Negative Voltage Pushes AVR to New Heights

If we say that a hacker is somebody who looks at a “solved” problem and can still come up with multiple alternative solutions, then [Charles Ouweland] absolutely meets the grade. Not that we needed more evidence of his hacker cred given what we’ve seen from him before, but he recently wrote in to tell us about an interesting bit of problem solving which we think is a perfect example of the principle. He wanted to drive a salvaged seven segment LED display with an AVR microcontroller, but there was only one problem: the display needs 15V but the AVR is only capable of 5V. So what to do?

As it turns out, the first step to solving the problem was verifying there was actually a problem to begin with. [Charles] did some experimentation and found that the display didn’t actually need 15V to operate, and in fact would light up well enough at just 6.5V. This lowered the bar quite a bit, but it was still too high to power directly from the chip.

There were a few common ways to solve this problem, which no doubt the Hackaday reader is well aware of. But [Charles] wanted to take the path less traveled. More specifically, the path with the least amount of additional components he had to put on his PCB. He set out to find the absolute easiest way to make his 5V AVR light up a 6.5V LED, and ended up coming with a very clever solution that some may not even know is possible.

He reasoned that if he connected the source pins of two BS170 MOSFETs to a voltage of -1.5V, even when the AVR pin was 0V, they would be still be receiving 1.5V. This virtual “step ladder” meant that once the AVR’s pin goes high (5V), the relative voltage would actually be 6.5V and enough to drive his LEDs. Of course the only problem with that is that you need to have a source for -1.5V.

Getting a negative voltage would normally require adding more components to the design (which he set out to avoid in the first place), but then he came up with another clever idea. To pull the trick off, he actually feeds the AVR 6.5V, but raises the ground voltage by 1.5V with the addition of two 1N4007 diodes. This way the AVR gets a voltage within its capabilities and still can provide a relative 6.5V to the LEDs.

One might say [Charles] took the Kobayashi Maru approach, and simply redefined the rules of the game. But such is the power of the confounding negative voltage.

Posted in AVR, diode, Ground, led hacks, MCU, Microcontrollers, MOSFETS, negative rail, relative | Leave a comment

NTP Morse Code Clock Powered by ESP8266

We’ve featured a great many unique clocks here on Hackaday, which have utilized nearly every imaginable way of conveying the current time. But of all these marvelous timepieces, the Morse code clock has the distinct honor of simultaneously being the easiest to construct and (arguably) the most difficult to read. As such, it’s little surprise we don’t see them very often. Which makes this latest entry into the field all the more interesting.

[WhisleyTangoHotel] has taken the basic concept of the Morse clock, which at its most simplistic could be done with a microcontroller and single LED, and expanded it into a (relatively) practical device. With both audio and visual signaling, and support for pulling the time from NTP, this is easily the most polished Morse code clock we’ve ever seen. Using it still requires you to have a decent grasp on Samuel Morse’s now nearly 200 year old encoding scheme of course, but on the bright side, this clock is sure to help keep your CW skills sharp.

For those following along at home, [WhisleyTangoHotel] provides a hand-drawn diagram to show how everything connects together in his Morse timepiece, but there’s nothing on the hardware side that’s likely to surprise the Hackaday reader. A single momentary push button represents the device’s sole user input, with the output being handled by a LED “tower” and speaker on their own respective pins on the microcontroller. Here a Adafruit Feather HUZZAH is used, but any ESP8266 would work in its place.

Of course, the advantage of using an ESP8266 board over your garden variety MCU is the Wi-Fi connectivity. This allows the clock to connect to an NTP server and get the current time before relaying it to the user. Some might think this overkill, but it’s really a critical feature; the lack of a proper RTC on the ESP means the clock would drift badly if not regularly synchronized. Assuming you’ve got a reliable Internet connection, this saves you the added cost and complexity of adding an external RTC.

[WhisleyTangoHotel] wraps up his blog post by providing his ESP8266 Arduino source code, which offers an interesting example in working not only with NTP and time zones on the ESP, but how to handle parsing strings and representing their principle characters in Morse code.

Interestingly enough, in the past we’ve seen a single LED clock that didn’t use Morse code to blink out the time, which might be a viable option as an alternate firmware for this device if you’re not in the Samuel Morse fan club.

