Attack Of The Beepy Clones

In the Blackberry-keyboard-based project lineage story last week, I covered how a series of open-source projects turned into Beepy, a cool Linux PDA with a lively community. To me, it’s yet another demonstration of power that open-source holds, and more importantly, it shows how even a small pet project of yours could cause big moves in the hardware world, provided you publish it – just ask [JoeN], [WoodWorkeR] and [arturo182].

The journey didn’t end there. For all its benefits, Beepy had some flaws to take care of, some board-killing flaws, even. The 5 V boost regulator was never intended for 4.7 V input it gets when charger is connected, and would occasionally cook itself. A charging current resistor was undersized, leading people to either bodge resistors onto their Beepy boards, or have their battery charge for 30 hours until full. A power path diode was undersized, too, and has burned out on more than a few devices. Also, Beepy’s feature package left things to be desired.

Beepy never made it beyond v1. If I had to guess, partially because of BB Q20 keyboard sourcing troubles, but also definitely some sort of loss of interest. Which is a shame, as the plans v1.5 of the hardware were pretty exciting. In the meantime, other players decided to take up the mantle – here’s a tale of three projects.

Continue reading “Attack Of The Beepy Clones”

The Blackberry Keyboard: How An Open-Source Ecosystem Sprouts

What could happen when you open-source a hardware project?

No, seriously. I hold a fair few radical opinions – one is that projects should be open-source to the highest extent possible. I’ve seen this make miracles happen, make hackerdom stronger, and nourish our communities. I think we should be publishing all the projects, even if incomplete, as much as your opsec allows. I would make ritual sacrifices if they resulted in more KiCad projects getting published, and some days I even believe that gently bullying people into open-sourcing their projects can be justified. My ideal universe is one where companies are unable to restrict schematics from people getting their hardware, no human should ever hold an electronics black box, by force if necessary.

Why such a strong bias? I’ve seen this world change for the better with each open-source project, and worse with closed-source ones, it’s pretty simple for me. Trust me here – let me tell you a story of how a couple reverse-engineering efforts and a series of open-source PCBs have grown a tree of an ecosystem.

A Chain Of Blackberry Hackers

Continue reading “The Blackberry Keyboard: How An Open-Source Ecosystem Sprouts”

Art of 3D printer in the middle of printing a Hackaday Jolly Wrencher logo

Open Source, Forced Innovation, And Making Good Products

The open-source hardware business landscape is no doubt a tough one, but is it actually tougher than for closed-source hardware? That question has been on our minds since the announcement that the latest 3D printer design from former open-source hardware stalwarts Prusa Research seems like it’s not going to come with design files.

Ironically, the new Core One is exactly the printer that enthusiasts have been begging Prusa to make for the last five years or more. Since seeing hacker printers like the Voron and even crazy machines like The 100 whip out prints at incredible speed, the decade-old fundamental design of Prusa’s i3 series looks like a slow and dated, if reliable, workhorse. “Bed slinger” has become a bit of a pejorative for this printer architecture in some parts of the 3DP community. So it’s sweet to see Prusa come out with the printer that everyone wants them to make, only it comes with the bitter pill of their first truly closed-source design.

Is the act of not sharing the design files going to save them? Is it even going to matter? We would argue that it’s entirely irrelevant. We don’t have a Core One in our hands, but we can’t imagine that there is anything super secret going on inside that couldn’t be reverse engineered by any other 3DP company within a week or so. If anything, they’re playing catch up with other similar designs. So why not play to one of their greatest strengths – the engaged crowd of hackers who would most benefit from having the design files?

Of course, Prusa’s decision to not release the design files doesn’t mean that they’re turning their backs on the community. They are also going to offer an upgrade package to turn your current i3 MK4 printer into the new Core One, which is about as hacker-friendly a move as is possible. They still offer kit versions of the printers at a discount, and they continue to support their open-source slicer software.

But this one aspect, the move away from radical openness, still strikes us as bittersweet. We don’t have access to their books, of course, but we can’t imagine that not providing the design files gains them much, and it will certainly damage them a little in the eyes of their most devoted fans. We hope the Core One does well, but we also hope that people don’t draw the wrong lesson from this – that it does well because it went closed source. If we could run the experiment both ways, we’d put our money on it doing even better if they released the design files.

USB HID And Run Exposes Yet Another BadUSB Surface

You might think you understand the concept of BadUSB attacks and know how to defend it, because all you’ve seen is opening a terminal window. Turns out there’s still more attack surface to cover, as [piraija] tells us in their USB-HID-and-run publication. If your system doesn’t do scrupulous HID device filtering, you might just be vulnerable to a kind of BadUSB attack you haven’t seen yet, rumoured to have been the pathway a few ATMs got hacked – simply closing the usual BadUSB routes won’t do.

The culprit is the Consumer Control specification – an obscure part of HID standard that defines media buttons, specifically, the “launch browser” and “open calculator” kinds of buttons you see on some keyboards, that operating systems, surprisingly, tend to support. If the underlying OS you’re using for kiosk purposes isn’t configured to ignore these buttons, they provide any attacker with unexpected pathways to bypass your kiosk environment, and it works astonishingly well.

[piraija] tells us that this attack provides us with plenty of opportunities, having tested it on a number of devices in the wild. For your own tests, the writeup has Arduino example code you can upload onto any USB-enabled microcontroller, and for better equipped hackers out there, we’re even getting a Flipper Zero application you can employ instead. While we’ve seen some doubts that USB devices can be a proper attack vector, modern operating systems are more complex and bloated than even meets the eye, often for hardly any reason – for example, if you’re on Windows 10 or 11, press Ctrl+Shift+Alt+Win+L and behold. And, of course, you can make a hostile USB implant small enough that you can build them into a charger or a USB-C dock.

