Now I have to build a stand to get it into an operable position, then I can use the machine to build accessories for the machine.
Saturday, February 24, 2018
No-Kit CNC for X2 Mini Mill
Finally found a good set of instructions. It's a series, so not a single video, and this guy runs through the whole process of making his own kit. Check it out :
Now I have to build a stand to get it into an operable position, then I can use the machine to build accessories for the machine.
Now I have to build a stand to get it into an operable position, then I can use the machine to build accessories for the machine.
Saturday, February 3, 2018
Remote Control Cheapness Turns Into New Part
Today was my first Saturday that I could do anything. I had some stuff to do (like cleaning bathrooms, vacuuming, and mopping the floor). I also had a request from someone that I needed to do. They had a radio-controlled car that had a piece of plastic in the controller. That little piece had snapped - it wasn't built well enough (many people had that same problem). He wanted me to make a replacement (probably thinking 3D printing, but I ultimately chose brass).
I initially tried to glue it together to get it solid enough to get an outline. Epoxy didn't do very well.
Again, if I'm going to make a part that has stresses applied on it, I'm going to make it solid, so I chose brass. There was one issue, though - the part was 0.1" deep. Nobody makes anything exactly 0.1" thick. I grabbed a chunk of brass cutoff from a local shop (I love my local supply store). It came at 0.1875" thick (3/16"). I needed to break out the mill, but I had to clean it first to have it ready to run. I took it apart.
Once it was dismantled, I started cleaning things off (lots of cosmoline coating everything on it). I grabbed a few photos of the cleaning process, just to show how much cosmoline was on that thing. Appearances of the differences are pretty stark.
Next up was the actual intent for breaking it out - I needed to machine the brass from 0.1875" down to 0.1". I don't have a hold-down clamping set for this thing, so instead I found some 3/8" threaded rod, grabbed some scrap and punched holes in it, and bolted it down. I found the top, then milled it out :
Now that I had the brass "plate", I could cut the part out. This was when I tried to epoxy the two pieces together.
It didn't work, but I was able to clamp both parts down in place enough to get a trace of the part. Once I had that, I used a cutoff wheel on the Dremel to slot down to the outline. Once I was "close enough", I used some small needle files to finish it to size. I also filed some of the edges down to get it to the right part.
Next up is giving it back over to that guy to see if he can make it work.
I initially tried to glue it together to get it solid enough to get an outline. Epoxy didn't do very well.
Again, if I'm going to make a part that has stresses applied on it, I'm going to make it solid, so I chose brass. There was one issue, though - the part was 0.1" deep. Nobody makes anything exactly 0.1" thick. I grabbed a chunk of brass cutoff from a local shop (I love my local supply store). It came at 0.1875" thick (3/16"). I needed to break out the mill, but I had to clean it first to have it ready to run. I took it apart.
Once it was dismantled, I started cleaning things off (lots of cosmoline coating everything on it). I grabbed a few photos of the cleaning process, just to show how much cosmoline was on that thing. Appearances of the differences are pretty stark.
Next up was the actual intent for breaking it out - I needed to machine the brass from 0.1875" down to 0.1". I don't have a hold-down clamping set for this thing, so instead I found some 3/8" threaded rod, grabbed some scrap and punched holes in it, and bolted it down. I found the top, then milled it out :
Now that I had the brass "plate", I could cut the part out. This was when I tried to epoxy the two pieces together.
It didn't work, but I was able to clamp both parts down in place enough to get a trace of the part. Once I had that, I used a cutoff wheel on the Dremel to slot down to the outline. Once I was "close enough", I used some small needle files to finish it to size. I also filed some of the edges down to get it to the right part.
Next up is giving it back over to that guy to see if he can make it work.
Wednesday, January 24, 2018
IPC Camera Hacking
After my run-in with HikVision and HoSafe cameras (no provided firmwares that they would send to me), I decided to try another cheap camera. What I settled on had someone claiming that the cameras wouldn't dial home to China. They were Camius BoltV cameras.
