ChipWhisperer Hits Kickstarter

Even the most well designed crypto algorithms can be broken if someone is smart enough to connect an oscilloscope to a processor. Over the last 15 years or so, an entire domain of embedded security has cropped up around the techniques of power and side channel analysis. The tools are expensive and rare, but [Colin O’Flynn] and the ChipWhisperer are here to bring a new era of hardware security to the masses.

The ChipWhisperer was the second place winner of last year’s Hackaday Prize. It’s an interesting domain of security research, and something that was previously extremely expensive to study. If you’re looking for a general overview of what the ChipWhisperer does, you might want to check out when we bumped into [Colin] at DEFCON last year.

While the original goal of the ChipWhisperer was to bring the cost of the tools required for power and side channel analysis down to something a hackerspace or researcher could afford, this was still too expensive for a Kickstarter campaign. To that end, [Colin] designed the ChipWhisperer Lite, a cut-down version, but still something that does most of what the original could do.

There are two parts to the ChipWhisperer Lite – the main section contains a big microcontroller, a big FPGA, and a high gain, low noise amplifier. This is the core of the ChipWhisperer, and it’s where all the power analysis happens. The other part is a target board containing an XMega microcontroller. This is where you’ll run all your encryption algorithms, and where you’ll find out if they can be broken by power analysis. The main board and target board are held together by a break-away connection, so if you want to run a power analysis on another board, just snap the ChipWhisperer in half.

[Colin] is offering up a ChipWhisperer Lite for around $200 USD – far, far less than what these tools cost just a year ago. We’re looking forward to a successful campaign and all the neat findings people with this board will find.

Hackaday Links: February 1, 2015

It’s Sunday evening, and that means Hackaday Links, and that means something crowdfunded. This week it’s UberBlox. It’s a modular construction system based on Al extrusion – basically a modern version of an Erector set. Random musings on the perceived value UberBlox offers in the comments, I’m sure.

[Trevor] sent in something from his Etsy shop. Normally we’d shy away from blatant self-promotion, but this is pretty cool. It’s reproductions of 1960s Lockheed flying saucer plans. We’re not sure if this is nazi moon base/lizard people from the inner earth flying saucer plans or something a little more realistic, but there you go.

3D computer mice exist, as do quadcopters. Here’s the combination. It looks like there’s a good amount of control, and could be used for some aerobatics if you’re cool enough.

Who doesn’t love LED cubes? They’re awesome, but usually limited to one color. Here’s an RGB LED cube. It’s only 4x4x4, but there’s a few animations and a microphone with a beat detection circuit all powered by an ATMega32u4.

A while ago we had a post about a solar powered time lapse rig. Time lapse movies take a while, and the results are finally in.

When PayPal And Crowdfunding Don’t Mix

For the last decade or so, PayPal has drawn the ire of Internet commentators and people who try to do business on the Internet. The claims go from freezing the accounts of non-profits for months, earning interest all the while, ineffectual support, and generally behaving exactly like a bank but without all those nifty consumer protection laws on the books in every sane country. Then the founder of PayPal turned into Tony Stark and everything was cool again.

This doesn’t mean PayPal isn’t up to its old tricks, though. [Gareth Hayes], the guy behind the HackRF Blue, recently had a run-in with PayPal. The PayPal account associated with the HackRF Blue Indiegogo project was frozen shortly after the campaign ended. To unfreeze his account, [Gareth] was required to submit a few forms of identification and proof of residence. He could submit this via fax (‽) or through an ‘upload’ button in the PayPal resolution center that didn’t exist.

[Gareth] is not one to mess around, and it was only after several emails, ending with him demanding PayPal release the funds with interest and a few hours of consulting at $300/hr that the funds were released. When somebody is keeping $40,000 from you, it’s a good idea to play hardball. However, [Gareth]’s PayPal account was still frozen for the better part of three weeks. For a crowdfunding campaign, that’s three weeks that suppliers can’t be paid, components can’t be bought, and assembly can’t happen. For any campaign, PayPal is a liability.

This, unfortunately, isn’t anything new. Google News is littered with stories of PayPal withholding funds from crowdfunding campaigns. The message is clear: get your passport, driver’s license, utility bills, dog license, and fourth grade report card uploaded to PayPal somehow before the campaign ends.

Yesterday, [Gareth] received word that his account had been unfrozen, but not before he threatened the nuclear option and started letskillpaypal.com. A worthy cause if we’ve ever seen one.

The Last Week Of The Mooltipass Approacheth

A year and two days ago, [Mathieu] started out on a quest to develop some hardware with the help of Hackaday readers. This project became known as the Mooltipass, an open source offline password keeper that’s pretty much a password management suite or Post-It notes on a monitor, except not horribly insecure.

