The Problem With Software Defined Radio

July 29, 2016 by Brian Benchoff 79 Comments

There’s a problem with software defined radio. It’s not that everyone needs to re-learn what TEMPEST shielding is, and it’s not that Bluetooth is horribly broken. SDR’s biggest problem is one of bandwidth and processing. With a simple USB TV Tuner, you can listen in on aircraft, grab Landsat images from hundreds of miles up, or sniff the low-power radios used in Internet of Things things. What you can’t do is make your own WiFi adapter, and you can’t create your own LTE wireless network. This is simply a problem of getting bits from the air to a computer for processing.

At HOPE last weekend, the folks behind the very capable LimeSDR and a new company working with Lime’s hardware laid out the possibilities of what software defined radio can do if you make a link to a computer very fast, and add some processing on the SDR itself.

Continue reading “The Problem With Software Defined Radio” →

Yes, You Should Be Hacking Your Car’s Data System

July 27, 2016 by Mike Szczys 46 Comments

If you own a car, I would wager it’s the most complex device you own. Within you find locomotion, safety systems, and an entertainment system that may be using technology from several decades ago (but that’s a rant for a different article). Jalopy or Sweet Hotness, your ride has an underlying data network that is a ton of fun to hack, and something of a security dinosaur. Both were discussed by Craig Smith and Erik Evenchick during their talk on Car Hacking tools at Hope XI.

You should recognize both of these names. Eric Evenchick is a Hackaday contributor who has been traveling the world presenting talks and workshops on his open source car hacking hardware called CANtact. Craig Smith is founder of OpenGarages and author of the Car Hacker’s Handbook which we highly recommend. The pair made a great joint presentation; both were charismatic, using wit to navigate through the hardware, software, techniques, and goals you want to have in mind to jump into car hacking.

Continue reading “Yes, You Should Be Hacking Your Car’s Data System” →

Cory Doctorow Rails Against Technological Nihilism; Wants You To Have Hope

July 25, 2016 by Mike Szczys 31 Comments

I was skeptical about a two hour block allotted for Cory Doctrow’s keynote address at HOPE XI. I’ve been to Operas that are shorter than that and it’s hard to imagine he could keep a huge audience engaged for that long. I was incredibly wrong — this was a barnburner of a talk. Here is where some would make a joke about breaking out the rainbows and puppies. But this isn’t a joke. I think Cory’s talk helped me understand why I’ve been feeling down about our not-so-bright digital future and unearthed a foundation upon which hope can grow.

Continue reading “Cory Doctorow Rails Against Technological Nihilism; Wants You To Have Hope” →

BitCluster Brings A New Way To Snoop Through BitCoin Transactions

July 23, 2016 by Mike Szczys 8 Comments

Mining the wealth of information in the BitCoin blockchain is nothing new, but BitCluster goes a long way to make sense of the information you’ll find there. The tool was released by Mathieu Lavoie and David Decary-Hetu, PH.D. on Friday following their talk at HOPE XI.

I greatly enjoyed sitting in on the talk which began with some BitCoin basics. The cryptocurrency uses user generated “wallets” which are essentially addresses that identify transactions. Each is established using key pairs and there are roughly 146 million of these wallets in existence now

If you’re a thrifty person you might think you can get one wallet and use it for years. That might be true of the sweaty alligator-skin nightmare you’ve had in your back pocket for a decade now. It’s not true when it comes to digital bits — they’re cheap (some would say free). People who don’t generate a new wallet for every transaction weaken their BitCoin anonymity and this weakness is the core of BitCluster’s approach.

Every time you transfer BitCoin (BTC) you send the network the address of the transaction when you acquired the BTCs and sign it with your key to validate the data. If you reuse the same wallet address on subsequent transactions — maybe because you didn’t spend all of the wallet’s coins in one transaction or you overpaid and have the change routed back to your wallet. The uniqueness of that signed address can be tracked across those multiple transactions. This alone won’t dox you, but does allow a clever piece of software to build a database of nodes by associating transactions together.

Mathieu’s description of first attempts at mapping the blockchain were amusing. The demonstration showed a Python script called from the command line which started off analyzing a little more than a block a second but by the fourth or fifth blocks hit the process had slowed to a standstill that would never progress. This reminds me of some of the puzzles from Project Euler.

