Connect with us

Hackaday Columns

New Part Day: The RISC-V Lichee-RV Module And Dock



Sipeed have actually been hectic leveraging growths in the RISC-V sector, with a fascinating, inexpensive component they call theLichee RV It is based around the Aliwinner D1 SoC (which consists of a Pingtou Xuantie C906 for those adhering to Chinese RISC-V cpu growth) with assistance for an optional NAND filesystem. This little board utilizes a set of side adapters, comparable to the Raspberry Pi CM3 type element, other than it’s based around a set M. 2 adapters rather. The component has USB-C, an SPI LCD user interface, in addition to a TF card outlet on-board, with the staying user interfaces supplied on the large side adapter.

<< img data-attachment-id="" 514282" data-permalink=""" data-orig-file="" data-orig-size="" 511,287" data-comments-opened=" 1" data-image-meta="" {" aperture":" 0"," debt":""" "," video camera":""," inscription ":""," created_timestamp":"""0""," copyright""":"""," focal_length":""0""," iso"":""""0"," shutter_speed""":"""0"," title"""":"""," positioning":"""0""}"."""data-image-title=" D1-4" data-image-description"=""""

” data-image-caption=”” data-medium-file=”” “data-large-file=”″ loading=” careless” course=” wp-image-514282 size-medium” alt=”” size=” 400″ elevation=” 225″ srcset=” 511w,,140 250w,,225 400w” dimensions=”( max-width: 400px) 100vw, 400px”/ >

The minimal Allwinner D1-based Lichee Recreational Vehicle

To make sure that brings us onto the following Sipeed board, the Lichee Recreational Vehicle Dock which is a little growth board for the component. This bursts out the HDMI, includes USB, a WiFi/Bluetooth component, audio motorist, microphone range user interface as well as also a 40-way GPIO adapter. Whatever you require to construct your very own ingrained cloud-connected gadget.(* )Very early adopters are cautious, however, Linux assistance is still in the onset of growth, obviously with Debian presently one of the most functional. We have actually not examined one ourselves yet, however it does resemble rather beneficial for those jobs with a little spending plan as well as not needing the power-hungry multi-core efficiency of a Raspberry Pi or matchings.

We have actually seen the Sipeed MAix M1 AI Component organized on a Pi Hat a number of years back, in addition to a NES emulator operating on the Sipeed K210. The future for RISC-V is looking respectable if you ask us!

Many Thanks

for the suggestion![Maarten]

Continue Reading
Click to comment

Leave a Reply

Hackaday Columns

Hackaday Podcast 152: 555 Timer Extravaganza, EMF Chip Glitching 3 Ways, A Magnetic Mechanical Keyboard, And The Best Tricorder Ever




Sign Up With Hackaday Editor-in-Chief Elliot Williams as well as Handling Editor Tom Nardi as they bring you up to speed up on the very best tales as well as tasks from the week. There’s some rather unfavorable information for the physical media fanatics in the target market, yet if you’re specifically crazy about half a century old incorporated circuits, you’ll like becoming aware of the champions of the 555 Timer Competition. We’ll have a look at a vocal singing circuit sculpture powered by the ESP32, proclaim the merits of 3D published buttons, comply with one cyberpunk’s desire for constructing the utmost Celebrity Trip tricorder prop, as well as attempt to cover our heads around exactly how digital gadgets can be shaken right into entry. Remain throughout as we take a close consider some phenomenal cases concerning ferreting out virus, as well as cover points up by questioning why everybody is attempting to drive up until now.

Have a look at the web links listed below if you wish to comply with along, and also as constantly, inform us what you think of this episode in the remarks!

Direct Download (65 MEGABYTES)

Episode 152 Program Notes:

Information Today:

What’s that Noise?

Fascinating Hacks of the Week:

Quick Hacks:

  • Elliot’s Picks:
  • Tom’s Picks:

Can Not- Miss Articles:


Continue Reading

Hackaday Columns

This Week In Security: NetUSB, HTTP.sys, And 2013’s CVE Is Back




Allow’s picture a worst instance scenario for house routers. It would certainly need to begin with a port inadvertently available to the net, preferably in a preferred brand name, like Netgear. For enjoyable, allow’s claim it’s really a third-party bit component, that remains in numerous router brand names. This component would certainly after that require an unimportant susceptability, claim an integer overflow on the barrier dimension for inbound packages. This imperfection would certainly imply that the inbound information would certainly create past completion of the barrier, overwriting whatever bit information exists. Thus far, this specifically explains the NetUSB flaw, CVE-2021-45608.

Due to the fact that red groups do not obtain their every desire, there is a catch. While the overflow is extremely very easy to carry out, there isn’t much shake space on where the information obtains composed. There’s no remote code implementation Evidence of Principle (PoC) yet, and also [Max Van Amerongen], that uncovered the imperfection, claims it would certainly be hard yet possibly possible to carry out. Every one of this stated, it’s a great concept to examine your router for open ports, specifically non-standard port numbers. If you have a USB port on your router, look for updates.

