Hackaday Links: June 27, 2021

June 27, 2021 by Dan Maloney 24 Comments

When asked why he robbed banks, career criminal Willie Sutton is reported to have said, “Because that’s where the money is.” It turns out that a reporter made up the quote, but it’s a truism that offers by extension insight into why ATMs and point-of-sale terminals are such a fat target for criminals today. There’s something far more valuable to be taken from ATMs than cash, though — data, in the form of credit and debit card numbers. And taking a look at some of the hardware used by criminals to get this information reveals some pretty sophisticated engineering. We’d heard of ATM “skimmers” before, but never the related “shimmers” that are now popping up, at least according to this interesting article on Krebs.

While skimmers target the magnetic stripe on the back of a card, simmers are aimed at reading the data from card chips instead. Shimmers are usually built on flex PCBs and are inserted into the card slot, where traces on the device make contact with the chip reader contacts. The article describes a sophisticated version of shimmer that steals power from the ATM itself, rather than requiring a separate battery. The shimmer sits inside the card slot, completely invisible to external inspection (sorry, Tom), and performs what amounts to man-in-the-middle attacks. Card numbers are either stored on the flash and read after the device is retrieved, or are read over a Bluetooth connection; PINs are stolen with the traditional hidden camera method. While we certainly don’t condone criminal behavior, sometimes you just can’t help but admire the ingenuity thieves apply to their craft.

In a bit of foreshadowing into how weird 2020 was going to be, back in January of that year we mentioned reports of swarms of mysterious UAVs moving in formation at night across the midwest United States. We never heard much else about this — attention shifted to other matters shortly thereafter — but now there are reports out of Arizona of a “super-drone” that can outrun law enforcement helicopters. The incidents allegedly occurred early this year, when a Border Patrol helicopter pilot reported almost colliding with a large unmanned aerial system (UAS) over Tucson, and then engaged them in a 70-mile chase at speeds over 100 knots. The chase was joined by a Tucson police helicopter, with the UAS reaching altitudes of 14,000 feet at one point. The pilots didn’t manage to get a good look at it, describing it only as having a single green light on its underside. The range on the drone was notable; the helicopter pilots hoped to exhaust its batteries and force it to land or return to base, but they themselves ran out of fuel long before the drone quit. We have to admit that we find it a little fishy that there’s apparently no photographic evidence to back this up, especially since law enforcement helicopters are fairly bristling with sensors, camera, and spotlights.

When is a backup not a backup? Apparently, when it’s an iCloud backup. At least that’s the experience of one iCloud user, who uses a long Twitter thread to vent about the loss of many years of drawings, sketches, and assorted files. The user, Erin Sparling, admits their situation is an edge case — he had been using an iPad to make sketches for years, backing everything up to an iCloud account. When he erased the iPad to loan it to a family member for use during the pandemic, he thought he’s be able to restore the drawings from his backups, but alas, more than six months had passed before he purchased a new iPad. Apparently iCloud just up and deletes everythign if you haven’t used the account in six months — ouch! We imagine that important little detail was somehere in the EULA fine print, but while that’s not going to help Erin, it may help you.

And less the Apple pitchfork crowd think that this is something only Cupertino could think up, know that some Western Digital external hard drive users are crying into their beer too, after a mass wiping of an unknown number of drives. The problem impacts users of the WD My Book Live storage devices, which as basically network attached storage (NAS) devices with a cloud-based interface. The data on these external drives is stored locally, but the cloud interface lets you configure the device and access the data from anywhere. You and apparently some random “threat actors”, as WD is calling them, who seem to have gotten into some devices and performed a factory reset. While we feel for the affected users, it is worth noting that WD dropped support for these devices in 2015; six years without patching makes a mighty stable codebase for attackers to work on. WD is recommending that users disconnect these devices from the internet ASAP, and while that seems like solid advice, we can think of like half a dozen other things that need to get done to secure the files that have accumulated on these things.

And finally, because we feel like we need a little palate cleanser after all that, we present this 3D-printed goat helmet for your approval. For whatever reason, the wee goat pictured was born with a hole in its skull, and some helpful humans decided to help the critter out with TPU headgear. Yes, the first picture looks like the helmet was poorly Photoshopped onto the goat, but scroll through the pics and you’ll see it’s really there. The goat looks resplendent in its new chapeau, and seems to be getting along fine in life so far. Here’s hoping that the hole in its skull fills in, but if it doesn’t, at least they can quickly print a new one as it grows.

Ground Effect Drone Flies Autonomously

May 24, 2021 by Bryan Cockfield 14 Comments

There are a number of famous (yet fictional) sea monsters in the lakes and oceans around the world, but in the Caspian Sea one turned out to be real. This is where the first vehicles specifically built to take advantage of the ground effect were built by the Soviet Union, and one of the first was known as the Caspian Sea Monster due to the mystery surrounding its discovery. While these unique airplane/boat hybrids were eventually abandoned after several were built for military use, the style of aircraft still has some niche uses and can even be used as a platform for autonomous drones.

