Hacking a Dollar Store Bluetooth Device

Hardware hackers are always looking for devices to tear apart and scavenge from. It’s hardly a secret that purchasing components individually is significantly more expensive than the minuscule cost per unit that goes along with mass manufacturing. Bluetooth devices are no exception. Sure, they’re not exactly a luxury purchase anymore, but they’re still not dirt cheap either.

Luckily for [Troy Denton], it seems dollar stores have started carrying a Bluetooth camera shutter for just a few dollars (it was three bucks, perhaps the dollar store actually means divisible-by). The device is designed to pair with a smart phone, and has two buttons allowing you to control the camera from afar. The fact that it works at all at that price is a small miracle, but the device also has potential for hacking that adds to its appeal. Continue reading “Hacking a Dollar Store Bluetooth Device”

Hand Waving Unlocks Door

Who doesn’t like the user interface in the movie Minority Report where [Tom Cruise] manipulates a giant computer screen by just waving his hands in front of it? [AdhamN] wanted to unlock his door with hand gestures. While it isn’t as seamless as [Tom’s] Hollywood interface, it manages to do the job. You just have to hold on to your smartphone while you gesture.

The project uses an Arduino and a servo motor to move a bolt back and forth. The gesture part requires a 1sheeld board. This is a board that interfaces to a phone and allows you to use its capabilities (in this case, the accelerometer) from your Arduino program.

The rest should be obvious. The 1sheeld reads the accelerometer data and when it sees the right gesture, it operates the servo. It would be interesting to do this with a smart watch, which would perhaps look a little less obvious.

We covered the 1sheeld board awhile back. Of course, you could also use NFC or some other sensor technology to trigger the mechanism. You can find a video that describes the 1sheeld below.

Continue reading “Hand Waving Unlocks Door”

Convert Any USB Keyboard to Bluetooth

[DastardlyLabs] saw a video about converting a PS/2 keyboard to Bluetooth and realized he didn’t have any PS/2 keyboards anymore. So he pulled the same trick with a USB keyboard. Along the way, he made three videos explaining how it all works.

The project uses a stock DuinoFun USB mini host shield with a modification to allow it to work on 5V. An Arduino mini pro provides the brains. A FT-232 USB to serial board is used to program the Arduino. A standard Bluetooth module has to have HID firmware installed. [Dastardly] makes a homemade daughterboard–er, shield–to connect it to the Arduino.

The result is a nice little sandwich with a USB plug, a Bluetooth antenna, and some pins for reprogramming if necessary. Resist the urge to solder the Bluetooth board in–since it talks on the same port as the Arduino uses for programming, you’ll have to remove it before uploading new code.

If you need help reprogramming the HC-05 Bluetooth module, we’ve covered that before. This project drew inspiration from [Evan’s] similar project for PS/2 keyboards.

Continue reading “Convert Any USB Keyboard to Bluetooth”

Retrofitted Retro Radio

In a world full of products that are only used for a brief time and then discarded, it gives a lot of us solace to know that there was a time when furniture was made out of solid wood and not particle board, or when coffee makers were made out of metal and not plastic. It’s hard to say exactly what precipitated the change to our one-time-use culture, but in the meantime there are projects that serve to re-purpose those old, durable products from another time so that they can stay relevant in today’s ever-changing world. [Jose]’s new old radio is a great example of this style of hack.

[Jose] had a 1970s-era single-speaker radio that he found in a thrift store. The first thought that he had to get the aesthetically pleasing radio working again was to install a Bluetooth receiver into the radio’s amplifier. This proved to be too time-consuming of a task, and [Jose] decided to drive the Bluetooth module off of the power circuit for the light bulb. He built a 6V AC to 4.2V DC circuit, swapped over the speaker cable, and started listening to his tunes. The modifications he made aren’t destructive, either. If he wants, he will be able to reconnect the original (and still functional) circuitry back to the speaker and pretend he’s back in 1970.

While this isn’t the most intricate hack we’ve ever featured, it’s always refreshing to see someone get use out of an old piece of technology rather than send it off to the landfill with all of our Pentium IIs or last year’s IKEA shelves that have already fallen apart. And even if the 70s aren’t your era of choice, perhaps something newer will inspire you to bust a move.

Bluetooth HID Gamepad And HC-05 Serial Hack

“Which came first, the chicken or the egg?” Don’t bother us with stupid questions, they both co-evolved into the forms that we now serve up in tasty sandwiches or omelets, respectively. “Which came first, the HC-05 serial-flash-hack, or the wireless Bluetooth Gamepad?” Our guess is that [mitxela] wanted to play around with the dirt-cheap Bluetooth modules, and that building the wireless controller was an afterthought. But for that, it’s a well-done afterthought! (Video below the break.)

