Getting a Shell on any Android Device

USB

If you’re an Evil Customs Agent or other nefarious Three Letter Agency Person, you’re probably very interesting in getting data off people’s phones. Even if the screen is locked, there’s a way around this problem: just use the Android Debug Bridge (ADB), a handy way to get a shell on any Android device with just a USB cable. The ADB can be turned off, though, so what is the Stasi to do if they can’t access your phone over ADB? [Michael Ossmann] and [Kyle Osborn] have the answer that involves a little-known property of USB devices.

USB mini and micro plugs have five pins – power, ground, D+, D-, and an oft-overlooked ID pin. With a particular resistance between this ID pin and ground, the USB multiplexor inside your phone can allow anyone with the proper hardware to access the state of the charger, get an audio signal, mess around with the MP3s on your device, or even get a shell.

To test their theory, [Michael] and [Kyle] rigged up a simple USB plug to UART adapter (seen above) that included a specific value of resistor to enable a shell on their test phone. Amazingly, it worked and the thought of having a secure phone was never had again.

The guys went farther with some proprietary Samsung hardware that could, if they had the service manual, unlock any samsung phone made in the last 15 years. They’re working on building a device that will automagically get a shell on any phone and have built some rather interesting hardware. If you’re interested in helping them out with their project, they have a project site up with all the information to get up to speed on this very ingenious hack.

[Read more...]

20 Android Tablets form an Interactive Photo Collage

20tabletFrame

You might not have a small army of unused tablets lying around, but if you did, you should try turning them into what Minn calls a “Giant Interactive Photo Array Display:” A Giant IPAD. Har har.

[Minn's] first step was to hit eBay, hoping to find a score of low-priced, broken-yet-easily-repairable tablets. The only ones available (and for cheap), however, were resistive touch screens with narrow viewing angles. After waiting patiently for nearly half a year, [Minn] hit the capacitive touch jackpot: snagging a pile of 10″ and 7″ Android tablets. The frame is custom made to provide a solid surface for mounting and enough depth for the tablets to fit correctly. Rather than form his own brackets to hold each device, [Minn] re-purposed some IKEA cupboard handles, screwing them into the MDF backboard and clamping the tablets to them with bolts that press against the case. An adhesive rubber bumper stuck to the top of the bolts prevents any damage.

Providing power to the diverse collection required another custom solution; two 5V 10A supplies and one 9V 16A supply fit into an accompany box safely deliver the needed juice. [Minn] chose an app that will grab photos from cloud storage so he can update the collection without having to dig around inside the frame. See the result in a video below! Want to try this project but only have one tablet to spare? The in-wall tablet mount might help.

[Read more...]

Brute Forcing an Android Phone

phonecracking

[Brett's] girlfriend is very concerned about cell phone security — So much so that she used a PIN so secure, even she couldn’t remember it.

Beyond forgetting the PIN, the phone also had encryption enabled, the bootloader locked, and zero permissions for the Android Device Manager to change the PIN. Lucky for her, [Brett] had purchased an STM32F4Discovery Development Board a few months ago, and was itching for a suitable project for it.

Now unfortunately, Android allows you to pick a PIN of anywhere between 4 and 8 digits, which as you can guess, results in a massive number of possible permutations. She was pretty sure it was only 6 digits, and that she didn’t use a 1, 2, or 3… and she thought it started with a 4 or a 7… and she didn’t think any of the digits were repeated… This helped narrow it down a bit, from 1 million possibilities to about 5,000 — assuming all of the boundary conditions she remembers are in fact correct.

[Brett] started by writing a C library to generate permutations of the PIN, testing the board on his own phone to make sure it works with a known PIN, and boom, they were in business.

28,250 PIN attempts later, they decided they were not. Did we mention you can only enter 5 PINs in every 30 seconds?

[Read more...]

Use Your Smartphone as a Microscope for Less Than $10

FY4TBHSHMMFBB4V.LARGE[Yoshinok] recently posted an Instructable on doing a $10 smartphone-to-microscope conversion. The hack isn’t so much a conversion as just a handy jig, but it’s still interesting. The basic idea is to set up a platform for the slides, and to mount the smartphone directly above. The trick, and the reason this can be called a microscope, is that [Yoshinok] embeds the lens from a cheap laser pointer into the smartphone holder. He is able to get 40x optical magnification with the lens, and even though it sacrifices quality, he uses the built-in digital zoom to get up to 175x magnification.

