This talk from the 2012 LayerOne conference outlines how the team build Stiltwalker, a package that could beat audio reCAPTCHA. We’re all familiar with the obscured images of words that need to be typed in order to confirm that you’re human (in fact, there’s a cat and mouse game to crack that visual version). But you may not have noticed the option to have words read to you. That secondary option is where the toils of Stiltwalker were aimed, and at the time the team achieved 99% accurracy. We’d like to remind readers that audio is important as visual-only confirmations are a bane of visually impaired users.
This is all past-tense. In fact, about an hour before the talk (embedded after the break) Google upgraded the system, making it much more complex and breaking what these guys had accomplished. But it’s still really fun to hear about their exploit. There were only 58 words used in the system. The team found out that there’s a way to exploit the entry of those word, misspelling them just enough so that they would validate as any of up to three different words. Machine learning was used to improve the accuracy when parsing the audio, but it still required tens of thousands of human verifications before it was reliably running on its own.
Continue reading “Stiltwalker beat audio reCAPTCHA”
Here’s a pair of LayerOne Badge hacks that actually included the RC as intended by the badge designers.
First up, we have the autonomous RC car built by [Arko]. He calls it Stanley Jr. as an homage to the Stanford DARPA Grand Challenge vehicle. It uses an Arduino shield to add a servo with an ultrasonic rangefinder on it. The lets the vehicle drive a bit, stop and scan the horizon, then drive some more. The hope is the rangefinder will keep it from running into anything. There’s a quick test run embedded after the break.
On the right is the badge hack which [Zjpahle] finished up after the contest was already over. He also chose to go with an Arduino shield, this time it’s an IMU board. But he added a standalone Arduino board to the vehicle which drives some EL wire (ground effects) and adds IR sensors to the front of the car. The IR sensors are for obstacle avoidance, and the IMU lets him tilt his badge for direction control.
We looked at the winner of the badge hacking competition on Wednesday. That hack didn’t involve the car, but used the badge as a Morse Code beacon.
Continue reading “LayerOne badge hacking twofer”
Ham skills prevail in this year’s LayerOne badge hacking contest. [Jason] was the winner with this Morse Code beacon hack.He got a head start on the competition after seeing our preview feature on the badge hardware development. It got him thinking and let him gather his tools ahead of arrival.
The hardware is segregated into two parts of the board. The lower portion is a take on the Arduino, and the upper portion is a wireless transmitter meant to control some cheap RC cars. [Jason] figured this was perfect for conversion as a CW beacon (continuous wave is what Morse Code is called if you’re a ham). The first issue he encountered was getting the badge to play nicely with the Arduino IDE. It was setup to run Slowduino firmware which uses the internal oscillator. [Jason] soldered on his own crystal and reflashed the firmware. He found that the transmitter couldn’t be directly keyed because of the shifting used in the RC car protocol. He cut the power to the transmitter, and found that it could be more accurately keyed by injecting power to one of the other pins. Check out the video after the break for a better explanation of his technique.
Continue reading “Morse code beacon wins the LayerOne badge hacking contest”
We love badges. And we’ve really got to thank [Charliex] for taking the time to write a huge post about this year’s LayerOne badges, especially since they’ve got their backs up against the deadline for pulling everything together in time.
Here it is, the stock badge on the left, with an add-on shield on the right. Now the original intent was to make this badge the chassis of an RC car. [Charliex] chewed through his development time trying to source toy cars that could be gutted for parts that would mount easily on the badge. This looked promising at first, but turned out to be folly. Instead what we have here is an Arduino compatible board with an RF transmitter which can be cut off and used separately if you wish. Attendees will be able to use the badge to take control of the toy cars (cases of them have been shipped to the conference), with the option to use the USB functionality to facilitate automation.
So what about stopping bullets? There is a bug in the module [Charliex] used to export the board design from Eagle. They came back from the fab house as 0.125″ substrate. That’s pretty beefy!
The conference is this weekend… better get on that!
This year’s LayerOne Hacking and Security Conference is right around the corner. But it’s not too late to attend. You can still get a block-rate hotel room if you register by the end of April, and registration for the two-day event only costs a hundred bucks. It’s scheduled for May 26th and 27th in Anaheim California.
As usual, the Speaker lineup is quite impressive. Everything from Android Malware to embedded exploits and botnet adventures will be discussed. And then there’s the perennial favorite lock picking and hardware hacking villages. Did we mention badges? We’d bet it was this pick-and-place machine which helped assemble this year’s pile of badges. We haven’t seen any word on what they might include, but there’s a hacking contest so plan to pack your tools.
Why build a pick and place machine from the ground up when you can start with a full featured, but non-functional unit, and bring it back to life. That’s exactly what [Charliex] is doing with this Juki 360 rebuild.
A bit of background is in order here. [Charliex] is working alongside other hackers at Null Space Labs to restore this hardware. The Los Angeles based hackerspace sponsored the hardware badges at this year’s LayerOne, each of which was hand assembled. They’d like to avoid that tedium next year, which led to this project.
The seller of the used Juki 360 listed it in working condition, but it seems that they were polishing a turd since it is basically non-functional. The link at the top of this post is the second testimonial of their work so far. It covers the use of an Arduino board as a replacement interface, as well as a bunch of sensor repair, pneumatic testing, and motor driver firmware tweaking. If you’d like to see the initial teardown and hardware diagnostics don’t miss the first post in their adventure.
Annual hacker conference LayerOne will be held May 23-24th in Anaheim, CA. They’ve completed the speaker lineup and have quite a few interesting talks. [David Bryan] Will be focusing on practical hacking with the GNU Radio. It’s a software defined radio that we’ve covered in the past for GSM cracking. [Datagram] will present lockpicking forensics. While lockingpicking isn’t as obvious as brute force entry, it still leaves behind evidence. He’s launched lockpickingforensics.com as a companion to this talk. LayerOne is definitely worth checking out if you’re in the Los Angeles area.