When I checked, they were all based on the same chinese maker, and branded with their own firmwares. For example, the first ones were HoSafe, and returned the model "JVS-HI3516CS" (see the More on Chinese Camera Hacking post). The second, HikVision cameras returned something similar (but I do not have that as the camera was phased out quickly due to a hardware failure), and the latest Camius BoltV returns :
With that out of the way, let's see what we have. I first ran NMAP against the camera :
Everything I read online explained to use binwalk, then firmware-mod-tools. I ran binwalk (like I was supposed to), and then firmware-mod-tools to explode what binwalk found :
Hm. A lot of binary files, but some configs. So, what service is running HTTP? I believe it is BOA, and in the root FS filesystem's /etc/boa/boa.conf, there is this interesting little setting for the server to run as :
When I checked, they were all based on the same chinese maker, and branded with their own firmwares. For example, the first ones were HoSafe, and returned the model "JVS-HI3516CS" (see the More on Chinese Camera Hacking post). The second, HikVision cameras returned something similar (but I do not have that as the camera was phased out quickly due to a hardware failure), and the latest Camius BoltV returns :
root@kali:~# strings CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw |head -n5
RSUp
IPC3516D
IPC3516D
V170913
V170911
Jan 24 17:59:12 hostname dhcpd: DHCPDISCOVER from 58:e8:76:01:05:ff via eth0
Jan 24 17:59:12 hostname dhcpd: DHCPOFFER on 192.168.1.30 to 58:e8:76:01:05:ff via eth0
Jan 24 17:59:13 hostname dhcpd: DHCPREQUEST for 192.168.1.30 (192.168.1.1) from 58:e8:76:01:05:ff via eth0
Jan 24 17:59:13 hostname dhcpd: DHCPACK on 192.168.1.30 to 58:e8:76:01:05:ff via eth0
09:26:39.253127 IP 192.168.1.30.46294 > router.example.com.domain: 11532+ A? p2p.anlian.co. (31)
09:26:39.253347 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:39.255060 IP 192.168.1.30.35474 > router.example.com.domain: 11533+ A? p2p.anlian.co. (31)
09:26:39.255171 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:39.256390 IP 192.168.1.30.38702 > router.example.com.domain: 11534+ A? p2p.anlian.co. (31)
09:26:39.256489 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:41.272833 IP 192.168.1.30.37976 > router.example.com.domain: 11535+ A? p2p.anlian.co. (31)
09:26:41.273096 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:41.273923 IP 192.168.1.30.50096 > router.example.com.domain: 11536+ A? p2p.anlian.co. (31)
09:26:41.274022 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:41.274857 IP 192.168.1.30.36165 > router.example.com.domain: 11537+ A? p2p.anlian.co. (31)
09:26:41.274956 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:43.292613 IP 192.168.1.30.58809 > router.example.com.domain: 11538+ A? p2p.anlian.co. (31)
09:26:43.292800 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:43.293694 IP 192.168.1.30.33953 > router.example.com.domain: 11539+ A? p2p.anlian.co. (31)
09:26:43.293800 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:43.294944 IP 192.168.1.30.37312 > router.example.com.domain: 11540+ A? p2p.anlian.co. (31)
09:26:43.295039 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:45.312929 IP 192.168.1.30.34936 > router.example.com.domain: 11541+ A? p2p.anlian.co. (31)
09:26:45.313133 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:45.315165 IP 192.168.1.30.32893 > router.example.com.domain: 11542+ A? p2p.anlian.co. (31)
09:26:45.315265 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:45.316177 IP 192.168.1.30.60287 > router.example.com.domain: 11543+ A? p2p.anlian.co. (31)
09:26:45.316273 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:46.287401 ARP, Request who-has 192.168.1.30 tell router.example.com, length 28
09:26:46.288148 ARP, Reply 192.168.1.30 is-at 58:e8:76:01:05:fe (oui Unknown), length 46
