Building the NSA’s Tools

Fake ANT Catalog Entry for HackRF

Back in 2013, the NSA ANT Catalog was leaked. This document contained a list of devices that are available to the NSA to carry out surveillance.

[Michael Ossmann] took a look at this, and realized that a lot of their tools were similar to devices the open source hardware community had built. Based on that, he gave a talk on The NSA Playset at Toorcamp 2014. This covered how one might implement these devices using open hardware.

The above image is a parody of an ANT Catalog page, which shows [Michael]‘s HackRF, an open source software defined radio. In the talk, [Michael] and [Dean Pierce] go over the ANT Catalog devices one by one, discussing the hardware that would be needed to build your own.

Some of these tools already have open source counterparts. The NIGHTSTAND WiFi exploitation tools is essentially a WiFi Pineapple. SPARROW II is more or less a device running Kismet attached to a drone, which we’ve seen before.

A video of the Toorcamp talk is available on [Michael]‘s blog. There will also be a variety of talks on this subject at DEFCON next week, which we’re looking forward to. For further reading, Wikipedia has a great summary of the ANT Catalog.

The Smart Humidor

humidor

If you’re a cigar aficionado, you know storing cigars at the proper temperature and humidity is something you just need to do. Centuries of design have gone into the simple humidor, and now, I guess, it’s time to put some electronics alongside your cigars.

The design of [dzzie]‘s smart humidor consists of an Arduino, WiFi shield, LCD + button shield, and most importantly, a DHT22 temperature and humidity sensor. In a bit of thoughtfulness, only the DHT22 is mounted inside the humidor; everything else is in an enclosure mounted outside the humidor, including a few buttons for clearing alerts and logging when water is added.

The smart humidor reads the DHT22 sensor every 20 minutes and uploads the data to a web server where useful graphs are rendered. The control box will send out an alert email to [dzzie] if the temperature or humidity is out of the desired range.

Hackaday Links: July 27, 2014

hackaday-links-chain

Taking apart printers to salvage their motors and rods is a common occurrence in hacker circles, but how about salvaging the electronics? A lot of printers come with WiFi modules, and these can be repurposed as USB WiFi dongles. Tools required? And old printer, 3.3 V regulator, and a USB cable. Couldn’t be simpler.

The Raspberry Pi has a connector for a webcam, and it’s a very good solution if you need a programmable IP webcam with GPIOs. How about four cameras?. This Indiegogo is for a four-port camera connector for the Raspi. Someone has a use for this, we’re sure.

The one flexible funding campaign that isn’t a scam. [Kyle] maintains most of the software defined radio stack for Arch Linux, and he’s looking for some funds to improve his work. Yes, it’s basically a ‘fund my life’ crowdfunding campaign, but you’re funding someone to work full-time on open source software.

Calibration tools for Delta 3D printers. It’s just a few tools that speed up calibration, made for MATLAB and Octave.

[Oona] is doing her usual, ‘lets look at everything radio’ thing again, and has a plan to map microwave relay links. If you’ve ever seen a dish or other highly directional antenna on top of a cell phone tower, you’ve seen this sort of thing before. [Oona] is planning on mapping them by flying a quadcopter around, extracting the video and GPS data, and figuring out where all the other microwave links are.

PowerPoint presentations for the Raspberry Pi and BeagleBone Black. Yes, PowerPoint presentations are the tool of the devil and the leading cause of death for astronauts*, but someone should find this useful.


* Yes, PowerPoint presentations are the leading cause of death for astronauts. The root cause of the Columbia disaster was organizational factors that neglected engineer’s requests to use DOD space assets to inspect the wing, after which they could have been rescued. These are organizational factors were, at least in part, caused by PowerPoint.

Challenger was the same story, and although PowerPoint didn’t exist in 1986, “bulletized thinking” in engineering reports was cited as a major factor in the disaster. If “bulletized thinking” doesn’t perfectly describe PowerPoint, I don’t know what does.

As far as PowerPoint being the leading cause of death for astronauts, 14 died on two shuttles, while a total of 30 astronauts died either in training or in flight.

Pinoccio: Mesh All The (Internet Of) Things

PinnThere’s a problem with products geared towards building the Internet of Things. Everyone building hardware needs investors, and thus some way to monetize their platform. This means all your data is pushed to ‘the cloud’, i.e. a server you don’t own. This is obviously not ideal for the Hackaday crowd. Yes, IoT can be done with a few cheap radios and a hacked router, but then you don’t get all the cool features of a real Things project – mesh networking and a well designed network. Pinoccio is the first Thing we’ve seen that puts a proper mesh network together with a server you can own. The Pinoccio team were kind enough to let us drop in while we were in Rock City last weekend, and we were able to get the scoop on these tiny boards from [Sally] and [Eric], along with a really cool demo of what they can do.

