A Raspberry Pi Garage Door Opener

We can never seem to get enough garage door hacks around here. [Tanner’s] project is the most recent entry into this category. He’s managed to hook up a Raspberry Pi to his garage door opener. This greatly extends his range to… well anywhere with an Internet connection.

His hack is relatively simple. He started with the garage door opener remote. He removed the momentary switch that was normally used to active the door. He bridged the electrical connection to create a circuit that was always closed. This meant that as long as the remote had power, the switch would be activated. Now all [Tanner] had to do was remove the battery and hook up the power connectors to his Raspberry Pi. Since the remote works on 3.3V and draws little current, he is able to power the remote directly from the Pi. The Pi just has to turn its pin high momentarily to activate the remote.

The ability to toggle the state of your garage door from anywhere in the world also comes with paranoia. [Tanner] wanted to be able to tell if the door is up, down, or stopped somewhere in the middle while he was away from home. He also wanted to use as little equipment as possible. Since he already had an IP camera in the garage, he decided to use computer vision to do the detection.

He printed off two large, black shapes onto ordinary white computer paper. One was taped to the top of the door and one to the bottom. A custom script runs on the Pi that grabs the latest image from the camera and uses OpenCV to detect the shapes. If both shapes are visible, then the script can assume the door is closed. Otherwise, it’s likely open. This makes it easier for [Tanner] to know if the door is opened or closed without having to check the camera himself.

Can’t get enough garage door hacks? Try these on for size. Continue reading “A Raspberry Pi Garage Door Opener”

Transcend DrivePro 200 Hack to Stream and Script; Begs for More

Transcend markets their DrivePro 200 camera for use as a car dashcam. We’re a bit surprised at the quality and apparent feature set for something relegated to a rather mundane task as this. But [Gadget Addict] poked around and found a nice little nugget: you can live stream the video via WiFi; the framerate, quality, and low-lag are pretty impressive. In addition to that, the next hack is just waiting for you to unlock it.

As it stands right now you turn on the camera’s built-in WiFi AP, telnet into two different ports on the device (sending it into smartphone connected mode) and you’ll be able to live stream the view to your computer using RTSP. Great, that in itself is a good hack and we’re sure that before long someone will figure out an automatic way to trigger this. [GA] also found out how to get the thing into script mode at power-on. He hasn’t actually executed any code… that’s where you come in. If you have one of these pull it out and get hacking! It’s a matter put putting files on the SD storage and rebooting. Crafting this file to enable shell access would open up an entire world of hacks, from things like time-lapse and motion sensing to special processing and filtering in real time. We think there’s huge potential so keep us up-to-date as you find new ways to pwn this hardware.

Continue reading “Transcend DrivePro 200 Hack to Stream and Script; Begs for More”

Yik Yak MITM Hack (Give the Dog a Bone)

Yik Yak is growing in popularity lately. If you are unfamiliar with Yik Yak, here’s the run down. It’s kind of like Twitter, but your messages are only shared with people who are currently within a few miles of you. Also, your account is supposed to be totally anonymous. When you combine anonymity and location, you get some interesting results. The app seems to be most popular in schools. The anonymity allows users to post their honest thoughts without fear of scrutiny.

[Sanford Moskowitz] decided to do some digging into Yik Yak’s authentication system. He wanted to see just how secure this “anonymous” app really is. As it turns out, not as much as one would hope. The primary vulnerability is that Yik Yak authenticates users based solely on a user ID. There are no passwords. If you know the user’s ID number, it’s game over.

The first thing [Sanford] looked for was an encrypted connection to try to sniff out User ID’s. It turned out that Yik Yak does actually encrypt the connection to its own servers, at least for the iPhone app. Not to worry, mobile apps always connect to other services for things like ad networks, user tracking, etc. Yik Yak happens to make a call to an analytics tool called Flurry every time the app is fired. Flurry needs a way to track the users for Yik Yak, so of course the Yik Yak App tells Flurry the user’s ID. What other information would the anonymous app have to send?

Unfortunately, Flurry disables HTTPS by default, so this initial communication is in plain text. That means that even though Yik Yak’s own communications are protected, the User ID is still exposed and vulnerable. [Sanford] has published a shell script to make it easy to sniff out these user ID’s if you are on the same network as the user.

Once you have the user ID, you can take complete control over the account. [Sanford] has also published scripts to make this part simple. The scripts will allow you to print out every single message a user has posted. He also describes a method to alter the Yik Yak installation on a rooted iPhone so that the app runs under the victim’s user ID. This gives you full access as if you owned the account yourself.

Oh, there’s another problem too. The Android app is programmed to ignore bad SSL certificates. This means that any script kiddie can perform a simple man in the middle attack with a fake SSL certificate and the app will still function. It doesn’t even throw a warning to the user. This just allows for another method to steal a user ID.

So now you have control over some poor user’s account but at least they are still anonymous, right? That depends. The Yik Yak app itself appears to keep anonymity, but by analyzing the traffic coming from the client IP address can make it trivial to identify a person. First of all, [Sanford] mentions that a host name can be a dead giveaway. A host named “Joe’s iPhone” might be a pretty big clue. Other than that, looking out for user names and information from other unencrypted sites is easy enough, and that would likely give you everything you need to identify someone. Keep this in mind the next time you post something “anonymously” to the Internet.

