OK Google, Open Sesame

There are a myriad of modern ways to lock and unlock doors. Keypads, Fingerprint scanners, smart card readers, to name just a few. Quite often, adding any of these methods to an old door may require replacing the existing locking mechanism. Donning his Bollé sunglasses allowed [Dheera] to come up with a slightly novel idea to unlock doors without having to change his door latch. Using simple, off the shelf hardware, a Smartwatch, some code crunching and a Google Now app, he was able to yell “OK Google, Open Sesame” at his Android Wear smartwatch to get his apartment  door to open up.

The hardware, in his own words, is trivial. An Arduino, an HC-05 bluetooth module and a servo. The servo is attached to his door latch using simple hardware that looks sourced from the closest hardware store. The code is split in to two parts. The HC-05 listens for a trigger signal, and informs the Arduino over serial. The Arduino in turn activates the servo to open the door. The other part is the Google Now app. Do note that the code, as he clearly points out, is “barebones”. If you really want to implement this technique, it would be wise to add in authentication to prevent all and sundry from opening up your apartment door and stealing your precious funky Sunglasses. Watch a video of how he put it all together after the break. And if you’re interested, here are a few other door lock hacks we’ve featured in the past.

Continue reading “OK Google, Open Sesame”

Automatic Garage Door Opener Works for Your Cat

Using an Arduino or Raspberry Pi to perform a task in the real world is certainly a project we’ve seen here before, and certainly most of these projects help to make up the nebulous “Internet of Things” that’s all the rage these days. Once in a while though, a project comes along that really catches our eye, as is the case with [Jamie’s] meticulously documented automatic garage door opener.

This garage door opener uses an ATMega328 to connect the internet to the garage door. A reed switch is installed which lets the device sense the position of the door, which is relayed back to the internet. [Jamie] wrote an Android app that can open and close the door and give the user the information on the door’s status. One really interesting feature is the ability to “crack” the garage door. This is done by triggering the garage door opener twice with a delay in between. From the video after the break we’d say this is how [Jamie’s] cat gets in and out.

We love seeing projects that are extremely well documented so that anyone who wants to make one can easily figure out how. Internet-connected garage door openers have been featured in other unique ways before too, but we’ve also seen ways to automatically open blinds or chicken coops!

An Adventure into Android Makes the VIC-20 Speak

History and [Bil Herd] teaches us that Commodore begged, borrowed, or stole the engineers responsible for the Speak & Spell to add voice synthesis to a few of the computers that came after the C64. This didn’t quite work out in practice, but speech synthesis was something that was part of the Commodore scene for a long time. The Votrax Type ‘n Talk was a stand-alone speech synthesizer that plugged into the expansion port of the VIC-20. It was expensive, rare, but a few games supported it. [Jan] realized the state of speech synthesis has improved tremendously over the last 30 years, and decided to give his VIC a voice with the help of a cheap Android phone.

A few VIC-20 games, including [Scott Adams] adventure games, worked with the Votrax speech synthesizer by sending phonemes as text over the expansion port. From there, the Votrax would take care of assembling everything into something intelligible, requiring no overhead on the VIC-20. [Jan] realized since the VIC is just spitting out characters for each phoneme, he could redirect those words to a better, more modern voice synthesizer.

A small Bluetooth module was wired up to the user port on the VIC, and this module was paired with a cheap Android smartphone. The smartphone receives the serial stream from an adventure game, and speaks the descriptions of all the scenes in these classic adventure games.

It’s a unique experience judging from the video, but the same hardware and software can also be added to any program that will run on the VIC-20, C64, and C128. Video below.

Continue reading “An Adventure into Android Makes the VIC-20 Speak”

Prefix Your Phone Alarm with a Desk Lamp

If you are like [Gbola], then you have a hard time waking up during the winter months. Something about the fact that it’s still dark outside just makes it that much more difficult to get out of bed. [Gbola] decided to build his own solution to this problem, by gradually waking himself up with an electric light. He was able to do this using all off-the-shelf components and a bit of playing around with the Tasker Android application.

[Gbola] started out with a standard desk lamp. He replaced the light bulb with a larger bulb that simulates the color temperature of natural daylight. He then switched the lamp on and plugged it into a WeMo power switch module. A WeMo is a commercial product that attempts to make home automation accessible for consumers. This particular module allows [Gbola] to control the power to his desk lamp using his smart phone.

[Gbola] mentions that the official WeMo Android application is slow and includes no integration with Tasker. He instead decided to use the third-party WeMoWay application, which does include Tasker support. Tasker is a separate Android application that allows you to configure your device to perform a set task or series of tasks based on a context. For example you might turn your phone to silent mode when your GPS signal shows you are at work. WeMoWay allows [Gbola] to interact with his WeMo device based on any parameter he configures.

