Shmoocon 2016: Z-Wave Protocol Hacked with SDR

The first talk at 2016 Shmoocon was a great one. Joseph Hall and Ben Ramsey presented their work hacking Z-Wave, a network that has been gaining a huge market share in both consumer and industrial connected devices. EZ-Wave uses commodity Software Defined Radio to exploit Z-Wave networks. This is not limited to sniffing, but also used for control with the potential for mayhem.

Continue reading “Shmoocon 2016: Z-Wave Protocol Hacked with SDR”

Hacker Welcomes Grandaughter with Web Enabled Frame

We all have different ways of expressing excitement about new family members. [viscomjim] expressed his joy at the arrival of his first grandchild by building a twitter-enabled mirror/mood light. While we’d like to rage that this Internet of Things “thing” that people are doing has gone too far, this isn’t the first time we’ve seen this happen.

For the brains of his device [viscomjim] used an ESP8266 module. [Viscomjim] etched his grandchild’s name into the mirror and put some Neopixels behind it. When one of his family members tweets to the light’s channel they can change the color of the light to interact with their newest family member. We’re not so certain the Internet won’t find this and turn it into baby’s first 24 hour rave.

If you’d like to get in on the ESP8266 action, you’ll find the Huzzah board a good start, and we’ve got a special Hackaday edition in the store. Just sayin’.

A Shareable Wireless Biometric Flash Drive

Wireless storage and biometric authentication are both solved problems. But as [Nathan] and [Zhi] have noticed, there is no single storage solution that incorporates both. For their final project in [Bruce Land]’s ECE 4760, they sought to combine the two ideas under a tight budget while adding as many extras as they could afford, like an OLED and induction coil charging.

final_product_600Their solution can be used by up to 20 different people who each get a slice of an SD card in the storage unit There are two physical pieces, a base station and the wireless storage unit itself. The base station connects to the host PC over USB and contains an Arduino for serial pass-through and an nRF24L01+ module for communicating with the storage side. The storage drive’s components are crammed inside a clear plastic box. This not only looks cool, it negates the need for cutting out ports to mount the fingerprint sensor and the OLED. The sensor reads the user’s credentials through the box, and the authentication status is displayed on an OLED. Files are transferred to and from the SD card over a second nRF24L01+ through the requisite PIC32.

Fingerprint authorization gives the unit some physical security, but [Nathan] and [Zhi] would like to add an encryption scheme. Due to budget limitations and time constraints, the data transfer isn’t very fast (840 bytes/sec), but this isn’t really the nRF modules’ fault—most of the transmission protocol was implemented in software and they simply ran out of debugging time. There is also no filesystem architecture. In spite of these drawbacks, [Nathan] and [Zhi] created a working proof of concept for wireless biometric storage that they are happy with. Take a tour after the break.
Continue reading “A Shareable Wireless Biometric Flash Drive”

Inject Packets with an ESP8266

[Kripthor] sent us a link to his blog where he writes the Hello World of low-level networking. Basically he’s constructing his own packet and sending it. By itself this isn’t a bad thing. You could use this power for all sorts of networks-diagnostic good. And so, despite the ominous name of his blog post “ESP8266 Jamming”, he’s not really doing anything that bad — he’s just creating many fake WiFi beacon frames and sending them out every so often.

Which can apparently do bad things to some vulnerable routers. Who knew? Want to test yours?

Naturally we wanted to see how he was doing it, and we opened up the Arduino code in GitHub. It turns out that Espressif has written a wifi_send_pkt_freedom() function that just sends out whatever packet you’d like to the network. That was easy.

It also turns out that the ESP8266 will enter monitor mode, where it listens to all WiFi traffic regardless of the MAC address that it’s directed toward. [Pulkin] seems to have done the work for us and posted the code in his GitHub. Now things get nasty. Combining promiscuous monitor mode with some carefully constructed management frames can end up with a classic WiFi deauth denial-of-service attack on a $2 piece of hardware.

