Sniffing Vending Machine Buses

Sniffing the Multidrop Bus

 

We’ve talked about a variety of protocols and how to deal with them in the past. Today, [Dan] is working on sniffing vending machine Multidrop Bus. The Multidrop Bus (MDB) protocol is a standard used in vending machines to connect devices such as currency collectors to the host controller.

To connect to the bus, interface hardware is required. [Dan] worked out compliant hardware and connected it to an Arduino. With the device on the bus, [Dan] got to work on an Arduino sketch to parse the MDB data into a human-readable format. With that working, the bus can easily be sniffed over the Arduino’s serial console.

This is just the start of a more involved project. Since this protocol is used to communicate with a vending machine’s currency collector or card reader, being able to communicate it would allow him to implement his own payment methods. The plan is to augment the vending machine he operates at Vancouver Hack Space to accept Bitcoin. We’re looking forward to seeing that project unfold.

Using Bitcoin To Detect Malware

vigil

Now that you can actually buy things with bitcoins, it’s become a playground for modern malware authors. [Eric] recently lost about 5 BTC because of some malware he installed and decided to do something about it. He came up with BitcoinVigil, a web service that constantly looks at bitcoin honeypots and alerts you when bitcoins are surreptitiously removed.

The idea behind BitcoinVigil is to set up a Bitcoin wallet with a small amount of coins in it – only about $10 USD worth. When modern, Bitcoin-seeking malware is run on a computer, it looks for this ‘moneypot’ and sends an email out notifying the owner of the coins to stolen money.

[Eric] was at a LAN party a few weeks ago and ‘borrowed’ a friend’s copy of Starcraft 1. Just a few seconds after installing it, he received an alert notifying him about a few stolen bitcoins. This time [Eric] only lost a few microBTC, but better than the thousands of USD he lost before.

Open Bitcoin ATM

openBitcoinAtm

If there’s one thing Bitcoins can benefit from, it’s easier accessibility for first-time users. The process can be a bit daunting if you’re new to cryptocurrency, but [mayosmith] is developing an open Bitcoin ATM to help get coins in the hands of the masses. There are already some Bitcoin dispensers out there. The Lamassu is around 5k a pop, and then there’s always the option of low-tech Condom Vending Machine conversions.

[mayosmith's] build is still in the proof-of-concept phase, but has some powerful functionality underway. The box is made from acrylic with a front plate of 12″x12″ aluminum sheet metal, held on by 2 aluminum angles and some bolts. Slots were carved out of the aluminum sheet for the thermal printer and for bill acceptor—the comments identify it as an Apex 7000. Inside is an Arduino with an SD Shield attached. Dollars inserted into the acceptor trigger the Arduino to spit out a previously-generated QR code for some coins via the thermal printer, though all values are pre-determined at the time of creation and stored sequentially on the SD card. Stick around for a quick video below, and check out the official page for more information: http://openbitcoinatm.org

[Read more...]

Manual Bitcoin Transactions

bitcoin

For something that’s used for such banal transactions like buying drugs and sending the Jamaican bobsled team to the Olympics, cryptocurrencies such as Bitcoin are actually very impressive pieces of software. It’s a very ingenious solution to the Two Generals Problem, and the fact it made a few Bitcoin early adopters very, very rich doesn’t hurt either. [Ken Shirriff] decided to take a look at the Bitcoin protocol by creating a Bitcoin address and transferring a small amount of bitcoin to that address, manually. It’s a great look at how the Bitcoin protocol actually works, and how ingenious this protocol actually is.

[Ken]‘s first task was to create a Bitcoin address. This is a 256-bit private key is the basis for the Bitcoin wallet private key (after being encoded as ASCII characters), and as the 512-bit public key (after being sent through an elliptic curve algorithm). The 512-bit public key is then hashed with SHA-256 and RIPEM 160 to generate the 160-bit public key hash and the Bitcoin address.