Posted in classic hacks, clock, clock hacks, ESP8266, led, Microcontrollers, morse code, ntp | Leave a comment

VexRISC-V Exposed

If you want to use FPGAs, you’ll almost always use an HDL like Verilog or VHDL. These are layers of abstraction just like using, say, a C compiler is to machine language or assembly code. There are other challenges to the throne such as SpinalHDL which have small but enthusiastic followings. [Tom] has a post about how the VexRISC-V CPU leverages SpinalHDL to make an extremely flexible system that is as efficient as plain Verilog. He says the example really shows off why you should be using SpinaHDL.

Like a conventional programming language, it is easy to find niche languages that will attract a little attention and either take off (say, C++, Java, or Rust) or just sort of fade away. The problem is you can’t ever tell which ones are going to become major and which are just flashes in the pan. Is SpinalHDL the next big thing? We don’t know.

[Tom] is pretty qualified to write this, too. He had a RISC-V design, MR1, and in comparisons, the SpinalHDL implementation was better. He wanted to know why. The post is a result of his exploration.

SpinalHDL uses Scala — an object-oriented programming language and is really a set of libraries that generates HDL. That means you wind up with Verilog or VHDL that you handle with your normal tools or you can even mix it in with conventional modules. The language proponents claim that using it generates efficient HDL that won’t cause your design to be slower or larger.

Is it worth switching? We don’t know. Is it worth a look? Probably. We actually looked at VexRISC-V recently, but not in this much detail. If you don’t like Scala, but like the approach, MyHDL is sort of like SpinalHDL but based on Python.

Posted in fpga, RISC-V, spinalhdl, verilog, vexrisc-v, vhdl | Leave a comment

Wearable Speeder Bikes Are Ready For A Night Out

While Hackaday is about as far from a fashion blog as you can possibly get, we have to admit we’re absolutely loving the [bithead942] Winter 2018 Collection. His wife and daughter recently got to model his latest must have design: wearable Star Wars speeder bikes; and judging by the video after the break they were certainly some of the best dressed at the Thanksgiving parade.

[bithead942] started the build by taking careful measurements of a vintage speeder bike model kit his wife had, which allowed to accurately recreate the iconic look of the vehicles as they were seen in Return of the Jedi . But to do them justice, the final “bikes” would need to be around three meters (ten feet) long, which immediately posed a problem. What kind of material could support itself over that length while still being light enough to wear for extended periods of time?

The answer came, as it often does, from the local hardware store. He found that a combination of Schedule 80 and 40 PVC pipe was a perfect material: strong enough to support the desired dimensions without bending, light enough that the final bike wouldn’t be uncomfortable to wear, easy to bend with heat, and perhaps best of all, cheap and readily available. The PVC frame was then covered with chicken wire and thin flexible foam to give it a filled out look without weighing them down.

Even though he had a strict weight limit on the build, [bithead942] couldn’t help but add in some electronics to complete the effect. The LED festooned control panel allows the ladies to trigger different sound effects from the movie stored on a Adafruit Mini FX Sound Board, which is connected to a 20W Class D amplifier and a pair of 400 watt car stereo speakers. He says the resulting playback was loud enough to hear outside during the parade, and only added a few pounds to the overall build.

These may be the bikes you’re looking for, but they’re definitely not the first we’ve featured on Hackakday. Meanwhile you’d be wise not to underestimate the lowly PVC pipe when designing your next project. From a hacked together drill press for your Dremel to a planetarium for you and your closest dozen or so friends, there’s little you can’t build with this plentiful material.

Posted in chicken wire, cosplay, PVC, speeder bike, star wars, wearable hacks | Leave a comment

Artistic Images Made With Water Lens

It’s said that beauty and art can be found anywhere, as long as you look for it. The latest art project from [dmitry] both looks in unassuming places for that beauty, and projects what it sees for everyone to view. Like most of his projects, it’s able to produce its artwork in a very unconventional way. This particular project uses water as a lens, and by heating and cooling the water it produces a changing image.

The art installation uses a Peltier cooler to periodically freeze the water that’s being used as a lens. When light is projected through the frozen water onto a screen, the heat from the light melts the water and changes the projected image. The machine uses an Arduino and a Raspberry Pi in order to control the Peliter cooler and move the lens on top of the cooler to be frozen. Once frozen, it’s moved again into the path of the light in order to show an image through the lens.

[dmitry] intended the project to be a take on the cyclical nature of a substance from one state to another, and this is a very creative and interesting way of going about it. Of course, [dmitry]’s work always exhibits the same high build quality and interesting perspective, like his recent project which created music from the core samples of the deepest hole ever drilled.