The product has gone through multiple iterations of software, [Mathieu] flew out to China to get production started, and the project finally made it to a crowdfunding site. That crowdfunding campaign is almost over with just eight days left and just a little bit left to tip this project into production. This is the last call, all hands in, and if you’re thinking about getting one of these little secure password-storing boxes, this is the time.

You can check out the Developed on Hackaday series going over the entire development of the Mooltipass, made with input from Mooltipass contributors and Hackaday readers. The Venn diagram of those two groups overlaps a lot, making this the first piece of hardware that was developed for and by Hackaday readers.

Even if you have a fool-proof system of remembering all your passwords and login credentials, the Mooltipass is still a very cool-looking Arduino-compatible board. Note that (security device) and (Arduino thing) are two distinct operating modes that should not be conflated.

[Mathieu] and other contributors will be in the comments below, along with a bunch of ‘security researchers’ saying how this device ‘is horrifying’, ‘full of holes’, and ‘a terrible idea’. One of these sets of people have actually done research. Guess which?

Hackaday Links: November 30, 2014

Tired of wiring up the power rails and serial adapter every time you build something on a breadboard? [Jason] has you covered. He put his Breadboard Buddy Pro up on Indiegogo, and it does everything you’d expect it to: power rails, USB to UART bridge, and a 3.3 V regulator. Oh, he’s not using an FTDI chip. Neat.

With Christmas around the corner, a lot of those cheap 3-channel RC helicopters are going to find their way into stockings. They’re cool toys, but if you want to really have fun with them, you’ll need to add a penny.

Here’s a crowdfunding campaign for a very interesting IoT module. It’s a UART to WiFi adapter that has enough free Flash and RAM to run your own code, GPIOs, SPI, and PWM functions. Wait a second. This is just an ESP8266 module. Stay classy, Indiegogo.

Mankind has sent space probes to the surface – and received pictures from – Venus, Mars, the Moon, Titan, asteroids Itokawa and Eros, and comet Comet 67P/Churyumov–Gerasimenko. In a beautiful bit of geological irony, every single one of these celestial bodies looks like a rock quarry in Wales. That quarry is now for sale.

Here’s something exceptionally interesting. It’s a browser plugin that takes a BOM, and puts all the components into a cart. Here’s the cool bit: it does it with multiple retailers. The current retailers supported are Mouser, Digikey, Farnell/Element14, Newark, and RS Components.

Want a death ray? Too bad, because it’s already been sold.

Hackaday Links: November 23, 2014

The 2015 Midwest RepRap Festival, a.k.a. the MRRF (pronounced murf) was just announced a few hours ago. It will be held in beautiful Goshen, Indiana. Yes, that’s in the middle of nowhere and you’ll learn to dodge Amish buggies when driving around Goshen, but surprisingly there were 1000 people when we attended last year. We’ll be there again.

A few activists in St. Petersburg flushed GPS trackers down the toilet. These trackers were equipped with radios that would send out their position, and surprise, surprise, they ended up in the ocean.

[Stacy] has been tinkering around with Unity2D and decided to make a DDR-style game. She needed a DDR mat, and force sensitive resistors are expensive. What did she end up using? Velostat, conductive thread, and alligator clips.

You know the Espruino, the little microcontroller board that’s basically JavaScript on a USB stick? Yeah, that’s cool. Now you can do remote access through a telnet server letting you write and debug code over the net.

The Open Source RC is a beautiful RC transmitter with buttons and switches everywhere, a real display, and force feedback sticks. It was a Hackaday Prize entry, and has had a few crowdfunding campaigns. Now its hit Indiegogo again.

Speaking of crowdfunding campaigns, The Mooltipass, the designed-on-Hackaday offline password keeper, only has a little less than two weeks until its crowdfunding campaign ends. [Mathieu] and the rest of the team are about two-thirds there, with a little more than half of the campaign already over.

RasPiCommPlus, An Expansion Board For Expansion Boards

The easiest way to connect a GSM module to a Raspberry Pi would be to buy a breakout module, install some software, and connect to a mobile network with a Pi. Need GPS, too? That’s a whole other module, with different software. The guys behind RasPiCommPlus are working on a better solution – a breakout board for breakout boards that takes care of plugging a ton of modules into a Pi and sorts out the kernel drivers to make interfacing with these modules easy.

Right now, the team has a GPS and GSM module, digital in and out modules, an analog input module, and RS-232 and -485 modules. They’re working on some cool additions to the lineup, including a breakout for Sharp memory displays, a 9-axis IMU, a stepper motor driver, and a 1-wire breakout module.

Some of the RasPiCommPlus team showed up to the Hackaday Munich party and were kind enough to sit down for a demo video. You can check that out below.

Continue reading “RasPiCommPlus, An Expansion Board For Expansion Boards”