It sounds like something out of a sci-fi or horror movie: people suffering from complete locked-in state (CLIS) have lost all motor control, but their brains are otherwise functioning normally. This can result from spinal cord injuries or anyotrophic lateral sclerosis (ALS). Patients who are only partially locked in can often blink to signal yes or no. CLIS patients don’t even have this option. So researchers are trying to literally read their minds.
Neuroelectrical technologies, like the EEG, haven’t been successful so far, so the scientists took another tack: using near-infrared light to detect the oxygenation of blood in the forehead. The results are promising, but we’re not there yet. The system detected answers correctly during training sessions about 70% of the time, where the upper bound for random chance is around 65% — varying from trial to trial. This may not seem overwhelmingly significant, but repeating the question many times can help improve confidence in the answer, and these are people with no means of communicating with the outside world. Anything is better than nothing?
It’s noteworthy that the blood oxygen curves over time vary significantly from patient to patient, but seem roughly consistent within a single patient. Some people simply have patterns that are easier to read. You can see all the data in the paper.
They go into the methodology as well, which is not straightforward either. How would you design a test for a person who you can’t even tell if they are awake, for instance? They ask complementary questions (“Paris is the capital of France”, “Berlin is the capital of Germany”, “Paris is the capital of Germany”, and “Berlin is the capital of France”) to be absolutely sure they’re getting the classifications right.
It’s interesting science, and for a good cause: improving the quality of life for people who have lost all contact with their bodies. (Most of whom answered “yes” to the statement “I am happy.” Food for thought.)
Filed under: news
There are numerous examples of hardware which has latent features waiting to be unlocked by software. Most recently, we saw a Casio calculator which has the same features as its bigger sibling hidden within the firmware, only to be exposed by a buffer overflow bug (or the lead from a pencil if you prefer a hardware hack).
More famously, oscilloscopes have been notorious for having crippled features. The Rigol DS1052E was hugely popular on hacker benches because of it’s very approachable price tag. The model shipped with 50 MHz bandwidth but it was discovered that a simple hack turned it into the DS1102E 100 MHz scope. Tektronix has gotten in on this action as well, shipping modules like I2C, CAN, and LIN analyzation on the scope but requiring a hardware key to unlock (these were discovered to have a horribly insecure unlock method). Similar feature barriers are found on Rigol’s new reigning entry-level scope, the DS1054Z, which ships with protocol analyzation modules (among others) that are enabled only for the first 70 hours of scope operation, requiring an additional payment to unlock them. Most scope manufacturers are in on the game, and of course this is not limited to our tools. WiFi routers are another great example of hardware hosting firmware-unlockable features.
So, the question on my mind which I’d like to ask all of the Hackaday community is this: are unlockable features good for us, the people who use these tools? Let’s take a look at some of the background of these practices and then jump into a discussion in the comments.
First off, I think we can all agree on this: it is reasonable to reuse parts of a hardware design in many models. If you want to ship five models but only roll one circuit board it makes everything easier, from sourcing that board to stuffing and testing each unit since you have a universal spec for jigs and other processes. This happens all the time and often a PCB will have components populated for some models and not for others. I’ll come back to this in the coming sections.
Let’s walk through a few of the reasons a company might ship a product under multiple model numbers yet hosting similar features.Bottom Line and Getting Hardware to Those Who Need It
I’m going to call this the altruistic reason for this practice. Companies look for the biggest margin, and that is going to be high-end equipment where they can differentiate themselves from competitors and where businesses with purchasing power are the customer. The harware is recognized by those in industry as something they want to use. This hardware appears only on professional benches since the new hotness has a price tag that means you need a reason to have this scope before you’ll bite the bullet and buy one. But once you have those probes on your test board you’re glad to have it. For companies and contractors alike, purchasing a high-end scope makes sense. Better equipment that helps an engineer work faster or catch problems more easily pays for itself in billable hours and when it comes to manufacturing.
But look, there are a limited number of these customers. It’s wise to look beyond just the high end for several reasons, and so companies look to mid and low-tier models in the same family of products. So someone has the great idea to remove some options, silk screen a different number onto the front of the case, and market it as an entry level model of the gold standard scope.The Effect of an Entry Level Model
The price point made the DS1052E the first scope for a generation of hackers. [via Unboxing Video]There are several benefits to a lower-priced, entry-level model. Now, students, hobbyists, and the curious are able to get their hands on the hardware. From the company’s point of view this builds brand loyalty; the product works well and they like it. When these users get a larger budget (like getting hired as a hardware engineer) and want to upgrade they will think of this company first. The company also continues to sell the pro model at a higher price and make great margins while the companies still benefit from having great tools.
From the user point of view this unlocks faster prototyping, development, and troubleshooting. Doing and learning more in less time is a similar personal value as I mentioned before with the professional engineers.
Everyone wins, right?It’s Like an App Store
If you are feeling slighted by having hardware that needs a software purchase to unlock its utility, I direct your attention to smartphones. You purchase the hardware (let’s sidestep the unrelated issue of carrier-subsidized phones) and it comes with basic functions even though it’s capable of much more. You extend the capability by purchasing apps which do more with the same hardware.
The smartphone comparison still holds when you think of price. Simple features on an oscilloscope (for instance, protocol decoding) cost a lot more than an app on your phone. But when was the last time your oscilloscope software crashed? I hope the answer is never.
These devices are being used to design and test electronics in industry. Failure in a scope could ripple through the consumer market causing all kinds of mayhem and so oscilloscope manufacturers keep their walled garden immaculate. This type of rock-solid dependability costs more than an app that drains your battery due to a dodgy memory leak. And of course the market for smartphones is much larger than that for oscilloscopes which greatly affects pricing.The Marketing Department Made Us Do It
One thing should be abundantly clear: hardware developers don’t want to follow several parallel designs through to production. But the marketing department will insist on having several options in the line. It’s part of a concept called market segmentation which seeks to tailor products to carefully selected groupings of customers. I touched on the logic behind this earlier: engineers designing professionally need top-of-the-line tools and features and can afford to pay for them, hobbyists don’t have the same needs or the same pocketbook.Whenever I turn on my scope it tells me how much time I have left before these functions are crippled.
So, marketing wants to have a product that is like candy for any given segment, but as I said, the hardware development team won’t want to design wholly different hardware for each segment. The easiest thing to do is to design with all the bells and whistles and throw some of them overboard for the mid- and low-tier offerings. This is fairly painless to do with software. The Rigol DS1052E had all of the hardware to be a 100MHz scope but the firmware shipped with it was sampling the ADC at half speed for an artificial limitation of 50MHz. They could have redesigned a slower analog frontend, but that comes at a huge cost when changing the sample rate in firmware costs almost nothing (just a bit of software engineering time and testing).How We Feel About the Upsell
Where Rigol learned their lesson was with the DS1054Z, which ships with everything turned on for about 70 hours (55 for some of the functions) and then cripples those features when the timer runs out. This opens the door to upsell your entry level customers. The DS1032E never had a “purchase” option to enable the latent features… only a “hacking” option for that.
