Yes, You Should be Hacking Your Car’s Data System

If you own a car, I would wager it’s the most complex device you own. Within you find locomotion, safety systems, and an entertainment system that may be using technology from several decades ago (but that’s a rant for a different article). Jalopy or Sweet Hotness, your ride has an underlying data network that is a ton of fun to hack, and something of a security dinosaur. Both were discussed by Craig Smith and Erik Evenchick during their talk on Car Hacking tools at Hope XI.

You should recognize both of these names. Eric Evenchick is a Hackaday contributor who has been traveling the world presenting talks and workshops on his open source car hacking hardware called CANtact. Craig Smith is founder of OpenGarages and author of the Car Hacker’s Handbook which we highly recommend. The pair made a great joint presentation; both were charismatic, using wit to navigate through the hardware, software, techniques, and goals you want to have in mind to jump into car hacking.

Continue reading “Yes, You Should be Hacking Your Car’s Data System”

Cory Doctorow Rails Against Technological Nihilism; Wants You to Have Hope

I was skeptical about a two hour block allotted for Cory Doctrow’s keynote address at HOPE XI. I’ve been to Operas that are shorter than that and it’s hard to imagine he could keep a huge audience engaged for that long. I was incredibly wrong — this was a barnburner of a talk. Here is where some would make a joke about breaking out the rainbows and puppies. But this isn’t a joke. I think Cory’s talk helped me understand why I’ve been feeling down about our not-so-bright digital future and unearthed a foundation upon which hope can grow.

Continue reading “Cory Doctorow Rails Against Technological Nihilism; Wants You to Have Hope”

Hands-on the AND!XOR Unofficial DEF CON Badge

DEF CON 24 is still about two weeks away but we managed to get our hands on a hardware badge early. This is not the official hardware — there’s no way they’d let us leak that early. Although it may be unofficial in the sense that it won’t get you into the con, I’m declaring the AND!XOR badge to be officially awesome. I’ll walk you through it. There’s also a video below.

Over the past several years, building your own electronic badge has become an impromptu event. People who met at DEF CON and have been returning year after year spend the time in between coming up with great ideas and building as many badges as they can leading up to the event. This is how I met the trio who built this badge — AND!XORAndrew Riley, and Jorge Lacoste — last year they invited me up to their room where they were assembling the last of the Crypto Badges. Go check out my guide to 2015 Unofficial DEF CON badges for more on that story (and a video of the AM transmissions that badge was capable of).

The outline is this year’s badge is of course Bender from Futurama. Both eyes are RGB LEDs, with another half dozen located at different points around his head. The microcontroller, an STM32F103 ARM Cortex-M0 Cortex-M3, sits in a diamond pattern between his eyes. Above the eyes you’ll find 16 Mbit of flash, a 128×64 OLED screen, and a reset button. The user inputs are five switches and the badge is powered by three AA batteries found on the flip side.

bender's-nose-closeup

That alone makes an interesting piece of hardware, but the RFM69W module makes all of the badges interactive. The spring coming off the top of Bender’s dome is a coil antenna for the 433 MHz communications. I only have the one badge on hand so I couldn’t delve too deeply what interactive tricks a large pool of badges will perform, but the menu hints at a structure in place for some very fun and interesting applications.

Continue reading “Hands-on the AND!XOR Unofficial DEF CON Badge”

BitCluster Brings a New Way to Snoop Through BitCoin Transactions

Mining the wealth of information in the BitCoin blockchain is nothing new, but BitCluster goes a long way to make sense of the information you’ll find there. The tool was released by Mathieu Lavoie and David Decary-Hetu, PH.D. on Friday following their talk at HOPE XI.

I greatly enjoyed sitting in on the talk which began with some BitCoin basics. The cryptocurrency uses user generated “wallets” which are essentially addresses that identify transactions. Each is established using key pairs and there are roughly 146 million of these wallets in existence now

If you’re a thrifty person you might think you can get one wallet and use it for years. That might be true of the sweaty alligator-skin nightmare you’ve had in your back pocket for a decade now. It’s not true when it comes to digital bits —  they’re cheap (some would say free). People who don’t generate a new wallet for every transaction weaken their BitCoin anonymity and this weakness is the core of BitCluster’s approach.