This build from [Think Flight] started off as a simple foam model of just such a ground effect vehicle (or “ekranoplan”) in his driveway. With a few test flights the model was refined enough to attach a small propeller and battery. The location of the propeller changed from rear-mounted to front-mounted and then back to rear-mounted for the final version, with each configuration having different advantages and disadvantages. The final model includes ~~an Arudino running~~ an autopilot program called Ardupilot, and with an air speed sensor installed the drone is able to maintain flight in the ground effect and autonomously navigate pre-programmed waypoints around a lake at high speed.

For a Cold War technology that’s been largely abandoned by militaries in favor of other modes of transportation due to its limited use case and extremely narrow flight tolerances, ground effect vehicles are relatively popular as remote controlled vehicles. This RC ekranoplan used the same Ardupilot software but paired with a LIDAR system instead of GPS to navigate its way around its environment.

Thanks to [TTN] for the tip!

Continue reading “Ground Effect Drone Flies Autonomously” →

LED Hack Teaches DJI Mini 2 Drone New Tricks

April 20, 2021 by Tom Nardi 18 Comments

Despite its diminutive proportions, the thrust to weight ratio of the DJI Mini 2 is high enough that it can carry a considerable amount of baggage. So it’s no surprise that there’s a cottage industry of remotely controlled payload releases that can be bolted onto the bottom of this popular quadcopter. But [tterev3] wanted something that would integrate better with DJI’s software instead of relying on a separate transmitter.

As explained in the video below, his solution was to tap into the signals that control the RGB LED on the front of the drone. Since the user can change the color of the LED at any time with the official DJI smartphone application, decoding this signal to determine which color had been selected is like adding several new channels to the transmitter. In this case [tterev3] just needed to decode a single color to use as a “drop” signal, but it’s not hard to imagine how this concept could be expanded to trigger several different actions with a few more lines of code.

[tterev3] wrote some software to decode the 48 bits of data being sent to the LED with a PIC18F26K40 microcontroller, which in turn uses an L9110H H-Bridge to control a tiny gear motor. To get feedback, he’s using a small magnet glued to the release arm and a Hall-effect sensor.

Concerned about how much power he could realistically pull from a connection that was intended for an LED, he gave the release its own battery that is slowly charged while the drone is running. You could argue that since the motor only needs to fire up once to drop the payload, [tterev3] probably could have gotten away with not recharging it at all during the flight. But as with the ability to decode additional color signals, the techniques being demonstrated here hold a lot of promise for future development.

Folks have been strapping additional hardware to commercial quadcopters for years, but modifications like this one that actually let the craft release its payload and fly away hold particular promise for environmental monitoring and building mesh communication networks.

Continue reading “LED Hack Teaches DJI Mini 2 Drone New Tricks” →

Hackaday Links: April 11, 2021

April 11, 2021 by Dan Maloney 30 Comments

Bad news, Martian helicopter fans: Ingenuity, the autonomous helicopter that Perseverance birthed onto the Martian surface a few days ago, will not be taking the first powered, controlled flight on another planet today as planned. We’re working on a full story so we’ll leave the gory details for that, but the short version is that while the helicopter was undergoing a full-speed rotor test, a watchdog timer monitoring the transition between pre-flight and flight modes in the controller tripped. The Ingenuity operations team is going over the full telemetry and will reschedule the rotor test; as a result, the first flight will occur no earlier than Wednesday, April 14. We’ll be sure to keep you posted.

Anyone who has ever been near a refinery or even a sewage treatment plant will have no doubt spotted flares of waste gas being burned off. It can be pretty spectacular, like an Olympic torch, but it also always struck us as spectacularly wasteful. Aside from the emissions, it always seemed like you could at least try to harness some of the energy in the waste gasses. But apparently the numbers just never work out in favor of tapping this source of energy, or at least that was the case until the proper buzzword concentration in the effluent was reached. With the soaring value of Bitcoin, and the fact that the network now consumes something like 80-TWh a year, building portable mining rigs into shipping containers that can be plugged into gas flaring stacks at refineries is now being looked at seriously. While we like the idea of not wasting a resource, we have our doubts about this; if it’s not profitable to tap into the waste gas stream to produce electricity now, what does tapping it to directly mine Bitcoin really add to the equation?

What would you do if you discovered that your new clothes dryer was responsible for a gigabyte or more of traffic on your internet connection every day? We suppose in this IoT world, such things are to be expected, but a gig a day seems overly chatty for a dryer. The user who reported this over on the r/smarthome subreddit blocked the dryer at the router, which was probably about the only realistic option short of taking a Dremel to the WiFi section of the dryer’s control board. The owner is in contact with manufacturer LG to see if this perhaps represents an error condition; we’d actually love to see a Wireshark dump of the data to see what the garrulous appliance is on about.

As often happens in our wanderings of the interwebz to find the very freshest of hacks for you, we fell down yet another rabbit hole that we thought we’d share. It’s not exactly a secret that there’s a large number of “Star Trek” fans in this community, and that for some of us, the way the various manifestations of the series brought the science and technology of space travel to life kick-started our hardware hacking lives. So when we found this article about a company building replica Tricorders from the original series, we followed along with great interest. What we found fascinating was not so much the potential to buy an exact replica of the TOS Tricorder — although that’s pretty cool — but the deep dive into how they captured data from one of the few remaining screen-used props, as well as how the Tricorder came to be.

