Update (17 July 2020): This got featured on Hackaday and Hackster News!
Character LCDs have been around for a long time. These displays contain a number of discinct blocks — each capable of displaying a single character — so displaying scrolling text would traditionally involve just shifting characters left one block at a time. That’s fine and all, but why not try and raise the bar.. 😏
Most character displays utilise the Hitachi HD44780 controller chip, which has the neat feature of letting us define and use up to eight custom characters, each 5x8 pixels in size. Mine uses this chip, so I’ll be taking advantage of repeatedly rendering custom characters to pull off smooth scrolling text.
I connected an Arduino Leonardo to my salvaged display over its 4-bit interface, and got to work on the software side.
As we use an Arduino, the software written is in C++. Source code available at the end of the article.
We allocate memory for a canvas that will contain the raw pixel data for the message we want to display. We make use of a
5x7-pixel ASCII font, and for each ASCII character
in the message string, we place the corresponding character at the appropriate location on the canvas using the memcpy
function.
In order to display our canvas on the LCD, we define a function to generate display-ready custom characters by grabbing pixel data from appropriate locations on the canvas. For each frame of the scrolling process, we can simply increment the horizontal index of the location on the canvas by one, which results in the message on-screen scrolling left by one pixel. These custom characters are then pushed to the display, and prest — mooth-scrolling text!
There was a slight complication I glossed ove — he memory structure of custom characters differs to that of the font and canvas. The font and canvas use five
bytes to represent each character, with each byte representing one 7-pixel column (the most significant bit is ignored). The custom character format,
however, uses 8 byte — ach representing one row of the character. To solve this issue, we define a function transpose
which takes care of mapping
the canvas format to the custom character format.
The Arduino sketch is available here: SmoothScrollingText.ino.
It should run on most Arduino devices, but I have only tested it on an Arduino Leonardo. Be sure to modify the LCD pin setup for your hardware.
]]>Out of the 40 attendees, I was the only one traveling from South Africa, but I quickly met some fantastic folks and Google employees that made the workshop a blast!
We started the first day with a workshop on binary vulnerabilities, where we exploited buffer and stack overflows to do some magic like obtain root shells! (Un)fortunately, these attack vectors aren’t so easy to find and exploit these days, so we looked into using more modern attacks such as return-to-libc, as well as modern defences.
Day two involved a workshop on fuzzing, going over its history and playing with some early examples, and then writing some code that used libFuzzer to throw random data at programs to try and get them to exhibit some interesting behaviour (read: crashes!). Incredibly, it’s relatively easy to write a fuzzer to catch the Heartbleed bug, asserting the significance of fuzzing. As we were at Google, it was obligatory to speak about the VRP rewards on offer for finding vulnerabilities, and how fuzzing ties in nicely with the search.
We then had an additional workshop on Android application hacking, which involved interacting with Android devices via ADB, decompiling and disassembling APKs, and then reverse-engineering disassembled code to find some flags!
The init.g event was held at the same time as the onsite final round of the 2019 Google CTF, so we had the chance to watch some of the best teams in the world compete for big prizes and attend their awards ceremony. We were also able to try and defuse a fake bomb from the “Having a Blast” hardware CTF challenge — it blew up, sadly, but at least we live to tell the tale!
Other highlights include presentations from top bughunters that had taken part in the Vulnerability Reward Program, where they explained how some of their discoveries were made; we also got to do mock interviews with Google engineers where we worked on preparing for the real deal. I also had the chance to spend a bit of time with LiveOverflow and John Hammond, two YouTubers with a focus on information security and breaking things that I have a great deal of respect for — kudos!
The opportunity to attend these workshops and improve my skills was invaluable, and I was fortunate to meet some incredibly talented engineers and fellow attendees, and engage in many meaningful and thought-provoking discussions. I can’t thank the organisers enough for the experience!
