Prefix Your Phone Alarm with a Desk Lamp

If you are like [Gbola], then you have a hard time waking up during the winter months. Something about the fact that it’s still dark outside just makes it that much more difficult to get out of bed. [Gbola] decided to build his own solution to this problem, by gradually waking himself up with an electric light. He was able to do this using all off-the-shelf components and a bit of playing around with the Tasker Android application.

[Gbola] started out with a standard desk lamp. He replaced the light bulb with a larger bulb that simulates the color temperature of natural daylight. He then switched the lamp on and plugged it into a WeMo power switch module. A WeMo is a commercial product that attempts to make home automation accessible for consumers. This particular module allows [Gbola] to control the power to his desk lamp using his smart phone.

[Gbola] mentions that the official WeMo Android application is slow and includes no integration with Tasker. He instead decided to use the third-party WeMoWay application, which does include Tasker support. Tasker is a separate Android application that allows you to configure your device to perform a set task or series of tasks based on a context. For example you might turn your phone to silent mode when your GPS signal shows you are at work. WeMoWay allows [Gbola] to interact with his WeMo device based on any parameter he configures.

On top of all of that, [Gbola] also had to install three Tasker plugins. These were AutoAlarm, Taskkill, and WiFi Connect. He then got to work with Tasker. He configured a custom task to identify when the next alarm was configured on the phone. It then sets two custom variables, one for 20 minutes before the alarm (turn on the lamp) and one for 10 minutes after (turn it off).

[Gbola] then built a second task to actually control the lamp. This task first disconnects and reconnects to the WiFi network. [Gbola] found that the WeMoWay application is buggy and this “WiFi reset” helps to make it more reliable. It then kills the WeMoWay app and restarts it. Finally, it executes the command to toggle the state of the lamp. The project page has detailed instructions in case anyone wants to duplicate this. It seems like a relatively painless way to build your own solution for less than the cost of a specialized alarm clock lamp.

Hacking the Nike+ Fuelband

[Simone] was trying to reverse-engineer the Bluetooth protocol of his Nike+ Fuelband and made some surprising discoveries. [Simone] found that the authentication system of the Fuelband can be easily bypassed and discovered that some low-level functions (such as arbitrarily reading and writing to memory) are completely exposed to the end user or anyone else who hacks past the authentication process.

[Simone] started with the official Nike app for the Fuelband. He converted the APK to a JAR and then used JD-Gui to read the Java source code of the app. After reading through the source, he discovered that the authentication method was completely ineffective. The authenticator requires the connecting device to know both a pin code and a nonce, but in reality the authentication algorithm just checks for a hard-coded token of 0xff 0xff 0xff 0xff 0xff 0xff rendering the whole authentication process ineffective.

After he authenticated with the Fuelband, [Simone] started trying various commands to see what he could control over the Bluetooth interface. He discovered that he could send the device into bootloader mode, configure the RTC, and even read/write the first 65k of memory over the Bluetooth interface–not something you typically want to expose, especially with a broken authentication mechanism. If you want to try the exploit yourself, [Simone] wrote an Android app which he posted up on GitHub.

CAMdrive is an Open Source Time-lapse Photography Controller

[Nightflyer] has been working on an open source project he calls CAMdrive. CAMdrive is designed to be a multi-axis controller for time-lapse photography. It currently only supports a single axis, but he’s looking for help in order to expand the functionality.

You may already be familiar with the idea of time-lapse photography. The principal is that your camera takes a photo automatically at a set interval. An example may be once per minute. This can be a good way to get see gradual changes over a long period of time. While this is interesting in itself, time-lapse videos can often be made more interesting by having the camera move slightly each time a photo is taken. CAMdrive aims to aid in this process by providing a framework for building systems that can pan, tilt, and slide all automatically.

The system is broken out into separate nodes. All nodes can communicate with each other via a communication bus. Power is also distributed to each node along the bus, making wiring easier. The entire network can be controlled via Bluetooth as long as any one of the nodes on the bus include a Bluetooth module. Each node also includes a motor controller and corresponding motor. This can either be a stepper motor or DC motor.

The system can be controlled using an Android app. [Nightflyer’s] main limitation at the moment is with the app. He doesn’t have much experience programming apps for Android and he’s looking for help to push the project forward. It seems like a promising project for those photography geeks out there. Continue reading “CAMdrive is an Open Source Time-lapse Photography Controller”

Tearing Apart an Android Password Manager

With all of the various web applications we use nowadays, it can be daunting to remember all of those passwords. Many people turn to password management software to help with this. Rather than remembering 20 passwords, you can store them all in a (presumably) secure database that’s protected by a single strong password. It’s a good idea in theory, but only if the software is actually secure. [Matteo] was recently poking around an Android password management software and made some disturbing discoveries.

The app claimed to be using DES encryption, but [Matteo] wanted to put this claim to the test. He first decompiled the app to get a look at the code. The developer used some kind of code obfuscation software but it really didn’t help very much. [Matteo] first located the password decryption routine.

He first noticed that the software was using DES in ECB mode, which has known issues and really shouldn’t be used for this type of thing. Second, the software simply uses an eight digit PIN as the encryption key. This only gives up to 100 million possible combinations. It may sound like a lot, but to a computer that’s nothing. The third problem was that if the PIN is less than eight characters, the same digits are always padded to the end to fill in the blanks. Since most people tend to use four digit pins, this can possibly lower the total number of combinations to just ten thousand.

