Monday, July 6, 2020

CircuitPython Game Development (PewPew M4)

Check out this open source CircuitPython game development platform based on the ARM M4 microcontroller. If you're looking to do some homebrew game development on a handheld platform, this is a great option.

In this video I give an overview of the hardware itself and show how the CircuitPython programming environment works on it along with some basic programming examples.

For more information check out the Hackaday page and the Makerfabs product info page.

Saturday, May 16, 2020

Raspberry Pi 4 Complete Guide

I've been a fan of Raspberry Pi since the original Pi 1 so it's always exciting for me to see how these boards evolve with each new model. The newest Raspberry Pi 4 is no exception and it certainly raises the bar for Single Board Computers.

While the older models were mostly only useful as educational boards or for DIY/maker projects, the Pi 4 finally packs a real punch in terms of performance. With a 64-bit quad core ARM processor and up to 4GB of ram, I expect these boards to end up in all kinds of applications, ranging from home media centers to actual home desktop use.

Whether you're just getting into Pi's or you're looking to upgrade from one of the older models, this guide is for you.


Part 1: Hardware

This video goes over the hardware of the Raspberry Pi itself as well as all of the additional peripheral hardware that you'll need to get started. Most of the parts (including the 4GB Pi 4) came from this CanaKit.



Part 2: Operating Systems

This video shows you how to install different operating systems on the Raspberry Pi 4 and goes over some of the most popular ones to help you pick which one fits best. The operating systems discussed are Raspbian, OpenELEC, Lakka, Ubuntu, Ubuntu Mate, Xubuntu, Lubuntu, Manjaro, Kali Linux, and RetroPie. But the techniques shown here should allow you to install any operating system that supports the new Pi 4 ARM architecture.

Wednesday, January 22, 2020

ESP32-Cam Quickstart with Arduino Code

Learn how to add a camera to your Arduino projects the easy way using one of these cheap ESP32-Cam modules. Great for pet cams, home surveillance, time lapses, and computer vision applications.


Thursday, January 2, 2020

Intro to Arduino with LoRa

If you've ever wanted to get started using LoRa wireless communication in your Arduino projects this video is for you. It covers some popular LoRa module options, a brief introduction to the Arduino code needed to control them, and an explanation of the different ways to configure your LoRa modem to maximize range or data transfer rate along with visualizations of the LoRa packet transmissions.

It's time to get wireless...

Thursday, December 5, 2019

Interactive (Touch) Musical Christmas Tree

In this video I should how to build a capacitive touch Christmas tree that allows you to play music just by touching the ornaments. All it takes is a little bit of Python code, a Raspberry Pi, and a Bare Conductive Pi Cap.

Get ready to rock around the Christmas tree!

Friday, November 22, 2019

ESPlay Micro: Open Source ESP32 Game Console

Today we'll take a look at the ESPlay Micro, an open source game console built around the ESP32 WROVER SoC. Aside from being a lightweight game console for retro emulation these boards also make for a great development platform to learn low level systems programming. The hardware and software are both open source and pretty straightforward.

PS: these would make for an awesome Christmas present for anyone into gaming or making.

Source code:

Saturday, November 9, 2019

Testing 4 Raspberry Pi Gaming Platforms

I've been looking to update my home media center recently and decided to survey the landscape of Raspberry Pi gaming/media platforms. This video compares the four best ones I've been able to find which are: RetroPie, Recalbox, Lakka, and Steamlink.

Friday, May 31, 2019

Always Secure Your localhost Servers

Recently I was surprised to learn that web browsers allow any site you visit to make requests to resources on localhost (and that they will happily allow unreported mixed-content). If you'd like to test this out, run an HTTP server on port 8080 (for instance with python -m http.server 8080) and then visit this page.

You should see "Found: HTTP (8080)" listed and that's because the Javascript on that page made an HTTP GET request to your local server to determine that it was running. Chances are it detected other services as well (for instance if you run Tor or Keybase locally).

There are two implications from this that follow:
  1. Website owners could potentially use this to collect information about what popular services are running on your local network.
  2. Malicious actors could use this to exploit vulnerabilities in those services.
Requests made this way are limited in certain ways since they're considered opaque, meaning that the web page isn't able to read the response body or headers. But even with these restrictions a request can do all kinds of nasty things unless the local server is properly secured.

