Hack a Day » layerone

Salvaging a commercial-grade pick and place machine

Mike Szczys — Tue, 06 Sep 2011 16:01:59 +0000

Why build a pick and place machine from the ground up when you can start with a full featured, but non-functional unit, and bring it back to life. That’s exactly what [Charliex] is doing with this Juki 360 rebuild.

A bit of background is in order here. [Charliex] is working alongside other hackers at Null Space Labs to restore this hardware. The Los Angeles based hackerspace sponsored the hardware badges at this year’s LayerOne, each of which was hand assembled. They’d like to avoid that tedium next year, which led to this project.

The seller of the used Juki 360 listed it in working condition, but it seems that they were polishing a turd since it is basically non-functional. The link at the top of this post is the second testimonial of their work so far. It covers the use of an Arduino board as a replacement interface, as well as a bunch of sensor repair, pneumatic testing, and motor driver firmware tweaking. If you’d like to see the initial teardown and hardware diagnostics don’t miss the first post in their adventure.

Filed under: repair hacks, tool hacks

LayerOne coming soon

Eliot — Fri, 01 May 2009 23:29:39 +0000

Annual hacker conference LayerOne will be held May 23-24th in Anaheim, CA. They’ve completed the speaker lineup and have quite a few interesting talks. [David Bryan] Will be focusing on practical hacking with the GNU Radio. It’s a software defined radio that we’ve covered in the past for GSM cracking. [Datagram] will present lockpicking forensics. While lockingpicking isn’t as obvious as brute force entry, it still leaves behind evidence. He’s launched lockpickingforensics.com as a companion to this talk. LayerOne is definitely worth checking out if you’re in the Los Angeles area.

Posted in cons, news, security hacks

Hacker conference videos

Eliot — Thu, 26 Jun 2008 04:20:00 +0000

Almost every security conference we’ve attended in the last year has uploaded videos from their speaker tracks. Explore the archives below, and you’re bound to find an interesting talk.

[thanks, Dan]
[photo: ario_j]

Exploit-Me Firefox XSS and SQL scanning addon

Eliot — Sat, 14 Jun 2008 09:40:00 +0000

One of the best tools we saw at LayerOne was the Exploit-Me series presented by [Dan Sinclair]. Security Compass created these tools to help developers easily identify cross site scripting (XSS) and SQL injection vulnerabilities.

XSS-Me is a Firefox add-on that loads in the sidebar. It identifies all the input fields on a page and iterates through a user provided list of XSS strings: opening new tabs and checking the results. When this process completes you get a report of what attacks got through, what didn’t, and what might have. The upcoming 0.3 version will use heuristics to determine what characters can be used and automatically skip attack strings that won’t get through.

The SQL Inject-Me works almost exactly the same way. It does require a little planning though: you need to tell it what you expect the results page to look like when an attack gets through.

The newest tool, Access-Me, surfs along with you while you’re authenticated to a website and checks whether you can see the same page unauthenticated.