Posted in arduino, art, cooler, ice, lens, peltier, projection, Raspberry Pi, water | Leave a comment

Weaponized Networked Printing is Now a Thing

It’s a fairly safe bet that a Venn diagram of Hackaday readers and those who closely follow the careers of YouTube megastars doesn’t have a whole lot of overlap, so you’re perhaps blissfully unaware of the man who calls himself PewDiePie. As such, you might not know that a battle between himself and another YouTube channel which uploads Bollywood music videos has reached such a fever pitch that his fans have resorted to guerrilla hacking to try to sway public opinion towards their side. It’s perhaps not the dystopian future we imagined, but it just might be the one we deserve.

To briefly summarize the situation, a hacker known only by the handle TheHackerGiraffe decided to help out Dear Leader by launching an automated attack against 50,000 Internet connected printers. When the hack was successful, the printer would spit out a page of digital propaganda (complete with fist ASCII art) that urged the recipient to go on YouTube and pledge their support for PewDiePie. There’s some debate about how many of the printers TheHackerGiraffe targeted actually delivered their payload, but judging by reactions throughout social media, it was enough to get the message out.

While the stunt itself may have come as a surprise, the methodology wasn’t. In fact, the only surprising element to the security researchers who’ve weighed in on the situation is that this hasn’t happened more often. It certainly isn’t the first time somebody’s done it, but the fact that this time its been connected to such a high profile Internet celebrity is putting more eyes on the problem then there have been in the past. Now that the proverbial cat is out of the bag, there are even websites springing up which claim to be purveyors of “Printer Advertising”. Odds are good this won’t be the last time somebody’s printer starts running off more than TPS reports.

We here at Hackaday don’t have much interest in the battle for YouTube supremacy. We’re just pulling for Dave Jones’s EEVBlog channel to join AvE in breaking a million subscribers. But we’re very interested in the technology which made this attack possible, how likely it is we’re going to see more people exploit it, and what are we supposed to do now that even our own printers can be turned against us?

Easier Than You Might Think

According to TheHackerGiraffe’s account, Shodan (known as “the world’s first search engine for Internet-connected devices”) was used to search for Internet-facing IP addresses which had open ports related to network printing protocols such as IPP, LPD, and JetDirect. The search revealed over 800,000 devices were listening for incoming print commands, of which the first 50,000 were selected to be targets in the attack and saved to a text file.

With a list of potential printers waiting for a command, the next step was figuring out how to talk to them. To this end, our intrepid Giraffe used the open source Printer Exploitation Toolkit (PRET). Consisting of a suite of Python scripts, PRET is intended for researchers performing security audits on networked printers and can perform a wide away of functions. Not limited to simply printing to the target, it can also access files on its internal storage, capture incoming print jobs, disable the printer, and even has a function which claims to cause permanent damage to the printer’s NVRAM.

With a list of targets and a tool suite that would command them, the final piece of the puzzle was a quick script to tie them both together. On Twitter TheHackerGiraffe posted a copy of the Bash script which supposedly caused all the ruckus, and it’s about as simple as it gets:

#!/bin/bash
while read -r line; do ip="$line" torify ./PRET/pret.py $ip pjl -q -i ./commands.txt
done < "./potential_bros.txt"

The script loads the list of potentially vulnerable printers from a file called “potential_bros.txt”, and for each IP address in the file runs the pret.py command to deliver the payload. Each instance of PRET is run through the torify tool, which wraps the command in a Tor session in an attempt to anonymize the activity. In terms of notoriety gained per line of code, this script has to rank fairly high up there.

All things considered, an unwanted print job that consisted of just a few lines of text was arguably the most innocuous outcome of this particular stunt, it didn’t even use that much ink. Indeed, TheHackerGiraffe now says showing support for PewDiePie was really a secondary objective; the true goal was to raise awareness of how vulnerable many Internet connected printers really are. Whether you believe the claim genuine or a case of creating an excuse after the fact, we can’t deny it has people talking.

Does This Fall Under Fax Machine Law?

One would think that connecting to thousands of printers and using them to send unsolicited messages must be illegal. But some have put forward that since these printers are accessible to the public, advertising a usable service, and imposing no authentication limits, it might fall into a legal gray area. One could make the case that connecting to an open printer isn’t much different than connecting to a public web server.

As TheHackerGiraffe didn’t do anything that would normally run afoul of laws like the Computer Fraud and Abuse Act in the United States (such as collecting data, knowingly damaging systems, or extorting victims) it’s not immediately clear if the laws on the books are really prepared to deal with this particular threat. Of course things are complicated by the fact that the targeted printers are presumably located all over the world, potentially putting them under varying hacking laws. In some countries, simply connecting to a network you know you aren’t supposed to have access to is illegal, even if you don’t cause any damage.