USB image: Inductiveload, Public domain.

Review: Beepy, A Palm-sized Linux Hacking Playground

In the long ago times, when phones still flipped and modems sang proudly the songs of their people, I sent away for a set of Slackware CDs and embarked on a most remarkable journey. Back then, running Linux (especially on the desktop) was not a task to be taken lightly. The kernel itself was still in considerable flux — instead of changing some obscure subsystem or adding support for a niche gadget you don’t even own, new releases were unlocking critical capabilities and whole categories of peripherals. I still remember deciding if I wanted to play it safe and stick with my current kernel, or take a chance on compiling the latest version to check out this new “USB Mass Storage” thing everyone on the forums was talking about…

But modern desktop Linux has reached an incredible level of majority, and is now a viable choice for a great number of computer users. In fact, if you add Android and Chrome OS into the mix, there are millions and millions of people who are using Linux on daily basis and don’t even realize it. These days, the only way to experience that sense of adventure and wonderment that once came pre-loaded with a Linux box is to go out and seek it.

Which is precisely how it feels using using the Beepy from SQFMI. The handheld device, which was formerly known as the Beepberry before its creators received an all-too-predicable formal complaint, is unabashedly designed for Linux nerds. Over the last couple of weeks playing with this first-run hardware, I’ve been compiling kernel drivers, writing custom scripts, and trying (though not always successfully) to get new software installed on it. If you’re into hacking around on Linux, it’s an absolute blast.

There’s a good chance that you already know if the Beepy is for you or not, but if you’re still on the fence, hopefully this in-depth look at the hardware and current state of the overall project can help you decide before SQFMI officially starts taking new orders for the $79 gadget.

Continue reading “Review: Beepy, A Palm-sized Linux Hacking Playground”

Two e-readers side to side. On the left, you can see the frontal view, showing text on the e-ink screen. On the right, you can see the backside with a semi-transparent 3D-printed cover over it, and two AAA batteries inside a holder in the center.

Open Book Abridged: OSHW E-Reader Now Simplified, Pico-Driven

If you ever looked for open-source e-readers, you’ve no doubt seen [Joey Castillo]’s Open Book reader, but you might not yet have seen the Abridged version he’s building around a Raspberry Pi Pico.

The Open Book project pairs a 4.2″ E-Ink screen with microprocessors we all know and love, building a hacker-friendly e-reader platform. Two years ago, this project won first place in our Adafruit Feather contest — the Feather footprint making the Open Book compatible with a wide range of MCUs, giving hackers choice on which CPU their hackable e-reader would run. Now, it’s time for a RP2040-based reboot.

three PCBs being shown - one soldered-together version with a Pico on it, and two upopulated PCBs, showing front and back, on the populated PCB, you can see the Raspberry Pi Pico and other components soldered on. On the unpopulated PCBs, you can see there's a lot of text helping you understand and assemble this e-reader.This project is designed so that you can assemble it on your own after sourcing parts and PCBs. To help you in the process, the PCB itself resembles a book page – on the silkscreen, there is explanations of what each component is for, as well as information that would be useful for you while hacking on it, conveying the hardware backstory to the hacker about to dive into assembly with a soldering iron in hand. There’s simple but quite functional software to accompany this hardware, too – and, as fully open-source devices go, any missing features can be added.

Joey has recorded a 30-minute video of the Pi Pico version for us, assembling and testing the newly ordered boards, then showing the software successfully booting and operational. The Pi Pico-based revision has been greatly simplified, with a number of self-assembly aspects improved compared to previous versions – the whole process really does take less than half an hour, and he gets it done with a pretty basic soldering iron, too!

If you’re looking for updates on this revision as development goes on, following [Joey] on Twitter is your best bet. He’s no stranger to making devices around us more free and then sharing the secret sauce with all of us! During the 2021 Remoticon he showed off a drop-in replacement mainboard for the Casio F-91W wristwatch, and told us all about reverse-engineering its controller-less segment LCD — worth a listen for any hacker who’s ever wanted to bend these LCDs to their will.

Continue reading “Open Book Abridged: OSHW E-Reader Now Simplified, Pico-Driven”

Hackable OSHW CardClock Demands Attention

When examining a project, it’s easy to be jaded by a raw parts list. When the main component is an ESP8266, we might say “oh, another 8266 project. yawn!” But we’re certain that when you take a look at [Will Fox]’s Foxie CardClock, it’ll surely grab your attention.

As if all those beautiful LEDs weren’t enough, the rest of the device’s specifications are quite impressive. The core components might be common, but what often separates such projects is the software. With Over The Air updates supported via ArduinoOTA, updates are a snap. A light sensor helps to keep all those LEDs at a sane level, and a once-per-minute synchronization via NTP keeps the time accurate. Even if power is lost, a super-capacitor can hold the time accurate for up to two days with the built in RTC module. There’s even provisions for setting the time using the buttons on the front panel should you want to keep the gadget offline.

The entire project is open source, with the hardware released under the CERN Open Hardware Licence Version 2 and the firmware source code distributed as GPLv3. Users are encouraged to hack and modify the design, and all the information you need to build one of your own is available in the project’s GitHub repository. [Will] also offers a pre-assembled version of the clock for just $45 USD, but unfortunately it seems to be out of stock at the time of this writing.

If credit card sized hacks are your chosen area of interest, you will appreciate this crystal radio made from an actual Credit Card. Thanks to [Abe] for submitting the Tip!