What’s interesting is the way I feel about this countdown timer. I’ve never actually used any of those functions in the last two years. But I feel like it’s a bit shady that they’re going to be taken away from me at some point. I equate it to buying a car you can drive to the mall for the first 70 hours of use. After that you can drive it anywhere you want as long as it’s not the mall. It’s still capable of going there but the software won’t let you do it without an upsell. If the scope had come with those already locked, my attitude would be that this is what I get for buying the entry-level model. Instead I feel like something’s being taken away. Human nature I guess.I’m Fence Sitting
And now I’d like to hear your opinion. I can’t figure out exactly how I feel about this. In my use case I don’t have a big need for the features that have been locked out. And I certainly wouldn’t have afforded a more expensive model; this one was a stretch for me (and it is my first scope).
Back when the LinkSys WRT54G was new and DD-WRT came out, I flashed the firmware which unlocked some features and I did actually use them. In that case I don’t feel like I slighted the company — after all I paid for the hardware in the first place and used an Open Source firmware to get more out of it.
What have your experiences been with hardware shipped with crippled or unlockable features? Is it good for the user by getting more hardware in the hands of the masses, or are we missing out with hardware that’s far more capable than it’s allowed to be?
Filed under: Ask Hackaday, Interest
In a previous episode of Hackaday, [Rich Olson] came up with a new no-etch circuit board fabrication method. And now, he’s put it to the test: building an nRF52 Bluetooth reference design, complete with video, embedded below.
The quick overview of [Rich]’s method: print out the circuit with a laser printer, bake a silver-containing glue onto the surface, repeat a few times to get thick traces, glue the paper to a substrate, and use low-temperature solder to put parts together. A potential drawback is the non-negligible resistance for the traces, but a lot of the time that doesn’t matter and the nRF52 reference design proves it.
The one problem here may be the trace antenna. [Rich] reports that it sends out a weaker-than-expected signal. Any RF design folks want to speculate wildly about the cause?
We are split on the issue of DIY PCB fab here at Hackaday Headquarters. Some of us are able to get results out of simple toner transfer and etching that push the limitations of a 1200 DPI laser printer, with practice and calibration. Others of us simply ship the work out, which certainly makes economic sense these days. Don’t get us started on CNC routing, photo-resist etching, and whatever else. Now along comes [Rich] with his method that we want to try out! It’s a miracle we have any time to write.
Filed under: misc hacks
It is incredibly interesting how many parts of a computer system are capable of leaking data in ways that is hard to imagine. Part of securing highly sensitive locations involves securing the computers and networks used in those facilities in order to prevent this. These IT security policies and practices have been evolving and tightening through the years, as malicious actors increasingly target vital infrastructure.
Sometimes, when implementing strong security measures on a vital computer system, a technique called air-gapping is used. Air-gapping is a measure or set of measures to ensure a secure computer is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Sometimes it’s just ensuring the computer is off the Internet. But it may mean completely isolating for the computer: removing WiFi cards, cameras, microphones, speakers, CD-ROM drives, USB ports, or whatever can be used to exchange data. In this article I will dive into air-gapped computers, air-gap covert channels, and how attackers might be able to exfiltrate information from such isolated systems.
Many techniques presented here (but not all) would require a previous breach to have already compromised the isolated machine (usually installing some kind of malware in the process). This may have happened via a social engineering attack, an inside job, an undercover special operation or whatever James Bond scenario you have in mind, it’s not important for the current article scope. Although the malware delivery mechanism makes for an interesting problem and discussion, the scope of this article is on how to exfiltrate data after the breach (if a breach was, in fact, needed).What is an Air-Gap Covert Channel?
An air-gap covert channel could be defined as any unintentional channel that is used to transmit and/or receive data between systems that are physically isolated and, by policy, not authorized to communicate with one another, in which air-gapping measures were taken at the emitter, receiver or both. Unintentional means that the channel was not originally designed to be used as a data channel, for example, the modem LEDs. Although there might me some additional software (malware) needed at the target system to make a particular covert channel viable, there is no additional hardware installed on such systems. In some cases there might be, however, specific hardware at the attacker’s end.
That being said, there are also ways so remotely monitor a system without any previous intervention. It has been shown in the past that it is possible to monitor the radiation emitted by a CRT monitor and even LCDs. Some of you might have heard of this form of computer surveillance, usually referred a Van Eck phreaking or as TEMPEST (although TEMPEST is a lot broader than just this form of surveillance). It’s possible to listen to computer keyboards, each key emits a slightly different noise when pressed so it’s possible to log key strokes without actually requiring logging software. Even the high frequency noise emitted by a CPU can include information about the instructions being executed.
There is a wide range of air-gap covert channels and one way to naturally organize them is by the physical channel that they use to achieve their goals. Currently researchers have been able to implement such channels using different mediums, such as:
- Physical Media
For the sake of the explanation, I will refer to using a channel as passive when there is no modification on the emitter/target side whatsoever and the receiver/attacker is essentially doing remote sniffing of a resource. In contrast, I will use the term active when there is the need for some kind of software to be running at the emitter/receiver, usually via a previous attack.Physical Media
Spreading malware via physical media is old news. In a not so distant past, floppy disks were pretty much how viruses spread, when computer users exchanged pirated games important information. The CD-ROM slowed down and almost killed that phenomenon but the USB drives brought it back again.
Stuxnet, Fanny and Gauss, are a family of computer worms that bridge the air-gap using USB drives as a carrier to send/receive requests to and from the operator via a hidden storage area created in raw FAT structure. Whenever the USB drive is connected to an infected computer that has an Internet connection, it connects to a C&C server and deploys additional components and commands to the hidden storage. When it get inserted back into an air-gapped system, it runs the commands and gathers intelligence again.Acoustic
When it comes to acoustic covert channels, a lot of research has been done. There are probably two reasons for this: a computer (the emitter) makes or can be driven to make sounds in several different ways and the receiver is usually a normal microphone.Passive acoustic
This guy is very inconspicuous
[Source: EndoAcustica Parabolic Mic]Computers make noise, a lot of noise. Printers make noise, keyboards make noise, the mouse, the cooling fans, even the capacitors on the motherboard emit ultrasonic noise. In 2004, Dmitri Asonov and Rakesh Agrawal used a neural network to analyse the sound produced by computer keyboards and keypads used on telephones and automated teller machines (ATMs) to recognize the keys being pressed.
