Hackaday Links Column Banner

Hackaday Links: October 10, 2021

We have to admit, it was hard not to be insufferably smug this week when Facebook temporarily went dark around the globe. Sick of being stalked by crazy aunts and cousins, I opted out of that little slice of cyber-hell at least a decade ago, so Monday’s outage was no skin off my teeth. But it was nice to see that the world didn’t stop turning. More interesting are the technical postmortems on the outage, particularly this great analysis by the good folks at the University of Nottingham. Dr. Steve Bagley does a great job explaining how Facebook likely pushed a configuration change to the Border Gateway Protocol (BGP) that propagated through the Internet and eventually erased all routes to Facebook’s servers from the DNS system. He also uses a graphical map of routes to show peer-to-peer connections to Facebook dropping one at a time, until their machines were totally isolated. He also offers speculation on why Facebook engineers were denied internal access, sometimes physically, to their own systems.

It may be a couple of decades overdue, but the US Federal Communications Commission finally decided to allow FM voice transmissions on Citizen’s Band radios. It seems odd to be messing around with a radio service whose heyday was in the 1970s, but Cobra, the CB radio manufacturer, petitioned for a rule change to allow frequency modulation in addition to the standard amplitude modulation that’s currently mandatory. It’s hard to say how this will improve the CB user experience, which last time we checked is a horrifying mix of shouting, screaming voices often with a weird echo effect, all put through powerful — and illegal — linear amps that distort the signal beyond intelligibility. We can’t see how a little less static is going to improve that.

Can you steal a car with a Game Boy? Probably not, but car thieves in the UK are using some sort of device hidden in a Game Boy case to boost expensive cars. A group of three men in Yorkshire used the device, which supposedly cost £20,000 ($27,000), to wirelessly defeat the security systems on cars in seconds. They stole cars for garages and driveways to the tune of £180,000 — not a bad return on their investment. It’s not clear how the device works, but we’d love to find out — for science, of course.

There have been tons of stories lately about all the things AI is good for, and all the magical promises it will deliver on given enough time. And it may well, but we’re still early enough in the AI hype curve to take everything we see with a grain of salt. However, one area that bears watching is the ability of AI to help fill in the gaps left when an artist is struck down before completing their work. And perhaps no artist left so much on the table as Ludwig von Beethoven, with his famous unfinished 10th Symphony. When the German composer died, he had left only a few notes on what he wanted to do with the four-movement symphony. But those notes, along with a rich body of other works and deep knowledge of the composer’s creative process, have allowed a team of musicologists and AI experts to complete the 10th Symphony. The article contains a lot of technical detail, both on the musical and the informatics sides. How will it sound? Here’s a preview:

And finally, Captain Kirk is finally getting to space. William Shatner, who played captain — and later admiral — James Tiberius Kirk from the 1960s to the 1990s, will head to space aboard Blue Origin’s New Shepard rocket on Tuesday. At 90 years old, Shatner will edge out Wally Funk, who recently set the record after her Blue Origin flight at the age of 82. It’s interesting that Shatner agreed to go, since he is said to have previously refused the offer of a ride upstairs with Virgin Galactic. Whatever the reason for the change of heart, here’s hoping the flight goes well.

Side-Channel Attack Turns Power Supply Into Speakers

If you work in a secure facility, the chances are pretty good that any computer there is going to be stripped to the minimum complement of peripherals. After all, the fewer parts that a computer has, the fewer things that can be turned into air-gap breaching transducers, right? So no printers, no cameras, no microphones, and certainly no speakers.

Unfortunately, deleting such peripherals does you little good when [Mordechai Guri] is able to turn a computer power supply into a speaker that can exfiltrate data from air-gapped machines. In an arXiv paper (PDF link), [Guri] describes a side-channel attack of considerable deviousness and some complexity that he calls POWER-SUPPLaY. It’s a two-pronged attack with both a transmitter and receiver exploit needed to pull it off. The transmitter malware, delivered via standard methods, runs on the air-gapped machine, and controls the workload of the CPU. These changes in power usage result in vibrations in the switch-mode power supply common to most PCs, particularly in the transformers and capacitors. The resulting audio frequency signals are picked up by a malware-infected receiver on a smartphone, presumably carried by someone into the vicinity of the air-gapped machine. The data is picked up by the phone’s microphone, buffered, and exfiltrated to the attacker at a later time.

Yes, it’s complicated, requiring two exploits to install all the pieces, but under the right conditions it could be feasible. And who’s to say that the receiver malware couldn’t be replaced with the old potato chip bag exploit? Either way, we’re glad [Mordechai] and his fellow security researchers are out there finding the weak spots and challenging assumptions of what’s safe and what’s vulnerable.

Continue reading “Side-Channel Attack Turns Power Supply Into Speakers”

Building A New RF Remote From Scratch

We’ve seen no shortage of projects that use the ESP8266 or ESP32 to add “smart” features to existing home appliances, often by pairing the microcontroller with a radio or IR transmitter. If your device has an existing remote, integrating it into a custom home automation system is often just a matter of getting a few cheap modular components and writing some simple code to glue it all together.

But what if the appliance you want to control doesn’t use a common frequency? That’s a question that [eigma] recently had to answer after finding the remote control for the bedroom ceiling fan was operating at a somewhat unusual 304 MHz. Something like the MAX1472 could probably have been tuned to this frequency, but the chip doesn’t seem to be available in a turn-key module as the popular 315 MHz transmitters are.

There were a few possible options, including using a software defined radio (SDR), but [eigma] didn’t want to spend a fortune on this project or wait months for parts to get shipped from overseas. The most straightforward solution was to design a custom transmitter tuned to the proper frequency using discrete components; something of a dark art to those of us who’ve been spoiled by the high availability of modular components.