[via Reddit]

Raspberry Pi Backup Scripts

Raspberry Pi

[Matthew’s] recent blog post does a good job explaining the basics of the Raspberry Pi’s file system. The Linux operating system installed on a Pi is generally installed on two different partitions on an SD card. The first partition is a small FAT partition. All of the files on this partition are used for the initial booting of the Pi. This partition also includes the kernel images. The second partition is the root file system and is generally formatted as ext4. This partition contains the rest of the operating system, user files, installed programs, etc.

With that in mind you can deduce that in order to backup your Pi, all you really need to do is backup all of these files. [Matt] has written some scripts to make this a piece of cake (or pie). The first script will simply copy all of the files into a gzipped archive. You can save this to an external SD card, USB drive, or network share.

The second script is perhaps more interesting. This script requires that you have one free USB port and a USB SD card reader. The script will automatically format the extra SD card to contain the two critical partitions. It will then copy the “boot” files to the new boot partition and the root file system files to the new SD card’s root partition. When all is said and done, you will end up with an SD card that is an exact copy of your current running file system.

This can be very handy if you have multiple Pi’s that you want to run the same software, such as in a Pi cluster. Another good example is if you have spent a lot of time tweaking your Pi installation and you want to make a copy for a friend. Of course there are many ways to skin this cat, but it’s always fun to see something custom-built by a creative hacker.

Net Neutrality: FCC Hack is a Speed Bump on the Internet Fast Lane

Net neutrality is one of those topics we’ve been hearing more and more about in recent years. The basic idea of net neutrality is that all Internet traffic should be treated equally no matter what. It shouldn’t matter if it’s email, web sites, or streaming video. It shouldn’t matter if the traffic is coming from Wikipedia, Netflix, Youtube, etc. It shouldn’t matter which Internet Service Provider you choose. This is the way the Internet has worked since it’s inception. Of course, not everyone agrees that this is how things should stay. We didn’t always have the technology to filter and classify traffic. Now that it’s here, some believe that we should be able to classify internet traffic and treat it differently based on that classification.

It seems like much of the tech savvy community argues that net neutrality is a “given right” of the Internet. They believe that it’s the way the Internet has always been, and always should be. The other side of the argument is generally lobbied by Internet service providers. They argue that ISP’s have the right to classify Internet traffic that flows through their equipment and treat it differently if they so choose. As for everyone else, just about everyone these days relies on the Internet for business, banking, and entertainment but many of those people have no idea how the Internet works, nor do they really care. It’s like the electricity in their home or the engine in their car. As long as it’s working properly that’s all that matters to them. If they can check Facebook on their phone while watching Breaking Bad on Netflix in full HD, why should they care how that stuff gets prioritized? It work’s doesn’t it? Continue reading “Net Neutrality: FCC Hack is a Speed Bump on the Internet Fast Lane”

Fight the Google Glass Cyborgs with Glasshole.sh

Glasshole script

We live in a connected world where social media is ubiquitous and many people feel compelled to share every waking moment with anyone who will listen. In this type of world, wearable computers like Google Glass allow us to share experiences like never before. A Glass user can take photos, record video and audio, or potentially even stream video live on the Internet with the greatest of ease. That might be great for the Glass user, but what about the rest of us? As wearable computing becomes more and more mainstream, people are naturally going to become divided on the issue of privacy. Is it a good thing to have “cyborgs” with wearable computers and cameras constantly at the ready, or is it a privacy nightmare? The cyborg war is coming, and [Julian] has already chosen his side.

It would seem that [Julian] lands on the side of the privacy advocates, based on his “glasshole” script. Glasshole is a relatively simple bash script that relies on some other common network security tools to take care of the heavy lifting. The basic premise relies on the fact that every manufacturer of network interface devices is assigned their own MAC prefix. This is a piece of the MAC address that is unique to that manufacturer.

[Julian’s] script uses a utility called arp-scan to obtain a list of all MAC addresses on a given wireless network. It then loops through each address and compares it to the known Google Glass MAC prefix. If it finds a match, it will make an audible beeping noise to alert the script user. The script then launches aireplay-ng in de-authentication mode. This will send spoofed disassociate packets to the client (in this case the Google Glass device), hopefully forcing them to disconnect from the access point. The script runs continuously, ensuring that once the device reconnects to the network it will get booted off once again. The script is designed to be run on a small Linux computer such as a Raspberry Pi or a BeagleBone black. This way, the user can carry it around with them as a sort of portable defense mechanism.

How do you fit into the cyborg war? Will you stand proudly with your computer on your face for all to see? If so, what kind of countermeasures would you deploy to prevent this type of attack from working on you? If not, what other types of interesting attacks can you think of to keep the cyborgs at bay?

[Thanks Syed]

Arduino Garage Door Opener is Security Minded

Do it yourself garage door openers must be all the rage nowadays. We just got word of another take on this popular idea. [Giles] was commissioned by his friend to find a way to control the friend’s garage door using a smart phone. The request was understandable, considering the costly garage door remote and the fact that the buttons on the expensive remote tended to fail after a while. The inspiration for this project came from some YouTube videos of other similar projects. Those projects all paired an Arduino with a Bluetooth headset in order to control the door from a mobile phone. [Giles] understood that while this would get the job done, it wouldn’t be very secure. Bluetooth headsets typically connect to mobile phones using a four digit PIN. Many of them have known default PINs and even if the default is changed, it wouldn’t take very long to guess a four digit PIN. [Giles] knew he had to find a more secure way.

Continue reading “Arduino Garage Door Opener is Security Minded”