Also in 2004, Adi Shamir, Eran Tromer and Daniel Genkin demonstrated that its possible to conduct timing attacks against a CPU performing cryptographic operations by analysing from ultrasonic noise emanating from capacitors and inductors on computer motherboards and implemented a successful attack on RSA on laptop running GnuPG.Active acoustic
A malware dubbed BadBios was reportedly uncovered by security consultant Dragos Ruiu in 2010, which used high-pitched sounds inaudible to the human ear in order to communicate. The existence of this malware is disputed, but the alleged method of communications is feasible.
In 2013, Michael Hanspach and Michael Goetz used the computer speakers and microphones to construct a covert channel utilizing audio modulation/demodulation on the near ultrasonic frequency range (17kHz-20kHz) and demonstrated how a covert acoustical mesh network can be conceived via ultrasonic audio communications. Fansmitter is a malware that can acoustically exfiltrate data from air-gapped computers, even when audio hardware and speakers are not present, because it utilizes the noise emitted from the CPU and chassis fans. DiskFiltration is another software that is able to exfiltrate data but it uses acoustic signals emitted from the hard drive by manipulating the movements of the hard drive actuator, using seek operations so that it moves in specific ways, generating sound.Light
Light can also be used for data exfiltration. The usual light emitting device on a computer (a.k.a. the monitor) can be the immediate choice but there are others, like the keyboard LEDs. Other equipment that have LEDs or displays might also be used for the purpose of implementing this kind of covert channels, such as printers or modems. On the input side, light reading sensors from smartphones or even scanners have been used to demonstrate how to send data to a compromised device.Passive light
In 2002, M.G. Kuhn, et al., proved it was possible to reconstruct the CRT screen’s contents analysing the light intensity of the displays diffuse reflection off a wall. This is possible because the light intensity of the last few thousand pixels drawn by a CRT leaked a low-pass filtered version of the video signal. LCDs were not vulnerable to this particular attack but Backes, et al., showed that the contents of liquid crystal display (LCD) screens could also be reconstructed by analysing diffuse reflections off objects in the environment (e.g., teapots, eyeglasses,bottles, spoons, and a wine glass). With telescopic lenses, it was shown to work from 30 meters away.
Again in 2002, J. Loughry and D. A. Umphress demonstrated that the LED status indicators on data communication equipment are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Many different sorts of devices, including modems and routers, were found to be vulnerable. It is possible for an eavesdropper that can measure the LEDs light intensity to infer the information being sent/received through these devices.Active light Blinking Scroll Lock
Hasan, et al., shown that is is possible for a mobile phone’s ambient light sensor (ALS; used for auto-brightness and other features) to register changes in light emitted by screens (LCD/TV) and proved that a low bit-rate exfiltration channel could be implemented with the screen as the emitter (e.x. a laptop screen) and a mobile phone with ALS present in many smartphones nowadays as a receiver.
J. Loughry and D. A. Umphress implemented software that transmits ASCII data by modulating the Caps Lock LED with serial data at 50 bits/s. They show that at a high enough rate, a regular user would not notice the blinking LED. Transmissions using infrared (IR) light were also researched at some point, but interest was lost since most modern computers no longer include IR hardware.
At the Black Hat Europe conference in 2014, Adi Shamir, Yuval Elovici and Moti Guri showed how a malware infected computer on an air-gapped network could receive and send attack commands through a multi-function printer’s scanner that the computer is connected to. To transmit data, an attacker would need to shine light, visible or IR, into the room where the scanner is and while a scan is in progress. The slightly different shades of white in the scanned document represent the binary code for the issued command.Seismic
Seismic or vibrational communication is a process of exchanging information through mechanical vibrations. Under certain conditions, it’s possible to induce vibration through a computer speaker. Almost all phones and smartphones have the ability to produce seismic waves using the vibrator.Passive seismic
Marquardt, et al., were able to demonstrate a side-channel attack to reconstruct the keystrokes typed on a keyboard located in close proximity (a couple of inches maximum) to an accelerometer-equipped cell phone. The keystrokes were detected using only the vibration and not the sound of the key being pressed.
At CanSecWest in 2009, researchers showed how they used a laser pointed at the back of a laptop to infer keystrokes. The keystrokes would cause the laptop to vibrate which they could detect with the laser listening device and then use techniques similar to those in speech recognition to determine what sentences were being typed.Active seismic
Hasan, et al., devised a way to explore the low-frequency sounds from the speakers to induce vibrations in the surroundings. Note that this is not using sound per-se as a medium (although sound is a mechanical wave) but using sound to make something vibrate. The vibrations could then be picked up by an accelerometer. Systems with subwoofers make this even easier as they are able to produce louder, low-frequency sounds which result in stronger vibrations.
Deshotels demonstrated that Android devices, in contact with one another, could communicate using vibration signals lasting as little as 1 ms and the vibrations would be imperceptible to humans. Halevi and Saxena demonstrated that the mobile phone’s vibrations produced an acoustic signal which could be picked up by a regular microphone from up to three feet away, a mix between seismic and acoustic channels.Magnetic Digital compass app
It’s hard to find a smartphone these days that doesn’t have a compass. A chip with magnetometer capabilities is responsible for measuring the magnetic field and detecting the position of magnetic north. But it’s a sensor like any other we’ve seen, with a little imagination this too can be abused as a communication channel.
Hasan, et al. explored the hypothesis of a malware receiving commands via a magnetometer (for example, an electronic compass app). The signals to transmit to the device are modulated using a custom built electro-magnet to induce changes in the detected magnetic field of the magnetometer. They managed to prove error-free communication was possible over a distance of 3.5 inches, but a greater distance is likely possible with a stronger electromagnet. In any case, there are challenges in achieving large distances since a magnetic field’s strength is inversely proportional to the cube of the distance from the source.Thermal Thermal imaging
All electronic devices generate excess heat and require thermal management to improve reliability and prevent premature failure. Computers are no exception. This is usually done with fans and we’ve already seen how they can be abused to provide an exfiltration channel. Changes in temperature are shown to be an effective, albeit painfully slow, data channel.
Mirsky, et al., demonstrated how an Internet-connected air-conditioning system could be remotely controlled by an attacker to send commands to malware on an air-gapped system using a one way thermal covert channel. Mordechai Guri, Matan Monitz, Yisroel Mirski, Yuval Elovici created BitWhisper, a software able to bridge the air-gap between adjacent compromised computers (up to 40cm) by using their heat emissions and built-in thermal sensors to create a covert bidirectional communication channel (up to 8 bits per hour).Electromagnetic
Maybe the most known covert channel is via radio-frequency (RF) and because of that it’s likely to be the most researched. Bell Labs originally noted this vulnerability back in WWII when Bell Telephone provided the military an encryption device called a 131-B2. They had one working in their laboratories when, by accident, someone noticed that each time the machine stepped, a spike would appear on an oscilloscope in a distant part of the lab. They studied these spikes more carefully and found out that they could read the plain text of the message being ciphered by the machine. This was probably one source of inspiration for the TEMPEST program.
Side-band electromagnetic radiation emissions are present in pretty much all electronic equipment, especially if it is unshielded.Passive RF
The popular Van Eck phreaking, named after Dutch computer researcher Wim van Eck who publish a paper about it back in 1985, allows an eavesdropper to clone a CRT monitor’s contents by remotely detecting its electromagnetic (EM) emissions. In an unshielded CRT monitor tests were successfully conducted from a distance of 1km as well as a distance of 200m for a shielded monitor. Furthermore, in 2005 Kuhn demonstrated that LCD screens are also vulnerable to a similar attack.
Wireless keyboard sniffing is widely known but wired keyboard sniffing… not so much. Martin Vuagnoux and Sylvain Pasini demonstrated that the electromagnetic emanations from wired USB and PS/2 keyboards could be recorded and keystrokes decoded from up to 5m distance. The same guys that showed how they used a laser pointed at the back of a laptop to record motion and recover keys also devised a way to sniff characters from a PS/2 keyboard by monitoring the ground line in an outlet 50 feet away. Last year a team of researchers, including Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer, managed to monitor the EM leakage of a laptop on a specific frequency while the laptop was decrypting a ciphertext using elliptic curve encryption (ECC). The signal contained information about the operands used in the ECC operation, enough to recover the secret key.Active RF
The video card leaks a lot of EM emissions and it turns out it can be manipulated to transmit in chosen frequencies. AirHopper is a software that turns a computer’s video card into an FM transmitter, which can be captured by a standard FM radio, even the ones that are built into a smartphone. William Entriken created a System Bus Radio — a C library that can make a computer emit radio waves even if the device doesn’t include any radio transmission hardware.
In 2015, Mordechai Guri, Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky and Yuval Elovici managed to exfiltrate data from a computer over GSM by invoking specific memory-related instructions and utilizing the multi-channel memory architecture to amplify the transmission up to 30m. They used a basic low-end mobile phone with GSM network with modified firmware to receive the data. Last year, Mordechai Guri, Matan Monitz, Yuval Elovici disclosed a paper showing how a software can intentionally generate controlled electromagnetic emissions from the data bus of a USB 2.0/3.0 connector that can be detected with a SDR dongle.Other Channels
The topic of air-gap covert channels is just fascinating. It keeps showing that sometimes reality can be even more interesting than a spy movie plot, with all those impossible gadgets. It speaks to the very essence of what hacking is all about, when you put together a seeming impossible problem, an incredible dose of imagination, and out of the box thinking to break and bend the rules and reach a working solution. To question everything, to accept no boundaries or limitations and to have an holistic view on what a system is and not what you’re told the system is, might very well be the key to finding other channels or methods to bridge the air-gap.
This article was not meant to feed the reader’s paranoia. Your computer can still be safe, just don’t go and plug the USB pen you found in the parking lot into your underground, acoustically isolated, randomly refrigerated, magnetic shielded, Faraday caged, turned off computer…Resources:
Filed under: Engineering, Featured, security hacks, slider
Has work been a little stressful this week, are things getting you down? Spare a thought for an unnamed sysadmin at the GitHub-alike startup GitLab, who early yesterday performed a deletion task on a PostgreSQL database in response to some problems they were having in the wake of an attack by spammers. Unfortunately due to a command line error he ran the deletion on one of the databases behind the company’s main service, forcing it to be taken down. By the time the deletion was stopped, only 4.5 Gb of the 300 Gb trove of data remained.
Reading their log of the incident the scale of the disaster unfolds, and we can’t help wincing at the phrase “out of 5 backup/replication techniques deployed none are working reliably or set up in the first place“. In the end they were able to restore most of the data from a staging server, but at the cost of a lost six hours of issues and merge requests. Fortunately for them their git repositories were not affected.
For 707 GitLab users then there has been a small amount of lost data, the entire web service was down for a while, and the incident has gained them more publicity in a day than their marketing department could have achieved in a year. The post-mortem document makes for a fascinating read, and will probably leave more than one reader nervously thinking about the integrity of whichever services they are responsible for. We have to hand it to them for being so open about it all and for admitting a failure of their whole company for its backup failures rather than heaping blame on one employee. In many companies it would all have been swept under the carpet. We suspect that GitLab’s data will be shepherded with much more care henceforth.
We trust an increasing amount of our assets to online providers these days, and this tale highlights some of the hazards inherent in placing absolute trust in them. GitLab had moved from a cloud provider to their own data centre, though whether or not this incident would have been any less harmful wherever it was hosted is up for debate. Perhaps it’s a timely reminder to us all: keep your own backups, and most importantly: test them to ensure they work.
Thanks [Jack Laidlaw] for the tip.
Rack server image: Trique303 [CC BY-SA 4.0], via Wikimedia Commons.
Filed under: Fail of the Week, news
The Amazon Dash button is now in its second hardware revision, and in a talk at the 33rd Chaos Communications Congress, [Hunz] not only tears it apart and illuminates the differences with the first version, but he also manages to reverse engineer it enough to get his own code running. This opens up a whole raft of possibilities that go beyond the simple “intercept the IP traffic” style hacks that we’ve seen.
Just getting into the Dash is a bit of work, so buy two: one to cut apart and locate the parts that you have to avoid next time. Once you get in, everything is tiny! There are a lot of 0201 SMD parts. Hidden underneath a plastic blob (acetone!) is an Atmel ATSAMG55, a 120 MHz ARM Cortex-M4 with FPU, and a beefy CPU all around. There is also a 2.4 GHz radio with a built-in IP stack that handles all the WiFi, with built-in TLS support. Other parts include a boost voltage converter, a BTLE chipset, an LED, a microphone, and some SPI flash.
The strangest part of the device is the sleep mode. The voltage regulator is turned on by user button press and held on using a GPIO pin on the CPU. Once the microcontroller lets go of the power supply, all power is off until the button is pressed again. It’s hard to use any less power when sleeping. Even so, the microcontroller monitors the battery voltage and presumably phones home when it gets low.
[Hunz] looked at the communication stream, finding HTTP data over SPI between the microcontroller and the WiFi radio chip, and TLS-encrypted HTTPS from there on out. So he soldered in an FPGA to man-in-the-middle attack the hardware, making a beautiful hacker’s development kit out of the $5 gadget.
The old Dash buttons had SWD debugging enabled and a serial console, and the new firmware has it disabled except for a few commands, so it’s not easy to dump. So [Hunz] desoldered the SPI flash and read it externally. That gave him the firmware, minus the bootloader and some configuration storage. Next came a great trick: he wrote the same firmware to a fresh SAMG55, and the firmware worked. The chip he flashed it to had SWD debugging running, however, so he was able to work in a much more friendly environment with developer console and everything. (Brilliant!)
With a firmware dump and a running version of the system under debugging, he eventually found a hole in the audio configuration protocol — which is used to configure the device through an audio file played into the microphone like an updated version of an old-school modem. The input in the audio protocol, unfortunately for Amazon, wasn’t checked for length. Buffer overflow and a complete flash dump ensue. The video of him hacking the button with an earbud is classic.
