Hammer Seeks Nail

August 15, 2020 by Elliot Williams 22 Comments

People sometimes say “when you have a hammer, everything looks like a nail” as if that were a bad thing. Hitting up Wikipedia, they’re calling it the Law of the Instrument or Maslow’s Hammer and calling it a cognitive bias. But I like hammers…

I’m working on a new tool, a four-axis hot-wire foam cutter based roughly on this design, but built out of stuff in my basement so far. I want it primarily to turn out wings for RC airplanes so that I can play around with airfoils and construction methods and so on. But halfway through building this new “hammer”, I’m already getting funny ideas of other projects that could be built with it. Classic nail-seeking behavior.

And some of these thoughts are making me reconsider the design of my hammer. I originally wanted to build it low, because it’s not likely that I’ll ever want to cut wing sections taller than 50 mm or so. But as soon as cutting out giant letters to decorate my son’s room, or maybe parts for a boat hull enter my mind, that means a significantly taller cutter, with ensuing complications.

So here I am suffering simultaneously from Maslow’s Hammer and scope creep, but I’m not sad about either of these “ills”. Playing with a couple manual prototypes for the CNC hot-wire cutter has expanded my design vocabulary; I’ve thought of a couple cool projects that I simply wouldn’t have had the mental map for before. Having tools expands the possible ways you can build, cognitive bias or not.

One person’s scope creep is another’s “fully realizing the potential of a project”. I’m pretty sure that I’ll build a version two of this machine anyway, so maybe it’s not a big deal if the first draft were height-limited, but the process of thinking through the height problem has actually lead me to a better design even for the short cutter. (Tension provided by an external bow instead of born by the vertical CNC towers. I’ll write the project up when I’m done. But that’s not the point.)

Maybe instead of lamenting Maslow’s cognitive bias, we should be celebrating the other side of the same coin: that nails are tremendously useful, and that the simple fact of having a hammer can lead you to fully appreciate them, and in turn expand what you’re capable of. As for scope creep? As long as I get the project done over my vacation next week, all’s well, right?

Hackaday Links: July 26, 2020

July 26, 2020 by Dan Maloney 12 Comments

An Australian teen is in hot water after he allegedly exposed sensitive medical information concerning COVID-19 patients being treated in a local hospital. While the authorities in Western Australia were quick to paint the unidentified teen as a malicious, balaclava-wearing hacker spending his idle days cracking into secure systems, a narrative local media were all too willing to parrot, reading down past the breathless headlines reveals the truth: the teen set up an SDR to receive unencrypted POCSAG pager data from a hospital, and built a web page to display it all in real-time. We’ve covered the use of unsecured pager networks in the medical profession before; this is a well-known problem that should not exactly take any infosec pros by surprise. Apparently authorities just hoped that nobody would spend $20 on an SDR and an afternoon putting it all together rather than address the real problem, and when found out they shifted the blame onto the kid.

Speaking of RF hacking, even though the 2020 HOPE Conference is going virtual, they’ll still be holding the RF Hacking Village. It’s not clear from the schedule how exactly that will happen; perhaps like this year’s GNU Radio Conference CTF Challenge, they’ll be distributing audio files for participants to decode. If someone attends HOPE, which starts this weekend, we’d love to hear a report on how the RF Village — and the Lockpicking Village and all the other attractions — are organized. Here’s hoping it’s as cool as DEFCON Safe Mode’s cassette tape mystery.

It looks like the Raspberry Pi family is about to get a big performance boost, with Eben Upton’s announcement that the upcoming Pi Compute Module 4 will hopefully support NVMe storage. The non-volatile memory express spec will allow speedy access to storage and make the many hacks Pi users use to increase access speed unnecessary. While the Compute Modules are targeted at embedded system designers, Upton also hinted that NVMe support might make it into the mainstream Pi line with a future Pi 4A.

Campfires on the sun? It sounds strange, but that’s what solar scientists are calling the bright spots revealed on our star’s surface by the newly commissioned ESA/NASA Solar Orbiter satellite. The orbiter recently returned its first images of the sun, which are extreme closeups of the roiling surface. They didn’t expect the first images, which are normally used to calibrate instruments and make sure everything is working, to reveal something new, but the (relatively) tiny bright spots are thought to be smaller versions of the larger solar flares we observe from Earth. There are some fascinating images coming back from the orbiter, and they’re well worth checking out.