Every time you transfer BitCoin (BTC) you send the network the address of the transaction when you acquired the BTCs and sign it with your key to validate the data. If you reuse the same wallet address on subsequent transactions — maybe because you didn’t spend all of the wallet’s coins in one transaction or you overpaid and have the change routed back to your wallet. The uniqueness of that signed address can be tracked across those multiple transactions. This alone won’t dox you, but does allow a clever piece of software to build a database of nodes by associating transactions together.

Mathieu’s description of first attempts at mapping the blockchain were amusing. The demonstration showed a Python script called from the command line which started off analyzing a little more than a block a second but by the fourth or fifth blocks hit the process had slowed to a standstill that would never progress. This reminds me of some of the puzzles from Project Euler.

bitcluster-how-it-worksAfter a rabbit hole of optimizations the problem has been solved. All you need to recreate the work is a pair of machines (one for Python one for mondoDB) with the fastest processors you can afford, a 500 GB SSD, 32 GB of RAM (but would be 64 better), Python 64-bit, and at least a week of time. The good news is that you don’t have to recreate this. The 200GB database is available for download through a torrent and the code to navigate it is up on GitHub. Like I said, this type of blockchain sleuthing isn’t new but a powerful open source tool like this is.

Both Ransomware and illicit markets can be observed using this technique. Successful, yet not-so-cautious ransomers sometimes use the same BitCoin address for all payments. For example, research into a 2014 data sample turned up a ransomware instance that pulled in $611k (averaging $10k per day but actually pulling in most of the money during one three-week period). If you’re paying attention you know using the same wallet address is a bad move and this ransomware was eventually shut down.

Illicit markets like Silk Road are another application for BitCluster. Prior research methods relied on mining comments left by customers to estimate revenue. Imagine if you had to guess at how well Amazon was doing reading customer reviews and hoping they mentioned the price? The ability to observe BTC payment nodes is a much more powerful method.

A good illicit market won’t use just one wallet address. But to protect customers they use escrow address and these do get reused making cluster analysis possible. Silk Road was doing about $800k per month in revenue at its height. The bulk of purchases were for less than $500 with only a tiny percentage above $1000. But those large purchases were likely to be drug purchases of a kilo or more. That small sliver of total transactions actually added up to about a third of the total revenue.

bitcluster-logoIt’s fascinating to peer into transactions in this manner. And the good news is that there’s plenty of interesting stuff just waiting to be discovered. After all, the blockchain is a historical record so the data isn’t going anywhere. BitCluster is intriguing and worth playing with. Currently you can search for a BTC address and see total BTC in and out, then sift through income and expense sorted by date, amount, etc. But the tool can be truly great with more development. On the top of the wishlist are automated database updates, labeling of nodes (so you can search “Silk Road” instead of a numerical address), visual graphs of flows, and a hosted version of the query tool (but computing power becomes prohibitive.)

Hackers on Planet Earth — We’ll Be There!

This weekend, Hackaday will be rolling into New York for the Eleventh HOPE. This biyearly conference draws hackers from all around the globe. There’s a ton going on at HOPE: talks, hardware hacking, workshops, and pretty much everything else you might be interested in. But really, this gathering which was founded by 2600 in ’94, is where you go to meet and hang out with other hackers. And we want to hang out with you.

Pre-sale tickets are gone. But if you don’t have a ticket yet there are a limited number still available at the door. We’re happy that Hackaday is a sponsor of HOPE this year and for that we have a spot in the vendor’s area. We’re not selling anything — we’re actually reverse-vending. We want you to stop by and show us your hacks!

