Press Button, Receive Hackspace WiFi Code

When you are running a hackspace, network security presents a particular problem. All your users will expect a wireless network, but given the people your space will attract, some of them are inevitably going to be curious enough to push at its edges. Simply plugging in a home WiFi router isn’t going to cut it.

At Santa Barbara Hackerspace they use Unifi access points on their wireless network, and their guest network has a system of single-use codes to grant a user 24-hour access. The system has the ability to print a full sheet of codes that can be cut individually, but it’s inconvenient and messy. So the enterprising hackspace members have used a Raspberry Pi and a receipt printer to deliver a single code on-demand at the press of a button.

The hardware is simple enough, just a pull-up and a button to a GPIO on the Pi. Meanwhile the software side of the equation has a component on both client and server. At the server end is a Python script that accesses the Unifi MongoDB database and extracts a single code, while at the client end is another Python script that reacts to a button press by calling the server script and printing the result.  It’s a simple arrangement that was put together in an evening, but it’s an effective solution to their one-time WiFi access needs.

It’s a temptation as a hackspace to view all of your problems as solvable in one go with the One Piece Of Software To Rule Them All, and as a result some spaces spend a lot of time trying to hack another space’s effort to fit their needs or even to write their own. But in reality it is the small things like this one that make things work for members, and in a hackspace that’s important.

Does your space have any quick and simple projects that have automated a hackspace process? Let us know in the comments.

Thanks [Swiss] for the tip.

A Simple Yagi Antenna For Your Wi-Fi Router

When we take a new Wi-Fi router from its box, the stock antenna is a short plastic stub with a reverse SMA plug on one end. More recent and more fancy routers have more than one such antenna for clever tricks to extend their range or bandwidth, but even if the manufacturer has encased it in mean-looking plastic the antenna inside is the same. It’s a sleeve dipole, think of it as a vertical dipole antenna in which the lower radiator is hollow, and through which the feeder is routed.

These antennas do a reasonable job of covering a typical home, because a vertical sleeve dipole is omnidirectional. It radiates in all horizontal directions, or if you are a pessimist you might say it radiates equally badly in all horizontal directions. [Brian Beezley, K6STI] has an interesting modification which changes that, he’s made a simple Yagi beam antenna from copper wire and part of a plastic yoghurt container, and slotted it over the sleeve dipole to make it directional and improve its gain and throughput in that direction.

Though its construction may look rough and ready it has been carefully simulated, so it’s as good a design as it can be in the circumstances. The simulation predicts 8.6 dB of gain, though as any radio amateur will tell you, always take antenna gain figures with a pinch of salt. It does however provide a significant improvement in range, which for the investment put in you certainly can’t complain at. Give it a try, and bring connectivity back to far-flung corners of your home!

We’ve covered quite a few WiFi Yagis here over the years, such as this rather extreme wardriving tool. But few have been this cheap.

Thanks to London Hackspace Radio Club for the tip.

Track Wi-Fi Devices In Your Home

How do you audit your home Wi-Fi network? Perhaps you log into your router and have a look at the connected devices. Sometimes you’ll find an unexpected guest, but a bit of detective work will usually lead you to the younger nephew’s game console or that forgotten ESP8266 on your bench.

Wouldn’t it be useful if your router could tell you where all the devices connected to it are? If you are [Zack Scholl], you can do all this and more, for his FIND-LF system logs Wi-Fi probe requests from all Wi-Fi devices within its range even if they are not connected, and triangulates their position from their relative signal strengths across several sniffing receivers. These receivers are a network of Raspberry Pis with their own FIND-LF server, and any probe requests they pick up are forwarded to [Zack]’s FIND server (another of his projects) which does the work of collating the locations of devices.

It’s an impressive piece of work, though with a Raspberry Pi at each receiver it could get a little pricey. [Zack] has done other work in this field aside from the two projects mentioned here, his other work includes an implementation of the [Harry Potter] Marauder’s Map.

This is by no means the only indoor location system we’ve seen over the years. One that uses ESP8266 modules for example, or this commercial product that is similar to the project shown here.

FCC Reaches Agreement With Router Manufacturers

Last year, the Federal Communications Commission proposed a rule governing the certification of RF equipment, specifically wireless routers. This proposed rule required router manufacturers to implement security on the radio module inside these routers. Although this rule is fairly limited in scope – the regulation only covers the 5GHz U-NII bands, and only applies to the radio subsystem of a router, the law of unintended consequences reared its ugly head. The simplest way to lock down a radio module is to lock down the entire router, and this is exactly what a few large router manufacturers did. Under this rule, open source, third-party firmwares such as OpenWRT are impossible.