09:26:47.332854 IP 192.168.1.30.57413 > router.example.com.domain: 11544+ A? p2p.anlian.co. (31)
09:26:47.333058 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:47.334285 IP 192.168.1.30.35320 > router.example.com.domain: 11545+ A? p2p.anlian.co. (31)
09:26:47.334409 IP router.example.com > 192.168.1.30: ICMP host router.example.com unreachable - admin prohibited, length 67
09:26:47.335774 IP 192.168.1.30.51734 > router.example.com.domain: 11546+ A? p2p.anlian.co. (31)With that out of the way, let's see what we have. I first ran NMAP against the camera :
root@kali:~# map -sT -O 192.168.1.30
Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-20 08:33 MST
Nmap scan report for 192.168.128.31
Host is up (0.0031s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
7000/tcp open afs3-fileserver
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.60%E=4%D=1/20%OT=23%CT=1%CU=39315%PV=Y%DS=2%DC=I%G=Y%TM=5A63616
OS:2%P=x86_64-pc-linux-gnu)SEQ(SP=11%GCD=FA00%ISR=9C%TI=I%CI=I%TS=U)OPS(O1=
OS:M5B4%O2=M5B4%O3=M5B4%O4=M5B4%O5=M5B4%O6=M5B4)WIN(W1=FFFF%W2=FFFF%W3=FFFF
OS:%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=N%T=41%W=FFFF%O=M5B4%CC=N%Q=)T1(R=Y%
OS:DF=N%T=41%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=N%T=100%W=0%S=Z%A=S%F=AR%O=%RD
OS:=0%Q=)T3(R=Y%DF=N%T=100%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T4(R=Y%DF=N%T=100%W
OS:=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=100%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=
OS:)T6(R=Y%DF=N%T=100%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=N%T=100%W=0%S=Z%
OS:A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=37%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%R
OS:UCK=G%RUD=G)IE(R=N)
Network Distance: 2 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.18 seconds
root@kali:~#
workstation:~ username$ curl http://192.168.1.30/cgi-bin/something.pl
<root>
<port>9988</port>
<devtype>5932089570895921152</devtype>
<langstrs>ENU FRA DEU ITA PTG RUS ESN</langstrs>
<curlang>ENU</curlang>
<custom>CAMIUS</custom>
<logo>CAMIUS</logo>
<uiversion>0</uiversion>
<sdcardpageshow>0</sdcardpageshow>
<title></title>
<firstloginflag>0</firstloginflag>
<pluginfile>0</pluginfile>
<devicetime>2015-01-14_12-39-53</devicetime>
</root>
workstation:~ username$
Everything I read online explained to use binwalk, then firmware-mod-tools. I ran binwalk (like I was supposed to), and then firmware-mod-tools to explode what binwalk found :
root@kali:~# binwalk CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
179268 0x2BC44 CRC32 polynomial table, little endian
180292 0x2C044 CRC32 polynomial table, little endian
245840 0x3C050 uImage header, header size: 64 bytes, header CRC: 0x747FC94F, created: 2017-09-11 01:41:14, image size: 2751376 bytes, Data Address: 0x80008000, Entry Point: 0x80008000, data CRC: 0x242F03BD, OS: Linux, CPU: ARM, image type: OS Kernel Image, compression type: none, image name: "Linux-3.4.35"
263908 0x406E4 gzip compressed data, maximum compression, from Unix, NULL date (1970-01-01 00:00:00)
2997312 0x2DBC40 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 2736056 bytes, 595 inodes, blocksize: 65536 bytes, created: 2017-09-20 00:46:43
5733440 0x577C40 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 4828778 bytes, 121 inodes, blocksize: 131072 bytes, created: 2017-10-09 05:06:26
10749816 0xA40778 CRC32 polynomial table, little endian
10750840 0xA40B78 CRC32 polynomial table, little endian
10756235 0xA4208B LZO compressed data
10818104 0xA51238 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 3894082 bytes, 435 inodes, blocksize: 131072 bytes, created: 2017-10-09 03:39:10
root@kali:~# /opt/firmware-mod-kit/trunk/extract-firmware.sh CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw
[... a whole lot of compilation errors ...]