]]>Lacking an Ethernet switch or router at my university flat, I decided to try connecting it directly via Ethernet to my Macbook Pro by using a Thunderbolt to Ethernet adapter — no special crossover cable needed! With fingers crossed, I plugged the camera directly into the adapter, and the Ethernet lights started blinking. “Great,” I thought, but alas nothing happened.
After some research and troubleshooting, I figured out how to get things working reliably. Here’s the steps:
Go to the Sharing pane in System Preferences, and head to the Internet Sharing service. From there, enable the Thunderbolt Ethernet option in the table (or whatever is most relevant if your setup is different) and then enable Internet Sharing, as shown below:
axis
(nothing should be showing up just yet).After a few seconds, a few entries should start showing up in the Console:
I censored my camera’s ID and MAC address, but we can see some interesting logs containing DHCP REQUEST
, etc., and an ACK
(meaning “Acknowledgement sent”), along with an IP address the Mac has allocated for the camera — in my case, 192.168.2.2
. We can now go ahead and visit that IP address in the browser, and things work perfectly!
Once things are all setup, Internet Sharing can be disabled — but you’ll have to re-enable it if you want to reconnect in the same manner. This should work for most other cameras and devices, and is a cool trick Macs (and presumably most other modern OSs) are capable of doing!
]]>After years of running Wordpress, I had grown frustrated with the bloated and high-maintenance nature of the CMS that it is. Keeping plugins updated and compatible required more time than it was worth, and writing posts became a chore with the constant vigilance required in ensuring correct formatting in its WYSIWYG editor. Change was necessary.
Static site generators such as Jekyll and Hugo are all the rage these days, primarily doing the same job as a regular CMS: taking a bunch of content and converting them into pretty web pages. However, unlike traditional CMSs, they do it all ahead of time: converting content written with Markdown into HTML files along with all the prerequisite assets, and packaging them up into a single distribution, ready to be served without the need for a database or dynamic execution (e.g. PHP).
I ended up going with Hugo over Jekyll due to speed and portability. Jekyll, being Ruby-based, requires a Ruby development environment and a large number of prerequisites for use, whilst Hugo is built in Go and statically compiled, making it extremely portable and quick to install and run.
The nicest aspect of the change has been the ease in writing posts. Using Markdown is a pleasure, and exponentially better than the WYSIWYG editor of yesterday.
Going forward, a greater degree of control and flexibility was well worth the time invested in migrating existing content and setting up and customising the site. I based the blog off of the beautiful startbootstrap-clean-blog theme, with modifications made for further requirements.
Ultimately, one should go with a CMS they feel most comfortable with in the long-term; Hugo meets all my needs now and in future, and I couldn’t be happier with the new setup.
]]>I came up with Node.js web app that allows LaTeX math equations to be entered and converted to PNG/JPG/SVG images.
For each conversion, Node.js starts an isolated Docker container with a LaTeX installation; it compiles the generated .tex
file and converts it to an SVG vector image. If required, the SVG file is then converted to a raster image format for PNG/JPG.
Bootstrap and jQuery are used in the web interface, with AJAX calls made to the conversion API endpoint.
It made sense to use Docker as, well, LaTeX is powerful. Reading and writing external files and executing terminal commands are possible, and easy to exploit.
The isolated Docker container started for each conversion is only able to access the local temp/<id>/
directory and has no network access.
Additionally, the compilation process will be killed after 5 seconds if not complete; this is to safeguard against infinite loops and other troublesome LaTeX quirks.
The app is up and running at latex2image.joeraut.com.
Several days of awesome work for the Main challenge included reverse-engineering applications such as a fake bank app with the goal of transferring money from other fake accounts into their own, inspecting executables and ridiculously obfuscated code, cracking RSA encryption from a partial key, using steganographic and forensic techniques to retrieve data from innocent looking images or files that appeared damaged, identifying rootkits in a memory dump, as well as many other Capture the Flag-like challenges. Additional challenges took place such as the Hash challenge which involved cracking as many passwords as possible from a dump of password hashes, and the Snowden challenge which involved social engineering!
