Hackaday Links: May 10, 2015

Here’s a cool crowdfunding campaign that somehow escaped the Hackaday Tip Line. It’s a remote control SpaceShipOne and White Knight. SpaceShipOne is a ducted fan that has the high-drag feathering mechanism, while White Knight is a glider. Very cool, and something we haven’t really seen in the scratchbuilding world.

[Sink] has a Makerbot Digitizer – the Makerbot 3D scanner – and a lot of time on his hands. He printed something, scanned it, printed that scan… you get the picture. It’s a project called Transcription Error.

Keurig has admitted they were wrong to force DRM on consumers for their pod coffee cups.

The Apple ][, The Commodore 64, and the Spectrum. The three kings. Apple will never license their name for retro computer hardware, and there will never be another computer sold under the Commodore label. The Spectrum, though… The Sinclair ZX Spectrum Vega is a direct-to-TV console in the vein of [Jeri Ellisworth]’s C64 joystick doohickey.

Infinity mirrors are simple enough to make; they’re just one mirror, some LEDs, and another piece of glass. How about a 3D infinity mirror? They look really, really cool.

Here’s the six-day notice for some cool events: Hamvention in Dayton, OH. [Greg Charvat] will be there, and [Robert] is offering cold drinks to anyone who mentions Hackaday. If anyone feels like scavenging for me, here’s a thread I created on the Vintage Computer Forum.  Bay Area Maker Faire is next weekend. Most of the rest of the Hackaday crew will be there because we have a meetup on Saturday night

Beating DRM to Extend the Life of an Anti-Aging Therapy Light Mask

It’s becoming more common to see DRM cropping up in an increasing number of hardware products nowadays. Quite often, its used to prevent the use of unauthorized consumables and some may argue that it helps prevent counterfeiting and help shore up revenues. But it’s a totally different matter when DRM is used to severely limit the operational life of a product. When [travis] wrote in about the run time limitation on an “Illumimask” light therapy device, we first had to look up what that device was. Apparently, these are anti-acne or anti-aging light therapy masks that use red and blue LEDs to kill skin bacteria, stimulate skin cells and reduce blemishes. While these claims most likely may not hold water, the device itself is cheap enough not to hurt you at $30 a pop.

The trouble is, it is limited to 30 daily uses of 15 minutes each, totaling just 7 1/2 hours, effectively lasting you a month. At the end of which, you just discard the device and get a new one. That seems like a ridiculous waste of a perfectly fine, functional device whose LED’s can last at least 30,000 to 40,000 hours. [travis]’s wife [Bebefuzz] was obviously pissed at this situation. So she did a simple hack to bypass the microcontroller that imposed the goofy restrictions. In [travis]’s own words “Not a crazy-technical hack…. but a very functional one to bypass a manufacturer’s ‘WTF'”. It involved soldering a slide switch across the circuit terminals that the micro-controller uses to monitor the LED current (likely). Unfortunately, this also breaks the 15 minute timer measurement, so she now has to manually switch off the device at the end of the 15 minute therapy cycle.

To check out more DRM hacks, check out these we covered earlier, from Coffee Makers to 3D printer filaments to Cat Litter boxes and even furniture.

Cracking Litter Box DRM

DRM on a specific brand of cat litter box has been cracked. In other news, DRM on cat litter boxes exists.

[Jorge] moved into a new apartment with a feline companion and wanted one of those fancy, auto-cleaning litter boxes. Apparently only one such device exists, the CatGenie. This ‘Rolls Royce of cat litter boxes’ uses little pieces of plastic granules as ‘functional medium’ that are scooped up, cleaned, and returned to use. These granules are washed with a cartridge full of fresh-smelling cleaning solution that comes in a container with an RFID tag. Yep, DRM’ed cat boxes. Welcome to the future.

After cruising around the Internet, [Jorge] found a CatGenie community that has released open source firmware for a litter box and something called a CartridgeGenius, a drop-in replacement for the cartridge tag reader in the litter box. It simulates both the RFID tag and its reader, allowing any robotic litter box owner to select between 120 cycle cartridges, 60 cycle cartridges, a maintenance cartridge, and set the fill level of those cartridges.

Previously, [Jorge] was spending about $350 a year on the solution to clean these plastic granules, so in a few months this CartridgeGenius has already paid for itself.

DRM Protection Removed for… Coffee?

Keurig, the manufacturer of a single-serve coffee brewing system, has a very wide following amongst coffee drinkers. Their K-cup (pre-packaged coffee grounds with a coffee filter, all in a plastic container) is an interesting concept and makes brewing a single cup of coffee much more efficient over making a whole pot. Their newer line of coffee makers, the Keurig 2.0, has some interesting (and annoying) security features though, which [Kate Gray] has found an interesting and simple way around.

