Author: Aaron Beckendorf

25 Articles

A coiled black USB-C to USB-C cable is shown on a white background.

An Open-Source Justification For USB Cable Paranoia

June 16, 2025 by No comments

Most people know that they shouldn’t plug strange flash drives into their computers, but what about a USB cable? A cable doesn’t immediately register as an active electronic device to most people, but it’s entirely possible to hide a small, malicious microcontroller inside the shell of one of the plugs. [Joel Serna Moreno] and some collaborators have done just that with their Evil Crow Cable-Wind.

This cable comes in two variants: one USB-A to USB-C, and one with USB-C to USB-C. A tiny circuit board containing an ESP32-S3 hides inside a USB-C plug on each cable, and can carry out a keystroke injection attack. The cable’s firmware is open-source, and has an impressive set of features: a payload syntax checker, payload autocompletion, OS detection, and the ability to impersonate the USB device of your choice.

The cable provides a control interface over WiFi, and it’s possible to edit and deploy live payloads without physical access to the cable (this is where the syntax checker should be particularly useful). The firmware also provides a remote shell for computers without a network connection; the cable opens a shell on the target computer which routes commands and responses through the cable’s WiFi connection (demonstrated in the video below).

The main advantage of the Evil Crow Cable Wind is its price: only about $25, at which point you can afford to lose a few during deployment. We’ve previously seen a malicious cable once before. Of course, these attacks aren’t limited to cables and USB drives; we’ve seen them in USB-C docks, in a gaming mouse, and the fear of them in fans.

Thanks to [rustysun9] for the tip!

A black PCB is shown, with an Arduino Nano mounted in the bottom left corner. The rest of the space on the PCB is used up by ten DIP integrated circuits and a few resistors and diodes. Several black and red wires connect different parts of the PCB.

Meowsic Keyboard MIDI Adapter Aims For Purrfection

June 14, 2025 by 3 Comments

Both small children and cats have a certain tendency to make loud noises at inopportune times, but what if there were a way to combine these auditory effects? This seems to have been the reasoning behind the creation of the Meowsic keyboard, a children’s keyboard that renders notes as cats’ meows. [Steve Gilissen], an appreciator of unusual electronic instruments, discovered that while there had been projects that turned the Meowsic keyboard into a MIDI output device, no one had yet added MIDI input to it, which of course spurred the creation of his Meowsic MIDI adapter.

The switches in the keys of the original keyboard form a matrix of rows and columns, so that creating a connection between a particular row and column plays a certain note. [Steve]’s plan was to have a microcontroller read MIDI input, then connect the appropriate row and column to play the desired note. The first step was to use a small length of wire to connect rows and columns, thus manually mapping connections to notes. After this tedious step, he designed a PCB that hosts an Arduino Nano to accept input, two MCP23017 GPIO expanders to give it enough outputs, and CD4066BE CMOS switches to trigger the connections.
Continue reading “Meowsic Keyboard MIDI Adapter Aims For Purrfection”

A clock face is shown consisting of two rings of plastic, with backlighting behind one of the rings. There is red light at the one o’clock position, and blue light at the nine-thirty position. A black plastic arm is pointing to the three-thirty position.

A Concentric Clock With Multiple Modes

June 14, 2025 by No comments

Most of us spend our lives within reach of a device that provides a clock, stopwatch, and a timer – you’re almost certainly reading this article on such a device – but there are fewer options if you want a screen-free clock. [Michael Suguitan]’s TOKIDOKI rectifies this situation by combining those three functions into a single, physical, analog clock face.

TOKIDOKI displays time by lighting the appropriate segments of two concentric rings of colored LEDs (Adafruit Neopixel rings); the inner ring indicates hours, while the outer ring displays minutes. There is one clock hand, and while it does indicate the passage of time in some situations, its main function is as a dial to control the clock’s different functions. The hand is connected to a Dynamixel XL-330 servo motor, which also serves as a position sensor. Winding the dial clockwise starts a countdown timer, with each successive full rotation switching to a larger unit of time (a fun/unsettling feature is that the largest chronometric unit is the user’s expected lifetime: 84 years). Winding counterclockwise either starts a stopwatch or sets an alarm, depending on how many full rotations you make.

