Hackaday Links: Sunday, July 7th, 2013

hackaday-links-chain

IR control for your home theater doesn’t have to look ugly. [Rhys Goodwin] put his IR blasters inside his audio equipment.

Steam powered windshield wiper. Need we say more?

An assembled version of the FaceDancer is now available for purchase. This is a man-in-the-middle USB tool developed by [Travis Goodspeed]. When [S.A.] sent us the tip he mentioned that the board is a pain to hand solder if you’re making your own; this is an moderately affordable alternative.

[Aaron] makes it easy for audiophiles to listen to Soundcloud on their Sonos hardware.

We’ve heard of fuzzy clocks — they only give you a general sense of time. Here’s a fuzzy thermometer that uses the vocal stylings of [Freddie Mercury] to get a general feel for how hot it is.

While you’re still laughing, this most useless machine taunts you in more ways than one. It uses audio clips and theatrics to vary the way in which it shuts itself off. [Thanks Itay and David]

Modern CNC techniques make short work of prototyping for the Ford Motor Company. [Thank Wybren via SlashGear]

Exploiting DFU mode to snag a copy of firmware upgrades

[Travis Goodspeed] continues his work at educating the masses on how to reverse engineer closed hardware devices. This time around he’s showing us how to exploit the Device Firmware Updates protocol in order to get your hands on firmware images. It’s a relatively easy technique that uses a man-in-the-middle attack to dump the firmware image directly to a terminal window. This way you can get down to the nitty-gritty of decompiling and hex editing as quickly as possible.

For this hack he used his Facedancer board. We first saw the hardware used to emulate a USB device, allowing the user to send USB commands via software. Now it’s being used to emulate your victim hardware’s DFU mode. This is done by supplying the vendorID and productID of the victim, then pushing the firmware update as supplied by the manufacturer. In most cases this shouldn’t even require you to have the victim hardware on hand.

Facedancer board lets your Python programs pretend to be USB hardware

This is the prototype board for [Travis Goodspeed's] new USB development tool called the Facedancer. He took on the design with USB security exploits in mind, but we think it’s got a lot of potential for plain old development as well.

Kudos on the [Frank Herbert] reference when naming the project. Like the characters from the Dune mythology that can perfectly mimic any person they touch, this device let’s you mimic whatever you can imagine. One the USB ports connects to the victim (or host) the other connects to a development machine. Python can then be used to send USB commands in real time. Think of this as doing the same thing the Bus Pirate does for SPI and i2c, except that it’s doing it on the USB protocol itself. This way you can feel your way through all of the road-bumps of developing a new device (or testing an exploit) without the need to continually compile and flash your hardware.

Follow

Get every new post delivered to your Inbox.

Join 94,628 other followers