Arbitrary Code Execution Over Radio

Computers connected to networks are constantly threatened by attackers who seek to exploit vulnerabilities wherever they can find them. This risk is particularly high for machines connected to the Internet, but any network connection can be susceptible to attacks. As highlighted by security researcher and consultant [Rick Osgood], even computers connected to nothing more than a radio can be vulnerable to attacks if they’re using certain digital modes of communication.

The vulnerability that [Rick] found involves exploiting a flaw in a piece of software called WinAPRS. APRS is a method commonly used in the amateur radio community for sending data over radio, and WinAPRS allows for this functionality on a PC. He specifically sought out this program for vulnerabilities since it is closed-source and hasn’t been updated since 2013. After some analysis, he found a memory bug which was used to manipulate the Extended Instruction Pointer (EIP) register which stores the memory address of the next instruction to be executed by the CPU. This essentially allows for arbitrary code execution on a remote machine via radio.

The exploit was found while using Windows XP because it lacks some of the more modern memory protection features of modern operating systems, but the exploit does still work with Windows 10, just not as reliably and with a bit of extra effort required. It’s a good reminder to use open-source software when possible so issues like these can get resolved, and to regularly install security updates when possible. If you’re looking to delve into the world of APRS in more modern times, take a look at this project which adds APRS to budget transceivers. Just make sure you get your license first.

Opening Up ASIC Design

The odds are that if you’ve heard about application-specific integrated circuits (ASICs) at all, it’s in the context of cryptocurrency mining. For some currencies, the only way to efficiently mine them anymore is to build computers so single-purposed they can’t do anything else. But an ASIC is a handy tool to develop for plenty of embedded applications where efficiency is a key design goal. Building integrated circuits isn’t particularly straightforward or open, though, so you’ll need some tools to develop them such as OpenRAM.

Designing the working memory of a purpose-built computing system is a surprisingly complex task which OpenRAM seeks to demystify a bit. Built in Python, it can help a designer handle routing models, power modeling, timing, and plenty of other considerations when building static RAM modules within integrated circuits. Other tools for taking care of this step of IC design are proprietary, so this is one step on the way to a completely open toolchain that anyone can use to start building their own ASIC.

This tool is relatively new and while we mentioned it briefly in an article back in February, it’s worth taking a look at for anyone who needs more than something like an FPGA might offer and who also wants to use an open-source tool. Be sure to take a look at the project’s GitHub page for more detailed information as well. There are open-source toolchains if you plan on sticking with your FPGA of choice, though.

Modernizing C Arrays For Greater Memory Safety

Lately, there has been a push for people to stop using programming languages that don’t promote memory safety. But as we still haven’t seen the death of some languages that were born in the early 1960s, we don’t think there will be much success in replacing the tremendous amount of software that uses said “unsafe” languages.

That doesn’t mean it’s a hopeless cause, though. [Kees Cook] recently posted how modern C99 compilers offer features to help create safer arrays, and he outlines how you can take advantage of these features. Turns out, it is generally easy to do, and if you get errors, they probably point out unexpected behavior in your original code, so that’s a plus.

We don’t think there’s anything wrong with C and C++ if you use them as you should. Electrical outlets are useful until you stick a fork in one. So don’t stick a fork in one. We really liked the recent headline we saw from [Sarah Butcher]: “If you can’t write safe C++ code, it’s because you can’t write C++.” [Cook’s] post makes a similar argument.  C has advanced quite a bit and the fact that 30-year-old code doesn’t use these new features isn’t a good excuse to give up on C.

Continue reading “Modernizing C Arrays For Greater Memory Safety”

Audio Playback Toy For DSP Adventures

The declining costs of single-board computers has made serious computing power available for even the most trivial of tasks. It’s easy enough to slap a Raspberry Pi onto almost anything for nearly the same cost as a powerful 32-bit microcontroller platform, but this takes some of the fun out of projects for a few of us. Looking to get into the weeds can be a challenge as well, as [Michal Zalewski] demonstrates in this audio playback device he built from a simple 8-bit microcontroller.

