Bluetooth HID Gamepad And HC-05 Serial Hack

“Which came first, the chicken or the egg?” Don’t bother us with stupid questions, they both co-evolved into the forms that we now serve up in tasty sandwiches or omelets, respectively. “Which came first, the HC-05 serial-flash-hack, or the wireless Bluetooth Gamepad?” Our guess is that [mitxela] wanted to play around with the dirt-cheap Bluetooth modules, and that building the wireless controller was an afterthought. But for that, it’s a well-done afterthought! (Video below the break.)

It all starts with the HC-05 Bluetooth module, which is meant to transfer serial data, but which can be converted into a general-purpose device costing ten times as much with a simple Flash ROM replacement. The usual way around this requires bit-banging over a parallel port, but hackers have worked out a way to do the same thing in bit-bang mode using a normal USB/Serial adapter. The first part of [mitxela]’s post describes this odyssey.

Continue reading “Bluetooth HID Gamepad And HC-05 Serial Hack”

The Terrible Security Of Bluetooth Locks

Bluetooth devices are everywhere these days, and nothing compromises your opsec more than a bevy of smartphones, smart watches, fitbits, strange electronic conference badges, and other electronic ephemera we adorn ourselves with to make us better people, happier, and more productive members of society.

Bluetooth isn’t limited to wearables, either; deadbolts, garage door openers, and security systems are shipping with Bluetooth modules. Manufacturers of physical security paraphernalia are wont to add the Internet of Things label to their packaging, it seems. Although these devices should be designed with security in mind, most aren’t, making the state of Bluetooth smart locks one of the most inexplicable trends in recent memory.

At this year’s DEF CON, [Anthony Rose] have given a talk on compromising BTLE locks from a quarter-mile away. Actually, that ‘quarter mile’ qualifier is a bit of a misnomer – some of these Bluetooth locks are terrible locks, period. The Kwikset Kevo Doorlock – a $200 deadbolt – can be opened with a flathead screwdriver. Other Bluetooth ‘smart locks’ are made of plastic.

The tools [Anthony] used for these wireless lockpicking investigations included the Ubertooth One, a Bluetooth device for receive-only promiscuous sniffing, a cantenna, a Bluetooth USB dongle, and a Raspberry Pi. This entire setup can be powered by a single battery, making it very stealthy.

The attacks on these Bluetooth locks varied, from sniffing the password sent in plain text to the lock (!), replay attacks, to more advanced techniques such as decompiling the APK used to unlock these smart locks. When all else fails, brute forcing locks works surprisingly well, with quite a few models of smart lock using eight digit pins. Even locks with ‘patented security’ (read: custom crypto, bad) were terrible; this patented security was just an XOR with a hardcoded key.

What was the takeaway from this talk? Secure Bluetooth locks can be made. These locks use proper AES encryption, a truly random nonce, two factor authentication, no hard-coded keys, allow the use of long passwords, and cannot be opened with a screwdriver. These locks are rare. Twelve of the sixteen locks tested could be easily broken. The majority of Bluetooth smart locks are not built with security in mind, which, by the way, is the entire point of a lock.

[Anthony]’s work going forward will concentrate expanding his library of scripts to exploit these locks, and evaluate the Bluetooth locks on ATMs. Yes, ATMs also use Bluetooth locks. The mind reels.

Sniffing Bluetooth Devices With A Raspberry Pi

Hackaday was at HOPE last weekend, and that means we got the goods from what is possibly the best security conference on the east coast. Some of us, however, were trapped in the vendor area being accosted by people wearing an improbable amount of Mr. Robot merch asking, ‘so what is Hackaday?’. We’ve all seen The Merchants Of Cool, but that doesn’t mean everyone was a vapid expression of modern marketing. Some people even brought some of their projects to show off. [Jeff] of reelyActive stopped by the booth and showed off what his team has been working on. It’s a software platform that turns all your wireless mice, Fitbits, and phones into a smart sensor platform using off the shelf hardware and a connection to the Internet.

[Jeff]’s demo unit (shown above) is simply a Raspberry Pi 3 with WiFi and Bluetooth, and an SD card loaded up with reelyActive’s software. Connect the Pi to the Internet, and you have a smart space that listens for local Bluetooth devices and relays the identity and MAC address of all Bluetooth devices in range up to the Internet.