@kali:~#
root@kali:~# binwalk -e CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
179268 0x2BC44 CRC32 polynomial table, little endian
180292 0x2C044 CRC32 polynomial table, little endian
245840 0x3C050 uImage header, header size: 64 bytes, header CRC: 0x747FC94F, created: 2017-09-11 01:41:14, image size: 2751376 bytes, Data Address: 0x80008000, Entry Point: 0x80008000, data CRC: 0x242F03BD, OS: Linux, CPU: ARM, image type: OS Kernel Image, compression type: none, image name: "Linux-3.4.35"
263908 0x406E4 gzip compressed data, maximum compression, from Unix, NULL date (1970-01-01 00:00:00)
2997312 0x2DBC40 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 2736056 bytes, 595 inodes, blocksize: 65536 bytes, created: 2017-09-20 00:46:43
5733440 0x577C40 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 4828778 bytes, 121 inodes, blocksize: 131072 bytes, created: 2017-10-09 05:06:26
10749816 0xA40778 CRC32 polynomial table, little endian
10750840 0xA40B78 CRC32 polynomial table, little endian
10756235 0xA4208B LZO compressed data
10818104 0xA51238 Squashfs filesystem, little endian, version 4.0, compression:xz, size: 3894082 bytes, 435 inodes, blocksize: 131072 bytes, created: 2017-10-09 03:39:10
root@kali:~# ls -ltr
total 86448
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Videos
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Templates
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Public
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Pictures
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Music
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Downloads
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Documents
drwxr-xr-x 2 root root 4096 Jan 18 21:09 Desktoproot@kali:~# ls -ltr
total 86448
[... snip ...]
drwxr-xr-x 5 root root 4096 Jan 21 08:00 _CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted
root@kali:~#
root@kali:~# cd _CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted/
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted# ls
2DBC40.squashfs 577C40.squashfs squashfs-root squashfs-root-1
406E4 A51238.squashfs squashfs-root-0
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted#
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted# ls squashfs-root
bin etc lib mkimg.rootfs moudle plugs root sys var
boot home linuxrc mknod_console nfsroot ppp sbin tmp
dev init lost+found mnt opt proc share usr
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted#
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted# cd squashfs-root
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted/squashfs-root# cd etc/
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted/squashfs-root/etc# ls
boa fs-version group inittab mtab passwd- profile resolv.conf udev
fstab goahead init.d mime.types passwd ppp protocols services
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted/squashfs-root/etc# cp passwd ~/
root@kali:~/_CH29XH3_F16M_SF_ENU_CAMIUS_V2.1.3.6-171009_W.sw.extracted/squashfs-root/etc#
Hm. A lot of binary files, but some configs. So, what service is running HTTP? I believe it is BOA, and in the root FS filesystem's /etc/boa/boa.conf, there is this interesting little setting for the server to run as :
User 0
Group 0
DocumentRoot /plugs[... snip ...]
CGIPath /plugs/cgi-bin:/bin:/usr/bin:/usr/local/bin
root@kali:~# file mediaport.cgi
mediaport.cgi: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
root@kali:~#
Monday, January 15, 2018
One Small Step for Machine Kind
After having a metal lathe for a while, and really wanting to be able to mill some stuff (for no reason), and (after receiving a 25% off coupon at Horror Fright) I finally knuckled under. I bought their mini mill. I ordered it two weeks ago, and received it within 4 days of the order (uh, for freight, that's pretty good). It shipped via FedEx, and it was boxed up pretty well :
I didn't have immediate time to do anything with it, so the crate sat in the garage for a week and a half. Today, in order to celebrate diversity, I cracked white wood open to reveal a tool of many colors. I have to say, it was packed to be protected, too. Full of styrofoam, my sweet wife said I looked like I cussed a few times trying to get it out. Ultimately, I dismantled the crate to get to the styrofoam, and then the styrofoam easily popped out.