Windows HTTP.sys Issue

A serious problem has been announced in Windows Web Server 2019 and also Windows 10, with some variations prone in their default setups. The issue remains in exactly how Windows deals with HTTP Trailer packets, which include additional details at the end of regular HTTP transfers. There is a PoC available that shows a collision. It shows up that an extra details leakage susceptability would certainly need to be incorporated with this one to generate a real make use of. This appears to be a various take on CVE-2021-31166, basically manipulating the exact same weak point, and also functioning around the insufficient solution. This concern was taken care of in the January spot collection for Windows, so make certain you’re covered.

The Listing of Embarassment

The United States Cybersecurity & & Facilities Protection Firm, CISA, preserves a running list of vulnerabilities that have actually been discovered in operation in-the-wild. That’s a fascinating listing to maintain tabs on, as there are some shocks there, like CVE-2013-3900. That truly is an insect from 2013 that isactively being used in a malware campaign It’s a defect in Microsoft’s data finalizing regimens that permits additional code to be infused right into an authorized dll without invalidating the trademark. While a repair was launched back in 2013, it was later on transformed to an optional solution, as a result of effects to genuine software application.

Jenkins Protection Advisory

The Jenkins task has published a list of vulnerabilities, and also spots for a lot of them. Amongst the unpatched susceptabilities, one attracts attention as a prospective issue. CVE-2022-23118 is a defect in the Debian Plan Home builder Plugin that permits an opponent to run approximate git regulates on the underlying host. It’s unclear specifically just how much control over the Jenkins procedure is required to make use of this, yet one can picture a rogue Debian maintainer utilizing this to jeopardize the Debian develop system.

New Devices To Beat Lockout

[TheTechromancer], scientist at Black Light Safety and security, misses out on the great old days of password splashing. For the inexperienced, this describes taking a checklist of well-known accounts and also a handful of negative passwords, like Password1!, and also attempting each negative password for every account. Much like the birthday celebration mystery, you’ll obtain even more suits than anticipated. This success has actually been its very own downfall, being just one of the chauffeurs in the promote multi-factor verification. The various other protective device disrupting password splashing is what [TheTechromancer] calls Smart Lockout– basically a consent system observing way too many demands from a solitary IP, and also obstructing that IP for some time.

What I’m attempting to claim is that we’re irritated. And also when cyberpunks are irritated, they create code.

This brings about the brand-new open resource devices,TREVORproxy and TREVORspray TREVORproxy is a device to spread out those demands out over numerous resources, and also it does that with 2 functioning settings. The very first is SSH tunneling. Lease a couple of AWS hosts with public IPs, and also established your SSH qualifications per host. Feed that right into TREVORproxy, and also it lots equilibriums the strike in between those hosts. The various other strategy calls for IPv6 assistance by the target solution. Lease a solution that can provide you an IPv6 subnet, and also run TREVORproxy there, educating it concerning the subnet. It will certainly stabilize demands throughout the whole subnet’s IP area. Get a/ 64 IPv6 subnet, and also you have 18 quintillion addresses to spray from.

Created to function along-side is TREVORspray, a password sprayer enhanced for similarity, beating wise lockout, and also MFA bypasses where feasible. It additionally consists of a -- spy setting, determining the fascinating logons related to a domain. The basic cautions use, these are effective devices, and also just to be made use of with approval, or versus targets with pest bounty programs that license such activities.

10 Notches on NCC Team’s Safety and security Weapon

While most definitely a White Hat safety company, NCC Team runs greater than its reasonable share of red-team workouts, and also has actually shared10 of its wins against development pipelines These tales vary from the insignificant, like a complicated Jenkins plugin setup that permitted any individual to access the admin UI, to an additional where collapsing an advancement pipe revealed growth variables, consisting of account qualifications. This is among the great sort of leading 10 listings online, take a min to check out it.

You Data Source Is Leaking

If you are running Safari, that is. Researchers at FingerprintJS discovered an issue with Safari’s IndexedDB implementation, locating that the listing of data source names was pollable from any kind of internet browser tab. This does not seem like a trouble, til you understand that when a website produces a data source, it offers it a distinct name that recognizes the website, and also perhaps even the individual. Head to, specifically if you’re running the Safari internet browser, and also allow us recognize what you discover. Since the moment of creating, this concern has actually been taken care of in launch prospects from Apple, yet not presented to everybody.

Little Bits and also Bytes

Finding malware on an equipment, simply by aiming an antenna at it, and also grinding the EMF statistics with a Raspberry Pi? It seemed as well great to be real, yet Tom sucked it up and also explored the tale. His verdict? I will not ruin it for you, take a look at his item!

It’s an additionaltale from Project Zero, this time about Zoom There was fairly a procedure obtaining a toehold right into Zoom’s interior information framework, yet a 5 years of age Android plan was inadvertently launched with debugging signs. While this set really did not bring about a complete make use of chain, there were still susceptabilities discovered and also taken care of.

SSH is a superpower. Absolutely nothing really feels fairly like living in the matrix like SSHing right into an equipment lots of miles away, rerouting ports, and also making a link dancing to my song, leaping via the jumps. If you intend to comb up your SSH video game, note that The Cyber Plumber’s Handbook is now available for free on GitHub.