Amazon will patch this hole sometime soon, of course, but they can’t do so if the button can’t connect to their servers. [Hunz] has said he’s not going to work on it much more, but here’s his GitHub. Have at it!
Filed under: cons, Microcontrollers, slider
Teleknitting, the brainchild of Moscow artist [vtol], is an interesting project. On one hand, it doesn’t knit anything that is useful in a traditional sense, but on the other, it attempts the complex task of deconstructing broadcasted media into a simpler form of information transmission.
Teleknitting’s three main components are the processing and display block — made up of the antenna, Android tablet, and speaker — the dyeing machine with its ink, sponges, actuators, and Arduino Uno, and the rotating platform for the sacrificial object. A program running on the tablet analyzes the received signal and — as displayed on its screen — gradually halves the number of pixels in the image until there is only one left with a basic representation of the picture’s colour. From there, thread passes over five sponges which dye it the appropriate colour, with an armature that responds to the broadcast’s volume directing where the thread will bind the object.
Functionally, Teleknitting receives TV signals and converts them into a one-dimensional thread that slowly ensnares a chosen object. [vtol]’s aim is to reinterpret the data we have beaming all around us into a different medium entirely — a different kind of data stream, if you will. Teleknitting is perhaps a compelling suggestion that we are — literally — far too wrapped up in the media that surrounds us 24/7 and that sometimes we need to slow down or reduce the amount of data we take in that isn’t useful.
If you’re looking for some more practical knitting hacks, we’ve featured a few knitting projects on Hackaday before — such as this open-source knitting machine, or how to interface with one in order to have it make pixel art.
Filed under: Uncategorized
Christmas light displays winking and flashing in sync to music are a surefire way to rack up views on YouTube and annoy your neighbours. Inspired by one such video, [Akshay James] set up his own display and catalogued the process in this handy tutorial to get you started on your own for the next holiday season.
[James], using the digital audio workstation Studio One, took the MIDI data for the song ‘Carol of the Bells’ and used that as the light controller data for the project’s Arduino brain. Studio One sends out the song’s MIDI data, handled via the Hairless MIDI to serial bridge, to the Arduino which in turn sets the corresponding bit to on or off. That gets passed along to three 74HC595 shift registers — and their three respective relay boards — which finally trigger the relay for the string of lights.
From there, it’s a matter of wiring up the Arduino shift register boards, relays, and connecting the lights. Oh, and be sure to mount a speaker outdoors so passers-by can enjoy the music:
Be sure to set up a secondary power source for the relays, as drawing the power from the Arduino is likely to cause big problems. If your preferred digital audio workstation doesn’t have a virtual MIDI instrument, [James] used loopMIDI for the desired effect. He has also provided the code he used to save you some trouble if you’re building this during an invariably hectic holiday season.
Of course, you could always plug your lights into an IoT power bar and have fun that way.
Filed under: Arduino Hacks, Holiday Hacks
A proper soldering iron is one of the fundamental tools that a good hacker needs. Preferably one that has a temperature control so it can handle different types of solder and connectors.
Decent soldering stations aren’t cheap, but [Code and Solder] show you how to make one for about $15 in parts. This uses a cheap non-temperature-controlled USB soldering iron, an Arduino and a few other bits that they got from AliExpress. The plan is to add a thermocouple to the soldering iron, and let the Arduino control the temperature. A rotary dial and LCD screen control the set-point, and the Arduino switches the feed to the heating element on and off through the FET.
It’s not the cleanest build in the world, and these USB soldering irons aren’t suitable for large joints or long soldering jobs, but it’s a neat little hack for the builder on a budget. We’ve seen teardowns of these rather neat little USB soldering irons before, but this is an interesting way to expand its capabilities.
Filed under: tool hacks
One of the standout talks at the 33rd Chaos Communications Congress concerned pseudo-random-number generators (PRNGs). [Vladimir Klebanov] (right) and [Felix Dörre] (left) provided a framework for making sure that PRNGs are doing what they should. Along the way, they discovered a flaw in Libgcrypt/GNUPG, which they got fixed. Woot.
Cryptographically secure random numbers actually matter, a lot. If you’re old enough to remember the Debian OpenSSL debacle of 2008, essentially every Internet service was backdoorable due to bad random numbers. So they matter. [Vladimir] makes the case that writing good random number generators is very, very hard. Consequently, it’s very important that their output be tested very, very well.
So how can we test them? [Vladimir] warns against our first instinct, running a statistical test suite like DIEHARD. He points out (correctly) that running any algorithm through a good enough hash function will pass statistical tests, but that doesn’t mean it’s good for cryptography.
Instead, there are two ways to test a PRNG. First, if you’re using a standard function and have a set of reference seeds and outputs, check them. At least you’ll verify that your code is doing what it should. Secondly, and more generally, you want to make sure that the algorithm isn’t losing entropy — PRNGs don’t create randomness, so the best they can do is not lose it.
Here are some things you can check. If a part of the seed doesn’t influence the output, or if two seeds produce the same output, or equivalently if there are fewer possible outputs than seeds, the algorithm is losing entropy. If you can run through an arbitrarily large number of seeds and outputs, you could possibly brute-force this test (hopefully before the universe dies its inevitable heat death).
Or you could do it analytically. They test six PRNG implementations using the CBMC and Minisat static analysis tools to test for these requirements. Doing so caught all of the problems that they were expecting, and one that they didn’t. Using their “entroposcope”, they trace the loss of entropy through the flow of the program, find the bug, and save the day.
This isn’t a beginners talk on cryptographic PRNGs, but it’s a darn good one. PRNGs that look random, and pass statistical tests, can still lose entropy. As the pair pointed out in the question and answer, the only way to be sure within a reasonable amount of time is to dig through the code and verify that it’s not. The implication of this is that the only secure PRNG is an open-source PRNG. But you knew that already, right?
Filed under: cons, security hacks
Here’s a blast from the past, or future, reminiscent of the self-lacing shoes from Back to the Future Part II. [Vimal Patel] made his own self-lacing shoe using LEGO “bolted” to the shoe’s sole. We think these are cooler than the movie version since we get to see the mechanism in action, urging it on as the motor gets loaded down pulling the laces for that last little bit of tightness.
The electronics are all LEGO’s Power Functions parts. A Dremel was used to make holes in the soles to hot glue LEGO pieces for four attachment points. The attachment points are permanent but the rest can be easily removed. In case you want to look them up or make your own, he’s using the using the 8878 rechargeable LiPo battery box, the 88003 L-motor, the 8884 IR receiver, and the 8885 IR remote control. That’s right, these shoes are laced up under command of an IR remote control, well, provided the battery box is powered on. There’s a 1:24 worm gear reduction to get the needed torque.
