Taking Pictures with a DRAM Chip


DRAM Image

This picture was taken by using a DRAM chip as an image sensor (translated). A decapped 64k DRAM chip was combined with optics that could focus an image onto the die. By reading data out of the DRAM, the image could be constructed.

DRAM is the type of RAM you find on the RAM cards inserted into your motherboard. It consists of a massive array of capacitors and transistors. Each bit requires one transistor and one capacitor, which is quite efficient. The downside is that the memory needs to be refreshed periodically to prevent the capacitors from discharging.

Exposing the capacitor to light causes it to discharge faster. Once it has discharged past a certain threshold, the bit will flip from one to zero. To take a picture, ones are written to every bit in the DRAM array. By timing how long it takes a bit to flip from one to zero, the amount of light exposure can be determined. Since the DRAM is laid out in an array, each bit can be treated as a pixel to reconstruct the image.

Sure, modern CCDs are better, cheaper, and faster, but this hack is a neat way to totally re-purpose a chip. There’s even Turbo Pascal source if you’d like to recreate the project.

Thanks to [svofski] for the tip.

Powering a RPi with Hydrogen


Looking for a new way to power your Raspberry Pi? The raspberryHy project aims to develop a small fuel cell designed for powering the credit card sized computer. It adds a proton exchange membrane (PEM) fuel cell, a battery, and custom control electronics to the Pi.

The system takes hydrogen in from a compressed hydrogen cartridge and feeds it through a regulator. This passes the hydrogen into the PEM fuel cell at the correct pressure, and creates a potential. The control electronics boost that voltage up to the 5 V required on the Pi’s USB port. There’s also an electronically controlled purge valve which periodically exhausts the fuel cell.

There’s a few reasons you might want to run your Pi with hydrogen. Run time of the fuel cell is limited only by the amount of hydrogen you can store. In theory, you could connect a large cylinder for very long run times. Combined with a battery, this could be quite useful for running Pis in remote locations, or for long-term backup power. The raspberryHy will be presented at Hannover Fair 2014 this month.

Arduino Controlled Dahlander Motor Switch


Dahlander Switch

[Jean-Noel] is fixing a broken Lurem woodworking machine. This machine uses a three-phase Dahlander motor, which has three operation modes: stop, half speed, and full speed. The motor uses a special mechanical switch to select the operating mode. Unfortunately, the mechanical bits inside the switch were broken, and the motor couldn’t be turned on.

To solve the problem without sourcing a new switch, [Jean-Noel] built his own Arduino based Dahlander switch. This consists of three relays that select the wiring configuration for each speed mode. There’s also a button to toggle settings, and two lamps to show what mode the motor is currently in.

The Arduino runs a finite-state machine (FSM), ensuring that the device transitions through the modes in the correct order. This is quite important, since the motor could be damaged if certain restrictions aren’t followed. The state machine graph was generated using Fizzim, a free tool that generates not only FSM graphs, but also Verilog and VHDL code for the machines.

The final product is housed in a DIN rail case, which allows it to be securely mounted along with the rest of the wiring. The detailed write-up on this project explains all the details of the motor, and the challenges of building this replacement switch.

[Bunnie] Launches the Novena Open Laptop

Novena Laptop

Today [Bunnie] is announcing the launch of the Novena Open Laptop. When we first heard he was developing an open source laptop as a hobby project, we hoped we’d see the day where we could have our own. Starting today, you can help crowdfund the project by pre-ordering a Novena.

The Novena is based on the i.MX6Q ARM processor from Freescale, coupled to a Xilinx Spartan 6 FPGA. Combined with the open nature of the project, this creates a lot of possibilities for using the laptop as a hacking tool. It has dual ethernet, for routing or sniffing purposes. USB OTG support lets the laptop act as a USB device, for USB fuzzing and spoofing. There’s even a high speed expansion bus to interface with whatever peripheral you’d like to design.

You can pre-order the Novena in four models. The $500 “just the board” release has no case, but includes all the hardware needed to get up and running. The $1,195 “All-in-One Desktop” model adds a case and screen, and hinges open to reveal the board for easy hacking. Next up is the $1,995 “Laptop” which includes a battery control board and a battery pack. Finally, there’s the $5000 “Heirloom Laptop” featuring a wood and aluminum case and a Thinkpad keyboard.

The hardware design files are already available, so you can drool over them. It will be interesting to see what people start doing with this powerful, open computer once it ships. After the break, check out the launch video.

[Read more...]

MSP430-Based CTF Hardware Hacking Challenge

Hardware 'Flag'

Hacking conferences often feature a Capture the Flag, or CTF event. Typically, this is a software hacking challenge that involves breaking into targets which have been set up for the event, and capturing them. It’s good, legal, hacking fun.

However, some people are starting to build CTFs that involve hardware hacking as well. [Balda]‘s most recent hardware hacking challenge was built for the Insomni’hack 2014 CTF. It uses an MSP430 as the target device, and users are allowed to enter commands to the device over UART via a Bus Pirate. Pull off the exploit, and the wheel rotates to display a flag.

For the first challenge, contestants had to decompile the firmware and find an obfuscated password. The second challenge was a bit more complicated. The password check function used memcpy, which made it vulnerable to a buffer overflow attack. By overwriting the program counter, it was possible to take over control of the program and make the flag turn.

The risk of memcpy reminds us of this set of posters. Only abstaining from memcpy can 100% protect you from overflows and memory disclosures!


NFC Ring Unlocks Your Phone

NFC Ring

This little ring packs the guts of an NFC keyfob, allowing [Joe] to unlock his phone with a touch of his finger.

The NFC Ring was inspired by a Kickstarter project for a similar device. [Joe] backed that project, but then decided to build his own version. He took apart an NFC keyfob and desoldered the coil used for communication and power. Next, he wrapped a new coil around a tube that was matched to his ring size. With this assembly completed, epoxy was used to cast the ring shape.

After cutting the ring to size, and quite a bit of polishing, [Joe] ended up with a geeky piece of jewelry that’s actually functional. To take care of NFC unlocking, he installed NFC LockScreenOff. It uses Xposed, so a rooted Android device is required.

We’ll have to wait to see how [Joe]‘s homemade solution compares to his Kickstarter ring. Until then, you can watch a quick video of unlocking a phone with the ring after the break.

[Read more...]

Hacking Rolling Code Keyfobs



Most keyfobs out there that open cars, garage doors, and gates use a rolling code for security. This works by transmitting a different key every time you press the button. If the keys line up, the signal is considered legitimate and the door opens.

[Spencer] took a look into hacking rolling code keyfobs using low cost software-defined radio equipment. There’s two pars of this attack. The first involves jamming the frequency the keyfob transmits on while recording using a RTL-SDR dongle. The jamming signal prevents the receiver from acknowledging the request, but it can be filtered out using GNU Radio to recover the key.

Since the receiver hasn’t seen this key yet, it will still be valid. By replaying the key, the receiver can be tricked. To pull off the replay, GNU Radio was used to demodulate the amplitude shift keying (ASK) signal used by the transmitter. This was played out of a computer sound card into a ASK transmitter module, which sent out a valid key.