Producing A Prop Gun That Actually Ejects Cases

With the movie Man of War shooting in Cyprus, there was a problem. They needed prop guns that looked realistic and ejected cases when fired, but that were also allowed under the country’s firearm laws. The task fell on [Paradym’s] shoulders, and he set to work producing a prop capable of doing the job.

With the laws in Cyprus, using anything off-the-shelf like an Airsoft pistol was simply not allowed. Instead, he had to start from scratch, creating a design outwardly similar to the Colt 1911 to suit the era of the film. Using green gas canisters for power, the first focus was on getting a realistic semi-automatic firing cycle happening. With that done, the next goal was to get the cases to eject from the weapon on each shot. To achieve this, a lever was used, actuated by the slide moving back after a shot, pushing the “spent” cartridge out of the port.

[Paradym] goes into great deal, covering the design of the 3D printed parts, the machining of springs, as well as the final assembly of the prop. We’ve seen other prop gun builds before, too. Video after the break.


Transform Kicad Design To Patchwork For Isolation Routing

Tuning a desktop router and your board designs for isolation routing can be a bit tricky, with thin traces usually being the first victim. For simple prototype boards you usually don’t need tightly packed traces, you just want to isolate the nets. To do this with a minimum amount of routing, [Michael Schembri] created kicad-laser-min, a command-line utility that takes a Kicad PCB design and expands all the tracks and pads to their maximum possible width.

Laser scribed PCB with maximum track widths

The software takes one layer of the PCB layout, converts it to black and white, and then runs a C++ Voronoi algorithm on it to dilate each track and pad until it meets another expanding region. Each region is colourised, and OpenCV edge detection is used to produce the contours that need to be milled or etched. A contour following algorithm is then used to create the G-code. The header image shows the output of each step.

Full source code is available on GitHub. [Michael] has had good results with his own boards, which are scribed using a laser cutter before etching, but welcomes testing and feedback from other users. He has found that OpenCV doesn’t always completely close all the contours, but the gaps are usually smaller than the engraving width of his laser, so no shorts are created.

This is basically “Scribble style” prototyping with CAD and CNC tools. If you prefer scribe and etch, you might consider building a simple PCB shaker for faster etching. If you have a router but want to avoid the dust, you can use a carbide scribe to scratch out the tracks without needing to etch.


Hackaday Podcast 078: Happy B-Day MP3, Eavesdropping on a Mars Probe, Shadowcasting 7-Segments, and a Spicy Commodore 64

Hackaday editors Elliot Williams and Mike Szczys go down the rabbit hole of hacky hacks. A talented group of radio amateurs have been recording and decoding the messages from Tianwen-1, the Mars probe launched by the Chinese National Space Administration on July 23rd. We don’t know exactly how magnets work, but know they do a great job of protecting your plasma cutter. You can’t beat the retro-chic look of a Commodore 64’s menu system, even if it’s tasked with something mundane like running a meat smoker. And take a walk with us down MP3’s memory lane.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~65 MB)

Places to follow Hackaday podcasts:

Episode 078 Show Notes:

New This Week:

Interesting Hacks of the Week:

Quick Hacks:

Can’t-Miss Articles:


The Internet of Bubble Machines

Everyone loves a good bubble machine. These oddly satisfying novelty items have brought children and adults mindless entertainment since their inception. [8BitsAndAByte] had the same thought, but wanted to give their bubble machine a taste of the IoT-age.

First, they modified an off-the-shelf bubble machine with a Raspberry Pi and relay module. The Pi can easily trigger the bubbling mechanism by controlling power to the machine using the relay. Seems simple enough. The part of this project that might be a bit more unfamiliar to you is controlling the robot over the internet using is a robot controller platform that’s both free and open-source, and we’ve seen [8BitsAndAByte] take advantage of this web controller before. Seems like they’re really getting the hang of it. Their writeup links to a detailed setup guide for configuring the Pi, so hopefully, that’s not too much trouble.

Couple the IoT setup with a Pi camera and you’ve got a live stream that’s admittedly oddly satisfying to watch with or without the bubbles.


This Week in Security: Twilio, PogoTV, and BootHole

Twilio, the cloud provider for all things telecom, had an embarrassing security fail a couple weeks ago. The problem was the Amazon S3 bucket that Twilio was using to host part of their public facing content. The bucket was configured for public read-write access. Anyone could use the Amazon S3 API to make changes to the files stored there.

