On Your Phone While Driving an Electric Skateboard

Skateboards are fun, but you have to do all that pesky kicking in order to get anywhere. That’s why [Nick] decided to build his own electric skateboard. Not only is the skateboard powered with an electric motor, but the whole thing can be controlled from a smart phone.

[Nick] started out with a long board deck that he had made years ago. After cleaning it up and re-finishing it, the board was ready for some wheels. [Nick] used a kit he found online that came with the trucks, wheels, and a belt. The trucks have a motor mount welded in place already. [Nick] used a Turnigy SK3 192KV electric motor to drive the wheels. He also used a Turnigy electronic speed controller to make sure he could vary the speed of the board while riding.

Next [Nick] needed some interface between a smart phone and the motor controller. He chose to use an Arduino Nano hooked up to a Bluetooth module. The Nano was able to directly drive the motor controller, and the Bluetooth module made it easy to sync up to a mobile phone. The Android app was written using MIT’s App Inventor software. It allows for basic control over the motor speed so you can cruise in style. Check out the video below for a slide show and some demonstration clips.

It’s a popular project, and eerily similar to the one we saw a couple months back.

Continue reading “On Your Phone While Driving an Electric Skateboard”

Exposing Private Facebook Photos with a Malicious App

[Laxman] is back again with another hack related to Facebook photos. This hack revolves around the Facebook mobile application’s “sync photos” function. This feature automatically uploads every photo taken on your mobile device to your Facebook account. These photos are automatically marked as private so that only the user can see them. The user would have to manually update the privacy settings on each photo later in order to make them available to friends or the public.

[Laxman] wanted to put these privacy restrictions to the test, so he started poking around the Facebook mobile application. He found that the Facebook app would make an HTTP GET request to a specific URL in order to retrieve the synced photos. This request was performed using a top-level access token. The Facebook server checked this token before sending down the private images. It sounds secure, but [Laxman] found a fatal flaw.

The Facebook server only checked the owner of the token. It did not bother to check which Facebook application was making the request. As long as the app had the “user_photos” permission, it was able to pull down the private photos. This permission is required by many applications as it allows the apps to access the user’s public photos. This vulnerability could have allowed an attacker access to the victim’s private photos by building a malicious application and then tricking victims into installing the app.

At least, that could have been the case if Facebook wasn’t so good about fixing their vulnerabilities. [Laxman] disclosed his finding to Facebook. They had patched the vulnerability less than an hour after acknowledging the disclosure. They also found this vulnerability severe enough to warrant a $10,000 bounty payout to [Laxman]. This is in addition to the $12,500 [Laxman] received last month for a different Facebook photo-related vulnerability.

Reverse Engineering the Kayak Mobile API

The travel meta-search website Kayak apparently used to have a public API which is no longer available. We can’t say we mourn the loss of the interface we’d never known about. If you are someone who was automating their searches for that perfect vacation getaway deal, there’s still hope. But either way you’ll like this one. [Shubhro Saha] figured out how to access the API used by the Kayak mobile app. We like that he details how to sniff the traffic between an app and the internet and make sense of what is found.

His tool of choice is the Python package Mitmproxy. We haven’t heard of it but we have heard of Wireshark and [Shabhro] makes the case that Mitmproxy is superior for this application. As the name suggests, you set it up on your computer and use that box’s IP as the proxy connection for your phone. After using the app for a bit, there is enough data to start deconstructing what’s going on between the app and remote server which which it communicates. We could have a lot of fun with this, like seeing what info those free apps are sending home, or looking for security flaws in your own creations.

[Thanks Juan via Twitter]

Building A Home Made iPhone

iThing A few years ago, [Michele] built a mobile device with a touch screen, a relatively powerful processor, and a whole bunch of sensors. To be honest, the question of why he built this was never asked because it’s an impressive display of electronic design and fabrication. [Michele] calles it the iGruppio. Although it’s not a feature-packed cell phone, it’s still an impressive project that stands on its own merits.

Inside the iGruppio is a Pic32mx microcontroller, a 240×320 TFT touchscreen, and enough sensors to implement a 10 DOF IMU. The software written for the iGruppio is heavily inspired by the iPhone and a completely homebrew project – all the software was written by [Michele] himself. While the first version of the iGruppio was a little clunky, the second revision (seen in the pic above) uses an old iPhone case to turn a bunch of boards and plugs into a surprisingly compact device.

No, there’s no cellular modem inside the latest version, but [Michele] has put all the sources up on Github, and anyone wanting to build a homebrew cell phone could do worse than to take a look at his work. Video demo below.

Continue reading “Building A Home Made iPhone”

Baby’s first star light projector and a foil slip ring

For a newborn, everything is magical; a lack of object permanence means everything is new, wonderful, and novel. What then, could be better than a projected star field circling an infant’s room, gently sending them to sleep?

[Pete] was inspired by this earlier starlight projector that projects a rotating star field onto the walls and ceiling of a nursery. Instead of a rather loud servo, [Pete] used a quiet 12 Volt gear motor that spins the star field at 5 RPM. Like the previous build, a LED was used but [Pete] found a color-changing RGB LED that automatically shifts colors.

The shaft of [Pete]’s gear motor is tiny, and unlike the servo, there’s constant rotation. This meant a slip ring was needed to pass electricity into the spinning sphere. A piece of copper foil and a pair of improvised brushes served just fine. While [Pete]’s project, like its predecessor, doesn’t seem to have any recognized constellations drilled into the sphere, the foil slip ring opens up the possibility for a small microcontroller being fitted inside the globe with blinking lights.

Check out the video of [Pete]’s build in action after the break.
Continue reading “Baby’s first star light projector and a foil slip ring”

How to take a travelling electronics lab on the road with you

If you’re a frequent traveler, or if you don’t have a garage or basement and find your kitchen table is doomed to serve most of its life as an electronics bench this hack is for you. [Robovergne] came up with a mobile electronics lab (translated) in order to help preserve the Wife Acceptance Factor for his hobby.

The project comes in two parts. On the right you see the pair of component storage cabinets. These are high-quality examples that fully enclose each drawer (cheaper cabinets are open at the back). This way, [Robovergne] was able to connect two of them together with a piano hinge, and add some carrying handles to the top.

The second half of the project is the bench itself. It features a lab supply, soldering iron transformer and holder, and some breadboards for good measure. The base of the unit houses a drawer which carries the bulk of his tools. Now he can pack up and clear out the living room in one single trip.

One-click unbrick for Samsung phones

[Adam Outler] has been pretty heavy into mobile device hacking lately. The biggest problem with that field is recovering from back flashes or development firmware glitches. In many cases you can use a JTAG programmer to reflash stock firmware to resurrect a handset. Unfortunately you’ll be hard pressed to find a phone that comes with a JTAG header, and soldering to the microelectronic boards is not for the faint of heart.

But a solution is here, [Adam] pulled together a wide set of resources to create a package to unbrick Samsung phones. Now we’re sure that there’s more than a handful of people who would argue that a bad firmware flash that can be fixed this way means that the phone wasn’t actually “bricked” in the first place. But what we see is one more barrier torn down between being a hardware user and becoming a hardware hacker. You’re much more likely to get in there and get your hands dirty if you know that you’ll be able to undo your mistakes and reclaim you precious pocket hardware. See just how easy it is in the video after the break.

Continue reading “One-click unbrick for Samsung phones”