After a rabbit hole of optimizations the problem has been solved. All you need to recreate the work is a pair of machines (one for Python one for mondoDB) with the fastest processors you can afford, a 500 GB SSD, 32 GB of RAM (but would be 64 better), Python 64-bit, and at least a week of time. The good news is that you don’t have to recreate this. The 200GB database is available for download through a torrent and the code to navigate it is up on GitHub. Like I said, this type of blockchain sleuthing isn’t new but a powerful open source tool like this is.

Both Ransomware and illicit markets can be observed using this technique. Successful, yet not-so-cautious ransomers sometimes use the same BitCoin address for all payments. For example, research into a 2014 data sample turned up a ransomware instance that pulled in $611k (averaging $10k per day but actually pulling in most of the money during one three-week period). If you’re paying attention you know using the same wallet address is a bad move and this ransomware was eventually shut down.

Illicit markets like Silk Road are another application for BitCluster. Prior research methods relied on mining comments left by customers to estimate revenue. Imagine if you had to guess at how well Amazon was doing reading customer reviews and hoping they mentioned the price? The ability to observe BTC payment nodes is a much more powerful method.

A good illicit market won’t use just one wallet address. But to protect customers they use escrow address and these do get reused making cluster analysis possible. Silk Road was doing about $800k per month in revenue at its height. The bulk of purchases were for less than $500 with only a tiny percentage above $1000. But those large purchases were likely to be drug purchases of a kilo or more. That small sliver of total transactions actually added up to about a third of the total revenue.

It’s fascinating to peer into transactions in this manner. And the good news is that there’s plenty of interesting stuff just waiting to be discovered. After all, the blockchain is a historical record so the data isn’t going anywhere. BitCluster is intriguing and worth playing with. Currently you can search for a BTC address and see total BTC in and out, then sift through income and expense sorted by date, amount, etc. But the tool can be truly great with more development. On the top of the wishlist are automated database updates, labeling of nodes (so you can search “Silk Road” instead of a numerical address), visual graphs of flows, and a hosted version of the query tool (but computing power becomes prohibitive.)

Hackers On Planet Earth — We’ll Be There!

July 20, 2016 by Mike Szczys 8 Comments

This weekend, Hackaday will be rolling into New York for the Eleventh HOPE. This biyearly conference draws hackers from all around the globe. There’s a ton going on at HOPE: talks, hardware hacking, workshops, and pretty much everything else you might be interested in. But really, this gathering which was founded by 2600 in ’94, is where you go to meet and hang out with other hackers. And we want to hang out with you.

Pre-sale tickets are gone. But if you don’t have a ticket yet there are a limited number still available at the door. We’re happy that Hackaday is a sponsor of HOPE this year and for that we have a spot in the vendor’s area. We’re not selling anything — we’re actually reverse-vending. We want you to stop by and show us your hacks!

Hackaday Meetups at HOPE

Find us in the vendor area for two meetups: Saturday 2:30-5:00 (after Cory Doctorow’s keynote) and Sunday ~~11:00-1:00~~ 2:30-5:00. We’ll be there with our cameras at the ready so don’t forget to bring your hacks. We’re always hungry to hear interesting stories which will end up on the front page for all to enjoy.

We have swag like Hackaday and Tindie stickers, and dev boards to give away from our Hackaday Prize sponsors Atmel and Microchip. During the two meetup times we’ll have munchies (Hackaday branded of course) and a limited supply of T-shirts. Come early and come often.

Brian Benchoff and Mike Szczys will be on hand covering the best the convention has to offer. Hit us up on those Twitter links if you want to get our attention. Sophi Kravitz, Aleksandar Bradic, and Shayna Gentiluomo will also be there, so stop by whenever and hang out with us. Our spot in the vendor area will be open the whole weekend.

We are always looking for awesome things to do in addition to what’s on the official agenda. The meetup on Saturday is the place to get the inside scoop on those plans. Whether you’re going to be at HOPE or not, we’d love to hear from you in the comments. Let us know about any talks we shouldn’t miss, any hackers we should track down and interview, and any of those extra curricular activities for a bunch of hackers in the middle of Manhattan on a hot July night.