchen market. [dekuNukem] picked one of these units up recently, and was appalled to learn that new detergent cartridges would cost an arm and a leg. So naturally, he hacked the detergent cartridges. A small PCB with an edge connector and a 256-byte EEPROM sprouts from each Bob cartridge; a little reverse engineering revealed the right bits to twiddle to reset the cartridge to its full 30-wash count, leading to a dongle to attach to the cartridge when it’s time for a reset and a refill.

With the electronics figured out, [dekuNukem] worked on the detergent refill. This seems like it was the more difficult part, aided though it was by some fairly detailed specs on the cartridge contents. A little math revealed the right concentrations to shoot for, and the ingredients in the OEM cartridges were easily — and cheaply — sourced from commercial dishwashing detergents. The cartridges can be refilled with a properly diluted solution using a syringe; the result is that each wash costs 1/75-th of what it would if he stuck with OEM cartridges.

For as much as we despise the “give away the printer, charge for the ink” model, Bob’s scheme somehow seems even worse. We’ve seen this technique used to lock people into everything from refrigerator water filters to cat litter, so we really like the way [dekuNukem] figured everything out here, and that he saw fit to share his solution.

PlayStation Unlocked With New Software Hack

March 15, 2021 by Tom Nardi 41 Comments

The original PlayStation might be pushing 30 years old now, but that doesn’t mean hackers have given up on chipping away at it. A new exploit released by [Marcos Del Sol Vives] allows users to run copied games on all but the earliest hardware revisions of this classic console, and all you need to trigger it is a copy of Tony Hawk’s Pro Skater 2.

Aptly named tonyhax, this exploit uses a classic buffer overflow found in the “Create Skater” mode in Tony Hawk 2, 3, and 4. When the game sees a custom character saved on the memory card it will automatically load the name field to show it on the screen, but it turns out the developers didn’t think to check the length of the name before loading it. Thanks to this oversight, a long and carefully crafted name can be used to load an executable payload into the console’s memory.

The name contains the memory address of the payload.

That payload could be anything, such as a homebrew game, but in this case [Marcos] went all in and developed a simple tool that unlocks the console’s optical drive so it will play games burned to CD-Rs. Once the tonyhax exploit has been loaded, you simply swap the authentic Tony Hawk disc for whatever burned title you want to play. So far every game tested has worked, even those that span across multiple discs.

[Marcos] is providing not only the save files ready to load on your PlayStation memory card (either through a PC tool, or with the help of a hacked PS2), as well as the complete source code for tonyhax. This opens the door to the exploit being used to load other tools, emulators, and indie games, but as the PlayStation homebrew scene is relatively limited when compared to newer consoles, the demand might be limited.

Compared to the traditional physical modifications used to play copied games on the PlayStation, this new software approach is far more accessible. Expect to see memory cards with this exploit preinstalled hit your favorite import site in the very near future.

Continue reading “PlayStation Unlocked With New Software Hack” →

How To Run Alternative Batteries On The DJI Mavic Mini

January 25, 2021 by Lewin Day 39 Comments

Rechargeable batteries are ubiquitous these days, freeing us from the expense and hassle of using disposable cells. However, this has come with the caveat that many manufacturers demand their equipment only be used with their own official batteries. [aeropic] wasn’t a fan of this, so built a circuit to allow his DJI Mavic Mini to fly with any batteries he pleased.

The Mavic Mini uses I2C to communicate with official packs, making the hack relatively straightforward. [aeropic] built a board nicknamed B0B, which tells the drone what it wants to hear and lets it boot up with unofficial batteries installed. The circuit uses a PIC12F1840 to speak to the drone, including reporting voltage on the cells installed. Notably, it only monitors the whole pack, before dividing the voltage to represent the value of individual cells, but it shouldn’t be a major problem in typical use. Combined with a few 3D printed components to hold everything together, it allows you to build your own cheap pack for the Mavic Mini with little more than a PCB and a few 18650 cells.

It’s always good to see hackers getting out and doing the bread and butter work to get around restrictive factory DRM measures, whether its on music, printer cartridges, or drone batteries. We’ve even seen the scourge appear on litter boxes, too. Video after the break.

Continue reading “How To Run Alternative Batteries On The DJI Mavic Mini” →

Youtube-dl Makes Their Case, Returns To GitHub

November 16, 2020 by Tom Nardi 47 Comments

Last month, the GitHub repository for the popular program youtube-dl was taken down in response to a DMCA takedown notice filed by the Recording Industry Association of America (RIAA). The crux of the RIAA complaint was that the tool could be used to download local copies of music streamed from various platforms, a claim they said was supported by the fact that several copyrighted music files were listed as unit tests in the repository.

While many believed this to be an egregious misrepresentation of what the powerful Python program was really used for, the RIAA’s argument was not completely without merit. As such, GitHub was forced to comply with the DMCA takedown until the situation could be clarified. Today we’re happy to report that has happened, and the youtube-dl repository has officially been reinstated.