After taking a quick inventory, I was wondering why I had another handle for the milling head wheel. The paper said it was a "drawbar". Someone in China probably didn't realize that a drawbar is a bit different, but hey, it appears like what it was intended for will work fine..
The chuck came mounted in the spindle (R8), and it definitely looks like it is not square (tipped sideways). That is something easily remedied after tramming a drill press table. Once I get the space for the mill, I'll clean it all the way up and tram it in. Hearing that the thread pitch for the tables was not on the half inch, the second thing I did was check the wheel dials, and sure enough, the table is on 0.625" per full turn, while the headstock is 0.60 or 0.060" per rotation :
Well, that is definitely not a deal breaker. For as cheap as this was, I think it will get my foot in the door on milling, and it will fit my current needs well. Here is my list of to-do's :
I didn't have immediate time to do anything with it, so the crate sat in the garage for a week and a half. Today, in order to celebrate diversity, I cracked white wood open to reveal a tool of many colors. I have to say, it was packed to be protected, too. Full of styrofoam, my sweet wife said I looked like I cussed a few times trying to get it out. Ultimately, I dismantled the crate to get to the styrofoam, and then the styrofoam easily popped out.
After taking a quick inventory, I was wondering why I had another handle for the milling head wheel. The paper said it was a "drawbar". Someone in China probably didn't realize that a drawbar is a bit different, but hey, it appears like what it was intended for will work fine..
The chuck came mounted in the spindle (R8), and it definitely looks like it is not square (tipped sideways). That is something easily remedied after tramming a drill press table. Once I get the space for the mill, I'll clean it all the way up and tram it in. Hearing that the thread pitch for the tables was not on the half inch, the second thing I did was check the wheel dials, and sure enough, the table is on 0.625" per full turn, while the headstock is 0.60 or 0.060" per rotation :
Well, that is definitely not a deal breaker. For as cheap as this was, I think it will get my foot in the door on milling, and it will fit my current needs well. Here is my list of to-do's :
- Belt Drive Upgrade (big difference in noise and reducing chattering of endmills from the plastic gears)
- Changing headstock spring and moving to a constant force piston
- Add a DRO
- Square vice or vice jaws
- Collets instead of the chuck (already done)
- Light on the work area
- Traverse endmills (better end mills than the cheap Chinese stuff)
- Plastic covers for the tables/ways (so you have less to clean up)
- Depth gauge to work in tight areas (e.g. under the headstock)
- Leather wrapping the motor to reduce noise.
- Change lead screws from 0.625 pitch to 0.50 pitch)
- CnC changes
Sunday, January 14, 2018
No Supervision is a Bad Idea
An engineer should never be left alone in a room full of tools and materials with time on his hand. As an example, here's the latest conversation.
Right Brain: Hey, I could use a laptop stand for my desk.
Left Brain (this is where the argument of NOT having a laptop stand should be) : You have brass. Brass would look cool as a laptop stand. Why not use brass to do it?
Right Brain : Great idea! I have rubber sheets I used to make the brake bleeder jars, and I have some brass flats. That means I have exactly what I need! Shall we get started?
Left Brain : I'm not so sure about this... I mean, how could we bend those flats into a laptop stand?
Right Brain : Not a problem. We have a press, too. I'll figure that out, you just worry about making it look good enough that Honey Woman will let it stay inside on the desk.
Left Brain : Cool!
