Halloween is basically built for the hacker. Besides the obvious fabrication of absurd costumes, there’s also the chance to showcase your skills, be they mechanical, audio, or video. It’s also a great time to show off our coolest tricks to inspire the young proto-hackers. If you need inspiration, we’ve got 150 ideas.
My personal problem with Halloween, though, is that I always start at the last minute, and my ideas far outreach my time budget. Or because it’s all done in the last minute, a whole bunch of ideas that should “just work” in theory run into the immovable object that is practice. At least that’s what happened with last year’s spooky sound effects — my son and I spent so much time collecting and recording scary audio samples that I ran out of time while still getting the sensitivity on the motion detector set just right, and then the battery died halfway through the night.
But this year will be different, I swear! I’m going to get it done early and test it out, with the luxury of time to debug the inevitable spiders. And you can swear too. Get started now on your Halloween project. Or at least next weekend.
What’s your favorite Halloween Hack?
If you need any more encouragement to fire up your black and orange hacking machine, think of Hackaday.io’s Halloween Hackfest. It runs until Oct 28, and all you have to do to enter is document your Halloween project on IO and press the “Submit” button. The deadline is the 28th, which still gives you a couple of nights to debug whatever didn’t work before the real deal. Prizes are shopping sprees at Digi-Key, and Adafruit is doubling the gift certificate if you use any Adafruit parts in the build.
If you don’t give a pumpkin about stupid ol’ Halloween, that’s cool too. (Grinch!) The 2021 Hackaday Prize has entered the final wildcard round. If your project didn’t fit in any of the previous categories, I’m pretty sure it’ll fit just fine in the anything-goes phase. Go nuts. We’d love to see what you’re working on.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.
Want this type of article to hit your inbox every Friday morning? You should sign up!
If you thought CADing designs for 3D printing was hard enough, wait until you hear about this .stl trick.
[Angus] of Maker’s Muse recently demoed a method for creating hidden geometries in .stl files that are only revealed during the slicing process before a 3D print. (Video, embedded below.) The process involves creating geometries with a thickness smaller than the size of the 3D printer’s nozzle that still appear to be solid in a .stl editor, but will not be rendered by a FDM slicer.
Most 3D printers have 0.4 mm thickness nozzle, so creating geometries with a wall thinner than this value will result in the effect that you’re looking for. Some possible uses for this trick are to create easter eggs or even to mess with other 3D printing enthusiasts. Of course, [Angus] recommends not to use this “deception for criminal or malicious intent” and I’d have to agree.
There’s a few other tricks that he reveals as well, including a way to create a body that’s actually a thin shell but appears to be solid: great for making unprintable letters that reveal hidden messages.
Nevertheless, it’s a cool trick and maybe one of those “features not bugs” in the slicer software.
Mike Ossmann and Dominic Spill have been at the forefront of the recent wave of software-defined radio (SDR) hacking. Mike is the hardware guy, and his radio designs helped bring Bluetooth and ISM-band to the masses. Dominic is the software guy who makes sure that all this gear is actually usable. The HackRF SDR is still one of the best cheap choices if you need an SDR that can transmit and receive.
So what are these two doing on stage giving a talk about IR communication? Can you really turn traffic lights green by blinking lights? And can you spoof a TV remote with a cardboard cutout, a bicycle wheel, and a sparkler? What does IR have to do with pirates, and why are these two dressed up as buccaneers? Watch our video interview and find out, or watch the full talk for all of the juicy details.
[Emilio Ficara] [built himself an Internet-connected MQTT multimeter](http://ficara.altervista.org/) (translated from Italian by robots). Or maybe we should say that [Emilio Ficara] undertook a long string of cool hacks that ended up in a WiFi-enabled multimeter, because the destination isn’t nearly as interesting as the voyage.
The multimeter, a DT-4000ZC, has a serial output but instead of transferring the data directly, it sends which cells on the LCD screen need to be activated. For testing along the way, [Emilio] used his own USB-serial-to-ESP01 dongle, which sounds like a useful tool to have around if you’re debugging an AT command session. He made a cute AVR SPI-port debugging aid with a reset button and diagnostic LEDs that we’re going to copy right now. Other home-made tools, like a 3.7V Li-ion battery manager and a serial data snooper make this project worth a look.
On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.
But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.
Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.
We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.
And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)
Thereifixedit.com is a site filled with dubious innovations. Some of them are cool, some of them are clever, and most of them are terrifying. Anyone who has ever stood in front of a broken household appliance with a roll of duct tape, one screw driver with a bit chipped off the flat part, and determination will laugh themselves silly browsing through this site. Maybe some of the ghetto hacks we covered before should be in this list.
Less than a week after American Airlines introduced in-flight internet, hackers have already figured out how to use the system to make VoIP calls in a few easy steps with Phweet, a Twitter application. While the network blocks most VoIP services, Phweet can connect two people using a Flash app. Aircell, the company responsible for the system, is aware of the oversight, but it remains to be seen whether this little loophole will be fixed in a timely manner. Meanwhile, we encourage those of you who do fly on American Airlines to avoid making those phone calls; your neighbor would probably appreciate it.