The small toy takes audio input from a microphone through an op-amp and feeds this signal to an ADC within the AVR128DA28 microcontroller. The data is then stored on a separate memory chip ready to be played back through another op-amp paired with a speaker. This is where being familiar with the inner workings of the microcontroller comes in handy. By manipulating the interrupt routines in specific ways, the audio stored in memory can be played back at various speeds.

[Michal] intended this build to be a toy for one of his younger relatives, and for the price of a few ICs and buttons it does a pretty good job of turning a regular voice into a chipmunk voice like some commercial children’s toys some of us might remember. If the design aesthetics of this gadget look familiar, you may be thinking of his minimalist gaming device which we recently featured.

The NES Gets Its Own OS

Until recently, most video game systems didn’t need their own operating systems in order to play games. Especially in the cartridge era — the games themselves simply ran directly on the hardware and didn’t require the middleman of an operating system for any of the functionality of the consoles. There were exceptions for computers that doubled as home computers such as the Commodore, but systems like the NES never had their own dedicated OS. At least, until [Inkbox] designed and built the NES-OS.

The operating system does not have any command line, instead going directly for a graphical user interface. There are two programs that make up the operating system. The first is a settings application which allows the user to make various changes to the appearance and behavior of the OS, and the second is a word processor with support for the Japanese “Family Keyboard” accessory. The memory on the NES is limited, and since the OS loads entirely into RAM there’s only enough leftover space for eight total files. Those files themselves are limited to 832 bytes, which is one screen’s worth of text without scrolling.

While it might seem limited to those of us living in the modern era, the OS makes nearly complete use of the available processing power and memory of this 1980s system that was best known for Super Mario Bros. and Duck Hunt. It’s an impressive build for such a small package, and really dives into a lot of the hardware and limitations when building software for these systems. If you need more functionality than that, we’d recommend installing Linux on the NES Classic instead.

Continue reading “The NES Gets Its Own OS”

Pocket Computer Reminds Us Of PDAs

Before smartphones exploded on the scene in the late 00s, there was still a reasonable demand for pocket-sized computers that could do relatively simple computing tasks. Palm Pilots and other PDAs (Personal Digital Assistants) were all the rage in the ’90s and early ’00s, although for cutting-edge tech from that era plenty of these devices had astronomical price tags. This Arduino-based PDA hearkens back to that era, albeit with a much more accessible parts list.

The build is based around an Arudino Nano with an OLED screen and has the five necessary functions for a PDA: calculator, stopwatch, games, phonebook, and a calendar. With all of these components on such a small microcontroller, memory quickly became an issue when using the default libraries. [Danko] uses his own custom libraries in order to make the best use of memory which are all available on the project’s GitHub page. The build also includes a custom PCB to keep the entire pocket computer pocket-sized.

There are some other features packed into this tiny build as well, like the breakout game that can be played with a potentiometer. It’s an impressive build that makes as much use of the microcontroller’s capabilities as is possible, and if you enjoy projects where a microcontroller is used as if it is a PC take a look at this Arduino build with its own command-line interface.

Continue reading “Pocket Computer Reminds Us Of PDAs”

OpenCV Running On A Tiny Microcontroller

At first blush, it might seem like projects that make extensive use of computer vision or machine learning would need to be based on powerful computing platforms with plenty of clock cycles and memory to handle this type of application. While there is some truth to this, as the field progresses it becomes possible to experiment with these tools on low-power devices as well. Take this OpenCV project which is built entirely on an ESP32 for example.

With that being said, there are some modifications that need to be made to the ESP32 in order to use OpenCV in any meaningful way. The most important of these is the use of the ESP32-DOWDQ6 module which increases the available memory of the ESP32 to allow it to make better use of camera functions. Even then, the ESP32 can’t run the entire OpenCV application, so a shrunken version of OpenCV is required before the device can run it natively. Once those two obstacles are out of the way, though, doing things like edge detection, as this project demonstrates, are well in the realm of possibility.

If running OpenCV on something as small as an ESP32 is possible, it is even easier to run on something orders of magnitude more powerful and yet still inexpensive, such as the Raspberry Pi. While the project’s code is available on its GitHub page for those interested, there are plenty of other OpenCV projects that we have featured on more powerful platforms as well, like this clock which falls off of the wall whenever someone looks at it.

Continue reading “OpenCV Running On A Tiny Microcontroller”