The DRM security in these coffee makers is intended to keep third-party “cups” from being used in the Keurig. It can recognize an authentic Keurig cup, and can stop the operation of the coffee pot if a knockoff is placed in the machine. We can only assume that this is because Keurig makes a heap of cash by selling its canisters of coffee. One simple solution was already covered a few days ago by taping an authentic lid to the machine. This one doesn’t require any authentic pods but just removes one wire from a wiring harness inside of the case.

There are other ways around the security on these devices, but when [Kate Gray] actually investigated, she found the security decidedly lacking. With something this simple, one can only speculate how much Keurig has really invested in making sure users don’t use third-party cups of coffee in their machines, but it also brings up the classic question of who really owns hardware if we can’t use it in the way we want, rather than the way the manufacturer wants.

You can read more about the project on its Reddit page. Thanks to [MyOwnDemon] for the tip!

Dead Simple Hack Allows for “Rebel” Keurig K-Cups

If you haven’t actually used a Keurig coffee machine, then you’ve probably at least seen one. They are supposed to make brewing coffee simple. You just take one of the Keurig “k-cups” and place it into the machine. The machine will punch a hole in the foil top and run the water through the k-cup. Your flavored beverage of choice comes out the other side. It’s a simple idea, run by a more complex machine. A machine that is complicated enough to have a security vulnerability.

Unfortunately newer versions of these machines have a sort of DRM, or lockout chip. In order to prevent unofficial k-cups from being manufactured and sold, the Keurig machines have a way to detect which cups are legitimate and which are counterfeit. It appears as though the machine identifies the lid specifically as being genuine.

It turns out this “lockout” technology is very simple to defeat. All one needs to do is cut the lid off of a legitimate Keurig k-cup and place it on top of your counterfeit cup. The system will read the real lid and allow you to brew to your heart’s content. A more convenient solution involves cutting off just the small portion of the lid that contains the Keurig logo. This then gets taped directly to the Keurig machine itself. This way you can still easily replace the cups without having to fuss with the extra lid every time.

It’s a simple hack, but it’s interesting to see that even coffee machines are being sold with limiting technology these days. This is the kind of stuff we would have joked about five or ten years ago. Yet here we are, with a coffee machine security vulnerability. Check out the video demonstration below. Continue reading “Dead Simple Hack Allows for “Rebel” Keurig K-Cups”

Unbricking a BluRay Drive

All BluRay player, devices, and drives contain a key that unlocks the encryption and DRM present on BluRay discs. Since 2007, the consortium responsible for this DRM scheme has been pushing updates and revocation lists on individual BluRay releases. Putting one of these discs in your drive will brick the device, and this is the situation [stephen] found himself in when he tried to watch Machete Kills. Not wanting to update his software, he searched for a better solution to unbrick his drive.

Every time [stephen] played or ripped a disc, the software he was using passed a key to the drive. This key was compared to the revocation list present on the drive. When a match was found, the drive bricked itself. Figuring the revocation list must be stored on a chip in the device, [stephen] broke out the screwdriver and started looking around inside the drive.

There aren’t many chips inside a modern BluRay drive, but [stephen] did manage to find a few Flash chips. These Flash chips can be dumped to a computer using a BusPirate, and comparing the dump to a publicly available ‘Host Revocation List Record’, [stephen] was able to find the location on the Flash chip that contained the revocation list.

The next task was to replace the revocation list currently on the drive with an earlier one that wouldn’t brick his drive. [stephen]’s MakeMKV install made this very easy, as it keeps a record of all the revocation lists it runs across. Updating the Flash in the drive with this old list unbricked the drive.

This is only a temporary fix, as [stephen] still can’t put a new disc in the drive. A permanent fix would involve write protecting the Flash and preventing the drive from ever updating the revocation list again. This would be a very complex firmware hack, and [stephen] doesn’t even know what architecture the controller uses. Still, the drive works, saved from terrible DRM.

Resetting DRM On 3D Printer Filament

The Da Vinci 3D printer is, without a doubt, the future of printing plastic objects at home. It’s small, looks good on a desk, is fairly cheap, and most importantly for printer manufacturers, uses chipped filament cartridges that can’t be refilled.

[Oliver] over at Voltivo was trying to test their new printer filament with a Da Vinci and ran head-on into this problem of chipped filament. Digging around inside the filament cartridge, he found a measly 300 grams of filament and a small PCB with a Microchip 11LC010 EEPROM. This one kilobyte EEPROM contains all the data about what’s in the filament cartridge, including the length of filament remaining.

After dumping the EEPROM with an Arduino and looking at the hex file, [Oliver] discovered the amount of filament remaining was held in a single two-byte value. Resetting this value to 0xFFFF restores the filament counter to its virgin state, allowing him to refill the filament. A good thing, too; the cartridge filament is about twice as expensive as what we would normally buy.