This was a quick build for [Patel], done over two afternoons. He initially tried with the winding axle behind the heel but that didn’t work well so he moved the axle adjacent to the laces instead, which works great as you can see in the video after the break.
The isn’t as true to the look of BttF as the powerlace hack we saw seven years ago but we think it does a better job of snugging up the laces. [Patel] has been featured here before with his LEGO water strider robot that reminds us of those insects you see skittering across the surface of ponds. He also made a LEGO attachment for a hot glue gun for extruding biodegradable filament.
Filed under: wearable hacks
In the days before semiconductor diodes, transistors, or even vacuum tubes, mechanical means were used for doing many of the same things. But there’s still plenty of fun to be had in using those mechanical means today, as [Manuel] did recently with his relay computer. This post is a walk through some circuits that used those mechanical solutions before the invention of the more electronic and less mechanical means came along.Coherer Morse Code Receiver
The circuit shown below is a fun one, especially if you’ve played with crystal radios. It receives Morse code that’s transmitted as bursts of radio waves at a specific frequency. The transmission back then was done using a spark gap transmitter. A dot is a short period of transmission at that frequency and a dash is a longer period of transmission. In between the dots and dashes, nothing is transmitted. This circuit decodes those dots and dashes and records them as indents tapped onto a paper tape. A dot results in one, or only a few indents, and a dash results in more indents. The tape is moved at a constant rate, and so the dots and dashes are spaced out by lengths of tape with no indents.
Across the top is the antenna. The wire descending from the antenna goes to the parallel LC resonant circuit consisting of a coil and a variable capacitor, CV. Together they tune in to the desired frequency. To the right and in parallel with that are coherer A and relay R.
The coherer is a tube consisting of two electrodes with metal filings between them. By applying the radio frequency across the electrodes, the filings cling together, actually forming tiny micro-welds between the granules, which makes the coherer conduct. In this way it functions as a radio frequency detector.
Prior to the coherer becoming conductive, the circuit path that includes the coherer and the relay is either open-circuit or the coherer’s resistance is too high to allow the relay to become energized by the battery that’s to the right of it. But once the coherer becomes conductive, the relay becomes energized and closes its switch.
That switch activates the circuit that consists of the two solenoids F, the solenoid E and a battery along the wire between E and F. That causes solenoid E to become energized and to attract the slug of metal on the arm that pivots at O, pushing the right side of the arm upward and tapping an indent into the tape.
Once the mark is made, solenoid E is remains energized, somehow it has to become de-energized. That won’t happen as long as the coherer is conductive, and that’s where solenoids F play a part.
When relay R closes its switch, energizing solenoid E, it also energizes solenoids F. Solenoids F attract arm B (the “tapper”) downward. That results in two things happening. Part of the circuit goes through a point halfway along arm B, and when it moves downward, contact is broken at that point. The circuit is opened, de-energizing all solenoids, and releasing the marker arm, which is pulled back down by spring r.
The other thing that happens when arm B is attracted downward is that the ball on the leftmost end of arm B taps on the coherer, breaking up the iron filings and returning the coherer to a low or non-conductive state. That also causes relay R to open its switch. So even though arm B relaxes back upward when solenoids F are de-energized, closing the circuit there again, the fact that relay R at the same time opens its switch means the circuit remains open. Needless to say, getting the timing of the two lever arms and the relay just right to make a small dot requires some adjustment.
But we’re not done yet. If a dash is being transmitted then the radio frequency is still being received and the coherer immediately becomes conductive again and the whole process repeats for another tap on the tape. Looking at old tapes, it seems that a dot also causes multiple taps, just not as many as a dash. Any Morse hand knows that a dash is three times longer than a dot. Now you know why.
[Ashish Derhgawen] made both a spark gap transmitter and a receiving circuit much like the above one, complete with a coherer tapping mechanism. But instead of writing the message on a tape, he sends it to a BeagleBone board for interpreting and displaying as English text on a monitor: a fully acceptable modern compromise.Using A Bell Instead
This next electromechanical circuit is a variation of the previous one and was used by Alexander Stepanovich Popov for detecting approaching lightning storms.
Lightning emits electromagnetic waves of various frequencies. Some of those frequencies, when picked up by the antenna A, cause the filings in the coherer C to cling, making the coherer conductive. That closes the circuit C-L-V-R-L. Doing so energizes the relay R which attracts the arm just above it, closing the contact attached to that arm. That energizes the circuit that includes relay E. And doing that pulls up on the arm that taps the ball against the bell, ringing it.
But when the bell ringing arm is pulled up, it disconnects the arm from contact with that circuit, turning the circuit off. The bell ringing arm falls back down and has enough looseness for the ball to tap the coherer, turning off the C-L-V-R-L circuit too. So in this case the bell ringing ball serves double-duty as a tapper arm.
Why, you might ask, are the two chokes L needed? They’re present because there’s radio frequency noise from the relay contacts. That noise would make the filings in the coherer become conductive. The chokes prevent that noise from getting back to the coherer.
And a bigger question you might ask is why use two relays? Why not have just one as in this modified version? It looks like it would work. The reason Popov added the second relay was that the coherer couldn’t provide enough current to ring the bell itself. So the additional relay allows a circuit that’s independent of the coherer — a sort of mechanical amplifier.
Notice that the diagram shows the use of U-shaped electromagnets for the relays. Presumably that’s to take advantage of both ends of the magnetic field induced in the core. Once I thought about this I realized it was probably why the Morse code receiving circuit above uses two solenoids at F, something I was scratching my head over. The base that they sit on is likely iron, and counts as part of the core, and the way the solenoids are wound likely results in a north pole facing upward for one and a south for the other. The two solenoids and the base likely form the equivalent of a U-shaped electromagnet.Adding A Siphon Chart Recorder
The photo shown here is one of Popov’s machines for ringing a bell when there’s a lightning strike, but it also records the strikes on a chart recorder. We don’t have a circuit for his specific chart recorder but that lead us to look deeper and find a diagram for an old, obsolete electromechanical siphon recorder that looked interesting enough to talk about.
The driving mechanism is a moving coil, like the ones found in analog meters. The coil is suspended between the poles of two magnets. As current moves through the coil it creates a magnetic field that reacts with that from the magnets, causing the coil to rotate a little in the vertical axis. The amount of rotation is proportional to the amount of current.
The coil is attached via threads to a rectangular object that’s mounted such that it’s also free to rotate a little in the vertical axis. As the coil rotates, those threads cause the rectangle to rotate too. A tube is attached to that rectangle, one end of which is in an inkwell, and the other end of which is lower down and faces a moving strip of tape. As ink is deposited on the tape, more ink is siphoned from the inkwell.Endstop
And so that’s a fun romp through some old electromechanical circuits. We’d love to hear some of your favorite electromechanisms, or electroanachronisms, and especially any that you’ve either replicated or come up with yourself.
