Universal Radio Hacker

If you are fascinated by stories you read on sites like Hackaday in which people reverse engineer wireless protocols, you may have been tempted to hook up your RTL-SDR stick and have a go for yourself. Unfortunately then you may have encountered the rather steep learning curve that comes with these activities, and been repelled by a world with far more of the 1337 about it than you possess. You give up after an evening spent in command-line dependency hell, and move on to the next thing that catches your eye.

You could then be interested by [Jopohl]’s Universal Radio Hacker. It’s a handy piece of software for investigating unknown wireless protocols. It supports a range of software defined radios including the dirt-cheap RTL-SDR sticks, quickly demodulates any signals you identify, and provides a whole suite of tools to help you extract the data they contain. And for those of you scarred by dependency hell, installation is simple, at least for this Hackaday scribe. If you own an SDR transceiver, it can even send a reply.

To prove how straightforward the package is, we put an RTL stick into a spare USB port and ran the software. A little investigation of the menus found the spectrum analyser, with which we were able to identify the 433 MHz packets coming periodically from a wireless thermometer. Running the record function allowed us to capture several packets, after which we could use the interpretation and analysis screens to look at the binary stream for each one. All in the first ten minutes after installation, which in our view makes it an easy to use piece of software. It didn’t deliver blinding insight into the content of the packets, that still needs brain power, but at least if we were reverse engineering them we wouldn’t have wasted time fighting the software.

We’ve had so many reverse engineering wireless protocol stories over the years, to pick only a couple seems to miss the bulk of the story. However both this temperature sensor and this weather station show how fiddly it can be without a handy software package to make it easy.

Via Hacker News.

Jean-Luc PYcARD is a Pocketable Python Development Platform

It’s a good thing that a ridiculous pun and a screenprint of Jean-Luc Picard on the bottom of the board is enough to qualify for the 2017 Hackaday Sci-Fi Contest, because [bobricius]’s Python-plus-Arduino card and environmental sensor potpourri is very cool.

The PCB design itself is great. It’s got a gigantic LED array, cutout for a wrist strap, and an onboard USB plug so you can program it just by sticking it in your computer; it shows up as a USB mass storage device when you plug it in. The files that show up on the “drive” are Micropython code that you can edit, save, and then run directly on the device. You can hardly beat that for convenience.

And there’s a full complement of sensors: not one but two temperature and humidity sensors, including our recent favorite BME280, which also reads barometric pressure. (We suspect that makes it a tri-corder.) There’s a real-time clock, a buzzer, and some buttons. Want to add more sensors? I2C ports are broken out for your convenience.

Besides having Star Trek flair, this board would give the various educational platforms a run for their money: Micro:bit, we’re looking at you. Very cool indeed!

What Is This, A Battle-Bot For Ants?

Instructables user [Team_Panic] — inspired by the resurgence of robot battle arena shows — wanted to dive in to his local ‘bot building club. Being that they fight at the UK ant weight scale with a cap of 150 grams, [Team_Panic] built a spunky little Arduino Mini-controlled bot on the cheap.

The Instructable is aimed at beginners, and so is peppered with sound advice. For instance, [Team_Panic] advises building from “the weapon out” as that dictates how the rest of the robot will come together around it. There are also some simple design considerations on wiring and circuit boards considering the robot in question will take a few hits, as well as instructions to bring the robot together. To assist any beginners in the audience, [Team_Panic] has provided his design for a simple, “slightly crude,” wedge-bot, as well as his code. Just don’t forget to change the radio pipe so you aren’t interfering with other bots!

Continue reading “What Is This, A Battle-Bot For Ants?”

MacGyvering Test Lead Clips

Okay fellow Make-Gyvers, what do you get when you cross a peripheral power cable jumper, a paperclip, springs, and some 3D-printed housings? DIY test lead clips.

Test clips are easily acquired, but where’s the fun in that? [notionSuday] started by removing the lead connectors from the jumper, soldering them to stripped lengths of paperclip, bent tabs off the connectors to act as stoppers, and slid springs over top. Four quick prints for the housings later, the paperclip assembly fit right inside, the tips bent and clipped to work as the makeshift clamp. Once slipped onto the ends of their multimeter probes, they worked like a charm.