The files in question were protected behind Cloudflare’s CDN, but there’s a catch to Cloudflare’s service. If you know the details of the service behind Cloudflare, it can often be interacted with directly. In many cases, knowing the IP address of the server being protected is enough to totally bypass Cloudflare altogether. In this case, the service behind the CDN is Amazon’s S3. Any changes made to the files there are picked up by the CDN.

Someone discovered the insecure bucket, and modified a Javascript file that is distributed as part of the Twilio JS SDK. That modification was initially described as “non-malicious”, but in the official incident report, Twilio states that the injected code is part of an ongoing magecart campaign carried out against misconfigured S3 buckets.


We received a story on the Hackaday tip line this week about a Swedish IPTV service, Pongo IPTV. This report is unsubstantiated, but there seems to be something going on. At the very least, is currently returning a Cloudflare error, “This website is using a security service to protect itself from online attacks.”

Screenshot 20200729 222941 E1596082329749

A pair of Youtube videos seem to show access to the Pongotv backend, with exposed customer records and all. At this point, I have to stress that this is unconfirmed report. Based on the details provided, it sounds like the tipster is actually pretty closely involved with this story, maybe even part of the group that is behind the attack.


[Lukas Bachschwell] discovered a flaw in the Espressif SDK, tracked as CVE-2020-12638. The vulnerability affects devices running firmware built using the vulnerable SDK. In short, it allows a WiFi authentication downgrade attack. An attacker can inject WiFi traffic, and cause the device to connect to a network under the attacker’s control. For devices used for home automation and other similar applications, this could have serious consequences. Patches are available for most of the devices the SDK covers, and the rest are in progress.

D-Link Patches EOL Device

In response to a series of flaws discovered by researchers at Loginsoft, D-Link has released firmware for an End Of Life device, and strongly recommends taking other affected devices out of use. The devices in question are the DAP-1520, DAP-1522, and DIR-816L.

These aren’t sophisticated vulnerabilities, either. The first one, CVE-2020-15892, can be triggered as simply as sending 256 characters as the password when trying to log in. The login page limits this value to 15 characters, but that limit is imposed on the client side, so an attacker can easily manipulate the raw response to bypass that restriction. The longer than expected password overflows the buffer and crashes the device. A proper exploit would take it over instead.

Another rather trivial vulnerability, CVE-2020-15893, affects the DIR-816L. A shell command can be injected in a UPnP request, as simply as including a semicolon in the packet data. When the UPnP request is parsed, part of it is used as a command line option. Including a semicolon breaks out of that command, and allows executing arbitrary commands.


CVE-2020-1147 is a vulnerability in Microsoft Sharepoint, found by multiple researchers independently. [Steven] at Source Insight wrote up an explainer on the bug, and concludes that at its heart it’s a deserialization issue. In this case, it seems that functions of a DataSet object, like parse() and Deserialize() can be overwritten by the data being deserialized.

The write-up includes a full PoC, so consider this vulnerability to fully weaponized already. Patches are available, so be sure to go take care of your Sharepoint servers. [Steven] also suggests that we’ll see this same bug show up in other .net applications, as the DataSet object has been considered safe for outside data.

Apple Research Device

Apple Security 1Apple has announced the Security Research Device, a modified iPhone that is essentially rooted from the factory. The program is run in typical Apple fashion, as the device is only loaned out 12 months at a time, and comes with a list of do’s and don’ts. I have to wonder if this is a response to Google Project Zero’s debuggable iPhone work from last year. Either way, Project Zero’s [Ben Hawkes] has already issued a statement that the program is likely a non-starter for them, as their strict 90 day disclosure policy is incompatible with the sign-up agreement.


And finally, a vulnerability in Grub2 was released this week, BootHole. This vulnerability is a rather simple buffer overflow bug that can be triggered by a malicious grub.cfg file. You might point out that if an attacker can modify grub.cfg, isn’t the system hopelessly compromised anyway? This is a fair question, and the answer is yes, usually. What makes BootHole novel is that taking control of Grub in this way can allow a Secure Boot bypass. This will obviously be more important in specific use cases where Secure Boot is a key part of security.

This vulnerability was found by [eclypsium], who privately disclosed the bug to the Grub developers and other upstream projects. Patches are available, so make sure to get those updates installed. If your curious about the in-depth details, the writeup and PDF on BootHole are quite detailed, go check them out.


