xkcd’s Virus Aquarium Made Real

A surprising number of projects here are in some way influenced by the webcomic xkcd, but usually not as directly as this. Comic 350, “Network” is the tale of a very odd stickman who keeps multiple VMs running an unprotected, old version of Windows. Between the VMs, they have virtually every virus and are, effectively, a computer virus aquarium.

Now it’s a real thing, and best of all, it’s open to the Internet for normal humans to view, complete with screencaps of all seven nodes updated every 30 seconds, the ability to view all processes on each node, and anyone on the Internet can upload any file to a node. All the files uploaded to the nodes are executed, so you get to see in real-time what the effects of “1TB_of_porn_this_took_a_while_to_upload.exe” are on node 3.

The idea of a virus aquarium is cool, but this actually gets much, much more interesting when the project metas itself. Every 24 hours, a virus scanner runs on each node. As of right now, all the nodes are clean making this not a virus aquarium, but a script kiddie aquarium. On at least one node, TeamViewer is running but your guess is as good as mine as to how anyone will get that working.

Continue reading “xkcd’s Virus Aquarium Made Real”

Hacking the D-Link DSP-W215 Smart Plug

DSP-W215

The D-Link DSP-W215 Smart Plug, a wireless home automation device for monitoring and controlling electrical outlets has just been hacked. Even though it isn’t readily available from Amazon or Best Buy yet, the firmware is already up on D-Link’s web site. The very well detailed write-up explains all the steps that led to this exploit creation.

First, the firmware was unpacked to examine the file system contents. It was found that the smart plug doesn’t have a normal web-based interface as users are expected to configure it using D-Link’s Android/iOS app. The apps however, appear to use the Home Network Administration Protocol (HNAP) to talk to the smart plug running a lighthttpd server. A look at the latter’s configuration file revealed the functions that could be called without any authentication. Another revealed that the firmware could accept an unlimited amount of POST request bytes which were copied in a fix length buffer without any performed checks. We’ll let our readers head to the original article to see where the author went from this point.

Sniffing Vending Machine Buses

Sniffing the Multidrop Bus

 

We’ve talked about a variety of protocols and how to deal with them in the past. Today, [Dan] is working on sniffing vending machine Multidrop Bus. The Multidrop Bus (MDB) protocol is a standard used in vending machines to connect devices such as currency collectors to the host controller.

To connect to the bus, interface hardware is required. [Dan] worked out compliant hardware and connected it to an Arduino. With the device on the bus, [Dan] got to work on an Arduino sketch to parse the MDB data into a human-readable format. With that working, the bus can easily be sniffed over the Arduino’s serial console.

This is just the start of a more involved project. Since this protocol is used to communicate with a vending machine’s currency collector or card reader, being able to communicate it would allow him to implement his own payment methods. The plan is to augment the vending machine he operates at Vancouver Hack Space to accept Bitcoin. We’re looking forward to seeing that project unfold.

riotNAS: Mobile Storage for Street Photography

riotnas1

You’re likely aware of the protests and demonstrations happening throughout Venezuela over the past few months, and as it has with similar public outcries in recent memory, technology can provide unique affordances to those out on the streets. [Alfredo] sent us this tip to let us know about riotNAS: a portable storage device for photos and videos taken by protesters (translated).

The premise is straightforward: social media is an ally for protesters on the ground in these situations, but phones and cameras are easily recognized and confiscated. riotNAS serves up portable backup storage via a router running OpenWRT and Samba. [Alfredo] then connected some USB memory for external storage and a battery that gives around 4 hours of operating time.

For now he’s put the equipment inside a soft, makeup-looking bag, which keeps it inconspicuous and doesn’t affect the signal.  Check out his website for future design plans—including stashing the device inside a hollowed out book—and some sample photos stored on the riotNAS system. If you’re curious what’s going on in Venezuela, hit up the Wikipedia page or visit some of the resources at the bottom of [Alfredo’s] site.

Building a Network Controllable RGB LED Lamp from an Old Scanner

EthernetLamp

Being able to use one of your old projects to make a new one better can be quite satisfying. [Steve] from Hackshed did just this: he integrated an Arduino based webserver into a new network controllable RGB lamp.