Continue reading “MacGyvering Test Lead Clips”

Bring Saturday Mornings Back to Life with this Cartoon Server

It was an American ritual for over four decades: wake up early on Saturday morning, prepare a bowl of sugar, and occupy the couch for four glorious hours of cartoons. The only interruptions came when the least-significant sibling had to be commanded to get up to change the channel to one of the two other networks, or when your mom decided to vacuum the TV room. It was a beautiful ritual, but now it’s gone.

Or is it? If you really want to recapture your misspent youth, you can try this Raspberry Pi multi-channel cartoon server with retro TV display. [FozzTexx] started with a yard sale 13″ Zenith set, which languished in his shop for want of a mission. When he found a four-channel video modulator, he knew he had the makings of the full channel-changing Saturday morning experience.

Four Raspberry Pis were configured to serve up four separate streams of cartoons from his Plex server, and after a late Friday night of hacking the whole thing together, each stream was ready to go live at 7:00 AM on Saturday. [FozzTexx] thought of everything — from the pre-“broadcast day” test pattern to actual commercials spliced into the cartoons to the static between the channels, it’s all there in low-definition glory. He even printed up faux TV Guide pages! You can watch a brief demo on [FozzTexx]’ Twitter feed, or you can watch the entire 2-hour Periscope feed if you’re feeling nostalgic.

[FozzTexx] chose UHF channels for his “stations,” so if you want to replicate this build it may pay to bone up on analog TV tuner basics. Or if it’s just the retro look you’re going for, this custom case inspired by a 40s TV might be nice to check out.

Continue reading “Bring Saturday Mornings Back to Life with this Cartoon Server”

What the Flux: How Does Solder Work Anyway?

I’ve been soldering for a long time, and I take pride in my abilities. I won’t say that I’m the best solder-slinger around, but I’m pretty good at this essential shop skill — at least for through-hole and “traditional” soldering; I haven’t had much practice at SMD stuff yet. I’m confident that I could make a good, strong, stable joint that’s both electrically and mechanically sound in just about any kind of wire or conductor.

But like some many of us, I learned soldering as a practical skill; put solder and iron together, observe results, repeat the stuff that works and avoid the stuff that doesn’t. Seems like adding a little inside information might help me improve my skills, so I set about learning what’s going on mechanically and chemically inside a solder joint.

Continue reading “What the Flux: How Does Solder Work Anyway?”

SHAttered — SHA-1 is broken in

A team from Google and CWI Amsterdam just announced it: they produced the first SHA-1 hash collision. The attack required over 9,223,372,036,854,775,808 SHA-1 computations, the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations. While this may seem overwhelming, this is a practical attack if you are, lets say, a state-sponsored attacker. Or if you control a large enough botnet. Or if you are just able to spend some serious money on cloud computing. It’s doable. Make no mistake, this is not a brute-force attack, that would take around 12,000,000 single-GPU years to complete.

SHA-1 is a 160bit standard cryptographic hash function that is used for digital signatures and file integrity verification in a wide range of applications, such as digital certificates, PGP/GPG signatures, software updates, backup systems and so forth. It was, a long time ago, proposed as a safe alternative to MD5, known to be faulty since 1996. In 2004 it was shown that MD5 is not collision-resistant and not suitable for applications like SSL certificates or digital signatures. In 2008, a team of researchers demonstrated how to break SSL based on MD5, using 200 Playstations 3.

Early since 2005 theoretical attacks against SHA-1 were known. In 2015 an attack on full SHA-1 was demonstrated (baptized the SHAppening). While this did not directly translate into a collision on the full SHA-1 hash function due to some technical aspects, it undermined the security claims for SHA-1. With this new attack, dubbed SHAttered, the team demonstrated a practical attack on the SHA-1 algorithm, producing two different PDF files with the same checksum.

The full working code will be released in three months, following Google’s vulnerability disclosure policy, and it will allow anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images and some, not yet specified, pre-conditions.

For now, recommendations are to start using SHA-256 or SHA-3 on your software. Chrome browser already warns if a website has SHA-1 certificate, Firefox and the rest of the browsers will surely follow. Meanwhile, as always, tougher times are ahead for legacy systems and IoT like devices.