Now, router manufacturer TP-Link has reached an agreement with the FCC to allow third-party firmware. Under the agreement, TP-Link will pay a $200,000 fine for shipping routers that could be configured to run above the permitted power limits.

This agreement is in stark contrast to TP-Link’s earlier policy of shipping routers with signed, locked firmware, in keeping with the FCC’s rule.

This is a huge success for the entire open source movement. Instead of doing the easy thing – locking down a router’s firmware and sending it out the door – TP-Link has chosen to take a hit to their pocketbook. That’s great news for any of the dozens of projects experimenting with mesh networking, amateur radio, or any other wireless networking protocol, and imparts a massive amount of goodwill onto TP-Link.

Thanks [Maave] for the tip.

Capture the Flag with Lightsabers

There’s a great game of capture-the-flag that takes place every year at HITCON. This isn’t your childhood neighborhood’s capture-the-flag in the woods with real flags, though. In this game the flags are on secured servers and it’s the other team’s mission to break into the servers in whatever way they can to capture the flag. This year, though, the creators of the game devised a new scoreboard for keeping track of the game: a lightsaber.

In this particular game, each team has a server that they have to defend. At the same time, each team attempts to gain access to the other’s server. This project uses a lightsaber stand that turns the lightsabers into scoreboards for the competition at the 2015 Hacks In Taiwan Conference. It uses a cheap OpenWRT Linux Wi-Fi/Ethernet development board, LinkIt Smart 7688 which communicates with a server. Whenever a point is scored, the lightsaber illuminates and a sound effect is played. The lightsabers themselves are sourced from a Taiwanese lightsabersmith and are impressive pieces of technology on their own. As a bonus the teams will get to take them home with them.

While we doubt that this is more forced product integration advertisement from Disney, it certainly fits in with the theme of the game. Capture-the-flag contests like this are great ways to learn about cyber security and how to defend your own equipment from real-world attacks. There are other games going on all around the world if you’re looking to get in on the action.

Continue reading “Capture the Flag with Lightsabers”

Hackaday Prize Entry : Subterranean Positioning System

There are numerous instances where we need to know our location, but cannot do so due to GPS / GSM signals being unavailable and/or unreachable on our Smart Phones. [Blecky] is working on SubPos to solve this problem. It’s a WiFi-based positioning system that can be used where GPS can’t.

SubPos does not need expensive licensing, specialized hardware, laborious area profiling or reliance on data connectivity (connection to database/cellphone coverage). It works independently of, or alongside, GPS/Wi-Fi Positioning Systems (WPS)/Indoor Positioning Systems (IPS) as an additional positioning data source by exploiting hardware commonly available.

As long as SubPos nodes are populated, all a user wishing to determine their location underground or indoors needs to do is use a Wi-Fi receiver.  This can be useful in places such as metro lines, shopping malls, car parks, art galleries or conference centers – essentially anyplace GPS doesn’t penetrate. SubPos defines an accurate method for subterranean positioning in different environments by exploiting all the capabilities of Wi-Fi. SubPos Nodes or existing Wi-Fi access points are used to transmit encoded information in a standard Wi-Fi beacon frame which is then used for position triangulation.

The SubPos Nodes operate much like GPS satellites, except that instead of using precise timing to calculate distance between a transmitter and receiver, SubPos uses coded transmitter information as well as the client’s received signal strength. Watch a demo video after the break.

The 2015 Hackaday Prize is sponsored by:

Continue reading “Hackaday Prize Entry : Subterranean Positioning System”

Chinese Temperature/Humidity Sensor is Easily Hacked

There’s a new piece of electronics from China on the market now: the USR-HTW Wireless Temperature and Humidity Sensor. The device connects over Wi-Fi and serves up a webpage where the user can view various climate statistics. [Tristan] obtained one of these devices and cracked open the data stream, revealing that this sensor is easily manipulated to do his bidding.

Once the device is connected, it sends an 11-byte data stream a few times a minute on port 8899 which can be easily intercepted. [Tristan] likes the device due to the relative ease at which he could decode information, and his project log is very detailed about how he went about doing this. He notes that the antenna could easily be replaced as well, just in case the device needs increased range.

There are many great reasons a device like this would be useful, such as using it as a remote sensor (or in an array of sensors) for a homemade thermostat, or a greenhouse, or in any number of other applications. The sky’s the limit!