Represented by the Electronic Frontier Foundation, the current maintainers of youtube-dl made their case to GitHub’s DMCA agent in a letter this afternoon which explained how the tool worked and directly addressed the issue of copyrighted videos being used as test cases in the source code. They maintain that their program does not circumvent any DRM, and that the exchange between the client and server is the same as it would be if the user had viewed the resource with a web browser. Further, they believe that downloading a few seconds worth of copyrighted material for the purpose of testing the software’s functionality is covered under fair use. Even still, they’ve decided to remove all references to the songs in question to avoid any hint at impropriety.

Having worked closely with the youtube-dl developers during this period, GitHub released their own statement to coincide with the EFF letter. They explained that the nature of the RIAA’s original complaint forced their hand, but that they never believed taking down the repository was the right decision. Specifically, they point out the myriad of legitimate reasons that users might want to maintain local copies of streamed media. While GitHub says they are glad that this situation was resolved quickly, they’ll be making several changes to their internal review process to help prevent further frivolous takedowns. Specifically the company says they will work with technical and legal experts to review the source code in question before escalating any further, and that if there’s any ambiguity as to the validity of the claim, they’ll side with the developers.

The Internet was quick to defend youtube-dl after the takedown, and we’re happy to see that GitHub made good on their promises to work with the developers to quickly get the repository back online. While the nature of open source code meant that the community was never in any real danger of losing this important tool, it’s in everyone’s best interest that development of the project can continue in the open.

Hackaday Links: July 12, 2020

July 12, 2020 by Dan Maloney 30 Comments

Based in the US as Hackaday is, it’s easy to overload the news with stories from home. That’s particularly true with dark tales of the expanding surveillance state, which seem to just get worse here on a daily basis. So we’re not exactly sure how we feel to share not one but two international stories of a dystopian bent; one the one hand, pleased that it’s not us for a change, but on the other, sad to see the trend toward less freedom and more monitoring spreading.

The first story comes from Mexico, where apparently everything our community does will soon be illegal. We couch that statement because the analysis is based on Google translations of reports from Mexico, possibly masking the linguistic nuances that undergird legislative prose. So we did some digging and it indeed appears that the Mexican Senate approved a package of reforms to existing federal copyright laws that will make it illegal to do things like installing a non-OEM operating system on a PC, or to use non-branded ink cartridges in a printer. Reverse engineering ROMs will be right out too, making any meaningful security research illegal. There appear to be exceptions to the law, but those are mostly to the benefit of the Mexican government for “national security purposes.” It’ll be a sad day indeed for Mexican hackers if this law is passed.

The other story comes from Germany, where a proposed law would grant sweeping surveillance powers to 19 state intelligence bodies. The law would require ISPs to install hardware in their data centers that would allow law enforcement to receive data and potentially modify it before sending it on to where it was supposed to go. So German Internet users can look forward to state-sponsored man-in-the-middle attacks and trojan injections if this thing passes.

OK, time for a palate cleanser: take an hour to watch a time-lapse of the last decade of activity of our star. NASA put the film together from data sent back by the Solar Dynamics Observatory, a satellite that has been keeping an eye on the Sun from geosynchronous orbit since 2010. Each frame of the film is one hour of solar activity, which may sound like it would be boring to watch, but it’s actually quite interesting and very relaxing. There are exciting moments, too, like enormous solar eruptions and the beautiful but somehow terrifying lunar transits. More terrifying still is a massive coronal mass ejection (CME) captured in June 2011. A more subtle but fascinating phenomenon is the gradual decrease in the number of sunspots over the decade as the Sun goes through its normal eleven-year cycle.

You’ll recall that as a public service to our more gear-headed readers that we recently covered the recall of automotive jack stands sold at Harbor Freight, purveyor of discount tools in the USA. Parts for the jack stands in question had been cast with a degraded mold, making the pawls liable to kick out under load and drop the vehicle, with potentially catastrophic results for anyone working beneath. To their credit, Harbor Freight responded immediately and replaced tons of stands with a new version. But now, Harbor Freight is forced to recall the replacement stands as well, due to a welding error. It’s an embarrassment, to be sure, but to make it as right as possible, Harbor Freight is now accepting any of their brand jack stands for refund or store credit.

And finally, if you thought that the experience of buying a new car couldn’t be any more miserable, wait till you have to pay to use the windshield wipers. Exaggeration? Perhaps only slightly, now that BMW “is planning to move some features of its new cars to a subscription model.” Plans like that are common enough as cars get increasingly complex infotainment systems, or with vehicles like Teslas which can be upgraded remotely. But BMW is actually planning on making options such as heated seats and adaptive cruise control available only by subscription — try it out for a month and if you like it, pay to keep them on for a year. It would aggravate us to no end knowing that the hardware supporting these features had already been installed and were just being held ransom by software. Sounds like a perfect job for a hacker — just not one in Mexico.