# Investigating the strength of the 4-digit PIN

If we wanted to take a look at the statistics behind 4-digit pin numbers how could we do such a thing? After all, it’s not like people are just going to tell you the code they like to use. It turns out the databases of leaked passwords that have been floating around the Internet are the perfect source for a little study like this one. One such source was filtered for passwords that were exactly four digits long and contained only numbers. The result was a set of 3.4 million PIN numbers which were analysed for statistical patterns.

As the cliché movie joke tells us, 1234 is by far the most commonly used PIN to tune of 10% (*facepalm*). That’s followed relatively closely by 1111. But if plain old frequency were as deep as this look went it would make for boring reading. You’ll want to keep going with this article, which then looks into issues like ease of entry; 2580 is straight down the center of a telephone keypad. Dates are also very common, which greatly limits what the first and last pair of the PIN combination might be.

We’ll leave you with this nugget: Over 25% of all PINs are made of just 20 different number (at least from this data set).

[Thanks Awjlogan]

# How to build an extremely powerful nerf gun

[TopCityGear] was trying out a piece of PVC as a blow gun barrel when he thought he’d try to give it a little more power than what his lungs could put out. What he came up with is this air-powered Nerf gun that definitely leaves a mark. The video after the break is a show-and-tell, a build log, and finally a demonstration of its power. He adds a nail to a Nerf dart and drives it through a board, then leaves a huge welt on his poor friends chest with a plain old foam dart. It reminds us of those riot guns that shoot bean bags.

The air is stored in that twelve-inch PVC reservoir. On the rear cap there’s a Schrader valve for pressurizing the tank with a compressor or even a bike pump. The grip is a gutted cordless drill whose battery doubles as the power source for the electric sprinkler valve which fires the gun. The screw fitting just in front of the hand grip lets him remove the barrel so that the projectile can be inserted.

This reminds us of that gun which shoots water-filled ping-pong balls.

# Thousands of physical pixels turn these walls into a huge display

The scale of this project is daunting. Each of the three white walls seen in the image above is made up of thousands of oblong square blocks. The blocks move independently and turn the room into an undulating 3D display.

If it had only been the demonstration video we might have run this as a “Real or Fake” post, but we’re certain this is real. Each pixel is made of what looks like a foam block mounted on a stepper-motor-driven linear actuator. So basically this must have set the world record for the CNC machine with the most axes. The motors make for very accurate and smooth motion, and the control software lets them draw shapes, words, animated objects, and the like. But the one side effects that we absolutely adore is the sound all of these motors make when running. After the break you can see a demo video and a ‘making of’ clip.

The installation is the work of the Jonpasang art collective and is installed as a Hyundai exhibit at an expo in Korea.

The WiFi adapter in your laptop has a special mode – monitor mode – that can be used to listen in on WiFi traffic and, with a little patience, can be used to crack a WEP password. Surprisingly, this monitor mode can’t be found on any Android device due in part to the limitations of the hardware. A group of three researchers, [Ruby], [Yuval], and [Omri], decided to spend their vacation adding monitor mode to their Android smartphones, allowing for a much more portable version of WiFi pwnage tools.

The phones used by the researchers – the Nexus One and Galaxy S II – used Broadcom chipsets that didn’t support monitor mode. To get around this limitation and allow the OS to see full 802.11 frames the team needed to reverse engineer the firmware of this Broadcom radio chip.

The team has released a firmware update for the bcm4329 and bcm4330 chipsets found in the Nexus One and Galaxy S II. The update may work for other phones with the same chipset, but don’t take our word on that.

There’s still a lot of work [Ruby], [Yuval], and [Omri] need to do. They’d like to add packet injection to their firmware hack, and of course create an APK to get this into the wild more easily.

If you have experience with kernel development and would like to help out, send the team an email. The source can be found at google code  if you’d like to play around with it.

# Tuitwall uses PHP-fed Arduino to display tweets

[Santiago] recently completed this project which he calls Tuitwall. It will display your Twitter feed on an LED matrix. The method he used to put it together will come in handy for any project where you need to scrape information from the Internet.

The project does require a server in addition to the Arduino hardware seen above. On the Arduino side [Santiago] uses an Ethernet shield and an LED matrix which is addressed via SPI. The server is running a PHP script which takes advantage of the twitteroauth library to handle authentication.

There’s a little bit of configuration to be done, most of it having to do with how Twitter handles 3rd party applications. But once everything is set up you can take the hardware with you and plug it into any network (as long as it offers DHCP). With this framework as a guide it’s a snap to bend it to your will. It could be used as an RSS reader, time and temperature, server farm status, a prank ticket displaying fake headlines, etc.

# Programming without a toolchain; crafting PIC op code by hand

We’ve been living a life of luxury, writing our microcontroller code in a text editor and using — of all things — a compiler to turn it into something the chip can use. [Dan Amlund Thomsen] shows us a different way of doing things. He’s actually crafting the operation codes for a PIC microcontroller by hand. We’re glad he’s explained this in-depth because right now we feel way over our heads.

His program is pretty simple, it blinks a single LED and he’s chosen t work with a PIC 12F1840. The first order of business is to issues the words that configure the chip using 14-bit binary values from the datasheet. From there he goes on to write the program in assembly code. At this point he could pretty much just run this through the assembler, but he’s really just getting started now. He walks through the format necessary to package the configuration words, then goes on to illustrate the translation of assembly commands to binary op codes. We’re not sure we’ll ever get around to trying this ourselves, but it was certainly fun to read about it.

# Self monitoring a home alarm system

[Lior] wanted to cancel the monitoring system for his home’s alarm, but he didn’t want to stop using the alarm all together. The trick is to rig up some way to monitor it himself. It would have been simple to have it just call him instead of the alarm company since the system just uses a telephone connection. But this would require that he have a land line for it to connect to, and when it calls him he would have no idea what part of the system had been set off. He developed a way to have the system text message him with all of the available details.

An Arduino controls the system, with a SIM900 GSM shield to hand the cell side of things. The board to the left emulates the standard telephone line, with an M8870 DTMF touch tone decoder to figure out what the alarm system is telling him. He also needed to implement touch tone generation to talk back to the system. His write-up includes links to other articles he posted about hardware, software, and protocol specifics.