Both Oracle and also Cisco have actually revealed numerous safety concerns, with Oracle’s advisory containing a whopping 497 issues, and alsoCisco’s topped by a bug ranked 9.6 That is an unauthenticated opportunity acceleration in the Cisco Unified Call Facility Monitoring Website, permitting any individual admin accessibility to the site. Oops.

Continue Reading

555 timer

Congratulations Winners Of The 555 Timer Contest!




In some cases the very best motivation is constraint. The 555 timer does “one point”– contrasts a voltage to a pair limits and also outcomes a signal as necessary. It’s 2 comparators, a voltage ladder, and also a flip-flop. As well as yet, it’s one of the most marketed solitary chip of perpetuity, commemorating its 50th birthday celebration this year! So when Hackaday runs a 555 Timer Contest, cyberpunks of all red stripes bring out their ideal job to reveal their love for the Little DIP That Could.

The Victors

By far the favored entrance was the Giant 555 Timer by[Rudraksha Vegad] Each of our courts ranked it in the leading 5, and also it took leading honors two times. On its face, this is a straightforward “large 555 in a box” develop, however take a look under the hood. Each sub-module that comprises the 555– comparators, flip-flop, and also amplifier– are made from restored distinct components in real breadboard style, soldered to brass nails inculcated timber. As an output, it’s a great item of woodworking, however as a procedure of production, it’s a masterwork in recognizing the 555 at its inmost degree. We need to all make one!

The Menorah555 is a straightforward style with some extremely wonderful dress up its sleeve. Maybe the prettiest of which is drawing the main candle light out and also lighting the others with it– a technique that entails a supercapacitor and also reed buttons. Each of the candle light illumination circuits, nevertheless, make use of a 555 timer both for its designated objective of supplying a timed power-on reset pulse, and also an additional 555 is utilized as a straightforward flip-flop. It’s a glossy style, and also an excellent customer communication.

The Cyclotone Mechanical Punk Console Sequencer is a revolving tower of circuit sculpture and also noisemakers. This set looks fantastic, is extremely well recorded in the video clip collection, and also makes use of a billion creative little methods in the process. The 555’s duty? Each of the 4 degrees is the traditional Atari Punk Console circuit.

All 3 of these jobs win a $150 buying spree at Digi-Key. That’s a great deal of timers!

Hello There Globe!

You had one job– blink an LED with the 555. [Sami] made a PCB of an Audi e-tron for a leaving coworker. What can we state? The LEDs blink with 555s, and also the board looks snazzy.

Data Transfer Buster

Ends Up that you can make a4 MHz radio transmitter out of just two LMC555s (They’re the rapid ones.) Undoubtedly, the circuit’s just semiconductors are both 555s. One produces the service provider regularity, and also the various other just inverts the signal. Both of them in tandem kind a push-pull amplifier, for “optimum” power. 4 MHz with a 555 oscillator isn’t negative!


Among the strangest hacks, hands-down, is theAccordeonator It’s constructed of a CD drive, and also drawing the CD sled in and also out transforms the drive electric motor, which is utilized as a generator to power the entire circuit. 7 switches attach up timing resistors to the 555, that makes the songs. Really amazing!

Should Not Have Made Use Of a 555

If there are times when you should have, there must likewise be times when you should not, right? For example, you most likely should not make use of 555s as stepper electric motor chauffeurs, or as counters, in thisleaping-frog LED sculpture A 555 most definitely does not have the specific temporal resolution needed to glitch an STM8’s read-only protection bit, right? Absolutely you would not bit-bang the DMX512 serial protocol or make a serial ADC with a 555? As well as if you should not make use of a 555, does it count if you turn an ATTiny85 into a drop-in replacement?

This classification really did not dissatisfy, and also we’re not amazed. Inform Hackaday viewers what they can not do, and also they’ll do it!

Art for Art’s Purpose

Ultimately, our courts actually suched as CS 555, a completely circuit-sculpture distinct 555, and also the Spirit of the ’62 Rambler Nixie Clock which stimulates an old cars and truck’s dashboard as if driven by a macabre pressure. Naturally it’s a 555.

WTF Honor

We truthfully really did not understand that we required a respectable reference classification for making your very own 20-pin 555-timer based silicon, however obviously we did. [Adrian Freed] has a pair of new 555-based IC designs that consist of various other functions on-chip: one with 8 outcome barriers and also a counter, and also an additional with the intestines of a linear-feedback change register inside. His trial instance? Blinking a bunch of LEDs, normally. We would certainly like to see even more information concerning this task in the future.

… and also Even More

Congratulations to all participants in the competition! You need to actually take a while to surf all of the entries, and also not simply those that reverberated most with us. Since that recognizes, you may simply locate on your own stranded on a desert island, with just a dog crate of 555s available, and also require to rebuild contemporary culture.

Many Thanks once again to our enroller Digi-Key for the rewards and also the assistance!

Continue Reading


%d bloggers like this: