Tie-Fighter Quadcopters Anyone Can Build

These are things of beauty, and when in flight, the Tie Fighter Quadcopters look even better because the spinning blades become nearly transparent. Most of the Star Wars-themed quadcopter hacks we’ve seen are complicated builds that we know you’re not even going to try. But [Cuddle Burrito’s] creations are for every hacker in so many different ways.

tie-fighter-drone-partsFirst off, he’s starting with very small commodity quadcopters that are cheap (and legal) for anyone to own and fly. Both are variations of the Hubsan X4; the H107C and the H107L. The stock arms of these quadcopters extend from the center of the chassis, but that needs to change for TFFF (Tie Fighter Form Factor). The solution is of course 3D Printing. The designs have been published for both models and should be rather simple to print.

ABS is used as the print medium, which makes assembly easy using a slurry of acetone and ABS to weld the seams together. Motor wires need to be extended and routed through the printed arms, but otherwise you don’t need anything else. Even the original screws are reused in this design. Check out test flights in the video after the break As for the more custom builds we mentioned, there’s the Drone-enium Falcon.

Continue reading “Tie-Fighter Quadcopters Anyone Can Build”

Hackaday Europe: Call for Proposals

Hackaday is coming to Europe in April. The world’s most superb conference on hardware creation starts with you. Please submit your proposal to present a talk or workshop at 2016 Hackaday | Belgrade, Hackaday’s first-ever European conference.

Put it on your calendar: Saturday, April 9th in Belgrade, Serbia. We have a lineup spanning from 10am to 2am, and we’re building on the best of the inaugural SuperConference we held last November: a single track of hardware talks which will run concurrently with a set of hands-on workshops. The surprise hit from that conference was badge hacking, which will be expanded and extended into the wee hours of the morning. While that is in progress, a party with two stages will spin up with performances by Infinite Jest, Grupa TI, and DJ sets.

Tickets go on sale the first week of February. Voja Antonic, who does amazing work with PCBs and badge designs, is building the conference badge. The cost of the admission will be just enough to cover the cost of the badge. We’re keeping the admission cost so low to help offset your travel costs. Belgrade is gorgeous in April, and getting there from other parts of Europe is very affordable. This event will sell out so get organized and make sure you and your fellow hardware hackers get tickets early.

Many of the Hackaday crew will be on hand. We’re likely to have a less-formal meetup (hangover brunch?) on Sunday. Check out the Hackaday | Belgrade planning page to discuss this and learn more about the conference as it comes together. See you in Belgrade!

Shmoocon 2016: Hackers for Charity

To one side of the “Chill Room” at this year’s Shmoocon were a few tables for Hackers for Charity. This is an initiative to make skills-training available for people in Uganda. The organization is completely supported by the hacker community.

Hackers for Charity was founded by Johnny Long about seven years ago. He had been working as a penetration tester but you perhaps know him better from his many books on hacking. Having seen the lack of opportunity in some parts of the world, Johnny started Hackers for Charity as a way to get used electronics and office equipment into the hands of people who needed it most. This led to the foundation of a school in Uganda that teaches technology skills. This can be life-changing for the students who go on to further schooling, or often find clerical or law enforcement positions. Through the charity’s donations the training center is able to make tuition free for about 75% of the student body.

The education is more than just learning to use a word processor. The group has adopted a wide range of equipment and digital resources to make this an education you’d want for your own children. Think Chromebooks, Raspberry Pi, robotics, and fabrication. One really interesting aspect is the use of RACHEL, which is an effort to distribute free off-line educational content. This is a searchable repository of information that doesn’t require an Internet connection. Johnny told me that it doesn’t stop at the schoolroom door; they have the system on WiFi so that anyone in the village can connect and use the resources whether they’re students or not.

Shmoocon does something interesting with their T-shirt sales. They’re not actually selling shirts at all. They’re soliciting $15 donations. You donate, and you get a shirt and a chit — drop you chit in a box to decide where your $15 should go. This year, Hackers for Charity, the EFF, and World Bicycle Relief were the charities to choose from. If you want to help out this 501c3 organization, consider clicking the donate button you’ll find on the sidebar and footer of their webpage.

Custom Siri Automation with HomeKit and ESP8266

Knowing where to start when adding a device to your home automation is always a tough thing. Most likely, you are already working on the device end of things (whatever you’re trying to automate) so it would be nice if the user end is already figured out. This is one such case. [Aditya Tannu] is using Siri to control ESP8266 connected devices by leveraging the functionality of Apple’s HomeKit protocols.

HomeKit is a framework from Apple that uses Siri as the voice activation on the user end of the system. Just like Amazon’s voice-control automation, this is ripe for exploration. [Aditya] is building upon the HAP-NodeJS package which implements a HomeKit Accessory Server using anything that will run Node.

Once the server is up and running (in this case, on a raspberry Pi) each connected device simply needs to communicate via MQTT. The Arduino IDE is used to program an ESP8266, and there are plenty of MQTT sketches out there that may be used for this purpose. The most recent example build from [Aditya] is a retrofit for a fiber optic lamp. He added an ESP8266 board and replaced the stock LEDs with WS2812 modules. The current version, demonstrated below, has on/off and color control for the device.

Continue reading “Custom Siri Automation with HomeKit and ESP8266”

Shmoocon 2016: GPUs and FPGAs to Better Detect Malware

One of the big problems in detecting malware is that there are so many different forms of the same malicious code. This problem of polymorphism is what led Rick Wesson to develop icewater, a clustering technique that identifies malware.

Presented at Shmoocon 2016, the icewater project is a new way to process and filter the vast number of samples one finds on the Internet. Processing 300,000 new samples a day to determine if they have polymorphic malware in them is a daunting task. The approach used here is to create a fingerprint from each binary sample by using a space-filling curve. Polymorphism will change a lot of the bits in each sample, but as with human fingerprints, patterns are still present in this binary fingerprints that indicate the sample is a variation on a previously known object.
Continue reading “Shmoocon 2016: GPUs and FPGAs to Better Detect Malware”

Shmoocon 2016: Phishing for the Phishers

After years of ignoring the emails it’s finally time to get into a conversation with that Nigerian prince you keep hearing from. Robbie Gallagher — an Application Security Engineer with Atlassian in Austin, TX — wanted to find out where perpetrators of phishing emails actually live. Of course you can’t count on the headers of the emails they send you. A better way to track them down is to actually draw them into a conversations, and this means making yourself a juicy target.

Robbie gave an excellent talk on his project Honey-Phish at this year’s Shmoocon. Part of what made it stand out is his narrative on each step of exploring the social engineering technique. For instance, there is already a vibrant community that specializes in forming relationships with scammers. Those who frequent 419 Eater have literally made it into a sport called Scambaiting. The ultimate goal is to prove you’ve baited a scammer is to get the person to take a picture of themselves balancing something on their head. Now the image a the top of this post makes sense, right?

Writing personal emails to your scammer is a great system if you have a lot of time and only want to track down one scammer at a time. Robbie wants to catalog geographic locations for as many as possible and this means automation. Amusingly, the solution is to Phish for Phishers. By automating responses to phishing emails, and enticing the people originating those phishing scams to click on a link, you can ascertain their physical location.

Continue reading “Shmoocon 2016: Phishing for the Phishers”

Shmoocon 2016: Z-Wave Protocol Hacked with SDR

The first talk at 2016 Shmoocon was a great one. Joseph Hall and Ben Ramsey presented their work hacking Z-Wave, a network that has been gaining a huge market share in both consumer and industrial connected devices. EZ-Wave uses commodity Software Defined Radio to exploit Z-Wave networks. This is not limited to sniffing, but also used for control with the potential for mayhem.

Continue reading “Shmoocon 2016: Z-Wave Protocol Hacked with SDR”