A personal favourite challenge of mine within the Main challenge was titled “Manchester”; we were told some data would be encoded with Manchester encoding! A single file was provided with seemingly meaningless raw data, which turned out to be a raw data dump from an SDR (Software Defined Radio) system. Loading the raw data into GNURadio, throttling and sinking it to a Wav file and playing it back resulted in audible beeps of a particular frequency that sounded similar to Morse code (aha: Manchester encoding!) A script was whipped up to detect and convert the single-frequency beeps to a bitstream, and this was converted to ASCII text — Flag captured!
Out of eight teams in the finals, we came first place in the Main challenge! Congratulations to the other teams as well as those that won the separate hashing and Snowden challenges. All in all, it was a ton of fun with an awesome team and something I’d definitely do again. Bring it on, 2018!
]]>We designed a prototype of a notification system for a cold room refrigeration system to monitor temperature and door opening/closing events, which are sent over to the AWS cloud and logged. We planned to add a stepper motor to simulate our door among other features, but we didn’t have enough time; We had to just use a push button to toggle the door opening and closing.
Here’s a brief video of our setup, and some pics:
Update: Project featured on Hackaday!
I recently finished up on my Peltier Mini fridge project, and it works great! It can cool down whatever you want that’ll fit in it — six 330ml cans for example — and can get down to –2.1°C! Watch the video for a full description and how it works. I gotta say, it’s really cool, excuse the pun!
It is built using a Peltier Thermoelectric cooler module which is a ceramic plate but with many p and n-type semiconductors placed in series inside it. Here’s an image of one:
When powered, it acts as a heat pump where one side becomes extremely cold and the other extremely hot. To make use of the cooling a heatsink will need to be put on the hot side to dissipate the heat which is being removed from the “cold” side. When this is done, extremely cold temperatures can be reached. When running at 12V and 3.5A, I measured around –15°C on the bare side, although you could go colder with more heat dissipation on the hot side and a more powerful Peltier cooler module.
With the heatsinks mounted (be sure to use thermal paste!) and a suitable polystyrene enclosure chosen, everything fit together perfectly and worked great.
To control temperature a temperature controller was purchased from eBay, here is what it looks like installed:
It is powered by the 12V supply and the relay output switches the Peltier cooler module and fans, and can maintain the temperature quite well. Its thermistor probe is located inside the cool box for reading the temperature as seen here (the cylindrical probe on the left):
I powered it using a modified ATX power supply from an old computer, for the 12V output. The fridge draws around 3.5A when the Peltier module is on.
I would recommend a 12V power supply capable of supplying 5A of current, as it’s generally a bad idea to operate power supplies at near full capacity for long periods of time, so 5A is a good figure, these shouldn’t be too hard to find; I actually used a PC ATX Power Supply that I modified to give 12V output, found in any desktop computer or at computer stores. Instructions to modify. These can supply >10A — more than enough power for this project — in fact, one could actually run two or three Peltier coolers.
This project worked out great, although many Peltier fridge projects fail as they don’t end up reaching the desired temperature. A common problem is not having proper insulation or the enclosure being too big for the size of Peltier module they are using — don’t oversize your container.
Unfortunately this system is nowhere near as efficient as a standard refrigeration system with a compressor, etc., however it’s very cheap and easy to build, as well as near silent.
For me it gets the job done and it’s worked well on a camping trip already! A huge success.
]]>Around a month ago I purchased a Sipik SK68 LED flashlight clone on eBay, for a grand total of $4.04! Shipping took around three weeks which isn’t bad considering it was free, but when I started using it there was a rather annoying design flaw..
It is focusable and runs on one AA 1.5V battery, or one 14500 3.7V lithium battery. The brightness with a 14500 battery is around 300 lumens which is seriously bright. It’s a great deal for the price!