Filed under: Curated, Featured, History
This Friday at 5pm PST, [Sprite_tm] will be leading a Hack Chat talking about the ESP32.
[Sprite_tm] should require no introduction, but we’re going to do it anyway. He’s can install Linux on a hard drive. He can play video games on his keyboard. He built the world’s tiniest Game Boy, and gave the greatest talk I’ve ever seen. Right now, [Sprite] is in China working on the guts of the ESP32, the next great WiFi and Bluetooth uberchip.
[Sprite] recently packed his bags and headed over to Espressif, creators of the ESP32. He’s one of the main devs over there, and he’s up to his neck in the varied and weird peripherals contained in this chip. His job includes porting NES emulators to a WiFi-enabled microcontroller. If you want to learn about the latest and greatest microcontroller, this is the guy you want to talk to, and he’s taking all questions.
Note that we usually do these things earlier in the day but this week we start rolling at 5 PM Pacific Friday to help match up with [Sprite’s] timezone. You can figure out when this event will happen with this handy time and date converter.Here’s How To Take Part: Buttons to join the project and enter the Hack Chat
Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. Log into hackaday.io, visit that page, and look for the ‘Join this Project’ Button. Once you’re part of the project, the button will change to ‘Team Messaging’, which takes you directly to the Hack Chat.
You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.And Tindie Too
In addition to [Sprite]’s Hack Chat on Friday, we’re going to have a Tindie Chat in the Tindie Dog Park on Friday at noon, Pacific time. You can figure out when that’ll be in your local time by following this link.
In the Tindie Chat, we’re going to be talking about all the aspects of selling hardware on Tindie. This is a phenomenal community that keeps on growing, and right now there’s some really, really cool hardware being offered up from makers and creators around the world.Upcoming Hack Chats
We have a few more Hack Chats on the books. On February 10th, we’ll be talking RF with [Jenny List]. Sparkfun will be around for a Hack Chat on February 17th. If stats are your thing, we’ll have a chat on the ins and outs of R in a few weeks.
Filed under: Hackaday Columns
Most of our readers are already going to be familiar with how electromagnets work — a current is induced (usually with a coil) in a ferrous core, and that current aligns the magnetic domains present in the core. Normally those domains are aligned randomly in such a way that no cumulative force is generated. But, when the electric field created by the coil aligns them a net force is created, and the core becomes a magnet.
As you’d expect, this is an extremely useful concept, and electromagnets are used in everything from electric motors, to particle accelerators, to Beats by Dre headphones. Another use that you’re probably familiar with from your high school physics class is levitation. When two magnets are oriented with the same pole towards each other, they repel instead of attract. The same principle applies to electromagnets, so that an object can be levitated using good ol’ electricity.
That, however, isn’t the only way to levitate something using magnets. As shown in the video below, permanent magnets can be used to induce a current in conductive material, which in turn exerts a magnetic field. The permanent magnets induce that current simply by moving — in this case on rotors spun by electric motors. If the conductive material is placed below the magnets (like in the video), it will push back and you’ve got levitation.
While the setup shown in the video is just a prototype designed to demonstrate this principle, the potential is there for a similar system to be used in Maglev trains. This prototype is capable of lifting itself (more than 100lbs), and seems to be able to hold much more. There are plenty of other methods of levitation out there, some more practical than others, but this one definitely stands out — and the video does a great job of explaining exactly how it works.
Filed under: transportation hacks
When we build an electronic project in 2016, the chances are that the active components will be integrated circuits containing an extremely large amount of functionality in a small space. Where once we might have used an op-amp or two, a 555 timer, or a logic gate, it’s ever more common to use a microcontroller or even an IC that though it presents an analog face to the world does all its internal work in the digital domain.Making A Transistor Radio, 2nd edition cover. Fair use, via Internet Archive.
There was a time when active components such as tubes or transistors were likely to be significantly expensive, and integrated circuits, if they even existed, were out of the reach of most constructors. In those days people still used electronics to do a lot of the same jobs we do today, but they relied on extremely clever circuitry rather than the brute force of a do-anything super-component. It was not uncommon to see circuits with only a few transistors or tubes that exploited all the capabilities of the devices to deliver something well beyond that which you might expect.
One of the first electronic projects I worked on was just such a circuit. It came courtesy of a children’s book, one of the Ladybird series that will be familiar to British people of a Certain Age: [George Dobbs, G3RJV]’s Making A Transistor Radio. This book built the reader up through a series of steps to a fully-functional 3-transistor Medium Wave (AM) radio with a small loudspeaker.
Two of the transistors formed the project’s audio amplifier, leaving the radio part to just one device. How on earth could a single transistor form the heart of a radio receiver with enough sensitivity and selectivity to be useful, you ask? The answer lies in an extremely clever circuit: the regenerative detector. A small amount of positive feedback is applied to an amplifier that has a tuned circuit in its path, and the effect is to both increase its gain and narrow its bandwidth. It’s still not the highest performance receiver in the world, but it’s astoundingly simple and in the early years of the 20th century it offered a huge improvement over the much simpler tuned radio frequency (TRF) receivers that were the order of the day.
Armstrong’s regenerative receiver circuit. Chetvorno [CC0], via Wikimedia Commons.The basic regenerative receiver was patented in 1914 by the prolific inventor Edwin Armstrong, who you may also have heard of as the inventor of frequency modulation (FM). Armstrong’s original circuit applied its positive feedback through a small winding in series with the anode of this triode valve, coupled to the input tuned circuit. In use the coupling was adjusted until just before the point at which the circuit began to oscillate, at which point it was in its regenerative high gain and selectivity mode. A further refinement was the so-called super-regenerative receiver, in which the feedback was increased beyond the point of oscillation, but repeatedly “quenched” by an ultrasonic frequency turning on and off the regenerative detector.
The simplicity of a regenerative receiver did not come without problems though. The coupling adjustment became a small variable capacitor in later designs, and this could be found as a regeneration control on the front panel of a typical receiver. At every retune to a different station this would require readjustment for best performance, resulting in tuning a regenerative radio becoming something of a black art. In addition, if poorly adjusted they could sometimes oscillate and become transmitters in their own right. When the more complex but superior superhetrodyne receivers (another Armstrong invention) arrived around a decade later the popularity of regenerative receivers went into decline, and they had almost entirely disappeared by the end of the 1930s. Today they survive in niches such as amateur radio, toy walkie-talkies, toy electronics kits, and unexpectedly in very cheap UHF remote control modules.The receiver section of my 4m (70MHz) G3XBM transceiver. On the left: J310 RF amp, centre: J310 regenerative receiver, right: 2N3904 audio amp.