So, here's what happened next. First, the idea went to an "official standards document", and marked into the material :
Then, starting to get things lined up for the bending of the flats. First, I tried using machinist clamps to bend the bars at the same time. But that failed to keep the bars lined up (parallel, yes, but they kept pivoting on me). My next solution worked, and that was using some steel bar as a "clamp". The brass was drilled and tapped, then the steel was match drilled to the screws and things were screwed tightly together :
Once that was complete and tested to ensure that there was the lack of movement if I twisted the steel, I headed out to the press and started to bend. I don't have a fancy compact bender, so I had to use the shop press. That was difficult to work around the tool without having dies, but it still worked out well :
The hardest part of those bends was actually the lip right on the end, with as short as it is. I ended up starting it with the press to get it marked properly, and then finished the bend using a MAP torch and a hammer on a steel square tubing chunk. I did some sanding (all of it by hand, actually, because I didn't want concave surfaces), and then coated it with lacquer to keep it from tarnishing :
Once those were complete, I parted off four hex rod pieces. The length was the width of the flat bars I'd already painted (they'd sit on the bent flats). I drilled and tapped them through the side and end-to-end. I stood things up for a quick "fit" check :
Knowing it looked good, I threw the rods into the lathe and cut threads the length of both of them and rounded the ends. This allowed me to simply thread the rods through the hex "nuts" that were attached to the brass flats, and bind it all together. Next was a quick run to the basement to try it all out :
Worked out well, and only took me about a day!
Right Brain: Hey, I could use a laptop stand for my desk.
Left Brain (this is where the argument of NOT having a laptop stand should be) : You have brass. Brass would look cool as a laptop stand. Why not use brass to do it?
Right Brain : Great idea! I have rubber sheets I used to make the brake bleeder jars, and I have some brass flats. That means I have exactly what I need! Shall we get started?
Left Brain : I'm not so sure about this... I mean, how could we bend those flats into a laptop stand?
Right Brain : Not a problem. We have a press, too. I'll figure that out, you just worry about making it look good enough that Honey Woman will let it stay inside on the desk.
Left Brain : Cool!
So, here's what happened next. First, the idea went to an "official standards document", and marked into the material :
Then, starting to get things lined up for the bending of the flats. First, I tried using machinist clamps to bend the bars at the same time. But that failed to keep the bars lined up (parallel, yes, but they kept pivoting on me). My next solution worked, and that was using some steel bar as a "clamp". The brass was drilled and tapped, then the steel was match drilled to the screws and things were screwed tightly together :
Once that was complete and tested to ensure that there was the lack of movement if I twisted the steel, I headed out to the press and started to bend. I don't have a fancy compact bender, so I had to use the shop press. That was difficult to work around the tool without having dies, but it still worked out well :
The hardest part of those bends was actually the lip right on the end, with as short as it is. I ended up starting it with the press to get it marked properly, and then finished the bend using a MAP torch and a hammer on a steel square tubing chunk. I did some sanding (all of it by hand, actually, because I didn't want concave surfaces), and then coated it with lacquer to keep it from tarnishing :
Once those were complete, I parted off four hex rod pieces. The length was the width of the flat bars I'd already painted (they'd sit on the bent flats). I drilled and tapped them through the side and end-to-end. I stood things up for a quick "fit" check :
Knowing it looked good, I threw the rods into the lathe and cut threads the length of both of them and rounded the ends. This allowed me to simply thread the rods through the hex "nuts" that were attached to the brass flats, and bind it all together. Next was a quick run to the basement to try it all out :
Worked out well, and only took me about a day!
Tuesday, January 2, 2018
New Years Boredom
What happens on New Years' day when you have 3D printer filament, a messy cupboard containing your shaving supplies, and you are full of boredom? You make something to hold your razors on the cupboard door, that's what. It's a nice test of the rapid prototyping techniques and tools. Here's the details.
First, over the last little while, I kept thinking about trying to mount the razors against the inside of the cupboard door. It keeps them easily accessible, and leaves the rest of the shelf open for other things like shaving gels and other "keep me in a state my wife is willing to be close to me" stuff. Yeah, this is serious stuff. I thought about using some robe-hangers found at the local orange-box-type of store, but didn't think it would work. (Translation: I was too lazy to go buy one of those and try it.) New Years' morning, I woke up early (it happens a lot, even if I was up late). It only took me an hour before I needed to do something constructive (there is only so much screen time I guy can take before his engineering kicks in, you know?). Then it hit me - why not build my razor hangers? I have everything I need.