This flashlight has one very poorly engineered feature: its modes. It has three modes, Bright, Dim and Strobe, but to switch modes the light has to be turned off and back on again. This is a huge inconvenience when you switch it off in the Bright mode, as on the next power cycle it will be in Dim mode. You have to cycle modes to get it back to normal again. This frustrated me, and I had no need for the other modes anyway, only full brightness. Time for a fix!
I started by unscrewing the lens cap, revealing the Cree LED emitter and lens.
Next, the LED “pill” needs to be removed — this holds the driver and LED emitter. The focusing ring can rotate freely, but the LED pill (the silver aluminium part) is tight. Unscrew it by holding it to the focusing ring with pliers, and unscrew them both. The pill will unscrew, then just pull the pill out.
At the bottom of the pill there was a circuit board with markings JX2205
. I couldn’t find any valuable info about it online. Simply pop the circuit board out with a screwdriver.
The circuit board contains a boost converter — this boosts the voltage from, say, a 1.5V battery to the higher voltage needed by the LED. It also provides a constant current, which is required for all high-power LEDs.
After visually inspecting the board, I spotted two ICs (chips) which could have been the culprits.
One was a six legged IC labelled 601
, which turned out to be the boost converter driver chip. Nothing to see here.
The other one which I assumed was a transistor turned out to be our culprit. It had only 3 legs and was labelled 8133A
. After some Googling I found a schematic for it labelled “5W three function LED driver IC”:
The schematic shows that it includes a transistor between pin 1 (LX) and 3 (Ground) which switches the LED on and off. All we need to do to bypass it is to connect pins 1 and 3 together.
After checking the board, the whole outer ring acts as a Ground conductor, so we can simply solder on a jumper between pin 1 on the chip to the outer ground, as shown below by the arrow:
After a quick, messy soldering job, the jumper was in place:
Now all that needs to be done is to reassemble the housing, and you’ll hopefully be holding a sweet 1-mode flashlight! The driver in many Sipik SK68 flashlights and clones may vary from different batches / manufacturers, however if your driver uses this chip then the process should be the same. If not, just search the part numbers of the ICs until you find the culprit.
This project was a great success and makes this flashlight an even better buy in my opinion. Please let me know if you try this!
Disclaimer: If you attempt this, it’s at your own risk. If you break your flashlight I will not be held responsible. This will obviously void any warranty, so be careful and good luck!
]]>Character LCDs are displays that consist of many character “blocks”, and each block can display a letter, number, etc. A display controller in widespread use is the Hitachi HD44780 driver. I have talked about this in a previous post on reverse engineering a printer LCD.
HD44780-based character LCDs usually come in common sizes such as 16×2 (16 characters per line, two lines), 8×2, 20×2 20×4, using the 8-bit ASCII character set. Interestingly enough, the HD44780 chip allows up to 8 custom characters to be defined. These can contain any bitmap data, and can be updated as often as you like.
With this in mind, we can construct basic bitmap images for the display, with a resolution of 20×16 pixels if we have four custom characters per line, occupying two lines, 15×16 if we have three per line on two lines (two are still available but not used) or a 40×8 display if we put all eight on one line. However, there is a gap between each character so images will have gaps, and symmetry can get messed up if you don’t design it correctly.
I connected a standard 16×2 character LCD to my Arduino via a Proto Shield (excuse the messy wiring) and hacked together some code for the custom characters. I have created a very low-resolution version of the Hack a Day logo for their Trinket competition. The goal is to put their logo in interesting places. Nobody has done this before, so I figured it would be fun to try out.
Here’s the original image for a comparison:
My final logo ended up using six of the custom characters for a 15×16 pixel resolution (3×2 resolution in characters) as there are things in the centre which are split in the character gaps so four characters per line can’t work. I finally had to do it this way after too much trial and error using all 8 characters for a 20×16 resolution.
The Arduino sketch to draw the logo is available here.
I think the result turned out quite nicely considering the limitations of the display.
]]>