惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
Latest news
Latest news
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
Simon Willison's Weblog
Simon Willison's Weblog
W
WeLiveSecurity
H
Hacker News: Front Page
L
LINUX DO - 热门话题
T
Tor Project blog
N
News | PayPal Newsroom
S
Secure Thoughts
小众软件
小众软件
Recent Commits to openclaw:main
Recent Commits to openclaw:main
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
AWS News Blog
AWS News Blog
Security Latest
Security Latest
MyScale Blog
MyScale Blog
Webroot Blog
Webroot Blog
Cyberwarzone
Cyberwarzone
Engineering at Meta
Engineering at Meta
腾讯CDC
T
Tailwind CSS Blog
SecWiki News
SecWiki News
博客园 - 司徒正美
Microsoft Azure Blog
Microsoft Azure Blog
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
V2EX
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
B
Blog RSS Feed
大猫的无限游戏
大猫的无限游戏
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Martin Fowler
Martin Fowler
P
Proofpoint News Feed
GbyAI
GbyAI
C
Check Point Blog
博客园_首页
PCI Perspectives
PCI Perspectives
月光博客
月光博客
TaoSecurity Blog
TaoSecurity Blog
aimingoo的专栏
aimingoo的专栏
酷 壳 – CoolShell
酷 壳 – CoolShell
IT之家
IT之家

blog.smartere

Floppy Disks: the best TV remote for kids Upgrading the Olimex A20 LIME2 to 2GB RAM, by learning to BGA solder and deep diving into the U-Boot bootloader process Making a too cheap LED lamp safe to use Giv mig nu bare elprisen.somjson.dk! (en historie om det måske værste datasæt i åbne energidata) World’s Longest Multi-Cutter Blade: 30 cm Reparation af Nordlux IP S12 badeværelseslampe der ikke lyser længere Fantus-button part 1: Reverse engineering the DRTV Chromecast App Floating Solid Wood Alcove Shelves Quick and dirty guide to Lithium battery-powered Wemos D1 Mini Olimex A20-OLinuXino-LIME2 – 8 years in service, 2 PSUs and 1 SD-card down Grundfos Alpha 2 pumpe går i stykker og flimrer: reparer den med en kondensator til nogle få kr Reparation af Aduro-tronic II Sniffing Philips Hue Zigbee traffic with Wireshark Dør jeg af partikelforurening fra min moderne brændeovn? 18650 Lithium-ion battery packs – 1S80P Olimex A20-OLinuXino-LIME2 – A review after 4 years in service Reparation af DUKA/PAX Passad 30 Ventilator der kører uregelmæssigt Ford 3000 Tractor Instrument Voltage Stabilizer – Mechanical PWM! Reverse engineering Aduro Smart Response Hvorfor korrelerer min DC-spænding med solen? Measuring high DC supply voltage with an Arduino Roomba 500-series Easy Scheduling using an Arduino Brother DS-620 on Linux Stupid sys-admin’ing, and hooray for LVM and unnecessary partitions Making objdump -S find your source code Et lille slag for ytringsfriheden WordPress – mildly impressed
Fantus-button part 2: the physical button build and the network communication
Mads Chr. Ol · 2023-10-29 · via blog.smartere

Posted on lørdag, oktober 28, 2023 in Hal9k, Planets

First part of this series is here, covering the reverse engineering of the DRTV Chromecast App.

I wanted the physical appearance to be extremely minimalistic, with slight references to various cubes from videogames. Because it is a remote control, it of course has to be wireless and battery-powered.

The box is lasercut from 6 mm MDF, and with a giant red arcade button on top with a red LED inside.

The electronics inside is a battery-powered Wemos D1, along with 4 x 18650 Lithium battery cells. After some experimentation on the response time, which is primarily dominated by the time it takes to reconnect to the WiFi network, I initially only used “light sleep”. This resulted in a battery time of just over a week, which is okay, but not great.

In order to preserve battery deep sleep would be really nice. The problem is deep sleep on the Wemos can only be interrupted by a reset. The idea was to use a MOSFET (in this case an N-channel logic level mosfet, IRFZ44N) for the Wemos to be able to select whether a press of the button should reset it, or it should just register on a pin as normal.

This circuit allows RST to be pulled low by the button, as long as D0 is high. Luckily, D0 is high during deep sleep, so as long as the Arduino code keeps D0 low button presses will not reset — but can still be registered by reading pin D1.

This works out “responsively enough” because the initial start has some delay due to the Chromecast initializing the app and loading media. Any subsequent button presses within the 30 seconds the Arduino stays awake are instant though. With this setup the battery life is not a problem – I’ve only had to charge it once. As a bonus feature/bug whenever the battery gets low the Wemos will trigger a bit sporadically: this causes “Fantus-bombing” where Fantus will just randomly start; quite quickly thereafter the Fantus-button is being charged 😉

The Wemos itself is not powerful enough to do all the pyChromecast communication needed, so I setup a small Raspberry Pi to handle that part. Since I didn’t want to spend too much time and effort setting up the communication between them, I ended up using a trick from my youth: UDP broadcasting. Because UDP is datagram-oriented you can send a UDP packet to the broadcast address (255.255.255.255) and then it will be received by all hosts on the local area network: no configuration needed. In Arduino code it looks like:

  Udp.begin(31337);
Udp.beginPacket("255.255.255.255", 31337);
Udp.write("emergency-button\n");
Udp.endPacket();

(Full Arduino code available here.)

At this point I had a UDP packet that I could receive on the Raspberry Pi, and it was just a matter of writing a small server program to listen, receive and process those UDP commands. However, at this point a thought entered my mind, that derailed the project for a while:

netcat | bash

Why write my own server to parse and execute commands, when Bash is already fully capable of doing exactly that with more flexibility than I could ever dream of? And netcat is perfectly capable of receiving UDP packets? This is a UNIX system, after all, and UNIX is all about combining simple commands in pipelines — each doing one thing well.

The diabolical simplicity of just executing commands directly from the network was a bit too insecure though. This is where Bash Restricted mode enters the project: I wouldn’t rely on it for high security (since it is trying to “enumerate badness“), but by locking down the PATH of commands that are allowed to execute it should be relatively safe from most of the common bypass techniques:

netcat -u -k -l 31337 | PATH=./handlers/ /bin/bash -r

The project was now fully working: press the button, Fantus starts. Press it while Fantus is playing: Fantus pauses. Press it while Fantus is paused: Fantus resumes. The little human was delighted about his new powers over the world, and pressed the button to his hearts content (and his parents slight annoyance at times).

(Full code for handler available here.)

But wouldn’t it be cool if the little human had a (limited) choice in what to view?…