Hackaday Links: May 24, 2015

A few months ago, we heard about a random guy finding injection molds for old Commodore computers. He did what the best of us would do and started a Kickstarter to remanufacture these cool old cases. It’s the best story on retrocomputing this year, and someone else figured out they could remanufacture Commodore 64 keycaps. If you got one of these remanufactured cases, give the keycaps a look.

Remember this Android app that will tell you the value of resistors by reading their color code. Another option for the iOS crowd was presented at Maker Faire last weekend. It’s called ResistorVision, and it’s perfect for the colorblind people out there. An Android version of ResistorVision will be released sometime in the near future.

A few folks at Langly Research Center have a very cool job. They built a hybrid electric tilt wing plane with eight motors on the wing and two on the tail. It’s ultimately powered by two 8 hp diesel engines that charge Liion batteries. When it comes to hydrocarbon-powered hovering behemoths, our heart is with Goliath.

A bottom-of-the-line avionics panel for a small private plane costs about $10,000. How do you reduce the cost? Getting rid of FAA certification? Yeah. And by putting a Raspberry Pi in it. It was expoed last month at the Sun ‘N Fun in Florida, and it’s exactly what the pilots out there would expect: a flight system running on a Raspberry Pi. It was installed in a Zenith 750, a 2-seat LSA, registered as an experimental. You can put just about anything in the cabin of one of these, and the FAA is okay with it. If it’ll ever be certified is anyone’s guess.

Safety Belt Holds Up Pants and Passwords

[Dan Williams] built a belt that holds up your pants while remembering your passwords. This was his project while camped out at the Hackaday Hardware Villiage at the 2015 TC Disrupt Hackathon last weekend.

safety-belt-pcb-sandwichThe idea started with the concept of a dedicated device to carry a complicated password; something that you couldn’t remember yourself and would be difficult to type. [Dan] also decided it would be much better if the device didn’t need its own power source, and if the user interface was dead simple. The answer was a wrist-band made up of a USB cable and a microcontroller with just one button.

To the right you can see the guts of the prototype. He is using a Teensy 2.0 board, which is capable of enumerating as an HID keyboard. The only user input is the button seen at the top. Press it once and it fires off the stored password. Yes, very simple to implement, but programming is just one part of a competition. The rest of his time was spent refining it into what could reasonably be considered a product. He did such a good job of it that he received an Honorable Mention from Hackaday to recognize his execution on the build.

Fabrication

IMG_20150502_183207[Dan] came up with the idea to have a pair of mating boards for the Teensy 2.0. One on top hosts the button, the other on the bottom has a USB port which is used as the “clasp” of the belt buckle. One side of the USB cable plugs into the Teensy, the other into this dummy-port. Early testing showed that this was too bulky to work as a bracelet. But [Dan] simply pivoted and turned it into a belt.

safety-belt-built-at-hackathon-thumb[Kenji Larsen] helped [Dan] with the PCB-sandwich. Instead of mounting pin sockets on the extra boards, they heated up the solder joints on a few of the Teensy pins and pushed them through with some pliers. This left a few pins sticking up above the board to which the button add-on board could be soldered.

To finish out the build, [Dan] worked with [Chris Gammell] to model a 2-part case for the electronics. He also came up with a pandering belt buckle which is also a button-cap. It’s 3D printed with the TechCrunch logo slightly recessed. He then filled this recess with blue painter’s tape for a nice contrast.

[Dan] on-stage presentation shows off the high-level of refinement. There’s not a single wire (excluding the USB belt cable) or unfinished part showing! Since he didn’t get much into the guts of the build during the live presentation we made sure to seek him out afterward and record a hardware walk through which is embedded below.


The 2015 Hackaday Prize is sponsored by:

Hackaday Prize Entry: A Better KVM Switch

Now it’s not uncommon to have a desktop and a laptop at a battlestation with tablets waiting in the wings. Add in a few Raspis, consoles, and various cheap computers, and it’s pretty easy to have an enormous number of machines and monitors on a desk. Traditionally, a KVM switch would be the solution to this, sharing a keyboard, mouse, and monitor with many different boxes, but this is an ugly solution. [frankstripod] has a device that fixes that with some interesting software and a few USB hacks.

[frankstripod] is in love with a program called Synergy this program combines the keyboard, mouse, and display of several computers over a network so you’ll only ever have to use one keyboard and mouse; it’s as simple as dragging your mouse from one computer to the other. There are a few limitations, though: keyboards don’t work until the OS has loaded (no BIOS access, then), it doesn’t work if the network is down, and setup can be complicated. This project aims to replace the ‘server’ part of a Synergy setup with a small, networkable KVM.

Right now the plan is to use a small embedded board running Linux to read a USB keyboard and switch the output between several computers. A few scripts detect the mouse moving from one screen to another, and a microcontroller switches USB output between each computer. If it sounds weird, you’re right, but it does work: [frank]’s 2014 Hackaday Prize project was a mouse that worked with two computers at once.


The 2015 Hackaday Prize is sponsored by:

1337-sp34k Keyboard

What started off as a quick prank-hack to re-map a colleague’s keyboard turned into a deep dive in understanding how keyboards work. [ch00f] and his other work place colleagues are in a habit of pulling pranks on each other. When [ch00f]’s buddy, who is an avid gamer and montage parody 1337-sp34k (leet speak) fan, went off on a holiday, [ch00f] set about re-mapping his friend’s keyboard to make it spit out words his friend uses a lot – “SWAG” “YOLO” and “420”. But remapping in software is too simple, his hack is a hardware remapping!

