If you are curious about reading all the bits on a DVD, [tmbinc] has devised a hardware hack that uses a Pioneer DVD drive with leads soldered onto it and a Cypress FX2 microcontroller board to grab the flow of bits and push them over USB2.0. My favorite part of this tutorial is when you slow the spinning DVD down very slightly with your finger with a scope hooked up over what you believe to be the raw data stream from the disk. If the data rate slows when you physically slow down the disk, you probably are grabbing data from the correct pin. [tmbinc] even put together a software tool to process the resulting raw DVD data.

Figuring out the JTAG pinout on a device turns out to be the most time consuming hardware portion of many hacks. [hunz] started a project called JTAG Finder to automatically detect the JTAG pinouts on arbitrary devices using an 8bit AVR ATmega16/32L microcontroller. Check out the slides (PDF) from the talk as they break down how one finds JTAG ports on an arbitrary device, with or without a pinout detection tool. [hunz] is looking for people to pick up the project where he left off.

Once you determine the correct pinout, you will need a JTAG cable: there are two main types, buffered and unbuffered, both of which I have soldered up and tested from these circuit diagrams (image of completed buffered cable here). The software most hardware people use today are the openwince JTAG Tools. To get the JTAG Tools to compile, grab the latest source directly from their CVS repository.

The last time we featured JTAG was with regards to Linksys devices, but the tools listed above can be applied to any device with JTAG.

While [Will] goes and hides in his offshore datashelter, Hack-A-Day is happy to welcome back our veteran foreign correspondent [fbz]. She promises future posts will have far less ‘German by example’. -[Eliot]

The Fnordlicht is a color mixing LED platform with free hardware schematics and open source firmware initially started by [fd0]. The system is dynamically controllable (via RS-485) and can also work as a standalone with pre-loaded color mixing. I have one of these soldered up and working at home; the circuits come in a stack of three boards with an optional serial level shifter board add-on. There are project pages in German about the Fnordlicht as well, which include some photos of the first prototype. Full kits (“Fnordlicht Bausatz” means “Fnordlicht kit”) and printed circuit boards (“Fnordlicht Platinensatz ohne Bauteile” means “Fnordlicht circuit board set without parts”) can be purchased from their shop, but be sure to ask them first about shipping prices to your location. I love this project, I fire it up and stick it in a corner of my hack room to add some color-changing atmosphere.

A while ago [Eliot] covered the MoMolight, a color changing led project controlled by the colors playing on your monitor.

Now that the CCC is over, we finally dug ourselves out of a ginormous pile of cables (Kabelsalat ist gesund!) to bring you this round up post about the best stuff from the last two days of the con.

First up on day 10 was I See Airplanes!, Eric Blossom’s excellent speech on creating hardware for making homebrew radars and software using the GnuRadio project. He uses bistatic passive receivers in the 100 MHz range doing object detection using other peoples’ transmitters. The project has a lot yet to accomplish including the use of helical filters (if there are any antenna freaks reading this, contact Eric, he’s looking for a bit of help).

Next on the third day we attended Ilja van Sprundel‘s huge fuzzing  extravaganza. Fuzzers generate bad data that is designed to look like good data and will hopefully break something in an interesting way. Our fav part? When the list of irc clients broken by his ircfuzz tool was so long he had to use 10pt font to get it all on one slide (see slide 53)! His paper can be found here and the slides here.

We then wandered to Harald Welte‘s talk on hacking the Motorola EZX series phones (which we’ve reported on here before). In case you forgot, the EZX series has a linux kernel. Incidentally the phone runs lots of stuff it really doesn’t need (like glibc, 6 threads for just sound processes, and even inetd). He presented the project for the first time in an official context since we saw him at 0Sec in October. Apparently lots of kinks have been worked out and there’s an official code source tree here.

The clincher for day 11 was FX and FtR of Phenoelit‘s semi-controversial talk on Blackberry security (covering both handheld devices and server based RIM products). This talk was a bit of a wake up call for RIM and thus the slides are still not available online so keep a sharp eye out for the video when it’s released by the CCC.

Also available from the CCC are the full proceedings in a downloadable pdf (also available in paper format for you physical-space-doodle-in-the-margin freaks).

Read the rest of this entry »

Today and yesterday’s 22C3 included tons of fun hacker stuff. Highlights from day 00 and 01 included a slew of topics from politics to hardcore geekery. We toured the CCC‘s annual hackfest to bring you the best of the new hacks.

We commence our tour with Hack-A-Day’s friend Dan “I Like Big Graphs and I Cannot Lie” Kaminsky. Dan presented yummy OpenGL graphics and DNS cache proof of the Sony Rootkit around the world. He also released Xovi, a tool which allows you to do network visualizations in realtime. Realtime: we dig it.

Next on to fun scanning of 3G wireless networks! The team of btk and ahzf presented a rather thorough intro to GPRS/UMTS packet theory (we use the term theory rather concretely here because packet loss and lag are rampant on cellphone based data networks all over the world). Slides for the talk in PDF format are here. They showed how to circumvent packet filtering / port filtering / data type filtering on data networks. This can be extremely useful when trying to run VoIP applications over a cellphone network since they are usually blocked.

Also of note was the talk on IrDA hotel system hacking presented by Major Malfunction. Which we mentioned when we were at Toorcon.

Read the rest of this entry »

Hack-A-Day is here at 22C3: Private Investigations, the Chaos Computer Club‘s annual hacker conference in snow covered Berlin, Germany. The CCC’s annual Congress is the European answer to Las Vegas located DEFCON. This 22nd annual conference has been lengthened from three days to four to be able to accommodate more talks.

We’ll be here all week reporting on the coolest hardware hack topics at the conference from talks to Blinkenlights. If you’re here, drop us a line in the comments!

Read the rest of this entry »

We’ve posted Part Two of the Magic Phone How-To over at Engadget. In this Installment, we show you the process behind creating the custom circuit that will live inside the rotary phone. This circuit is as small as possible by making it two-sided and by using surface mount components. Part One of the How-To covered number pad matrix decoding on just about any phone or number pad.

Read the rest of this entry »

For this week’s Nano Hack we will cover how to get power off your iPod Nano’s battery. Power can be useful when you need to run other small low power devices in conjunction with the Nano. These devices can be small circuits, lights, etc. In next week’s installment we will use the power we draw to power a glowing sleeve for the iPod Nano.

What you will need:
– an iPod connector cable to cannibalize (we used a Dock Connector to USB 2.0 + FireWire)
– a multimeter
– a soldering iron
– some sort of thin knife or miniature flat head screwdriver to pry open the connector

Read the rest of this entry »