Ironically, the most applicable law on the books (at least in the US) may be 2005’s Junk Fax Prevention amendment to the Telephone Consumer Protection Act which prohibits, among other things, sending unsolicited faxes. The comparison here seems pretty clear: a fax machine waiting for an incoming transmission is fairly analogous to an unsecured printer on the Internet. A future amendment that also extends these protections to Internet connected printers seems something of a forgone conclusion at this point.

Where We Go From Here

For better or for worse, everyone in the world now knows how easy it is to force unwanted prints down the throats of hundreds of thousands of printers. Whatever TheHackerGiraffe’s actual goal was is really inconsequential at this point, the end result is the same. A security researcher by the name of Simon Smith has already launched PrinterAdvertising.com, which promises to develop their own in-house framework for pushing advertisements to printers all over the world if there’s commercial interest. Assuming it actually goes live, it’s not hard to imagine how such a system could easily be abused.

Just like the recent controversy over Internet-connected Octoprint servers potentially allowing malicious use of 3D printers demonstrated, the best course of action for protecting 2D printers seems to be the same: keep them off the Internet to begin with. The reality is that the vast majority of these printers were never meant to be accessed outside of their local network, but thanks to sloppy routing and incorrectly configured firewalls, they somehow managed to get on the wider Internet.

If this event accomplishes anything, beyond making sure PewDiePie continues to rake in that sweet YouTube money, hopefully it will lead to a reduction of erroneously configured printers and greater understanding of the inherent risks of the “Internet of Things”. But if history is any indication this likely won’t be the last time somebody spreads their message, innocent or otherwise, via those lowly network printers collecting dust in offices all over the globe.

[Main image from the film Office Space]

Posted in advertisement, Current Events, Featured, internet of things, IPP, JetDirect, LPD, network security, peripherals hacks, PRET, printer, python, security hacks, spam | Leave a comment

5G Cellphone’s Location Privacy Broken Before It’s Even Implemented

Although hard to believe in the age of cheap IMSI-catchers, “subscriber location privacy” is supposed to be protected by mobile phone protocols. The Authentication and Key Agreement (AKA) protocol provides location privacy for 3G, 4G, and 5G connections, and it’s been broken at a basic enough level that three successive generations of a technology have had some of their secrets laid bare in one fell swoop.

When 3G was developed, long ago now, spoofing cell towers was expensive and difficult enough that the phone’s International Mobile Subscriber Identity (IMSI) was transmitted unencrypted. For 5G, a more secure version based on a asymmetric encryption and a challenge-reponse protocol that uses sequential numbers (SQNs) to prevent replay attacks. This hack against the AKA protocol sidesteps the IMSI, which remains encrypted and secure under 5G, and tracks you using the SQN.

The vulnerability exploits the AKA’s use of XOR to learn something about the SQN by repeating a challenge. Since the SQNs increment by one each time you use the phone, the authors can assume that if they see an SQN higher than a previous one by a reasonable number when you re-attach to their rogue cell tower, that it’s the same phone again. Since the SQNs are 48-bit numbers, their guess is very likely to be correct. What’s more, the difference in the SQN will reveal something about your phone usage while you’re away from the evil cell.

A sign of the times, the authors propose that this exploit could be used by repressive governments to track journalists, or by advertisers to better target ads. Which of these two dystopian nightmares is worse is left as comment fodder. Either way, it looks like 5G networks aren’t going to provide the location privacy that they promise.

Via [The Register]

Header image: MOs810 [CC BY-SA 4.0].

Posted in 3g, 4g, 5g, cellular phone, encryption, mobile phone, news, phone hacks | Leave a comment

Hacking Your Way to a Custom TV Boot Screen

More and more companies are offering ways for customers to personalize their products, realizing that the increase in production cost will be more than made up for by the additional sales you’ll net by offering a bespoke product. It’s great for us as consumers, but unfortunately we’ve still got a ways to go before this attitude permeates all corners of the industry.

[Keegan Ryan] recently purchased a TV and wanted to replace its stock boot screen logo with something of his own concoction, but sadly the set offered no official way to make this happen. So naturally he decided to crack the thing open and do it the hard way The resulting write-up is a fascinating step by step account of the trials and tribulations that ultimately got him his coveted custom boot screen, and just might be enough to get you to take a screw driver to your own flat panel at home.