The keyboard in question used mechanical keys mounted on a keyboard sized PCB. Further, it was single sided, with jumper links used in place of front side tracks. This made hacking easier. The plan was to use keys not commonly used – Scroll Lock, Print Screen, and Pause/Break – and get them to print out the words instead. The signal tracks from these three keys were cut away and replaced with outputs from a microcontroller. The original connections were also routed to the microcontroller, and a toggle switch used to select between the remapped and original versions. This was eventually not implemented due to a lack of space to install the toggle switch. [ch00f] decided to just replace the keyboard if his friend complained about the hack. A bit of work on the ATMega PCB and firmware, and he was able to get the selected keys to type out SWAG, YOLO and 420.

And this is where a whole can of worms opened up. [ch00f] delves in to an explanation on the various issues at hand – keyboard scanning/multiplexing, how body-diodes in switching FET’s affected the scanning, ghosting and the use of blocking diodes. Towards the end, he just had the word SWAG activated by pressing the Pause/Break key. But he does get to the bottom of why the keyboard was behaving odd after he had wired in his hack, which makes for some interesting reading. Don’t miss the video of the hack in action after the break.

Continue reading “1337-sp34k Keyboard”

Using HID Tricks to Drop Malicious Files

[Nikhil] has been experimenting with human interface devices (HID) in relation to security. We’ve seen in the past how HID can be exploited using inexpensive equipment. [Nikhil] has built his own simple device to drop malicious files onto target computers using HID technology.

The system runs on a Teensy 3.0. The Teensy is like a very small version of Arduino that has built-in functionality for emulating human interface devices, such as keyboards. This means that you can trick a computer into believing the Teensy is a keyboard. The computer will treat it as such, and the Teensy can enter keystrokes into the computer as though it were a human typing them. You can see how this might be a security problem.

[Nikhil’s] device uses a very simple trick to install files on a target machine. It simply opens up Powershell and runs a one-liner command. Generally, this commend will create a file based on input received from a web site controlled by the attacker. The script might download a trojan virus, or it might create a shortcut on the user’s desktop which will run a malicious script. The device can also create hot keys that will run a specific script every time the user presses that key.

Protecting from this type off attack can be difficult. Your primary option would be to strictly control USB devices, but this can be difficult to manage, especially in large organizations. Web filtering would also help in this specific case, since the attack relies on downloading files from the web. Your best bet might be to train users to not plug in any old USB device they find lying around. Regardless of the methodology, it’s important to know that this stuff is out there in the wild.

Keystroke Sniffer Hides as a Wall Wart, is Scary

For those of us who worry about the security of our wireless devices, every now and then something comes along that scares even the already-paranoid. The latest is a device from [Samy] that is able to log the keystrokes from Microsoft keyboards by sniffing and decrypting the RF signals used in the keyboard’s wireless protocol. Oh, and the entire device is camouflaged as a USB wall wart-style power adapter.

The device is made possible by an Arduino or Teensy hooked up to an NRF24L01+ 2.4GHz RF chip that does the sniffing. Once the firmware for the Arduino is loaded, the two chips plus a USB charging circuit (for charging USB devices and maintaining the camouflage) are stuffed with a lithium battery into a plastic shell from a larger USB charger. The options for retrieving the sniffed data are either an SPI Serial Flash chip or a GSM module for sending the data automatically via SMS.

The scary thing here isn’t so much that this device exists, but that encryption for Microsoft keyboards was less than stellar and provides little more than a false sense of security. This also serves as a wake-up call that the things we don’t even give a passing glance at might be exactly where a less-honorable person might look to exploit whatever information they can get their hands on. Continue past the break for a video of this device in action, and be sure to check out the project in more detail, including source code and schematics, on [Samy]’s webpage.

Thanks to [Juddy] for the tip!

Continue reading “Keystroke Sniffer Hides as a Wall Wart, is Scary”

Plug Into USB, Get a Reverse Shell

Computers blindly trust USB devices connected to them. There’s no pop-up to confirm a device was plugged in, and no validation of whether the device should be trusted. This lets you do some nefarious things with a simple USB microcontroller.

We’ve recently seen two examples of this: the USBdriveby and the Teensyterpreter. Both devices are based on the Teensy development board. When connected to a computer, they act as a Human Interface Device to emulate a keyboard and mouse.

The USBdriveby targets OS X. When connected, it changes the DNS server settings to a custom IP, to allow for DNS spoofing of the victim’s machine. This is possible without a password through the OS X System Preferences, but it requires emulating both keystrokes and clicks. AppleScript is used to position the window in a known location, then the buttons can be reliably clicked by code running on the Teensy. After modifying DNS, a reverse shell is opened using netcat. This allows for remote code execution on the machine.

The Teensyterpreter gives a reverse shell on Windows machines. It runs command prompt as administrator, then enters a one-liner to fire up the reverse shell using Powershell. The process happens in under a minute, and works on all Windows versions newer than XP.

With a $20 microcontroller board you can quickly fire up remote shells for… “support purposes”. We’d like to see the two projects merge into a single codebase that supports both operating systems. Bonus points if you can do it on our Trinket Pro. Video demos of both projects after the break.

Continue reading “Plug Into USB, Get a Reverse Shell”