For instance, at one point Redis was vulnerable to these types of attacks because its protocol is text-over-TCP (just like HTTP) so any web page you visit could craft an HTTP POST request that mimics normal Redis commands. There's an excellent write-up on this vulnerability here (which has since been fixed).

Similarly, if you run the popular gaming platform Steam on Linux, at the time of writing this the main application opens a TCP listener on port 57343. I have no idea what that port is for but I do know that visiting this web page while Steam is open will cause the entire UI to freeze, as well as most games, until the tab is closed: [WARNING: don't blame me if it crashes your game]

This works because the favicon on that page is actually an HTTP GET request to the TCP server which never closes, thus blocking their listener. It may even be possible to attack the server in other ways with specifically crafted requests (I was able to crash the application using a large enough payload).

These types of vulnerabilities are widespread mostly because application developers assume that the server will only be locally-accessible and not available to every website the user visits. Hopefully this is enough proof to justify why better security measures need to be taken with local servers even if you don't intend to forward the ports you're using to the outside world.

So, as developers what can we do to prevent this kind of attack?

For HTTP and WebSocket servers you can add authentication, CSRF protection, and restrict access based on the page origin (which browsers should include in the request headers).

For TCP servers it could be harder depending on your application. You can detect HTTP-like request headers and block the connection (this seems to be what Redis is doing now). Or require some sort of handshake/authentication that the browser won't perform and reject connections based on that.

As far as preventing fingerprinting and service discovery this way... I'm not entirely sure what the best way to prevent this would be other than ungracefully failing the requests (which a lot of HTTP frameworks probably don't make easy). If anyone has any ideas here feel free to drop me a tweet @davywtf.

    Saturday, March 30, 2019

    Arduino-friendly 240x320 LCD Display Tutorial (ILI9341)

    Have you ever needed to add a UI to any of your embedded projects? For instance, maybe you want to display a sensor reading graph or build your own handheld gaming system. In this video I'll take a look at some cheap 240x320 color LCD display devices that you can add to almost any microcontroller or Single Board Computer project.

    Friday, February 1, 2019

    Nordic nRF52840-Dongle (2.4GHz RF Development Board)

    Recently I've gotten into low-power RF technology and have become quite the fan of the nRF52 SoC for that reason. Of all the BLE-capable chips I've used so far these ones reign supreme in terms of functionality and ultra-low power consumption.

    One of the more interesting boards I've seen powered by them is the nRF52840 dongle, directly from Nordic Semiconductor. It's tiny, well constructed, and supports a very nice set of specs:
    • 64 MHz Cortex-M4F
    • 1 MB Flash
    • 256 KB RAM
    • 2.4 GHz Transceiver (supports Bluetooth 5 with long range)

    In this video I introduce the Nordic nRF SDK for programming these dongles:

    Sunday, January 13, 2019

    Exploring Sub-GHz Radio With RTL-SDR and GQRX

    Today I took a look at some hardware for working with sub-GHz radio transmissions, especially FM. All of which came in a previous HackerBoxes box. My favorite item was definitely the RTL-SDR dongle! I could play around with this thing for hours surfing the radio waves and listening to weird broadcasts. There's even a Python library named pyrtlsdr for working with these devices so you can scan/record radio transmissions programmatically:

    Next I'm going to solder together the FM transceivers included in the box and play around with writing Arduino firmware for them. Those things should work similar to the LoRa modules I've been using but they trade in the long range for increased bandwidth. Should be good for streaming data locally and still have much better range than most home WiFi or Bluetooth.

    Here's a video overview of the hardware included in HackerBox 0034 as well as a demo of the RTL-SDR dongle using GQRX to visually and audibly explore the radio waves.

    The audio in my videos has also improved a bit since being sent this Purple Panda lapel microphone. If you do any audio recording with your laptop or phone this little mic is cheap and it definitely improves the quality over a builtin mic. [Not a sponsor, they did send this for free but it's also only $20. I really needed a mic.]

    Sunday, December 16, 2018

    Monday, December 10, 2018

    Build your own IoT Device Hub | Bluetooth | LoRaWAN | Tutorial

    In this video I show how easy it is to build an Internet of Things device hub using only a Pixl.js and a little bit of Javascript code. To demonstrate I control a few devices using Bluetooth Low Energy and LoRa (Long Range radio).