And finally, although it’s an old article and has nothing to do with hacking, we stumbled upon Tim Urban’s look at the mathematics of human relations and found it fascinating enough to share. The gist is that everyone on the planet is related, and most of us are a lot more inbred than we would like to think, thanks to the exponential growth of everyone’s tree of ancestors. For example, you have 128 great-great-great-great-great-grandparents, who were probably alive in the early 1800s. That pool doubles in size with every generation you go back, until we eventually — sometime in the 1600s — have a pool of ancestors that exceeds the population of the planet at the time. This means that somewhere along the way, someone in your family tree was hanging out with someone else from a very nearby branch of the same tree. That union, likely between first or second cousins, produced the line that led to you. This is called pedigree collapse and it results in the pool of ancestors being greatly trimmed thanks to sharing grandparents. So the next time someone tells you they’re descended from 16th-century royalty, you can just tell them, “Oh yeah? Me too!” Probably.

Hackaday Links: April 26, 2020

April 26, 2020 by Dan Maloney 15 Comments

Gosh, what a shame: it turns out that perhaps 2 billion phones won’t be capable of COVID-19 contact-tracing using the API that Google and Apple are jointly developing. The problem is that the scheme the two tech giants have concocted, which Elliot Williams expertly dissected recently, is based on Bluetooth LE. If a phone lacks a BLE chipset, then it won’t work with apps built on the contact-tracing API, which uses the limited range of BLE signals as a proxy for the physical proximity of any two people. If a user is reported to be COVID-19 positive, all the people whose BLE beacons were received by the infected user’s phone within a defined time period can be anonymously notified of their contact. As Elliot points out, numerous questions loom around this scheme, not least of which is privacy, but for now, something like a third of phones in mature smartphone markets won’t be able to participate, and perhaps two-thirds of the phones in developing markets are not compatible. For those who don’t like the privacy-threatening aspects of this scheme, pulling an old phone out and dusting it off might not be a bad idea.

We occasionally cover stories where engineers in industrial settings use an Arduino for a quick-and-dirty automation solution. This is uniformly met with much teeth-gnashing and hair-rending in the comments asserting that Arduinos are not appropriate for industrial use. Whether true or not, such comments miss the point that the Arduino solution is usually a stop-gap or proof-of-concept deal. But now the purists and pedants can relax, because Automation Direct is offering Arduino-compatible, industrial-grade programmable controllers. Their ProductivityOpen line is compatible with the Arduino IDE while having industrial certifications and hardening against harsh conditions, with a rich line of shields available to piece together complete automation controllers. For the home-gamer, an Arduino in an enclosure that can withstand harsh conditions and only cost $49 might fill a niche.

Speaking of Arduinos and Arduino accessories, better watch out if you’ve got any modules and you come under the scrutiny of an authoritarian regime, because you could be accused of being a bomb maker. Police in Hong Kong allegedly arrested a 20-year-old student and posted a picture of parts he used to manufacture a “remote detonated bomb”. The BOM for the bomb was strangely devoid of anything with wireless capabilities or, you know, actual explosives, and instead looks pretty much like the stuff found on any of our workbenches or junk bins. Pretty scary stuff.

If you’ve run through every binge-worthy series on Netflix and are looking for a bit of space-nerd entertainment, have we got one for you. Scott Manley has a new video that goes into detail on the four different computers used for each Apollo mission. We knew about the Apollo Guidance Computers that guided the Command Module and the Lunar Module, and the Launch Vehicle Digital Computer that got the whole stack into orbit and on the way to the Moon, but we’d never heard of the Abort Guidance System, a backup to the Lunar Module AGC intended to get the astronauts back into lunar orbit in the event of an emergency. And we’d also never heard that there wasn’t a common architecture for these machines, to the point where each had its own word length. The bit about infighting between MIT and IBM was entertaining too.

And finally, if you still find yourself with time on your hands, why not try your hand at pen-testing a military satellite in orbit? That’s the offer on the table to hackers from the US Air Force, proprietor of some of the tippy-toppest secret hardware in orbit. The Hack-A-Sat Space Security Challenge is aimed at exposing weaknesses that have been inadvertantly baked into space hardware during decades of closed development and secrecy, vulnerabilities that may pose risks to billions of dollars worth of irreplaceable assets. The qualification round requires teams to hack a grounded test satellite before moving on to attacking an orbiting platform during DEFCON in August, with prizes going to the winning teams. Get paid to hack government assets and not get arrested? Maybe 2020 isn’t so bad after all.

Live Hacking And A MIDI Keytar

March 2, 2019 by Brian Benchoff 7 Comments

We can’t think of where you’d buy a new, cheap, MIDI keytar that’s just a keyboard and a handle with some pitch and mod wheels or ribbon controllers. This is a format that died in the 90s or thereabouts. Yes, the Rock Band controller exists, but my point stands. In fact, the closest you can get to a cheap, simple MIDI keytar is the Alesis Vortex Wireless 2 Keytar, but the buttons on the handle don’t make any sense. [marcan] of Wii and Kinect hacking fame took note. (YouTube, embedded below.)

Reverse engineering is a research project, and all research projects begin with looking at the docs. When it comes to consumer electronics, the best resource is the documents a company is required to submit to the FCC (shout out to FCC.io), which gave [marcan] the user manual, and photos of the guts of the keytar. The ‘system update download’ files are living on the Alesis servers, and that’s really all you need to reverse engineer a keytar.

The first step is extracting the actual device firmware from whatever software package appears on the desktop when you download the software update. This is a simple job for 7zip, and after looking at a binary dump of the firmware, [marcan] discovered this was for an STM chip. With the datasheet of the chip, [marcan] got the entry point for the firmware, some values, and the real hardware hacking began. All of this was done with IDA.

This is a five-hour hacking session of cross-referencing the MIDI spec and a microcontroller built thirty years after this spec was developed. It’s an amazing bit of work just to find the bit of code than handled the buttons on the keytar grip, and it gets even better when the patched firmware is uploaded. If you want to ‘learn hacking’, as so many submitters on our tip line want to do, this is what you need to watch. Thanks [hmn] for the tip.

Continue reading “Live Hacking And A MIDI Keytar” →

All Things Enigma Hack Chat

February 25, 2019 by Dan Maloney 2 Comments

Join us Wednesday at noon Pacific time for the All Things Enigma Hack Chat!

This week’s Hack Chat is a bit of a departure for us because our host, Simon Jansen, has tackled so many interesting projects that it’s hard to settle on one topic. Simon is a multidisciplinary hacker whose interests run the gamut from building an ammo-can Apple ][ to a literal steampunk Rickroller. How about a Bender Brewer? Or a MAME in a TARDIS? Or perhaps making an old phone play music to restore a car by? Oh, and remember that awesome ASCII animation of Star Wars: Episode IV? That was Simon.

So, a little hard to choose a topic, but we asked Simon to talk a bit about his recent Enigma watches. He has managed to put an electronic emulation of the Enigma cypher machine from World War II into both a wristwatch and, more recently, a pocket watch. They’re both gorgeous builds that required a raft of skills to complete. We’ll start there and see where the conversation takes us!

Please join us for this Hack Chat, where we’ll discuss:

Where the fascination with Enigma came from;
Tools, techniques, and shop setup;
Melding multiple, disparate skill sets; and
What sorts of new projects might we see soon?

You are, of course, encouraged to add your own questions to the discussion. You can do that by leaving a comment on the All Things Enigma Hack Chat and we’ll put that in the queue for the Hack Chat discussion.

Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, February 27, at noon, Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Portable Hacking Unit Combines Pi With WiFi Pineapple

October 25, 2018 by Richard Baguley 16 Comments

Sometimes you need to hack on the go. [Supertechguy] has put together an interesting system for hacking on the hoof called the Pineapple Pi. This combines a Raspberry Pi 3 with a seven-inch touchscreen and a Hak 5 WiFi Pineapple into a handy portable package that puts all of the latest WiFi and ethernet hacking tools to hand. The package also includes a 20,100 mAh battery, so you won’t even need a wall socket to do some testing. It’s a bit of a rough build — it is held together with velcro, for instance — but it’s a good place to start if you are looking to make a portable, standalone system for testing WiFi networks.

Continue reading “Portable Hacking Unit Combines Pi With WiFi Pineapple” →

Scotty Allen Visits Strange Parts, Builds An IPhone

March 27, 2018 by Elliot Williams 19 Comments

Scotty Allen has a YouTube blog called Strange Parts; maybe you’ve seen his super-popular video about building his own iPhone “from scratch”. It’s a great story, and it’s also a pretext for a slightly deeper dive into the electronics hardware manufacturing, assembly, and repair capital of the world: Shenzhen, China. After his talk at the 2017 Superconference, we got a chance to sit down with Scotty and ask about cellphones and his other travels. Check it out:

The Story of the Phone

Scotty was sitting around with friends, drinking in one of Shenzhen’s night markets, and talking about how bizarre some things seem to outsiders. There are people sitting on street corners, shucking cellphones like you’d shuck oysters, and harvesting the good parts inside. Electronics parts, new and used, don’t come from somewhere far away and there’s no mail-ordering. A ten-minute walk over to the markets will get you everything you need. The desire to explain some small part of this alternate reality to outsiders was what drove Scotty to dig into China’s cellphone ecosystem.

Continue reading “Scotty Allen Visits Strange Parts, Builds An IPhone” →