Hidden RFID reader locks workstation unless keys are present

hidden-rfid-workstation-lock

We don’t know how [Kristoffer Marshall] found himself with free time at work, but he used it to beef up his computer security. Above is the finished project. There is literally nothing to see here. He’s rigged up a hidden RFID reader which locks and unlocks his workstation.

The security of the system depends on xscreensaver, which has a password protected lock feature already built into it. When the tag is removed from the reader’s field it fires up the screensaver using a Perl script.

But waking up from the screensaver is a bit more tricky. The package doesn’t allow you to wake it from the command line — most likely for security. He found the xdotool to be of great use here. It is a command line tool which simulates keyboard and mouse entry. His script detects when the xscreensaver password prompt is on the screen and uses the xdotool to fill in [Kristoffer's] password. Since the script knows what has focus it won’t give away your password by accident.

See the complete setup in the clip after the break.

[Read more...]

Getting SPI on a router

router

Cheap routers such a s the TP-LINK 703n and the TP-LINK MR3020 (seen above) can be used for much more than just connecting your laptop to your cable modem. They’re actually very small Linux boxes and with OpenWRT, you can control every aspect of these tiny pocket-sized computers. It’s frequently been suggested that these routers are awesome substitutes for the usual methods of getting Internet on a microcontroller, but how do you actually do that? The onboard serial port is a great start, but this also dumps output from the Linux console. What you need here is an SPI connection, and [ramcoderdude] has just the solution for you.

Linux already has a few SPI modules, but these are only accessible with kernel drivers. Traditionally, the only way to access SPI is to recompile the kernel, but [coderdude] created a kernel module that allows any device running the Attitude Adjustment OpenWRT image to dynamically allocate SPI busses.

He’s already submitted this patch to the OpenWRT devs, and hopefully it will be included in future updates. Very cool, we think, and something that can open a whole lot of doors for hacking up routers very easily.

Hacking Transcend Wifi SD Cards

[Pablo] is a recent and proud owner of a Transcend WiFi SD Card. It allows him to transfer his pictures to any  WiFi-enabled device in a matter of seconds.

As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.

His clear and detailed write-up begins with explaining how a simple trick allowed him to browse through the card’s file system, which (as he guessed correctly) is running busybox. From there he was able to see if any of the poorly written Perl scripts had security holes… and got more than he bargained for.

He first thought he had found a way to make the embedded Linux launch user provided scripts and execute commands by making a special HTTP POST request… which failed due to a small technicality. His second attempt was a success: [Pablo] found that the user set password is directly entered in a Linux shell command. Therefore, the password “admin; echo haxx > /tmp/hi.txt #” could create a hi.txt text file.

From there things got easy. He just had to make the card download another busybox to use all the commands that were originally disabled in the card’s Linux. In the end he got the card to connect a bash to his computer so he could launch every command he wanted.

As it was not enough, [Pablo] even discovered an easy way to find the current password of the card. Talk about security…

Hacklet adds Linux control for the Modlet smart outlet

modlet-for-linux-hacklet

Linux users now have a simple option for controlling the Modlet smart outlet. Hacklet is a Ruby script that can switch and read status information from Modlet.

This is the first we remember hearing about Modlet. It’s another take on controlling your appliances remotely. Unlike WeMo, which puts control of one outlet on WiFi, the Modlet uses a USB dongle to control two outlets wirelessly. It has the additional benefit of reading how much current is being used by each plug. This does mean that you need a running computer with the USB dongle to control it. But cheap embedded systems like the Raspberry Pi make this less of an issue both in up-front cost, and the price to keep it running all the time.

[Matt Colyer's] demo video includes an unboxing of the $60 starter kit. The screen seen above shows his script pairing with the outlet. It goes on to demonstrate commands to switch it, and to pull the data from the device. He even provides an example of how to use IFTTT with the script.

[Read more...]

Android stick mutates into a home server

small-form-factor-home-server

Kiss that energy hungry PC you’ve been using as a home server goodbye. [Vince Loschiavo] shows us how he squeezed a remarkable amount of functionality out of an inexpensive Android stick which manages his home’s digital empire.

He started off just wanting some network attached storage. For this he grabbed an MK802 Android Stick which you can get for a song if you find the right deal. To bend it to his will he said goodbye to the Android OS, installing Ubuntu for ARM instead. The stick (which is missing its case in the image above) connects to a USB hub in host mode, but does actually draw all of its power from the hub itself. This made it possible to attach a USB to Ethernet adapter to boost the speed which would have been limited by the WiFi connection. There’s a 320 gig USB hard drive for the storage. With that much space on hand it makes sense to add streaming media service as well which is simple since it’s running Linux. The last part of his work actually turns it into an Asterisk server by way of Google Voice and a SIP phone. An impressive outcome at a bargain price to be sure!

RF wireless kernel module for Raspberry Pi, BeagleBone and others

rfm12b-kernel-module

If you’ve done any wireless work with hobby electronics you probably recognize this part. The green PCB is an RFM12B wireless board. They come in a few different operating bandwidths, the 433 MHz is probably the most common. They’re super easy to interface with a small microcontroller but what about an embedded Linux board? That is the focus of this project, which builds a kernel driver for the RF module.

You can get your own RFM12B for a few bucks. They’re quite versatile when paired, but a lot of inexpensive wireless consumer goods operate on this band so the board can be used to send commands to wireless outlets, light fixtures, etc. [Georg] has been working with the BeagleBone, BeagleBone Black, and Raspberry Pi. His software package lets you build a kernel module to add an entry for the device into the /dev directory of a Linux system. So far the three boards listed are all that’s supported, but if you have five I/O pins available it should be a snap to tailor this to other hardware.

Wondering what else you can do with the setup? This will get the receiving end of a text-messaging doorbell up and running in no time.

[Read more...]

Hacking a Medion WiFi streaming radio found at Aldi

hacking-medion-streaming-wifi

On a shopping trip at Aldi [Aaron Christophel] came across this Medion streaming device which connects to your home network via WiFi and works as an Internet radio. He couldn’t resist buying one, and managed to do quite a bit of hacking on the device (translated) once he got it home.

His first order of business was a hardware teardown. An inspection of the board showed what was obviously an unpopulated footprint for a USB mini jack. He added the component, thinking it would allow him to connect it to a computer, but that didn’t work. To investigate the issue further he connected to the device’s serial port using the hard-to-guess credentials root and password. It’s running a Linux kernel and the lsusb command revealed that the USB is enabled as host mode. This mean you can attach mass storage… sweet!

He also did some firmware hacking. Above is the confirmation screen for flashing his altered image file. This resulted in a custom splash screen when it boots up.