It all starts with the HC-05 Bluetooth module, which is meant to transfer serial data, but which can be converted into a general-purpose device costing ten times as much with a simple Flash ROM replacement. The usual way around this requires bit-banging over a parallel port, but hackers have worked out a way to do the same thing in bit-bang mode using a normal USB/Serial adapter. The first part of [mitxela]’s post describes this odyssey.

Continue reading “Bluetooth HID Gamepad And HC-05 Serial Hack”

The Terrible Security Of Bluetooth Locks

Bluetooth devices are everywhere these days, and nothing compromises your opsec more than a bevy of smartphones, smart watches, fitbits, strange electronic conference badges, and other electronic ephemera we adorn ourselves with to make us better people, happier, and more productive members of society.

Bluetooth isn’t limited to wearables, either; deadbolts, garage door openers, and security systems are shipping with Bluetooth modules. Manufacturers of physical security paraphernalia are wont to add the Internet of Things label to their packaging, it seems. Although these devices should be designed with security in mind, most aren’t, making the state of Bluetooth smart locks one of the most inexplicable trends in recent memory.

At this year’s DEF CON, [Anthony Rose] have given a talk on compromising BTLE locks from a quarter-mile away. Actually, that ‘quarter mile’ qualifier is a bit of a misnomer – some of these Bluetooth locks are terrible locks, period. The Kwikset Kevo Doorlock – a $200 deadbolt – can be opened with a flathead screwdriver. Other Bluetooth ‘smart locks’ are made of plastic.

The tools [Anthony] used for these wireless lockpicking investigations included the Ubertooth One, a Bluetooth device for receive-only promiscuous sniffing, a cantenna, a Bluetooth USB dongle, and a Raspberry Pi. This entire setup can be powered by a single battery, making it very stealthy.

The attacks on these Bluetooth locks varied, from sniffing the password sent in plain text to the lock (!), replay attacks, to more advanced techniques such as decompiling the APK used to unlock these smart locks. When all else fails, brute forcing locks works surprisingly well, with quite a few models of smart lock using eight digit pins. Even locks with ‘patented security’ (read: custom crypto, bad) were terrible; this patented security was just an XOR with a hardcoded key.

What was the takeaway from this talk? Secure Bluetooth locks can be made. These locks use proper AES encryption, a truly random nonce, two factor authentication, no hard-coded keys, allow the use of long passwords, and cannot be opened with a screwdriver. These locks are rare. Twelve of the sixteen locks tested could be easily broken. The majority of Bluetooth smart locks are not built with security in mind, which, by the way, is the entire point of a lock.

[Anthony]’s work going forward will concentrate expanding his library of scripts to exploit these locks, and evaluate the Bluetooth locks on ATMs. Yes, ATMs also use Bluetooth locks. The mind reels.

Sniffing Bluetooth Devices With A Raspberry Pi

Hackaday was at HOPE last weekend, and that means we got the goods from what is possibly the best security conference on the east coast. Some of us, however, were trapped in the vendor area being accosted by people wearing an improbable amount of Mr. Robot merch asking, ‘so what is Hackaday?’. We’ve all seen The Merchants Of Cool, but that doesn’t mean everyone was a vapid expression of modern marketing. Some people even brought some of their projects to show off. [Jeff] of reelyActive stopped by the booth and showed off what his team has been working on. It’s a software platform that turns all your wireless mice, Fitbits, and phones into a smart sensor platform using off the shelf hardware and a connection to the Internet.

[Jeff]’s demo unit (shown above) is simply a Raspberry Pi 3 with WiFi and Bluetooth, and an SD card loaded up with reelyActive’s software. Connect the Pi to the Internet, and you have a smart space that listens for local Bluetooth devices and relays the identity and MAC address of all Bluetooth devices in range up to the Internet.

The ability to set up a hub and detect Bluetooth devices solves the problem Bluetooth beacons solves — identifying when people enter a space, leave a space, and with a little bit of logic where people are located in a space — simply by using what they’re already wearing. Judging from what [Jeff] showed with his portable reelyActive hub (a Pi and a battery pack) a lot of people at HOPE are wearing Fitbits, wireless headphones, and leaving the Bluetooth on the phone on all the time. That’s a great way to tell where people are, providing a bridge between the physical world and the digital.