On top of all of that, [Gbola] also had to install three Tasker plugins. These were AutoAlarm, Taskkill, and WiFi Connect. He then got to work with Tasker. He configured a custom task to identify when the next alarm was configured on the phone. It then sets two custom variables, one for 20 minutes before the alarm (turn on the lamp) and one for 10 minutes after (turn it off).

[Gbola] then built a second task to actually control the lamp. This task first disconnects and reconnects to the WiFi network. [Gbola] found that the WeMoWay application is buggy and this “WiFi reset” helps to make it more reliable. It then kills the WeMoWay app and restarts it. Finally, it executes the command to toggle the state of the lamp. The project page has detailed instructions in case anyone wants to duplicate this. It seems like a relatively painless way to build your own solution for less than the cost of a specialized alarm clock lamp.

Hacking the Nike+ Fuelband

[Simone] was trying to reverse-engineer the Bluetooth protocol of his Nike+ Fuelband and made some surprising discoveries. [Simone] found that the authentication system of the Fuelband can be easily bypassed and discovered that some low-level functions (such as arbitrarily reading and writing to memory) are completely exposed to the end user or anyone else who hacks past the authentication process.

[Simone] started with the official Nike app for the Fuelband. He converted the APK to a JAR and then used JD-Gui to read the Java source code of the app. After reading through the source, he discovered that the authentication method was completely ineffective. The authenticator requires the connecting device to know both a pin code and a nonce, but in reality the authentication algorithm just checks for a hard-coded token of 0xff 0xff 0xff 0xff 0xff 0xff rendering the whole authentication process ineffective.

After he authenticated with the Fuelband, [Simone] started trying various commands to see what he could control over the Bluetooth interface. He discovered that he could send the device into bootloader mode, configure the RTC, and even read/write the first 65k of memory over the Bluetooth interface–not something you typically want to expose, especially with a broken authentication mechanism. If you want to try the exploit yourself, [Simone] wrote an Android app which he posted up on GitHub.

CAMdrive is an Open Source Time-lapse Photography Controller

[Nightflyer] has been working on an open source project he calls CAMdrive. CAMdrive is designed to be a multi-axis controller for time-lapse photography. It currently only supports a single axis, but he’s looking for help in order to expand the functionality.

You may already be familiar with the idea of time-lapse photography. The principal is that your camera takes a photo automatically at a set interval. An example may be once per minute. This can be a good way to get see gradual changes over a long period of time. While this is interesting in itself, time-lapse videos can often be made more interesting by having the camera move slightly each time a photo is taken. CAMdrive aims to aid in this process by providing a framework for building systems that can pan, tilt, and slide all automatically.

The system is broken out into separate nodes. All nodes can communicate with each other via a communication bus. Power is also distributed to each node along the bus, making wiring easier. The entire network can be controlled via Bluetooth as long as any one of the nodes on the bus include a Bluetooth module. Each node also includes a motor controller and corresponding motor. This can either be a stepper motor or DC motor.

The system can be controlled using an Android app. [Nightflyer’s] main limitation at the moment is with the app. He doesn’t have much experience programming apps for Android and he’s looking for help to push the project forward. It seems like a promising project for those photography geeks out there. Continue reading “CAMdrive is an Open Source Time-lapse Photography Controller”

Tearing Apart an Android Password Manager

With all of the various web applications we use nowadays, it can be daunting to remember all of those passwords. Many people turn to password management software to help with this. Rather than remembering 20 passwords, you can store them all in a (presumably) secure database that’s protected by a single strong password. It’s a good idea in theory, but only if the software is actually secure. [Matteo] was recently poking around an Android password management software and made some disturbing discoveries.

The app claimed to be using DES encryption, but [Matteo] wanted to put this claim to the test. He first decompiled the app to get a look at the code. The developer used some kind of code obfuscation software but it really didn’t help very much. [Matteo] first located the password decryption routine.

He first noticed that the software was using DES in ECB mode, which has known issues and really shouldn’t be used for this type of thing. Second, the software simply uses an eight digit PIN as the encryption key. This only gives up to 100 million possible combinations. It may sound like a lot, but to a computer that’s nothing. The third problem was that if the PIN is less than eight characters, the same digits are always padded to the end to fill in the blanks. Since most people tend to use four digit pins, this can possibly lower the total number of combinations to just ten thousand.

As if that wasn’t bad enough, it actually gets worse. [Matteo] found a function that actually stores the PIN in a plain text file upon generation. When it comes time to decrypt a password, the application will check the PIN you enter with the one stored in the plain-text file. So really, you don’t have to crack the encryption at all. You can simply open the file and reveal the PIN.

[Matteo] doesn’t name the specific app he was testing, but he did say in the Reddit thread that the developer was supposedly pushing out a patch to fix these issues. Regardless, it goes to show that before choosing a password manager you should really do some research and make sure the developer can be trusted, lest your secrets fall into the wrongs hands.

[via Reddit]