A better way to hack iClass RFID readers

iClass is an RFID standard that is aimed at better security through encryption and authentication. While it is more secure than some other RFID implementations, it is still possible to hack the system. But initial iClass exploits were quite invasive. [Brad Antoniewicz] published a post which talks about early attacks on the system, and then demonstrates a better way to exploit iClass readers.

We remember seeing the talk on iClass from 27C3 about a year and a half ago. While the technique was interesting, it was incredibly invasive. An attacker needed multiple iClass readers at his disposal as the method involved overwriting part of the firmware in order to get a partial dump, then patching those image pieces back together. [Brad] makes the point that this is fine with an off-the-shelf system, but high-security installations will be using custom images. This means you would need to get multiple readers off the wall of the building you’re trying to sneak into.

But his method is different. He managed to get a dump of the EEPROM from a reader using an FTDI cable and external power source. If you wan to see how he’s circumventing the PIC read protection you’ll have to dig into the source code linked in his article.

World’s oldest functioning digital computer reminds us of a telephone exchange

This is the WHICH, the Wolverhampton Instrument for Teaching Computing from Harwell. It is the oldest functioning digital computer and thanks to a lengthy restoration process you can go and see it in person at The National Museum of Computing in Milton Keynes (Northwest of London in the UK).

The system was first put into operation in 1951. It’s function is both familiar and foreign. First off, it uses decimal rather than binary for its calculations. And instead of transistors it uses electromechanical switches like are found in older automatic telephone exchanges. This makes for very noisy and slow operation. User input is taken from strips of paper with holes punched in them. As data is accumulated it is shown in the registers using decatrons (which have since become popular in hobby projects). Luckily we can get a look at this in the BBC story about the WITCH.

According to the eLinux page on the device, it was disassembled and put into storage from 1997 until 2009. At that point it was loaned to the museum and has been undergoing cleaning, reassembly, and repair ever since.

[Thanks David]

.NET Micro framework used for a prompt-based computer

[Tom] is doing a little show and tell with his latest .NET Micro framework based project. He managed to get a prompt-based computer running on a FEZ Cobra board.

A USB keyboard serves as the input device. To give himself a familiar way to navigate and execute programs [Tom] mimicked the functionality of DOS. Above you can see the familiar format of the directory listings as he navigates the data on an SD card. But this goes deeper than changing directories and listing files. He also has access to commands which control peripherals, showing manipulation of the WiFi connection and demonstrating some simple code to show images on the screen. Since the hardware centers around the .NET MF, any compiled binary for that environment can be executed from the prompt as well.

See a complete demonstration of the project embedded after the break.

[Read more...]

Dimming the living room lights using your TV remote

As part of a complete home theater setup [Andy] wanted to be able to control the lights from his couch. He started thinking about the best way to do this when he realized that his TV remote has buttons on it which he never uses. Those controls are meant for other components made by the same manufacturer as the TV. Since he doesn’t have that equipment on hand, he built his own IR receiver to switch the lights with those unused buttons.

He monitors and IR receiver using an AVR microcontroller. It is powered from mains via the guts from a wall wart included in the build. Also rolled into the project is a solid state relay capable of switching the mains feed to the light circuit. [Andy] mentions that going with a solid state part mean you don’t get that clicking associated with a mechanical relay. An electrical box extension was used to give him more room for mounting the IR receiver and housing his DIY circuit board.

Discrete 6502 processor sucked into Linux by a BeagleBone

Often when we see projects using embedded Linux we think of them as not being hardware hacks. But this is a horse of an entirely different color. [Matt Porter] is leveraging a little known feature to directly access a 6502 processor from inside a Linux environment. In other words, this hack lets you write code for a 6502 processor, then load and execute it all from the same Linux shell.

The project leverages the best parts of the BeagleBone, which is an ARM development board running embedded Linux. It’s got a lot of GPIO pins that are easy to get via the boards pin sockets. And the design of the processor makes it fast enough to work well as a host for the 6502 chip. Which brings us back to how this is done. The Linux kernel has support for Remote Processors and that’s the route [Matt] traveled. With everything wired up and a fair amount of kernel tweaking he’s able to map the chip to the /dev/bvuart directory. If you want all the details the best resource is this set of slides (PDF) from his talk at Embedded Linux Conference – Europe.

This is one way to get out of all that hardware work [Quinn Dunki] has been doing to build her own computer around a 6502 chip.

[Thanks Andrew via Dangerous Prototypes]

Outlet charging station retrofitted with the guts of a WiFi router

While wandering around the aisles of his local electronics store this Westinghouse USB charging station caught [James'] eye. He sized it up and realized it would make the perfect enclosure for a small WiFi router. And so began his project to turn a TP-Link TL-WR703N into a DIY Pwn Plug.

The basic idea is to include hidden capabilities in an otherwise normal-looking device. For instance, take a look at this ridiculously overpriced power strip that also happens to spy on your activities. It doesn’t sound like [James] has any black hat activities planned, but just wanted an interesting application for the router.

He removed the original circuit board from the charging station to make room for his own internals. He inserted a cellphone charger to power the router, then desoldered the USB ports and RJ-45 connector for the circuit board to be positioned in the openings of the case. He even included a headphone jack that breaks out the serial port. There’s a lot of new stuff packed into there, but all of the original features of the charging station remain intact.

Pick and place that can’t pick or place… but it looks very promising

This sexy piece of CNC can really fly. It’s a pick and place machine which [Danh Trinh] has been working on. The thing is, so far it lacks the ability to move components at all. But the good news is the rest of the system seems to be there.

He posted a demo video of his progress so far which you can see embedded after the break. He starts of by showing off his computer vision software which he wrote in C#. The demonstration includes the view from the gantry-mounted camera, as well as the computer filtering which seems to accurately locate the solder pads and silk screen on the PCB. The second half of the video looks at the hardware seen above. It’s just executing some static code but the whine of those stepper motors is music to our ears. [Danh] reports that the movements of the needle that will eventually serve as the tip of the vacuum tweezer seem to be very accurate.

These home-built pick and place projects are quite a challenge, but we’ve seen a lot of really awesome work on them lately.

[Read more...]