By itself, you could use this with a light source to magnify 3D objects. [Yoshinok] demonstrates this with a dime. But since the slide holder is made of clear acrylic, he mounted a cheap LED flashlight in the base to serve as through-sample lighting. Using this setup, he was able to observe the process of plasmolysis.

If you have kids, this is certainly a project to do with them, but we can’t help but think it will be useful for non-parents alike. This sort of magnification is good enough for simple lab experiments, and given that most Hack-a-Day readers have these parts lying around, we figure the cost is closer to $0. If you give it a try, let us know your results in the comments!

[Read more...]

LED-Guided Piano Instruction

LEDpianoGuide

[Kay Choe] can’t play the piano. Rather, he couldn’t, until he converted his keyboard to include LED-guided instruction. [Kay] is a microbial engineering graduate student, and the last thing a grad student can afford is private music lessons. With $70 in components and a cell phone, however, he may have found a temporary alternative.

The build works like a slimmed-down, real-world Guitar Hero, lighting up each note in turn. We’ve seen a project like this before, with the LEDs mounted above the keys. [Kay]‘s design, however, is much easier to interpret. He embedded the LEDs directly into the keys, including ones above each black key to indicate the sharps/flats. An Android app takes a MIDI file of your choice and parses the data, sending the resulting bits into an IOIO board via USB OTG. A collection of shift registers then drives the LEDs.

For a complete novice, [Kay] seems to benefit from these lights. We are unsure whether the LEDs give any indication of which note to anticipate, however, as it seems he is pressing the keys after each one lights up. Take a look at his video demonstration below and help us speculate as to what the red lights signify. If you’re an electronics savant who wants to make music without practicing a day in your life, we recommend that you check out [Vladimir's] Robot Guitar.

[Read more...]

Passive Bluetooth keyless entry system

passiveBluetoothKeyless

Modern smart keys allow you to keep the key fob in your pocket or purse while you simply grab the handle and tug the door open. [Phil] decided he would rather ditch the fob altogether and instead implemented a passive Bluetooth keyless entry system with his Android phone. It’s probably unlikely for car manufacturers to embrace phone-based keys anytime soon, and [Phil] acknowledges that his prototype poses a landslide of challenges. What he’s built, however, looks rather enticing. If the car and phone are paired via Bluetooth, the doors unlock. Walk out of range and the car automatically locks when the connection drops.

His build uses an Arduino Mega with a BlueSMiRF Silver Bluetooth board that actively searches for his phone and initiates a connection if in range.  Doors are unlocked directly through a 2-channel relay module, and an LED indicator inside the vehicle tells the status of the system. A pulsing light indicates it’s searching for the phone, while a solid ring means that a connection is established.

We hope [Phil] will implement additional features so we can make our pockets a bit lighter. Watch a video demonstration of his prototype after the break, then check out the flood of car-related hacks we’ve featured around here recently: the OpenXC interface that adds a smart brake light, or the Motobrain, which gives you Bluetooth control over auxiliary electrical systems.

[Read more...]

ContactKey: A portable, battery-powered phonebook

contactKey

Although it’s still a prototype, [Russell] tipped us off to his battery-powered device for storing your contacts list: ContactKey. (Warning: Loud sound @ beginning). Sure, paper can back up your contact information, but paper isn’t nearly as cool to show off, nor can it receive updates directly from your Android. The ContactKey displays a contact’s information on an OLED screen, which you can pluck through by pressing a few buttons: either ‘Up,’ ‘Down,’ or ‘Reset’. Although the up/down button can advance one contact at a time, holding one down will fly through the list at lightning speed. A few seconds of inactivity causes a timeout and puts the ContactKey to sleep to conserve battery life.

This build uses an ATMega328 microcontroller and an external EEPROM to store the actual list. [Russell] wrote an Android app that will sync your contact list to the ContactKey over USB via an FTDI chip. The microcontroller uses I2C to talk to the EEPROM, while an OLED display interfaces to the ATMega through SPI. We’re looking forward to seeing how compact [Russell] can make the ContactKey once it’s off the breadboard; the battery life for most smartphones isn’t particularly stellar. Phones of the future will eventually live longer, but we bet it won’t be this one.

[Read more...]