It is this last application that points to one of the regenerative detector’s useful features. While most regenerative receivers are designed for AM broadcasts, the principle works at almost any frequency. It is possible to simply construct receivers using the principle that extend well into the UHF spectrum, and though they aren’t the best receivers on the block they can surprise you with their performance. [Roger Lapthorn, G3XBM] for example has published simple designs for a range of transceivers for the VHF bands with regenerative receivers, including the rather minimalist 2 metre (144MHz) “Fredbox”.
The regenerative receiver may not be the most advanced receiver ever conceived, and it certainly isn’t the most sensitive. But it’s one of those circuits that everyone should consider trying once, for its simplicity and ingenuity, and because it delivers results for relatively little effort. Go on, have one on your bench!
[Header image 1920s regenerative receiver, Charles William Taussig [Public domain], via Wikimedia Commons]
Filed under: Featured, History, radio hacks
This may be a controversial statement, but Nixie tubes have become a little passé in our community. Along comes another clock project, and oh look! It’s got Nixie tubes instead of 7-segment displays or an LCD. There was a time when this rediscovered archaic component was cool, but face it folks, it’s been done to death. Or has it?
So given a disaffection with the ubiquity of Nixies you might think that no Nixie project could rekindle that excitement. That might have been true, until the videos below the break came our way. [Tobias Bartusch] has made his own Nixie tube, and instead of numerals it contains a 3D model of [Darth Vader], complete with moving light saber. Suddenly the world of Nixies is interesting again.
The first video below the break shows us the tube in action. We see [Vader] from all angles, and his light saber. Below that is the second video which is a detailed story of the build. Be warned though, this is one that’s rather long.
The model is made by carefully shaping and spot welding Kanthal wire into the sculpture, a process during which (as [Tobias] says) you need to think like neon plasma. It is then encased in a cage-like structure which forms its other electrode. He takes us through the process of creating the glass envelope, in which the wire assembly is placed. The result is a slightly wireframe but very recognisable [Vader], and a unique tube.
Thanks [Itay Ramot] for the tip.
Filed under: parts, slider
Everyone knows accordions are cool — they look fly, make neat noises, and get your romantic interests all hot and bothered. What isn’t cool is being relegated to acoustics only. How are you going to play a packed stadium or lay down a crystal clear track like that? You could go out and buy an electric accordion, but even low-end models carry a hefty price tag. But, this is Hackaday, and you know we’re going to be telling you about someone who found a better way.
That better way, shown in a build by [Brendan Vavra], was to take an acoustic accordion and convert it to MIDI. The base for his build was a decent full-size acoustic accordion purchased on eBay for just $150. Overall, it was in good mechanical condition, but some of the reeds were out of tune or not working at all. Luckily, that didn’t matter, since he wouldn’t be using them anyway. Don’t be fooled in the demo video below; it sounds like he’s playing the acoustic according but notice he’s not pumping those bellows! However, the bellows isn’t useless either since it can feed data back as a MIDI input.
[Brendan’s] build plan called for an Arduino Mega to be tied to a series of photo-interrupters that would detect button pushes and fire MIDI signals. But, first he had to take the thing apart — no small task, given the complexity of the instrument. The accordion has 120 buttons, and they’re not interchangeable, which means he had to carefully keep track of them as they were disassembled.
Remarkably, he accomplished this without any major hurdles (just a lot of time). The photo-interrupters were installed, and all of the electronics were tucked in nicely inside the body of the accordion. To start, [Brendan] had this wired to his computer with a USB cable from the Arduino in order to prove the concept. After that worked, he upgraded the setup with Bluetooth to transmit the signals, and even added a barometric pressure sensor that allows him to use the bellows for expression and volume changes. Although we’ve seen elaborate MIDI builds before, this might just take the cake for complexity in a small package. Oh, and just sheer coolness.
Filed under: musical hacks
Our Norwegian is pretty weak, so we struggled a little bit with the documentation for a big public LED art project in the lighthouse (translated) in Horten, Norway. But we do speak the universal language of blinkies, and this project has got them: 3,008 WS2812b LEDs ring the windows at the top of the lighthouse and create reactive patterns depending on the wave height and proximity of the ferry that docks there.
This seems to be an evolving project, with more features being added slowly over time. We love the idea of searching for the WiFi access point on the ferry to tell when it’s coming in to port, and the wave height sensor should also prove interesting data, with trends at the low-frequency tidal rate as well as higher frequency single waves that come in every few seconds. What other inputs are available? How many are too many?
It’s so cool that a group of tech-minded art hackers could get access to a big building like this. Great job, [Jan] and [Rasmus] and [everyone else]!
Filed under: led hacks
The eternal enemy of [James Puderer]’s pockets is anything that isn’t his smartphone. When the apartment building he resides in added a garage door, the forces of evil gained another ally in the form of a garage door opener. So, he dealt with the insult by rigging up a Raspberry Pi to act as a relay between the opener and his phone.
The crux of the setup is Firebase Cloud Messaging (FCM) — a Google service that allows messages to be sent to devices that generally have dynamic IP addresses, as well as the capacity to send messages upstream, in this case from [Puderer]’s cell phone to his Raspberry Pi. After whipping up an app — functionally a button widget — that sends the command to open the door over FCM, he set up the Pi in a storage locker near the garage door and was able to fish a cable with both ethernet and power to it. A script running on the Pi triggers the garage door opener when it receives the FCM message and — presto — open sesame.
Why not try Bluetooth or a simple WiFi connection? As it turns out, the former was impossible due to distance, while the latter meant leaving his Raspberry Pi on an open network — not a comfortable option. As [Puderer] notes, this is an alternative method to get some of your devices at home onto the Internet of Things while avoiding some of its security pitfalls.
With Internet of Things devices cropping up everywhere, it’s not surprising they can even take the shape of trash cans.
Filed under: home hacks, Raspberry Pi
If you want to create a large display with a matrix of LEDs, it’s a relatively straightforward process. Thanks to addressable LED tape and microcontrollers it becomes more of a software issue than one of hardware. [Vincent Deconinck] had some inexpensive WS2812 strips, so he sliced into an inexpensive IKEA coffee table and mounted them in a grid beneath an acrylic sheet. Some work with Arduino Nanos and a Raspberry Pi later, and he had a very acceptable LED matrix table.
An attractive hack, you might say, and leave it at that. But he wasn’t satisfied enough to leave it there, and so to make something rather special he decided to add interactivity. With an infra-red emitter and receiver as part of each pixel, he was able to turn an LED table into an LED touchscreen, though to be slightly pedantic it’s not sensing touch as such.
The design of the IR sensors was not entirely straightforward though, because to ensure reliable detection and avoid illumination from the LED they had to be carefully mounted and enclosed in a tube. He also goes into some detail on the multiplexing circuitry he used to drive the whole array from more Arduinos and a GPIO expander.
The write-up for this project is a long one, but it’s well worth the read as the result is very impressive. There are several videos but we’ll show you the final one, the table playing touch screen Tetris.
Filed under: led hacks