Hackaday Meetups at HOPE

Find us in the vendor area for two meetups: Saturday 2:30-5:00 (after Cory Doctorow’s keynote) and Sunday 11:00-1:00 2:30-5:00. We’ll be there with our cameras at the ready so don’t forget to bring your hacks. We’re always hungry to hear interesting stories which will end up on the front page for all to enjoy.

We have swag like Hackaday and Tindie stickers, and dev boards to give away from our Hackaday Prize sponsors Atmel and Microchip. During the two meetup times we’ll have munchies (Hackaday branded of course) and a limited supply of T-shirts. Come early and come often.

Brian Benchoff and Mike Szczys will be on hand covering the best the convention has to offer. Hit us up on those Twitter links if you want to get our attention. Sophi Kravitz, Aleksandar Bradic, and Shayna Gentiluomo will also be there, so stop by whenever and hang out with us. Our spot in the vendor area will be open the whole weekend.

We are always looking for awesome things to do in addition to what’s on the official agenda. The meetup on Saturday is the place to get the inside scoop on those plans. Whether you’re going to be at HOPE or not, we’d love to hear from you in the comments. Let us know about any talks we shouldn’t miss, any hackers we should track down and interview, and any of those extra curricular activities for a bunch of hackers in the middle of Manhattan on a hot July night.

Kansas City Maker Faire: Pi-Plates

As soon as he spied the Jolly Wrencher on my shirt, [Jerry Wasinger] beckoned me toward his booth at Kansas City Maker Faire. Honestly, though, I was already drawn in. [Jerry] had set up some interactive displays that demonstrate the virtues of his Pi-Plates—Raspberry Pi expansion boards that follow the HAT spec and are compatible with all flavors of Pi without following the HAT spec. Why not? Because it doesn’t allow for stacking the boards.

[Jerry] has developed three types of Pi-Plates to date. There’s a relay controller with seven slots, a data acquisition and controller combo board, and a motor controller that can handle two steppers or up to four DC motors. The main image shows the data acquisition board controlling a fan and some lights while it gathers distance sensor data and takes the temperature of the Faire.

The best part about these boards is that you can stack them and use up to eight of any one type. For the motor controller, that’s 16 steppers or 32 DC motors. But wait, there’s more: you can still stack up to eight each of the other two kinds of boards and put them in any order you want. That means you could run all those motors and simultaneously control several voltages or gather a lot of data points with a single Pi.

The Pi-Plates are available from [Jerry]’s site, both singly and in kits that include an acrylic base plate, a proto plate, and all the hardware and standoffs needed to stack everything together.

Denver Mini Maker Faire Roundup

I had a great time at Denver’s 3rd annual Mini Maker Faire, which was held inside the Denver Museum of Nature and Science. The official theme this year was “Building the Future” and looking back, I can tell you that they pulled the theme off well. There was a strong turnout in two categories that are crucial to building the future: the growth that comes from education at all ages and the physical places where learning becomes immersive.

The Really Fun Stuff

poison arrow[Casey] from Caustic Creations were showing off Poison Arrow just in time for season 2 of the BattleBots reboot. Poison Arrow is 250-lb. drum spinner that destroys things at 9,000 RPM. Here’s a nice introductory video shot by their sponsor, Arrow Electronics. [Casey] told me that Poison Arrow will be on the June 30th episode, so set your DVR.

Who knew that Colorado had so many maker- and hackerspaces? Colorado Makerhub, that’s who. They provide a portal to everything maker-related in Colorado, and they were in attendance along with most of the ‘spaces within a 50-mile radius of the city. Denver’s own Denhac brought a huge multiplayer rig that they had built for Comic Con last year. It runs Artemis, a spaceship bridge simulator game that divides up the tasks necessary for successful intergalactic travel. Here’s a video of Denhac member [Radio Shack] describing the game and giving a tour of one of the consoles. The group landed a space in one of the darker areas of the museum, which made the blinkenlights irresistible, especially to boys of a certain age range.

Continue reading “Denver Mini Maker Faire Roundup”