The TV [Keegan] brought was from a brand called SCEPTRE, but as a security researcher for NCC Group he thought it would be a fun spin to change the boot splash to say SPECTRE in honor of the infamous x86 microarchitecture attack. Practically speaking it meant just changing around two letters, but [Keegan] would still need to figure out where the image is stored, how it’s stored, and write a modified version to the TV without letting the magic smoke escape. Luckily the TV wasn’t a “smart” model, so he figured there wouldn’t be much in the way of security to keep him from poking around.

He starts by taking the TV apart and studying the main PCB. After identifying the principle components, he deduces where the device’s firmware must be stored: an 8 MB SPI flash chip from Macronix. He connects a logic analyzer up to the chip, and sure enough sees that the first few kilobytes are being read on startup. Confident in his assessment, he uses his hot air rework station to lift the chip off the board so that he can dive into its contents.

With the help of the trusty Bus Pirate, [Keegan] is able to pull the chip’s contents and verify its integrity by reading a few human-readable strings from it. Using the binwalk tool he’s able to identify a JPEG image within the firmware file, and by feeding its offset to dd, pull it out so he can view it. As hoped, it’s the full screen SCEPTRE logo. A few minutes in GIMP, and he’s ready to merge the modified image with the firmware and write it back to the chip.

He boots the TV back up and finds…nothing changed. A check of the datasheet for the SPI flash chip shows there are some protection bits used to prevent modifying particular regions of the chip. So after some modifications to the Bus Pirate script and another write, he boots the TV and hopes for the best. Finally he sees the object of his affection pop up on the big screen, a subtle change that reminds him every time the TV starts about the power of reverse engineering.

Posted in Binwalk, bus pirate, dd, firmware, hardware, home entertainment hacks, Spectre, spi | Leave a comment

A Scratch-Built Forgotten Classic Of The Early PC Age

All the retrocomputer love for Commodore machines seems to fall on the C64 and Amiga, with a little sprinkling left over for the VIC-20. Those machines were truly wonderful, but what about the Commodore machine that paved their way? What about the machine that was one of the first to be gobbled up in the late 1970s by school districts eager to convert a broom closet into the new “computer lab”?

The PET 2001 might be a little hard to fall in love with given its all-in-one monitor, cassette recorder, and horrible chiclet keyboard, but some still hold a torch for it. [Glen] obviously felt strongly enough about the machine to build a PET from current production parts, and the results are pretty neat. When trying to recreate a 40-year old machine from scratch, some concessions must be made, of course. The case doesn’t attempt to replicate the all-in-one design, and the original keyboard was mercifully replaced by a standard PS/2 keyboard. But other than that the architecture is faithfully replicated using new production 65xx chips and 74HCT family logic chips. [Glen] had to jump through some hoops to get there, but as the video below shows, the finished machine plays a decent game of Space Invaders.

We’ve seen a PET brought back from the grave by FPGA and a C64 emulated on a Raspberry Pi, but going back to basics and building this from scratch was a fitting homage to an important machine in PC history.

Posted in 6502, basic, CBM, commodore, Personal Electronic Transactor, PET 2001, retrocomputing | Leave a comment

Eyes On The Prize Of Glucose Monitoring

People with diabetes have to monitor their blood regularly, and this should not be a shock to anyone, but unless you are in the trenches you may not have an appreciation for exactly what that entails and how awful it can be. To give a quick idea, some diabetics risk entering a coma or shock because drawing blood is painful or impractical at the moment. The holy grail of current research is to create a continuous monitor which doesn’t break the skin and can be used at home. Unaided monitoring is also needed to control automatic insulin pumps.

Alphabet, the parent company of Google, gave up where Noviosense, a Netherlands company owned by [Dr. Christopher Wilson], may gain some footing. Instead of contact lenses which can alter the flow of fluids across the eye, Noviosense places their sensor below the lower eyelid. Fluids here flow regardless of emotion or pain, so the readings correspond to the current glucose level. Traditionally, glucose levels are taken through blood or interstitial fluid, aka tissue fluid. Blood readings are the most accurate but the interstitial fluid is solid enough to gauge the need for insulin injection, and the initial trial under the eyelid showed readings on par with the interstitial measurements.

Hackers are not taking diabetes lying down, some are developing their own insulin and others are building an electronic pancreas.

Via IEEE Spectrum.

Posted in diabetes, eye, glucose, medical, Medical hacks, monitor, tears, type 1, Type 2 | Leave a comment