Developed On Hackaday: Chrome/Firefox Apps/Extensions Developers Needed

The Hackaday community is currently working on an offline password keeper, aka Mooltipass. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating and storing long and complex random passwords for the different websites you use daily. The Mooltipass is a standalone device connected through USB and is compatible with all major operating systems on PCs, Macs and Smartphones. More details on the encryption and technical details can be found on our github repository readme or by having a look at all the articles we previously published on Hackaday.

Our beta testers are now using their prototypes daily and their feedback allowed us to considerably improve the Mooltipass. The firmware development is coming to an end as most functionalities have been implemented in the last few weeks. The development team is therefore turning his attention to the Chrome/Firefox plugins and needs your help to finish them in a timely manner. As you can guess, our goal is to provide a slick and intuitive interface for all of the Mooltipass features. If you have (a lot of) spare time, knowledge of the browsers APIs, feel free to leave a comment below with a valid email address!

Bit-banging Ethernet On An ATTiny85

Ethernet bit banging

[Cnlohr] just published an ingenious but dangerous way to send Ethernet packets using an ATTiny85. The ATtiny directly drives one pair of differential TX wires of a standard Ethernet cable. Doing so will force the TX signal ground to be the same as the ATTiny’s and in some cases may put 48V on your AVR if your cable is plugged into a Power Over Ethernet switch… which may be a problem.

In the video embedded below [cnlhor] explains that the microcontroller is clocked at 20Mhz to bit-bang the Manchester encoded electrical signals. Using a neat trick his home switch will detect his platform as a 10MBit Ethernet switch which can then send hard-coded packets to his computer. As you can guess, each of this packets takes quite a bit of space inside the ATTiny’s flash memory: 2+Kbytes. All of the code used may be downloaded on the creator’s GitHub repository, though he constantly warned us that it shouldn’t be used for real life applications.

Edit: One of our readers also let us know of a similar awesome project called the IgorPlug-UDP. Make sure to check it out!

Continue reading “Bit-banging Ethernet On An ATTiny85″

ARM-BMW, The Open Hardware Cortex-M0 Development Board

[Vsergeev] tipped us about a neat Cortex-M0 based development board with a total BoM cost under $15. It’s called the ARM Bare Metal Widget (ARM-BMW), focuses on battery power, non-volatile storage and debuggability.

The chosen micro-controller is the 50MHz NXP LPC1114DH28 which provides the user with 32kB of Flash, 8kB of SRAM, a 6 channel ADC and I2C/SPI/UART interfaces among others. The ARM-BMW contains a 2Mbyte SPI flash, an I2C I/O expander, several headers for expansion/debug purposes, 4 LEDs, 2 buttons, 2 DIP switches and finally a JTAG/SWD header for flashing and debugging. As you can see in the picture above you may either populate your own HC49UP crystal or use the internal 12MHz RC oscillator.

The platform can be powered using either a USB cable or a LiPo battery. As you can guess it also includes a much-needed battery charger (the MCP73831T) and a switched capacitor DC/DC converter to supply 3.3V. You may find all the files on the hardware or software repositories.

Ask Hackaday: Can Paper USB Business Cards Exist?

swivel business card

The swivelCard Kickstarter campaign recently received a lot of press coverage and makes some impressive claims as their goal is the development of USB and NFC business cards at a $3 unit price. While most USB-enabled business cards we featured on Hackaday were made of standard FR4, this particular card is made of paper as the project description states the team patented

a system for turning regular paper into a USB drive.

As you can guess this piqued our interest, as all paper based technologies we had seen until now mostly consisted of either printed PCBs or paper batteries. ‘Printing a USB drive on regular paper’ (as the video says) would therefore involve printing functional USB and NFC controllers.