I headed out to the shop and grabbed the calipers (uh, just because I might need 0.005" of accuracy), and took a few measurements of the razors in the position I'd be hanging them. This would simply give me the basic design of the holders.
Next, I opened OpenSCAD (seriously? Yup, I grew up with POV-Ray, so I am used to using code to set up the object. It took me an hour to get everything the way I wanted it to look.
After the design and a quick STL export, I loaded it into the printer and hit "run".
My wife and I ran and played some racquetball, then came back to a failed print. The filament got tangled up, and prevented it from being extruded. [sigh]. I untangled it, got it set up again (with something to keep it spooling), and hit "run" again.
We ran to see "Star Wars". Finally saw it. If I actually cared about my "nerd credentials", I'd have been to see it sooner, but I'm willing to wait. Visited an "adopted" couple of boys (cute, but bouncing-off-of-the-walls kinds of energy). Then headed and grabbed dinner, came home, and found a successful print. I did another one (I have two razors), just for that one. We watched another movie while we ate dinner (Disney's The Sword in the Stone), and I had two prints ready to be cleaned up and installed in less than 24 hours.
This morning, I cleaned them up (breaking support structures out of the parts), and did some sanding on them with a Dremel to remove some of the hard edges. They turned out nice, so I grabbed some machine screws and installed them. I know I could have used some body filler to really smooth them out and painted them, but it just wasn't worth it to me. My wife somewhat enjoys aesthetics. To me, it has to have a good function. We are great together, because when our heads work together, we can do some amazing work. So, they got installed as-is, and are fully functional.
Not a bad little bit of work!
First, over the last little while, I kept thinking about trying to mount the razors against the inside of the cupboard door. It keeps them easily accessible, and leaves the rest of the shelf open for other things like shaving gels and other "keep me in a state my wife is willing to be close to me" stuff. Yeah, this is serious stuff. I thought about using some robe-hangers found at the local orange-box-type of store, but didn't think it would work. (Translation: I was too lazy to go buy one of those and try it.) New Years' morning, I woke up early (it happens a lot, even if I was up late). It only took me an hour before I needed to do something constructive (there is only so much screen time I guy can take before his engineering kicks in, you know?). Then it hit me - why not build my razor hangers? I have everything I need.
I headed out to the shop and grabbed the calipers (uh, just because I might need 0.005" of accuracy), and took a few measurements of the razors in the position I'd be hanging them. This would simply give me the basic design of the holders.
Next, I opened OpenSCAD (seriously? Yup, I grew up with POV-Ray, so I am used to using code to set up the object. It took me an hour to get everything the way I wanted it to look.
After the design and a quick STL export, I loaded it into the printer and hit "run".
My wife and I ran and played some racquetball, then came back to a failed print. The filament got tangled up, and prevented it from being extruded. [sigh]. I untangled it, got it set up again (with something to keep it spooling), and hit "run" again.
We ran to see "Star Wars". Finally saw it. If I actually cared about my "nerd credentials", I'd have been to see it sooner, but I'm willing to wait. Visited an "adopted" couple of boys (cute, but bouncing-off-of-the-walls kinds of energy). Then headed and grabbed dinner, came home, and found a successful print. I did another one (I have two razors), just for that one. We watched another movie while we ate dinner (Disney's The Sword in the Stone), and I had two prints ready to be cleaned up and installed in less than 24 hours.
This morning, I cleaned them up (breaking support structures out of the parts), and did some sanding on them with a Dremel to remove some of the hard edges. They turned out nice, so I grabbed some machine screws and installed them. I know I could have used some body filler to really smooth them out and painted them, but it just wasn't worth it to me. My wife somewhat enjoys aesthetics. To me, it has to have a good function. We are great together, because when our heads work together, we can do some amazing work. So, they got installed as-is, and are fully functional.
Not a bad little bit of work!