As if that wasn’t bad enough, it actually gets worse. [Matteo] found a function that actually stores the PIN in a plain text file upon generation. When it comes time to decrypt a password, the application will check the PIN you enter with the one stored in the plain-text file. So really, you don’t have to crack the encryption at all. You can simply open the file and reveal the PIN.

[Matteo] doesn’t name the specific app he was testing, but he did say in the Reddit thread that the developer was supposedly pushing out a patch to fix these issues. Regardless, it goes to show that before choosing a password manager you should really do some research and make sure the developer can be trusted, lest your secrets fall into the wrongs hands.

[via Reddit]

Hackaday Links: January 11, 2015

Listening tests reveal significant sound quality differences between various digital music storage technologies. Finally the audiophile press is tackling the important questions. This listening test looks at the difference between two four-bay NAS boxes, with one making the piano on Scherzo and Trio from Penguin Café Orchestra’s Union Cafe sound more Steinway-like, while another NAS makes it sound more like a Bosendörfer. Yes, your choice of digital storage medium can change the timbre of a piano. Another gem: “Additionally, the two units also had different processor architectures, which might also affect perceived audible differences.” There must be a corollary to Poe’s Law when it comes to audiophiles…

[10p6] has begun a project that can play every old Atari cartridge. Right now it’s just a few bits of plastic that fits every non-Jaguar Atari cartridge, but it’s a start.

The Android IMSI-Catcher Detector. You’ve heard about Stingrays, devices used by law enforcement that are basically fake cell towers. These Stingrays downgrade or disable the encryption present in all cellphones, allowing anyone, with or without a warrant, to listen in on any cell phone conversation. Now there’s an effort to detect these Stingrays. It’s open source, and they’re looking for volunteers.

[Rob] sent in something that’s the perfect application of projection mapping. It’s called Face Hacking, and it’s pretty much just a motion capture systems, a few projectors, a whole lot of CG work, and just a tiny bit of dubstep. It look cool, but we’re wondering what the applications would be. Theatre or some sort of performance art is the best I can come up with.

A while ago, [4ndreas] saw a 3D printed industrial robot arm. He contacted the guy for the files, but nothing came of that. [4ndreas] did what anyone should do – made his own 3D printable industrial robot arm. The main motors are NEMA 17, and printing this will take a long time. Still, it looks really, really cool.

iBling is an LED Display Necklace

Are you tired of being ignored? Do you want a fashion accessory that says, “Pay attention to me!” If so, you should check out [Al’s] recent instructable. He’s built himself a necklace that includes a display made up of 512 individual LEDs.

This project was built from mostly off-the-shelf components, making it an easy beginner project. The LED display is actually a product that you can purchase for just $25. It includes 512 LEDs aligned in a 16 x 32 grid. The module is easily controlled with a Pixel maker’s kit. This board comes with built-in functionality to control one of these LED modules and can accept input from a variety of sources including Android or PC. The unit is powered from a 2000 mAH LiPo battery.

[Al] had to re-flash the firmware of the Pixel to set it to a low power mode. This mode allows him to get about seven hours of battery life with the 2000 mAH battery. Once the hardware was tested and confirmed to work correctly, [Al] had to pretty things up a bit. Some metallic gold spray paint and rhinestones transformed the project’s cyberpunk look into something you might see in a hip hop video, or at least maybe a Weird Al hip hop video.

The Pixel comes with several Android apps to control the display via Bluetooth. [Al] can choose one of several modes. The first mode allows for pushing animated gif’s to the display. Another will allow the user to specify text to scroll on the display. The user can even specify the text using voice recognition. The final mode allows the user to specify a twitter search string. The phone will push any new tweets matching the terms to the display as scrolling text.

When Responsible Disclosure Isn’t Enough

Moonpig is a well-known greeting card company in the UK. You can use their services to send personalized greeting cards to your friends and family. [Paul] decided to do some digging around and discovered a few security vulnerabilities between the Moonpig Android app and their API.

First of all, [Paul] noticed that the system was using basic authentication. This is not ideal, but the company was at least using SSL encryption to protect the customer credentials. After decoding the authentication header, [Paul] noticed something strange. The username and password being sent with each request were not his own credentials. His customer ID was there, but the actual credentials were wrong.

[Paul] created a new account and found that the credentials were the same. By modifying the customer ID in the HTTP request of his second account, he was able to trick the website into spitting out all of the saved address information of his first account. This meant that there was essentially no authentication at all. Any user could impersonate another user. Pulling address information may not sound like a big deal, but [Paul] claims that every API request was like this. This meant that you could go as far as placing orders under other customer accounts without their consent.

[Paul] used Moonpig’s API help files to locate more interesting methods. One that stood out to him was the GetCreditCardDetails method. [Paul] gave it a shot, and sure enough the system dumped out credit card details including the last four digits of the card, expiration date, and the name associated with the card. It may not be full card numbers but this is still obviously a pretty big problem that would be fixed immediately… right?

[Paul] disclosed the vulnerability responsibly to Moonpig in August 2013. Moonpig responded by saying the problem was due to legacy code and it would be fixed promptly. A year later, [Paul] followed up with Moonpig. He was told it should be resolved before Christmas. On January 5, 2015, the vulnerability was still not resolved. [Paul] decided that enough was enough, and he might as well just publish his findings online to help press the issue. It seems to have worked. Moonpig has since disabled its API and released a statement via Twitter claiming that, “all password and payment information is and has always been safe”. That’s great and all, but it would mean a bit more if the passwords actually mattered.