Luckily enough a quick Google search for the patents shown in one of the pictures (patent1, patent2) taught us that a storage circuitry is embedded under the printed USB pads, which may imply that the team had an Application-Specific Integrated Circuit (ASIC) designed or that they simply found one they could use for their own purposes. From the video we learn that ‘each card has a unique ID and can individually be programmed’ (the card, not the UID) and that it can be setup to open any webpage URL. The latter can even be modified after the card has been handed out, hinting that the final recipient would go to a ‘www.swivelcard.com/XXXX” type of address. We therefore got confused by

Imagine giving your business card with pictures, videos, presentations, and websites for the recipient to interact with!

paragraph that the project description contains.

This leads us to one key question we have: what kind of USB drive can make a given user visit a particular website, given that he may have Linux, Windows, Mac or any other OS? They all have similar USB enumeration processes and different key strokes to launch a browser… our wild guess is that it may be detected as storage with a single html file in it. Unfortunately for us the USB detection process is not included in the video.

Our final question: Is it possible to embed both USB and NFC controllers in a thin piece of paper without worrying about broken ICs (see picture above)? NFC enabled passports have obviously been around for a long time but we couldn’t find the same for USB drives.

Possible or not, we would definitely love having one in our hands!

Edit: One of our kind readers pointed out that this campaign actually is a re-launch of a failed indiegogo one which provides more details about the technology and confirms our assumptions.

Phone Gyroscope Signals Can Eavesdrop on Your Conversations

A gyroscope is a device made for measuring orientation and can typically be found in modern smartphones or tablet PCs to enable rich user experience. A team from Stanford managed to recognize simple words from only analyzing gyroscope signals (PDF warning). The complex inner workings of MEMS based gyroscopes (which use the Coriolis effect) and Android software limitations only allowed the team to only sniff frequencies under 200Hz. This may therefore explain the average 12% word recognition rate that was achieved with custom recognition algorithms. It may however still be enough to make you reconsider installing an app that don’t necessarily need access to the on-board sensors to work. Interestingly, the paper also states that STMicroelectronics currently have a 80% market share for smartphone / Tablet PCs gyroscopes.

On the same topic, you may be interested to check out a gyroscope-based smartphone keylogging attack we featured a couple of years ago.

A MIPI DSI Display Shield/HDMI Adapter

MIPI DSI shield

[Tomasz] tipped us about the well documented MIPI DSI Display Shield / HDMI Adapter he put on hackaday.io. The Display Serial Interface (DSI) is a high speed packet-based interface for delivering video data to recent LCD/OLED displays. It uses several differential data lanes which frequencies may reach 1 GHz depending on the resolution and frame rate required.

The board explained in the above diagram therefore allows any HDMI content to be played on the DSI-enabled scrap displays you may have lying around. It includes a 32MB DDR memory which serves as a frame buffer, so your “slow” Arduino platform may have enough time to upload the picture you want to display.

The CP2103 does the USB to UART conversion, allowing your computer to configure the display adapter internal settings. The platform is based around the XC6SLX9 Spartan-6 FPGA and all the source code may be downloaded from the official GitHub repository, along with the schematics and gerbers. After the break we’ve embedded a demonstration video in which a Raspi drives an iPhone 4 LCD.

Continue reading “A MIPI DSI Display Shield/HDMI Adapter”

Developed On Hackaday: Beta Testers And Automated Testing

Mooltipass with Holder

At Hackaday we believe that your encrypted vault containing your credentials shouldn’t be on a device running several (untrusted) applications at the same time. This is why many contributors and beta testers from all over the globe are currently working on an offline password keeper, aka the Mooltipass.

Today we’re more than happy to report that all of our 20 beta testers started actively testing our device as they received the v0.1 hex file from the development team. Some of them had actually already started a few days before, as they didn’t mind compiling our source files located on our github repository and using our graphics generation tools. We are therefore expecting (hopefully not) many bug reports and ways to improve our device. To automatize website compatibility testing, our beta tester [Erik] even developed a java based tool that will automatically report non-working pages found inside a user generated list. You may head here to watch a demonstration video.