And finally, what do you do if you have 3,281 drones lying around? Obviously, you create a light show to advertise the launch of a luxury car brand in China. At least that’s what Genesis, the luxury brand of carmaker Hyundai, did last week. The display, which looks like it consisted mostly of the brand’s logo whizzing about over a cityscape, is pretty impressive, and apparently set the world record for such things, beating out the previous attempt of 3,051 UAVs. Of course, all the coverage we can find on these displays concentrates on the eye-candy and the blaring horns of the soundtrack and gives short shrift to the technical aspects, which would really be interesting to dive into. How are these drones networked? How do they deal with latency? Are they just creating a volumetric display with the drones and turning lights on and off, or are they actually moving drones around to animate the displays? If anyone knows how these things work, we’d love to learn more, and perhaps even do a feature article.

Learn Multirotors From First Principles

April 11, 2021 by Jenny List 5 Comments

Multirotors, or drones as they’re popularly called, are so ubiquitous as to have become a $10 toy. They’re no less fun to fly for it though, and learning how they work is no less fascinating. It’s something [Science Buddies] has addressed in a series of videos examining them from first principles. They may be aimed at youngsters, but they’re still an entertaining enough watch for those of advancing years.

Instead of starting with a multirotor control board, the video takes four little DC motors and two popsicle sticks to make a rudimentary drone frame. Then with the help of dowels and springs it tethers the craft as the control mechanisms are explained bit by bit, from simple on-off motor control through proportional control to adding an Arduino and following through to how a multirotor stays in flight. It’s instructional and fun to watch, and maybe even for some of us, a chance to learn something.

We’ve had multirotor projects aplenty here over the years, but how about something completely different made from popsicle sticks?

Continue reading “Learn Multirotors From First Principles” →

Micro Quadcopter Designed In OpenSCAD

April 2, 2021 by Lewin Day 20 Comments

Quadcopters are fantastical things, and now come in a huge variety of flavours, from lithe featherweight racers to industrial-grade filming rigs worth tens of thousands of dollars. The Beatle-1 from [masterdezign] comes in at the smaller scale, and its body was created entirely in code.

To create the Beatle-1, [masterdezign] used OpenSCAD, a 3D modelling program that uses code rather than visual tools for producing geometry. Thus, with a series of Boolean operations, extrusions and rotations, a basic lightweight quadcopter frame is created in a handful of lines of text. Then, it’s just a simple job of 3D printing the parts, wiring up four Olimex F1607 motors and hooking up a flight controller and the little drone is ready for takeoff.

The Beatle-1 serves as not only a fun flying toy but also a great example of applying OpenSCAD modelling techniques to real-world applications. Parts are available on Thingiverse for those wishing to roll their own. 3D printed drone frames are popular, and we’ve seen a few around these parts before. Video after the break.

Continue reading “Micro Quadcopter Designed In OpenSCAD” →

Web Tool Cranks Up The Power On DJI’s FPV Drone

March 31, 2021 by Tom Nardi 22 Comments

Apparently, if the GPS on your shiny new DJI FPV Drone detects that it’s not in the United States, it will turn down its transmitter power so as not to run afoul of the more restrictive radio limits elsewhere around the globe. So while all the countries that have put boots on the Moon get to enjoy the full 1,412 mW of power the hardware is capable of, the drone’s software limits everyone else to a paltry 25 mW. As you can imagine, that leads to a considerable performance penalty in terms of range.

But not anymore. A web-based tool called B3YOND promises to reinstate the full power of your DJI FPV Drone no matter where you live by tricking it into believing it’s in the USA. Developed by the team at [D3VL], the unlocking tool uses the new Web Serial API to send the appropriate “FCC Mode” command to the drone’s FPV goggles over USB. Everything is automated, so this hack is available to anyone who’s running a recent version of Chrome or Edge and can click a button a few times.

There’s no source code available yet, though the page does mention they will be putting up a GitHub repository soon. In the meantime, [D3VL] have documented the command packet that needs to be sent to the drone over its MODBUS-like serial protocol for others who might want to roll their own solution. There’s currently an offline Windows-only tool up for download as well, and it sounds like stand-alone versions for Mac and Android are also in the works.

It should probably go without saying that if you need to use this tool, you’ll potentially be violating some laws. In many European countries, 25 mW is the maximum unlicensed transmitter power allowed for UAVs, so that’s certainly something to keep in mind before you flip the switch. Hackaday isn’t in the business of dispensing legal advice, but that said, we wouldn’t want to be caught transmitting at nearly 60 times the legal limit.

Even if you’re not interested in fiddling with drone radios, it’s interesting to see another practical application of the Web Serial API. From impromptu oscilloscopes to communicating with development boards and conference badges, clever developers are already finding ways to make hardware hacking easier with this new capability.

[Thanks to Jules for the tip.]