What makes this lamp unique is that the RGB LED bar comes from an old Epson scanner. Recycling leftover parts from old projects or derelict electronics is truly the hacker way. After determining the pinout and correct voltage to run the LEDs at, the fun began. With the LED bar working correctly, the next step was to integrate an Arduino based webserver. Using an SD card to host the website and an Ethernet Arduino shield, the LEDs become network controllable. Without missing a beat, [Steve] integrated a Javascript based color picker that supports multiple web browsers. This allows the interface to look quite professional. Be sure to watch the lamp in action after the break!

The overall result is an amazing color changing lamp that works perfectly. All that is left to do is create a case for it, or integrate it into an existing lamp. This is a great way to use an LED strip that would have otherwise gone to waste. If you can’t find a scanner with a color wand like this one, you can always start with an RGB strip.

Continue reading “Building a Network Controllable RGB LED Lamp from an Old Scanner”

Atmel Announces SmartConnect WiFi Modules

Atmel SmartConnect

This week we talked with Atmel about their new WiFi solutions targeting Internet of Things applications. Back in 2012, Atmel acquired Ozmo, a company focused on point-to-point WiFi solutions using WiFi Direct. These devices are known as SmartDirect, and have been available for some time.

Atmel has just announced a new product line: SmartConnect. This moves beyond the point-to-point nature of WiFi Direct, and enables connections to standard access points. The SmartConnect series is designed for embedding in low cost devices that need to connect to a network.

The first devices in the SmartConnect line will be modules based on two chips: an Atmel SAMD21 Cortex-M0+ microcontroller and an Ozmo 3000 WiFi System on Chip. There’s also an on-board antenna and RF shielding can. It’s a drop in WiFi module, which is certified by the FCC. You can hook up your microcontroller to this device over SPI, and have a fully certified design that supports WiFi.

There’s two ways to use the module. The first is as an add-on, which is similar to existing modules. A host microcontroller communicates with the module over SPI and utilizes its command set. The second method uses the module as a standalone device, with application code running on the internal SAMD21 microcontroller. Atmel has said that the standalone option will only be available on a case to case basis, but we’re hoping this opens up to everyone. If the Arduino toolchain could target this microcontroller, it could be a great development platform for cheap WiFi devices.

SmartConnect Architectures
The Add-On and Standalone Architectures

At first glance, this module looks very similar to other WiFi modules, including the CC3000 which we’ve discussed in the past. However there are some notable differences. One major feature is the built in support for TLS and HTTPS, which makes it easier to build devices with secure connections. This is critical when deploying devices that are connected over the internet.

Atmel is claiming improvements in power management as well. The module can run straight from a battery at 1.8 V to 3.3 V without external regulation, and has a deep sleep current of 5 nA. Obviously the operating power will be much higher, but this will greatly assist devices that sporadically connect to the internet. They also hinted at the pricing, saying the modules will come close to halving the current price of similar WiFi solutions. SmartConnect is targeting a launch date of June 15, so we hope to learn more this summer.

We’re always excited to see better connectivity solutions. If Atmel comes through with a device allowing for cheaper and more secure WiFi modules, it will be a great part for building Internet of Things devices. With a projected 50 billion IoT devices by 2020, we expect to see a lot of progress in this space from silicon companies trying to grab market share.

40-Node Raspi Cluster

Multi-node RasPi clusters seem to be a rite of passage these days for hackers working with distributed computing. [Dave’s] 40-node cluster is the latest of the super-Pi creations, and while it’s not the biggest we’ve featured here, it may be the sleekest.

The goal of this project—aside from the obvious desire to test distributed software—was to keep the entire package below the size of a full tower desktop. [Dave’s] design packs the Pi’s in groups of 4 across ten individual cards that easily slide out for access. Each is wired (through beautiful cable management, we must say) to one of the 2 24-port switches at the bottom of the case. The build uses an ATX power supply up top that feeds into individual power for the Pi’s and everything else, including his HD array—5 1TB HD’s, expandable to 12—a wireless router, and a hefty fan assembly.

Perhaps the greatest achievement is the custom acrylic case, which [Dave] lasered out at the Dallas Makerspace (we featured it here last month). Each panel slides off with the press of a button, and the front/back panels provide convenient access to the internal network via some jacks. If you’ve ever been remotely curious about a build like this one, you should cruise over to [Dave’s] page immediately: it’s one of the most meticulously well-documented projects we’ve seen in a long time. Videos after the break.

Continue reading “40-Node Raspi Cluster”