javascript

134 Articles

Hackers And China

October 9, 2021 by 26 Comments

The open source world and Chinese manufacturing have a long relationship. Some fifteen years ago, the big topic was how companies could open-source their hardware designs and not get driven bankrupt by competition from overseas. Companies like Sparkfun, Adafruit, Arduino, Maple Labs, Pololu, and many more demonstrated that this wasn’t impossible after all.

Maybe ten years ago, Chinese firms started picking up interesting hacker projects and producing them. This gave us hits like the AVR transistor tester and the NanoVNA. In the last few years, we’ve seen open-source hardware and software projects that have deliberately targeted Chinese manufacturers, and won. We do the design and coding, they do the manufacturing, sales, and distribution.

But this is something else: the Bangle.js watch takes an essentially mediocre Chinese smartwatch and reflashes the firmware, and sells them as open-source smartwatches to the general public. These pre-hacked watches are being sold on Kickstarter, and although the works stands on the shoulders of previous hacker’s reverse engineering work on the non-open watch hardware, it’s being sold by the prime mover behind the Espruino JavaScript-on-embedded language, which it runs on.

We have a cheap commodity smartwatch, being sold with frankly mediocre firmware, taken over by hackers, re-flashed, re-branded, and sold by the hackers on Kickstarter. As a result of it being (forcibly) opened, there’s a decently sized app store of contributed open-source applications that’ll run on the platform, making it significantly more useful and hacker friendly than it was before.

Will this boost sales? Will China notice the hackers’ work? Will this, and similar projects, end up in yet another new hacker/China relationship? We’re watching.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!
flow IO module options

Get Your Flex On With The FlowIO Platform

August 20, 2021 by 7 Comments

Hackaday Prize 2021 entry FlowIO Platform promises to be to pneumatics what Arduino is to Electronics. The modular platform comprises a common controller/valve block, a selection of differently sized pumps, and a few optional connectivity and sensing blocks. With Arduino software support as well as as Javascript and web-GUI, there’s a way to program this no matter what the level of experience the user has.

flowIO exploded view
flowIO exploded view from http://www.softrobotics.io/flowio

This last point is a critical one for the mission [Ali Shtarbanov] from the MIT Media Lab is setting out for this project. He reminds us that in decades gone by, there was a significant barrier to entry for anyone building electronics prototypes. Information about how to get started was also much harder to by before the internet really got into gear.

It’s a similar story for software, with tools like Scratch and Python lowering the barrier to entry and allowing more people to get their toes wet and build some confidence.

But despite some earlier work by projects like the Soft Robotics Toolkit and Programmable-Air, making a start on lowering the bar for pneumatics support for soft robotics, and related applications, the project author still finds areas for further improvement. FlowIO was designed from the ground-up to be wearable. It appears to be much smaller, more portable and supports more air ports and a greater array of sensing and connectivity than previous Open Source work to date.

Creative Commons Hardware

Whilst you can take all the plans (free account signup required) and build yourself a FlowIO rig of your very own, the project author offers another solution. Following on from the Wikipedia model of free sharing and distribution of information, FlowIO offers its hardware for free, for the common good. Supported by donations to the project, more hardware is produced and distributed to those who need it. The only ask is that redundant kits are passed on or returned to base for upgrade, rather than landfill.

Continue reading “Get Your Flex On With The FlowIO Platform”

Hiding Links In Plain Sight With Bookmark Knocking

August 10, 2021 by 21 Comments

Have you ever been looking for a screwdriver, USB stick, or your keys, only to find them right where you left them in plain sight? We have. As many prolific geocachers know, hiding things out in the open is a great way to make sure that people overlook them. 

[Jacob Strieb] has been researching various ways to password protect and hide browser bookmarks in plain sight. He calls his latest technique “Bookmark Knocking” and he’s made a demonstration available on his Github account.

Why hide bookmarks to begin with? A browser’s bookmark collection can give away the habits, interests, and needs of the person who put them there. Bookmarks to gifts, domestic abuse support websites, and other private destinations might be best kept away from prying eyes.

Inspired by port knocking — opening connections to specific network ports in sequence to gain access through a firewall — bookmark knocking requires clicking bookmarks in a specific order to open a link. When the bookmarks are accessed in the proper order, the third bookmark reveals a hidden site. It’s not only a novel approach to hiding things in plain sight, it’s very cool to use! 

We especially appreciate [Jacob]’s motivation: Helping those who are vulnerable to protect themselves in any way possible. It’s a solid reminder that technology can be elevated to a higher stature when put to a noble use. Be sure to check out the demonstration so you can try it for yourself!

If camouflaging data flips your bits, you may want to look at a neat way to embed data right into bash scripts, or conceal a WiFi enabled microcontroller in a USB cable. Do you have your own favorite “hidden in plain sight” hack? Be sure to let us know through the Tip Line.

 

 

 

Tool Generates Interactive PCB Diagrams From KiCAD

August 3, 2021 by 21 Comments

Nearly everyone likes nice pinout diagrams, but the more pins and functions are involved, the more cluttered and less useful the diagram becomes. To address this, [Jan Mrázek] created Pinion, a tool to help generate interactive diagrams from KiCad design files.