A Raspberry Pi Pico running some MicroPython firmware manages the device and gets the current time from a local network. To soften the light’s quality, the LED rings are pointed backwards to provide back-lighting off of a recessed surface. The entire device is powered by USB-C, and is enclosed in a 3D-printed housing.

This project was designed as an experiment in minimal interfaces, and it certainly achieved that goal, though we imagine that it takes a bit of time to get used to using this clock. We always enjoy seeing innovative clocks here, from digital to analogue, and those that split the difference. Continue reading “A Concentric Clock With Multiple Modes”

A circuit board is shown on a white background. It has a USB-A port on the front side, and a coiled wire antenna extending from another circuit board mounted above the first one.

A Remote-Controlled USB Rubber Ducky Clone

June 13, 2025 by 15 Comments

Despite the repeated warnings of system administrators, IT personnel, and anyone moderately aware of operational security, there are still quite a few people who will gladly plug a mysterious flash drive into their computers to see what’s on it. Devices which take advantage of this well-known behavioral vulnerability have a long history, the most famous of which is Hak5’s USB Rubber Ducky. That emulates a USB input device to rapidly execute attacker-defined commands on the target computer.

The main disadvantage of these keystroke injection attacks, from the attacker’s point of view, is that they’re not particularly subtle. It’s usually fairly obvious when something starts typing thousands of words per minute on your computer, and the victim’s next move is probably a call to IT. This is where [Krzysztof Witek]’s open-source Rubber Ducky clone has an advantage: it uses a signal detected by a SYN480R1 RF receiver to trigger the deployment of its payload. This does require the penetration tester who uses this to be on the site of the attack, but unlike with an always-on or timer-delayed Rubber Ducky, the attacker can trigger the payload when the victim is distracted or away from the computer.

This project is based around the ATmega16U2, and runs a firmware based on microdevt, a C framework for embedded development which [Krzysztof] also wrote. The project includes a custom compiler for a reduced form of Hak5’s payload programming language, so at least some of the available DuckyScript programs should be compatible with this. All of the project’s files are available on GitHub.

Perhaps due to the simplicity of the underlying concept, we’ve seen a few open source implementations of malicious input devices. One was even built into a USB cable.

The green CRT display of a scanning-electron microscope is shown, displaying small particles.

DIY Calibration Target For Electron Microscopes

June 12, 2025 by 3 Comments

It’s a problem that few of us will ever face, but if you ever have to calibrate your scanning electron microscope, you’ll need a resolution target with a high contrast under an electron beam. This requires an extremely small pattern of alternating high and low-density materials, which [ProjectsInFlight] created in his latest video by depositing gold nanoparticles on a silicon slide.

[ProjectsInFlight]’s scanning electron microscope came from a lab that discarded it as nonfunctional, and as we’ve seen before, he’s since been getting it back into working condition. When it was new, it could magnify 200,000 times and resolve features of 5.5 nm, and a resolution target with a range of feature sizes would indicate how high a magnification the microscope could still reach. [ProjectsInFlight] could also use the target to make before-and-after comparisons for his repairs, and to properly adjust the electron beam.

Since it’s easy to get very flat silicon wafers, [ProjectsInFlight] settled on these as the low-density portion of the target, and deposited a range of sizes of gold nanoparticles onto them as the high-density portion. To make the nanoparticles, he started by dissolving a small sample of gold in aqua regia to make chloroauric acid, then reduced this back to gold nanoparticles using sodium citrate. This gave particles in the 50-100 nanometer range, but [ProjectsInFlight] also needed some larger particles. This proved troublesome for a while, until he learned that he needed to cool the reaction temperature solution to near freezing before making the nanoparticles.

