In the world of computer security, the good news is that a lot of vendors are finally taking security seriously now, with the result that direct attacks are harder to pull off. The bad news is that in a lot of cases, they’re still leaving the side-door wide open. Side-channel attacks come in all sorts of flavors, but they all have something in common: they leak information about the state of a system through an unexpected vector. From monitoring the sounds that the keyboard makes as you type to watching the minute vibrations of a potato chip bag in response to a nearby conversation, side-channel attacks take advantage of these leaks to exfiltrate information.
Side-channel exploits can be the bread and butter of black hat hackers, but understanding them can be useful to those of us who are more interested in protecting systems, or perhaps to inform our reverse engineering efforts. Samy Kamkar knows quite a bit more than a thing or two about side-channel attacks, so much so that he gave a great talk at the 2019 Hackaday Superconference on just that topic. He’ll be dropping by the Hack Chat to “extend and enhance” that talk, and to answer your questions about side-channel exploits, and discuss the reverse engineering potential they offer. Join us and learn more about this fascinating world, where the complexity of systems leads to unintended consequences that could come back to bite you, or perhaps even help you.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
A solenoid engine is a curiosity of the electrical world. By all measures, using electricity to rotate something can be done almost any other way with greater efficiency and less hassle. But there’s just something riveting about watching a solenoid engine work. If you want to build one of your own and see for yourself, [Emiel] aka [The Practical Engineer] has a great how-to.
For this build though he used a few tools that some of us may not have on hand, such as a lathe and a drill press. The lathe was used to make the plastic spool to hold the wire, and also to help wind the wire onto the spool itself rather than doing it by hand. He also milled the wood mounts and metal bearings as well, and the quality of the work really shows through in the final product. The final touch is the transistor which controls power flow to the engine.
If you don’t have all of the machine tools [Emiel] used it’s not impossible to find substitute parts if you want to build your own. It’s an impressive display piece, or possibly even functional if you want your build to have a certain steampunk aesthetic (without the steam). You can even add more pistons to your build if you need extra power.
To come to that conclusion, which runs counter to the combined wisdom of several recent YouTube videos, [Andrew McNeil] ran a pretty neat little experiment. [Andrew] has a not inconsiderable amount of expertise in this area, as an RF engineer and prolific maker of many homebrew WiFi antennas, some of which we’ve featured on these pages before. His experiment centered on cress seeds sprouting in compost. Two identical containers were prepared, with one bathed from above in RF energy from three separate 2.4 GHz transmitters. Each transmitter was coupled to an amplifier and a PCB bi-quad antenna to radiate about 300 mW in slightly different parts of the WiFi spectrum. Both setups were placed in separate rooms in east-facing windows, and each was swapped between rooms every other day, to average out microenvironmental effects.
After only a few days, the cress sprouted in both pots and continued to grow. There was no apparent inhibition of the RF-blasted sprouts – in fact, they appeared a bit lusher than the pristine pot. [Andrew] points out that it’s not real science until it’s quantified, so his next step is to repeat the experiment and take careful biomass measurements. He’s also planning to ramp up the power on the next round as well.
Occasionally we come across a piece of information which reminds us that, while flying cars are still nowhere to be found, we’re definitely living in the future. Usually it’s about some new application of artificial intelligence, or maybe another success in the rapidly developing field of private spaceflight. But sometimes it’s when you look at a website and say to yourself: “Oh cool, they have 1.5kW electromagnetic accelerators in stock.”
Arcflash Labs, a partnership between [David Wirth] and [Jason Murray], have put their EMG-01A Gauss gun up for sale for anyone who’s brave enough and willing to put down $1,000 USD on what’s essentially a high-tech BB gun. The creators claim it obtains an efficiency of 6.5% out of its RC-style 6S LiPo battery pack, which allows it to fire over 100 rounds before needing to be recharged. Firing 4.6g steel projectiles at a rather leisurely 45 m/s, this futuristic weapon would be more of a match for tin cans than invading alien forces, but at least you’ll be blasting those cans from a position of supreme technical superiority.
The EMG-01A builds on the work of the team’s previous experiments, such as the semi-automatic railgun we covered last year. They’ve made the device much smaller and lighter than their previous guns, as well as worked on making them safer and more reliable. That said, the page for the EMG-01A has a number of warnings and caveats that you won’t see on the back of a Red Ryder BB gun box; it’s certainly not a toy, and anyone who takes ownership of one needs to be respectful of the responsibility they’re taking on.
Speaking of which, who can actually buy one of these things? The Arcflash Labs site makes it clear they will only ship to the United States, and further gives a list of states and cities were they can’t send a completed gun. Essentially they are following the same laws and guidelines used for shipping air guns within the US, as they believe that’s a fair classification for their electromagnetic guns. Whether or not the ATF feels the same way is unclear, and it should be interesting to see what kind of legal response there may be if Arcflash Labs starts moving enough units.
Physics gives us the basic tools needed to understand the universe, but turning theory into something useful is how engineers make their living. Pushing on that boundary is the subject of this week’s Fail of the Week, wherein we follow the travails of making a working magnetic flowmeter (YouTube, embedded below).
Theory suggests that measuring fluid flow should be simple. After all, sticking a magnetic paddle wheel into a fluid stream and counting pulses with a reed switch or Hall sensor is pretty straightforward, right? In this case, though, [Grady] of Practical Engineering starts out with a much more complicated flow measurement modality – electromagnetic detection. He does a great job of explaining Faraday’s Law of Induction and how a fluid can be the conductor that moves through a magnetic field and has a measurable current induced in it. The current should be proportional to the velocity of the fluid, so it should be a snap to whip up a homebrew magnetic flowmeter, right? Nope – despite valiant effort, [Grady] was never able to get a usable signal out of the noise in his system.
The theory is sound, his test rig looks workable, and he’s got some pretty decent instrumentation. So where did [Grady] go wrong? Could he clean up the signal with a better instrumentation amp? What would happen if he changed the process fluid to something more conductive, like salt water? By his own admission, electrical engineering is not his strong suit – he’s a civil engineer by trade. Think you can clean up that signal? Let us know in the comments section.
The modern office has become a sea of LCD monitors. It’s hard to believe that only a few years ago we were sitting behind Cathode Ray Tubes (CRTs). People have already forgotten the heat, the dust, and the lovely high frequency squeal from their flyback transformers.
There was one feature of those old monitors which seems to be poorly understood. The lowly degauss button. On some monitors it was a physical button. On others, it was a magnet icon on the On Screen Display (OSD). Pressing it rewarded the user with around 5 seconds of a wavy display accompanied by a loud hum.
But what exactly did this button do? It seems that many never knew the purpose of that silly little button, beyond the light-and-sound show. The truth is that degaussing is rather important. Not only to CRTs, but in many other electronic and industrial applications.
Of Shadow Masks and Aperture Grilles
A CRT has quite a few components. There are three electron guns as well as steering and convergence coils at the rear (yoke) of the tube. The front of the tube has a phosphor-coated glass plate which forms the screen. Just behind that glass is a metal grid called the shadow mask. If you had enough money for a Sony screen, the shadow mask was replaced by the famous Trinitron aperture grille, a fine mesh of wires which performed a similar function. The shadow mask or aperture grille’s job is to ensure that the right beams of electrons hit the red, green, or blue phosphor coatings on the front of the screen.
This all required a very precise alignment. Any stray magnetic fields imprinted on the mask would cause the electron beams to bend as they flew through the tube. Too strong a magnetic field, and your TV or monitor would start showing rainbows like something out of a 1960’s acid trip movie. Even the Earth’s own magnetic field could become imprinted on the shadow mask. Simply turning a TV from North to East could cause problems. The official term for it was “Color Purity”.
These issues were well known from the early days of color TV sets. To combat this, manufacturers added a degaussing coil to their sets. A coil of wire wrapped around the front of the tube, just behind the bezel of the set. When the set was powered on, the coil would be fed with mains voltage. This is the well-known ‘fwoomp and buzz’ those old TV sets and monitors would make when you first turned them on. The 50 Hz or 60 Hz AC would create a strong moving magnetic field. This field would effectively erase the imprinted magnetic fields on the shadow mask or aperture grille.
Running high current through the thin degaussing coil would quickly lead to a fire. Sets avoided this by using a Positive Temperature Coefficient (PTC) thermistor in-line with the coil. The current itself (or a small heating coil) would heat up the PTC, causing resistance to increase, and current through the coil to drop. After about 5 seconds, the coil was completely shut down, and the screen was (hopefully) degaussed.
As time went on monitors became embedded systems. The PTC devices were replaced by transistors controlled by the monitor’s main microcontroller. Monitor manufacturers knew that their sets were higher resolution than the average TV set, and thus even more sensitive to magnetic fields. Users are also more likely to move a monitor while using it. This lead the manufacturers to add a degauss button to the front of their sets. A push of the button would energize the coil for a few seconds under software control. Some monitors would also limit the number of times a user could push the button, ensuring the coil didn’t get too hot.
Holding a magnet near the front of a black and white (or a monochrome ‘green screen’) CRT created visible distortion, but no lasting damage. Mid-century hackers who tried the same trick with their first color TV quickly learned that the rainbow effect stayed long after the magnet was moved away. In extreme cases like these, the internal degaussing coil wouldn’t be strong enough to clear the shadow mask.
When all else failed, a handheld degaussing coil or wand could be used. Literally waving the magic wand in front of the screen would usually clear things up. It was of course possible to permanently damage the shadow mask. Back in 2007, I was working for a radar company which had been slow to switch to LCD monitors. Being a radar shop, we had a few strong magnetron magnets lying around. One of these magnets was passed around among the engineers. Leaving the magnet under your monitor overnight would guarantee rainbows in the morning, and a shiny new LCD within a few days.
CRTs aren’t the only devices which use degaussing coils. The term was originally coined in 1945 by Charles F. Goodeve of the Royal Canadian Naval Volunteer Reserve (RCNVR). German mines were capable of detecting the magnetic fields in a naval ship’s steel hull. Coils were used to mask this field. The Queen Mary is one of the more famous ships fitted with a degaussing coil to avoid the deadly mines.
Even mechanical wristwatches can benefit from a bit of degaussing. A watch which has been magnetized will typically run fast. Typically this is due to the steel balance spring becoming a weak magnet. The coils of the spring stick together as the balance wheel winds and unwinds each second. A degaussing coil (or in this case, more properly a demagnetizer) can quickly eliminate the problem.
A story on degaussing wouldn’t be complete without mentioning magnetic media. Handheld or tabletop degaussing coils can be used to bulk erase floppy disks, magnetic tape, even hard disks. One has to wonder if the degaussing coils in monitors were responsible for floppy disks becoming corrupted back in the old days.
So there you have it. The magic degaussing button demystified!
Only those who have completely insulated themselves from modern pop culture will miss the meaning of a Mjolnir build. It is, of course, the mythical hammer wielded by Thor, and only Thor. It’s a question of being worthy; a question solved perfectly by this electromagnetic Mjolnir build.
Using an electromagnet is smart, right? Just plunk the thing down on something metal (that is itself super-heavy or well-anchored) and nobody will be able to pick it up. It starts to get more interesting when you add a fingerprint reader, allowing only Mjolnir’s Master to retrieve it from atop a manhole cover.
But for us the real genius in the build is that the hammer isn’t burning power from the four 12V batteries most of the time. All of the people in the video below could have picked up the hammer had they first nudged it off the metal plate with their foot. The build uses a capacitive touch-sensor to enable and disable the microwave over transformer used as the electromagnet. An engineering trick like this really separates the gods from the posers.
We hate to admit it, but this is probably a cooler build than the Telsa-Coil powered Mjolin that [Caleb] built a few years back. Still, his held up as the best for many years, and if you’re going to be displaced this really is a build worthy of the new title: coolest Mjolnir hack.