The result is an interactive diagram that can be viewed in any web browser. Hovering over a pin or pad highlights those signals with a callout for the name, and clicking makes it stay highlighted for easier reference. Further information can be as detailed or as brief as needed.

Interestingly, Pinion isn’t a web service that relies on any kind of backend. The diagrams are static HTML and JavaScript only, easily included in web pages or embedded in GitHub documentation.

If you think Pinion looks a bit familiar, you’re probably remembering that we covered [Jan]’s much earlier PcbDraw tool, which turned KiCad board files into SVG renderings but had no ability to add labels or interactivity. Pinion is an evolution of that earlier idea, and its diagrams are able to act as both documentation and interactive reference, with no reliance on any kind of external service.

Interested? Pinion has a full tutorial and demo and a growing library of parts, so check it out.

JavaScript App Uses Advanced Math To Make PCBs Easier To Etch

May 19, 2021 by 28 Comments

We all remember the litany from various math classes we’ve taken, where frustration at a failure to understand a difficult concept bubbles over into the classic, “When am I ever going to need to know this in real life?” But as we all know, even the most esoteric mathematical concepts have applications in the real world, and failure to master them can come back to haunt you.

Take Voronoi diagrams, for example. While we don’t recall being exposed to these in any math class, it turns out that they can be quite useful in a seemingly unrelated area: converting PCB designs into easy-to-etch tessellated patterns. Voronoi diagrams are in effect a plane divided into different regions, or “cells”, each centered on a “seed” object. Each cell is the set of points that are closer to a particular seed than they are to any other seed. For PCBs the seeds can be represented by the traces; dividing the plane up into cells around those traces results in a tessellated pattern that’s easily etched.

To make this useful to PCB creators, [Craig Iannello] came up with a JavaScript application that takes an image of a PCB, tessellates the traces, and spits out G-code suitable for a laser engraver. A blank PCB covered with a layer of spray paint, the tessellated pattern is engraved into the paint, and the board is etched and drilled in the usual fashion. [Craig]’s program makes allowances for adding specific features to the board, like odd-shaped pads or traces that need specific routing.

This isn’t the first time we’ve seen Voronoi diagrams employed for PCB design, but the method looks so easy that we’d love to give it a try. It even looks as though it might work for CNC milling of boards too.

aemkei's xor patterns

Alien Art Drawn With Surprisingly Simple Math

April 13, 2021 by 20 Comments

Programmer [aemkei] Tweeted the formula (x ^ y) % 9 alongside code for more “alien art”. But how can a formula as simple as (x ^ y) % 9 result in a complex design? The combination of Bitwise XOR (^) and Modulo (%) generate a repeating pattern that’s still complex enough to satisfy the eye, and it’s ok if that doesn’t sound like an explanation. Bitwise operations are useful when working with memory and shift registers, but also worth learning if you want to drive lines or matrices of LEDs or interpret combinations of multiple switches, or in this case a great way to throw an interesting test pattern up on a new flip-dot display or low-res LED matrix. Are you into it? We are, so let’s jump in.

XOR Truth Table
0b00 0b01 0b10 0b11
0b00 0b00 0b01 0b10 0b11
0b01 0b01 0b00 0b11 0b10
0b10 0b10 0b11 0b00 0b01
0b11 0b11 0b10 0b01 0b00

Bitwise XOR compares each binary digit of the two inputs. The XOR returns a 1 when only one of the two digits is a 1, otherwise, it returns a zero for that position. Let’s say the coordinates were 3, 2. Converted to binary we have 0b11 and 0b10. From this truth table, we can see the most-significant digits are both 1, returning a 0, while only one of the least-significant digits is a 1, so the comparison returns a 1.

Moving onto the %, which is the Modulo operator has nothing to do with percentages. This operator divides two numbers and returns the remainder if any. Take 9 % 5. When dividing 9 by 5, 5 goes in once with a remainder of 4 so 9 % 5 = 4. Now our original formula from the top will draw a black box for every ninth number except that the bitwise XOR throws a wrench into that count, varying how often a number divisible by 9 appears and supplying the complexity necessary for these awesome patterns.

detail of aemkei's xor patterns

What are the most interesting designs can you create in a simple formula?

Phishing With Morse Code

February 11, 2021 by 13 Comments

All of us have seen our share of phishing emails, but there are a lot more that get caught by secure email gateways and client filters. Threat actors are constantly coming up with new ways to get past these virtual gatekeepers. [BleepingComputer] investigated a new phishing attack that used some old tricks by hiding the malicious script tags as morse code.

The phishing attack targets Microsoft account login credentials with an HTML page posing as an Excel invoice. When opened, it asks the user to re-enter their credentials before viewing the document. Some external scripts are required to render the fake invoice and login window but would be detected if the links were included normally. Instead, the actor encoded the script links using dots and dashes, for example, “.-” equals “a”. A simple function (creatively named “decodeMorse”) is used to decode and inject the scripts when it runs in the victim’s browser.

Of course, this sort of attack is easy to avoid with the basic precautions we are all familiar with, like not opening suspicious attachments and carefully inspecting URLs. The code used in this attack is simple enough to be used in a tutorial on JavaScript arrays, but it was good enough to slip past a few large company’s filters.

Phishing attacks are probably not going to stop anytime soon, so if you’re bored, you could go phishing for phishers, or write some scripts to flood them with fake information.