After creating a bitcoin address and wallet, [Ken] set out on manually creating a transaction. The idea was to buy a few cents (USD) from Coinbase and send them to his manually created address. This involved creating a transaction according to the Bitcoin spec and signing the transaction. Signing each Bitcoin transaction is the key to Bitcoin’s security, and is done with a small bit of code written in the Bitcoin scripting language.

With everything written in Python, [Ken] was ready to send his transaction off into the Bitcoin network. This was done by finding a few peers on the Bitcoin network and sending off a few packets. After a little bit of mining on the network, [Ken]‘s transaction went through, confirmed by a deposit into his Bitcoin wallet.

It’s an awesome writeup and impressive achievement to manually send a few Bitcoins from one wallet to another. More impressively, [Ken] provided some amazing insight into how the Bitcoin protocol works, and how much work went into its creation.

Aluminum Bitcoin Keychain

mVCyX2K

Here’s a cool way to bring a physical presence to your Bitcoins: a custom CNC milled QR code Bitcoin address!

[ch00f], one of our occasional writers here at Hack a Day, has just finished this slick aluminum Bitcoin QR code keychain. He started by creating a vanity Bitcoin address using a program called OCLVanitygen, consisting of his dad’s first initial and last name at the beginning, followed by a random string of numbers. It only took his Radeon HD6790 6 hours to solve, which amounted to approximately half a trillion guesses in order to find the address! 

He then took his shiny new Bitcoin address and created a QR code from it using an web-based generator. [ch00f] then increased the resolution of the image in Photoshop and imported it into a CNC program called CamBam. A converted CNC Taig mill got to work tracing out the code with a 0.049″ carbide end. The total milling time was just over 2 hours. A bit of black spray paint, some sanding, and a few layers of clear coat later and the keychain is done!

[via Reddit]

Will Dance For Bitcoin

Bitcoin Bot

It seems that Bitcoin is all over the news nowadays, but the Bitcoin Bot is probably the first robot that will dance for Bitcoins.

[Ryan] at HeatSync Labs in Mesa, AZ, is a fan of the cryptocurrency, and decided to build something to accept it. He discovered that Coinbase, a popular hosted Bitcoin wallet service, has a callback API. This causes Coinbase to fetch a specified URL any time a wallet receives a transaction, and provides information on the transaction in the request. A Python script handles these requests and updates a running count of the BTC balance sent to the robot’s wallet.

On the hardware side, an Arduino with an Ethernet Shield checks the balance. If it has changed, it calls the dance function and the luau girl dances.

The robot sits in the window of the hackerspace, so anyone passing by can read about Bitcoin and make a donation. The source code is on Github, and a video follows after the break.

[Read more...]

Stealing $100 Million in Bitcoins

bitcoin

In early October of this year, online Bitcoin marketplace and ‘the eBay of drugs’ The Silk Road was taken down by the FBI. Just after the black vans took Silk Road head honcho [Dread Pirate Robberts] away, a new Bitcoin marketplace came onto the scene called Sheep Marketplace. Sheep Marketplace closed after revealing that 5400 bitcoins – or $5.8 million USD were stolen by the user EBOOK101 by exploiting a bug in the Sheep site.

Over this last weekend, it was revealed this bug in the Sheep Marketplace site wasn’t responsible for the loss of 5,400 coins, but instead 96,000 BTC, or $100 million USD, making this one of the largest thefts of all time.

Whoever was responsible for this theft didn’t make a clean getaway. Because the Bitcoin block chain records the history of every transaction, laundering bitcoins is harder than it seems. The most common method is to ‘tumble’ the bitcoins – sending them through multiple wallets, combining and recombining them, until tracking groups of bitcoins just becomes too hard.

[sheeproadreloaded2] over on Reddit managed to track these bitcoins to this bitcoin address, an amazing feat that also means there are 96,000 coins in a wallet somewhere that can’t be spent or cashed out without the thief telling the world who he is.

As far as crimes of the century go, this one is at least in the top ten. Unless the thief behind this heist is extraordinarily smart, though, his identity will most likely be found out eventually.