Friday, October 13, 2017
More on Chinese Camera Hacking
So, as I keep phasing out my Hosafe Chinese cameras, I also keep going back to them. They were cheap, but they have security issues that drive me crazy. They also had a great picture. So, I am really getting to the point I want to use them, without having them dial-home to mamma.
I decided to through a little more at these things, just to get a little more information. I tossed Nikto to the camera, and it identified that you can hit the /cgi-bin/ URI and it will list the scripts. They appear to be minimal, and two of them stood out. One was called "snapshot.sh" - and I immediately threw some shell escape characters trying to inject commands. Unfortunately, they actually did some sanity checking, and your maximum length to play with is a command about 4 characters long. Scratch that one off of the list.
The other script (ignoring the "proccgi" and "wagent" scripts) was called "jvsweb.cgi". A quick google, and someone said you can list video streams using this CGI in the form of :
There was also one called "webdevinfo". My curiosity was definitely piqued now. I tossed it in, and got a param error. A Russian page (https://habrahabr.ru/post/318572/) gave a bit more information that I could change the action to "list" (and better information on each of the commands in the webhelp, too) for most of those cmd's, and sure enough, I got a response for http://192.168.1.20/cgi-bin/jvsweb.cgi?username=admin&password=&cmd=webdevinfo&action=list :
It is amazing to me that such a cheap, "anonymous" camera has such a good picture, and yet such a lack of controls in that "dial home" tendency.
I decided to through a little more at these things, just to get a little more information. I tossed Nikto to the camera, and it identified that you can hit the /cgi-bin/ URI and it will list the scripts. They appear to be minimal, and two of them stood out. One was called "snapshot.sh" - and I immediately threw some shell escape characters trying to inject commands. Unfortunately, they actually did some sanity checking, and your maximum length to play with is a command about 4 characters long. Scratch that one off of the list.
The other script (ignoring the "proccgi" and "wagent" scripts) was called "jvsweb.cgi". A quick google, and someone said you can list video streams using this CGI in the form of :
http://192.168.1.20/cgi-bin/jvsweb.cgi?username=admin&password=&cmd=yst&action=get_video
There was also one called "webdevinfo". My curiosity was definitely piqued now. I tossed it in, and got a param error. A Russian page (https://habrahabr.ru/post/318572/) gave a bit more information that I could change the action to "list" (and better information on each of the commands in the webhelp, too) for most of those cmd's, and sure enough, I got a response for http://192.168.1.20/cgi-bin/jvsweb.cgi?username=admin&password=&cmd=webdevinfo&action=list :
{
"type": "ipc",
"hardware": "JVS-HI3516CS",
"firmware": "V2.2.2904",
"manufacture": "JVS-HI3516CS",
"sn": "S509233745",
"model": "ipc-module",
"channelCnt": 1,
"streamCnt": 3,
"ystChannelNo": [1, 2, 3, 0, 8, 0, 8, 0, 8, 0, 8, 0, 8, 0, 49316, 19032, 35896, 54, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 49048, 19032, 48912, 19032, 38256, 386, 45380, 16436, 2848, 16437, 200, 0, 2848, 16437, 0, 0, 0, 0, 16487, 50277, 16487, 50277, 45380, 16436, 49088, 19032, 1216, 19033, 2384, 19033, 63192, 16398, 49088, 19032, 16487, 50277, 45380, 16436, 60304, 375, 46392, 16436, 338, 0, 46392, 16436, 16487, 50277, 16487, 50277, 45380, 16436, 49144, 19032, 1216, 19033, 46392, 16436, 16487, 50277, 16487, 50277, 45380, 16436, 49168, 19032, 1216, 19033, 46392, 16436, 16487, 50277, 16487, 50277, 45380, 16436],
"name": "Camera",
"date": "2000-01-01 09:11:37",
"bSntp": 1,
"sntpInterval": 24,
"ntpServer": "192.168.1.1",
"tz": 8,
"bDST": 0
}
It is amazing to me that such a cheap, "anonymous" camera has such a good picture, and yet such a lack of controls in that "dial home" tendency.
Subscribe to:
Posts (Atom)