We think it’s tremendously cool that the ESP8266 packs such power, and we beg you all to use it responsibly. The last thing we want to see is the world littered with WiFi-DOS throwies. And the last thing you’d want is a visit from the FCC.

Wink Hub Connects to SmartThings

As home automation grows more and more popular by the day, the free market is taking notice and working to supply the demand. The Wink Hub is a part of this current trend. It’s a device that allows many of your wireless devices to talk to one another. Things like lights, thermostats, door locks, garage doors…and many other devices can all connect to the hub. Typically, you use a program on your phone or tablet to control these devices. But because this is a closed source gadget, it can’t connect to everything, until now. A hacker was not only able to root the device, but he also gained the ability to connect to devices it was never designed to connect to.

[Michael] was able to get root and take control of some of the devices used with one of Wink’s main competitors – SmartThings. The process is not for the faint of heart and requires at least a yellow belt in Linux-Fu. [Michael] points out that you should use a Wink Hub that you don’t care about as the possibility of bricking it is there if something goes wrong.

We’ve seen a few instances of rooting the Wink and are happy to see these hacks maturing. It’s a shame the thing is locked down since the multiple radios make the hardware capable of being a great cross-platform hub. For legacy and better user experience, cross-platform operation is paramount. The industry isn’t moving in that direction… Phillips recently removed support for devices outside the Hue family. But the community wants this functionality and their push back led to a hasty reversal of Phillips’ changes. Hackers like [Michael] are showing what your home could be like if connected devices were free to interact with one another.

Drive a Sony Camera with an ESP8266

Nearly everything has WiFi these days. [glaskugelsehen]’s Sony camera uses the wireless network to transfer photos to the computer, naturally, and it also has a remote-control application that’ll run on Android smartphones. [glaskugelsehen] doesn’t have an Android — but he does have shows us an ESP8266 that he turned into a WiFi-powered remote for the camera (Google translate into English).

Sony actually made [glaskugelsehen]’s work easy here. They have a publicly available API for the camera’s controls, and it’s all run by JSON sent over HTML HTTP POST. Which is to say, that it’s a piece of cake to script as long as you can send HTMLHTTP directives.

[glaskugelsehen]’s code, written in the Arduino environment for the ESP, first finds the camera’s WiFi network and authenticates to it. Then it sets the camera into remote-control mode, and takes over from there. So far, he’s only implemented taking still photos, but from the API it looks like you can also stop and start video recordings and more.

And yeah. We just wrote up another project doing virtually the same thing with a GoPro. [glaskugelsehen] read that too, and mentions it in his blog. We love it when people take inspiration from each other!

Internet of Things in Five Minutes

If you’re looking for the quickest way to go from zero to voice-controlled home automation system, you should spend five minutes checking out [Hari Wiguna]’s project on where he connects up IoT gadgets and services into a functioning lightswitch. (Video below the break.)

6166971452133983621[Hari] demonstrates how to set up a complex chain: Amazon Echo to IFTTT to as a data broker, which is then polled by an ESP8266 unit in his home that controls his X10 setup. (Pshwew.) But each step along the way is designed to be nearly plug-and-play, so it’s really a lot like clicking Lego blocks together. [Hari]’s video is a nice overview.

There’s only one catch if you’re going to replicate this yourself: the X10 system that’s used for the last mile. Unless you have one of these setups already, you’re on your own for controlling the outlets that turn the lights on and off. For price and hackability, we suggest the common 433MHz wireless outlet switches and pairing them with cheap 433MHz transmitters, available at eBay for around $1. We’ve seen a lot of hacks of these systems — they’re quite common both in the US and Europe.

We’ve also covered [Hari]’s projects before: both his self-learning TV remote and a sweet Halloween hack. His video production skills are excellent. We’re in awe of how much info he crams into his YouTube videos.