What follows is an fascinating look at the design, testing, and troubleshooting of a truly scratch-built transmitter. You won’t find any ICs here, the carrier signal is generated with just a transistor, some carefully measured pieces of wire, and a handful of passive components. By modulating the signal with an ESP32, [eigma] successfully makes the oddball ceiling fan an honorary member of the Internet of Things.

The write-up that [eigma] has done is an absolutely invaluable resource if you ever find yourself in need of rolling a bespoke transmitter. It easily ranks among some of the most informative radio reverse engineering work we’ve covered, and you’d be wise to file this one away for future reference. That said, most of the newer hardware you’re going to run into will probably be utilizing a widely-supported frequency like 433 MHz.

A Dangerous Demonstration Of The Power Of Radio

Terrestrial radio may be a dying medium, but there are still plenty of listeners out there. What would a commute to or from work be without a check of “Traffic on the Eights” to see if you need to alter your route, or an update of the scores from yesterday’s games? Getting that signal out to as many listeners as possible takes a lot of power, and this dangerous yet fascinating demo shows just how much power there is on some radio towers.

Coming to us by way of a reddit post, the short video clips show a crew working on a 15,000-Watt AM radio tower. They appear to be preparing to do tower maintenance, which means de-energizing the antenna. As the engineer explains, antennas for AM radio stations in the medium-wave band are generally the entire tower structure, as opposed to the towers for FM and TV stations, which generally just loft the antenna as high as possible above the landscape. The fun starts when the crew disconnects a jumper and an arc forms across the clamp and the antenna feed. The resulting ball of plasma acts like a speaker, letting us clearly hear the programming on the station. It’s like one of the plasma speakers we’ve seen before, albeit exceptionally more dangerous.

It’s an impressive display of the power coursing through broadcast towers, and a vivid reminder to not mess with them. Such warnings often go unheeded, sadly, with the young and foolish paying the price. There’s a reason they put fences up around radio towers, after all.

Continue reading “A Dangerous Demonstration Of The Power Of Radio”

Bitluni Brings All The ESP-32 Multimedia Hacks To Supercon

Of all the people I was looking forward to meeting at Supercon, aside from my Hackaday colleagues with whom I had worked for five years without ever meeting, was a fellow from Germany named Matthias Balwierz. The name might not ring a bell, but he’ll certainly be familiar to Hackaday readers as Bitluni, the sometimes goofy but always entertaining and enlightening face of “Bitluni’s Lab” on YouTube.

I’d been covering Bitluni’s many ESP32 hacks over the years, and had struck up a correspondence with him, swapping ideas and asking for advice on the many projects I start but somehow never finish. Luckily for us, Bitluni is far better on follow-through than I am, and he brought that breadth and depth of experience to the Design Lab stage for that venue’s last talk of the 2019 Superconference, before the party moved next door for the badge-hacking presentations.

Continue reading “Bitluni Brings All The ESP-32 Multimedia Hacks To Supercon”

Name That Unknown RF Signal With A Little FFT Magic

Time was once that the amateur radio bands were an aurally predictable place. Spinning the dial up and down the bands, one heard familiar sounds – the staccato of Morse, the [Donald Duck] of sideband voice transmissions, and the occasional flute-like warble of radioteletype signals. Now, the ham bands are full of exotic signals encoding all manner of digital signals, each one with a unique sound and unique demodulation needs. What’s a ham to do?

Help is on the way. [José Carlos Rueda] has made progress toward automatically classifying unknown signals by modifying a Shazam-like app. Shazam is a popular smartphone app that listens to a few seconds of a song, creates an audio fingerprint of it, and searches a massive database of songs for a match. [Rueda] used a homebrew version of the app to search a SQL-lite database of audio fingerprints populated not with a playlist of popular music, but with samples from every known signal type in the Signal Identification Wiki. The database contains hashes for an FFT of each sample, which can be easily searched. With a five to ten second sample of a signal, captured either live over a microphone or from a recording,  he is able to identify the signal automatically.

Whether it be the weird, dissonant wail of PSK-31 or the angry buzzing of PACTOR, the goings-on across the bands no longer have to remain a mystery. We really like the idea here, and wonder if it can be expanded upon to visually decode signals based on their waterfall signatures using TensorFlow. There are some waterfall examples in [Danie Conradie]’s excellent article on RF modulation that could get you started.

[via RTL-SDR.com]

RF Modulation: Crash Course For Hackers

When you’re looking to add some wireless functionality to a project, there are no shortage of options. You really don’t need to know much of the technical details to make use of the more well-documented modules, especially if you just need to get something working quickly. On the other hand, maybe you’ve gotten to the point where you want to know how these things actually work, or maybe you’re curious about that cheap RF module on AliExpress. Especially in the frequency bands below 1 GHz, you might find yourself interfacing with a module at really low level, where you might be tuning modulation parameters. The following overview should give you enough of an understanding about the basics of RF modulation to select the appropriate hardware for your next project.

Three of the most common digital modulation schemes you’ll see in specifications are Frequency Shift Keying (FSK), Amplitude Shift Keying (ASK), and LoRa (Long Range). To wrap my mechanically inclined brain around some concepts, I found that thinking of RF modulation in terms of pitches produced by a musical instrument made it more intuitive.

And lots of pretty graphs don’t hurt either. Signals from two different RF dev boards were captured and turned into waterfall and FFT plots using a $20 RTL-SDR dongle. Although not needed for wireless experimentation, the RTL-SDR is an extremely handy debugging tool, even to just check if a module is actually transmitting. Continue reading “RF Modulation: Crash Course For Hackers”