Using these particles, [ProjectsInFlight] was able to tune the astigmatism settings on the microscope’s electron beam so that it could clearly resolve the larger particles, and just barely see the smaller particles – quite an achievement considering that they’re under 100 nanometers across!

Electron microscopes are still a pretty rare build, but not unheard-of. If you ever find one that’s broken, it could be a worthwhile investment.

Continue reading “DIY Calibration Target For Electron Microscopes”

Two white, cylindrical speakers are shown. The sides and most of the tops of the speakers are covered in holes, and at the center of the top of each, there is a circular LCD display. The top of the speaker is marked “Braun.”

A Modern Take On Iconic Industrial Design

June 9, 2025 by 21 Comments

The Functionalist design philosophy that Dieter Rams brought to Braun from the 50s to the 90s still inspires the look of a few devices, including Apple’s iPod, Teenage Engineer’s synthesizers and recorders – and [2dom]’s IR7 streaming radio.

The streaming radio was inspired by Braun’s portable radios, particularly the SK2, TP1, and the T3 pocket radio. [2dom] started with the T3’s circular pattern of holes and experimented with several variations, finally settling on a cylindrical shape with a central display; a prototype with a low-power monochrome rectangular display was eventually rejected in favor of a circular LCD. The housing consists of four 3D-printed components: an upper and lower shell, a resonator for the speaker, and a knob for a rotary encoder.

Electronics-wise, an ESP32 handles the computing requirements, while the LCD and rotary encoder provide a user interface. For audio, it uses a VS1053 MP3 decoder, PAM8403 amplifier, and a wideband speaker, with an audio isolation transformer to clean up the audio. To reduce power consumption, a MOSFET cuts power to the peripheral components whenever the device is in sleep mode. The full design is available on GitHub.

The end result of this effort is a quite authentic-looking 21st-century adaptation of Rams’s original designs. If you’re interested in more Braun designs, check out this replica of one of their desk fans. We’ve also seen a restoration of one of Braun’s larger radios, the TS2.

The Saleae logic analyzer software is shown. One PWM channel is active, with values of 0x0001 displayed above the individual waveforms. On the right panel of the app, a trigger mode configuration panel is open for the simple parallel analyzer.

Simple Triggering For Saleae Logic Analyzers

June 8, 2025 by 4 Comments

Saleae logic analyzers seem to have it all: good sampling rates, convenient protocol decoding, and plenty of channels – but not a good way to set rising or falling-edge triggering. [James] found this rather inconvenient when debugging embedded devices, and shared a workaround that replicates these simple triggering modes.

Crucially, the logic analyzer’s software has a repeated triggering mode that fires when the protocol decoder detects a preset value. [James] used a clever trick to turn this into a rising-edge trigger: he set up a simple parallel analyzer, and set the signal in question as both the sampled channel and the clock signal. Since he wanted to detect the rising edge, he set the clock mode accordingly. Next, he loaded the simple parallel decoder’s trigger configuration and set it to detect a value of one, the value of a high signal. When he ran the simple parallel trigger, every rising edge of the input signal would trigger the clock to check for a high value on the line, in turn triggering the analyzer.

It’s also possible to set up a falling-edge trigger by selecting the falling-edge clock mode and setting the trigger mode to detect a value of zero. Setting up more complex triggers involving multiple channels is as simple as calculating the hexadecimal value of the desired state and setting the parallel decoder to trigger on that value. For example, if you want to trigger when one input is low and another is high, you can set the decoder to trigger on a value or one or two, depending on which order the inputs come in.

If all this makes you interested in Saleae logic analyzers, we’ve seen them used for everything from floppy disk preservation to signal generation. We’ve even reviewed their earliest model back in 2009.

Continue reading “Simple Triggering For Saleae Logic Analyzers”