The ability to set up a hub and detect Bluetooth devices solves the problem Bluetooth beacons solves — identifying when people enter a space, leave a space, and with a little bit of logic where people are located in a space — simply by using what they’re already wearing. Judging from what [Jeff] showed with his portable reelyActive hub (a Pi and a battery pack) a lot of people at HOPE are wearing Fitbits, wireless headphones, and leaving the Bluetooth on the phone on all the time. That’s a great way to tell where people are, providing a bridge between the physical world and the digital.

DIY Smart Home Device Means No More Fumbling in the Dark

Smart home tech is on the rise, but cost or lack of specific functionality may give pause to prospective buyers. [Whiskey Tango Hotel] opted to design their own system using a Raspberry Pi and Bluetooth device connectivity. Combining two ubiquitous technologies provides a reliable proximity activation of handy functions upon one’s arrival home.

Electrical Wiring Diagram

The primary function is to turn on a strip of LEDs when [Whiskey Tango Hotel] gets home to avoid fumbling for the lights in the dark, and to turn them off after a set time. The Raspberry Pi and Bluetooth dongle detect when a specified discoverable Bluetooth device comes within range — in this case, an iPad — after some time away. This toggles the Pi’s GP10 outputs and connected switching relay while also logging the actions to the terminal and Google Drive via IFTTT.

Continue reading “DIY Smart Home Device Means No More Fumbling in the Dark”

Bluetooth and Arduino Vaporizer Upends Stoner Stereotypes

Back in the day, stoners were content to sit around, toke on a joint, mellow out, and listen to the Grateful Dead or something. Nowadays, they practically need a degree in electrical engineering just to get high. [Beiherhund] sent us his VapeBox build. Like so many projects on Hackaday, we’re not going to make one ourselves, but we appreciate a well-done project.

First off, there’s a home-built induction heater. A 30A current sensor and switch-mode power supply regulate the amount of juice going to the coil that surrounds the heating chamber. [Beiherhund] discovered that brass doesn’t have enough internal resistance to heat up in an induction heater, so he built a stainless steel insert into the chamber. Optimal temperature is monitored from outside the chamber by a MLX90614 IR thermometer.

Fans, controlled by PWM, keep the box cool. Lights, an LCD, an HC-05 Bluetooth unit, and everything else are all tied to the obligatory Arduino that serves as the brains. A cell-phone application lets [Beiherhund] control all the functions remotely. (We’re guessing, just because he could.) It’s wrapped up in a nice acrylic case. The video, embedded below, starts with real details at 4:28.

Before you loyal Hackaday commenteers get on your high horses (tee-hee!) bear in mind that smoking dope is legal in a number of states in the USA, and that Hackaday has an international readership. We don’t encourage drug abuse or soldering in shorts and flip-flops.

Robomintoner Badminton Bot To Defeat Amateur Humans

Watching robots doing sports is pretty impressive from a technical viewpoint, although we secretly smile when we compare these robots’ humble attempts to our own motoric skills. Now, a new robot named Robomintoner seeks to challenge human players, and it’s already darn good at badminton.

Continue reading “Robomintoner Badminton Bot To Defeat Amateur Humans”

Broadcasting Bluetooth Beacons With Bubbles

Bluetooth beacons have only been around for a few years, but the draw is incredible. With Bluetooth beacons, your phone is location aware, even with location services are turned off. They’re seen in fast food joints, big box retailers, and anywhere else there’s a dollar to be made. [Nemik] has been working on a home automation project, and came up with a use for Bluetooth beacons that might actually be useful. It’s a WiFi-based Bluetooth beacon notifier that scans the area for beacons and forwards them to an MQTT server.

[Nemik]’s ‘Presence Detector’ for Bluetooth advertisements is actually a surprisingly simple build, leveraging the unbelievably cheap wireless modules available to us today. The WiFi side of the equation is a NodeMCU v2 ESP8266 dev board that provides all the smarts for the device via Lua scripting. The Bluetooth side of the board is a PTR5518 module that has a nRF51822 tucked inside. With the right configuration, this small board will listen for BLE advertisements and forward them to an MQTT server where they can be seen by anyone on the network.

[Nemik] is selling these beacon to WiFi bridges, but in the spirit of Open Hardware, he’s also giving away the designs and firmware so you can make your own. If you ever have an abundance of Bluetooth beacons sitting around and want to make a beacons of Things thing, this is the build for it.