Patent Law And The Legality Of Making Something Similar

When [Erich Styger] recently got featured on Hackaday with his meta-clock project, he probably was not expecting to get featured again so soon, this time regarding a copyright claim on the ‘meta-clock’ design. This particular case ended with [Erich] removing the original blog article and associated PCB design files, leaving just the summaries, such as the original Hackaday article on the project.

Obviously, this raises the question of whether any of this is correct; if one sees a clock design, or other mechanisms that appeals and tries to replicate its looks and functioning in some fashion, is this automatically a breach of copyright? In the case of [Erich]’s project, one could argue that at first glance both devices look remarkably similar. One might also argue that this is rather unavoidable, considering the uncomplicated design of the original.

Not copyright, but patent law

An inherent property of copyright law in most jurisdictions is that the act of creating a work automatically grants one the copyright to that work. In most jurisdictions (e.g. the EU), signing away one’s copyright is even forbidden by law. Not so with patent law. Here we have two distinct forms, one being patents as we all know and love them, for the patenting of ideas and inventions. The other form concerns itself with what a product looks like: its design.

In the US this is referred to as a ‘design patent‘, while elsewhere it is referred to as a ‘registered design’, which effectively comes down to the same thing. It means that one can patent for example the shape of a Coca-Cola bottle, or in the case of the folk at Humans Since 1982 (‘HS1982’) the look of their meta-clocks, in not one, but two EU registered designs.

Comparative analysis

We can compare the two designs side by side to see how similar they are.

Stepper Clock Cropped 1Clockclock24 Black Time 09 25 Product Photo3 540xThe top design is [Erich]’s, while the lower design is HS1982’s clock (black version). Both have the same 8×3 hole pattern, similar color scheme, and so on. That the HS1982’s version is in a mineral composite housing and [Erich]’s in a wooden enclosure is hereby not relevant as it does not change the design. To the casual observer it might indeed appear as if both follow the same design.

Since design registrations are meant to deter companies from for example selling their own soft drink in a bottle that looks exactly like a Coca-Cola one, down to the label design, it makes sense that HS1982 came down on [Erich] and others with similar clock designs like the proverbial sack of bricks.

Naturally, the next question which one should ask here is whether it makes any difference that this was a freely available, open project. Meaning that there was no intention to sell such clocks, or even provide all of the necessary information to assemble a clock from scratch, including the software.

Consistency is key

Although with patents and design registrations there is no need to actively pursue infringement cases to keep the patent as is the case with trademarks, it’s likely that to HS1982 there was no question of tolerating any form of infringement. Their audience appears to be those interested in exclusive art pieces, with the device described by them as ‘both a kinetic sculpture and a functioning clock’.

The manufacturing costs of a single ClockClock24 device is unlikely to be even half the asking price of $6,000 to $10,700, even taking into the account that each version is a limited edition. Yet this asking price remains only ‘legitimate’ if the product remains as exclusive as possible. This provides HS1982 with enough incentive to actively seek out and destroy any similar products. In the end we are talking about sculptures, i.e. art, here.

This isn’t just like one smartphone manufacturer accusing the other manufacturer of also making their smartphone into a black, rounded rectangular slab with glass covering. The ironic thing is probably that any number of small changes to [Erich]’s project could likely have made the registered design not apply, such as through the addition of a colon between the hours and minutes, adding seconds, making the box into an oval, or changing the number of rotating elements.

Not all is lost

As [Erich] also notes in his blog post, there are still certain ‘fair use’ provisions with registered designs. Nobody is going to bust down the doors of a kindergarten when one of the preschoolers clumsily draws a Coca-Cola bottle without explicit permission from Coca-Cola’s lawyers. Similarly, anyone can in theory make their own copy of HS1982’s ClockClock24 clock so long as they do not sell it or otherwise make it publicly available.

This knowledge should give anyone who sets out to copy a design which they saw somewhere and liked at least some idea of how far they can take it. Publishing the project on a blog and making the design files available is the part where things can get dicey. Even making small alterations to the original design are not guaranteed to keep one from getting harassed by a company’s irate lawyers.

While there is a small chance of victory if [Erich] or someone else were to take a case like this to court, to argue that small-fry open-hardware projects are unlikely to harm the profits or sales of a company like HS1982, it would essentially be asking the law makers to add a major exception to patent law that would no doubt come with its own set of headaches.

In the meantime it seems that we can do little but get a chuckle out of the ClockClock24 clones available on Chinese stores for peanuts.