The hardware on the Pinoccio is basically an Arduino Mega with a LiPo battery and an 802.15.4 radio provided by an ATmega256RFR2. The base board – technically called a ‘field scout’ – can be equipped with a WiFi backpack that serves as a bridge for the WiFi network. It’s a pretty clever solution to putting a whole lot of Things on a network, without having all the Things directly connected to the Internet.

Programming these scouts can be done through Arduino, of course, but the folks at Pinoccio also came up with something called ScoutScript that allows you to send commands directly to any or all of the scouts on the mesh network. There’s a neat web-based GUI called HQ that allows you to command, control, and query all the little nodules remotely as well.

In the video below, [Sally] goes over the basic functions of the hardware and what it’s capable of. [Eric] was in Reno when we visited, but he was kind enough to get on a video chat and show off what a network of Pinoccios are capable of by emblazoning their web page with Hackaday logos whenever he presses a button.

[Read more...]

Stealing WiFi From LED Lightbulbs

LIFX Wireless LED PCB

Back in 2012, the LIFX light bulb launched on Kickstarter, and was quite successful. This wireless LED lightbulb uses a combination of WiFi and 6LoWPAN to create a network of lightbulbs within your house. Context Information Security took a look into these devices, and found some security issues.

The LIFX system has a master bulb. This is the only bulb which connects to WiFi, and it sends all commands out to the remaining bulbs over 6LoWPAN. To keep the network up, any bulb can become a master if required. This means the WiFi credentials need to be shared between all the bulbs.

Looking into the protocol, an encrypted binary blob containing WiFi credentials was found. This binary could easily be recovered using an AVR Raven evaluation kit, but was not readable since it was encrypted.

After cracking a bulb apart, they found JTAG headers on the main board. A BusBlaster and OpenOCD were used to communicate with the chip. This allowed the firmware to be dumped.

Using IDA Pro, they determined that AES was being used to encrypt the WiFi credentials. With a bit more work, the key and initialization vector was extracted. With this information, WiFi credentials sent over the air could be decrypted.

The good news is that LIFX fixed this issue. Now they generate an encryption key based on WiFi credentials, preventing a globally unique key from being used.

[via reddit]

TI’s New Family Of WiFi Chips

cccc Texas Instruments’ CC3000 WiFi chip is the darling of everyone producing the latest and greatest Internet of Thing, and it’s not much of a surprise: In quantity, these chips are only $10 a piece. That’s a lot less expensive than the WiFi options a year ago. Now, TI is coming out with a few new modules to their WiFi module family, including one that includes an ARM micro.

The CC3000 has found a home in booster packs, breakout boards for the Arduino, and Spark, who are actually some pretty cool dudes.Still, the CC3000 has a few shortcomings; 802.11n isn’t available, and it would be really cool if the CC3000 had a web server on it.

The newest chips add these features and a whole lot more. [Valkyrie] got his hands on a CC3100Boost board and was pleased to find all the files for the webserver can be completely replaced. Here’s your Internet of Things, people. The CC3200 is even better, with a built-in ARM Cortex M4 with ADCs, a ton of GPIOs, an SD card interface, and even a parallel port for a camera. If you’re looking to pull a hardware startup out of your hat, you might want to plan your Kickstarter around this chip.

It’s all very cool stuff, and although the bare chips aren’t available yet, you can get an eval module from TI, with an FCC certified module with the crystals and antenna coming later this year.

THP Entry: The Improved Open Source Tricorder

tricorder

Since [Gene Roddenberry] traveled back in time from the 23rd century, the idea of a small, portable device has wound its way through the social consciousness, eventually turning into things like smartphones, PDAs, and all the other technological gadgetry of modern life. A few years ago, [Peter Jansen] started The Tricorder Project, the start of the ultimate expression of [Mr. Roddneberry]‘s electronic swiss army knife. Now [Peter] is building a better, smaller version for The Hackaday Prize.

[Peter]‘s first tricorders borrowed their design heavily from The Next Generation props with a fold-out section, two displays, and a bulky front packed to the gills with sensors and detectors. Accurate if you’re cosplaying, but not the most practical in terms of interface and human factors consideration. These constraints led [Peter] to completely redesign his tricorder, disregarding the painted wooden blocks found on Enterprise and putting all the electronics in a more usable form factor.

A muse of sorts was found in the Radiation Watch, a tiny, handheld Geiger counter meant as an add-on to smartphones. [Peter] envisions a small ~1.5″ OLED display on top, a capacitive sensing wheel in the middle, and a swipe bar at the bottom. Basically, it looks like a 1st gen iPod nano, but much, much more useful.

Plans for what to put in this improved tricorder include temperature, humidity, pressure, and gas sensors, a 3-axis magnetometer, x-ray and gamma ray detectors, a polarimeter, colorimeter, spectrometer, 9-axis IMU, a microphone, a lightning sensor, and WiFi courtesy of TI’s CC3000 module. Also included is something akin to a nuclear event detector; if it still exists, there has been no nuclear event.

It’s an astonishing array of technology packed into an extremely small enclosure – impressive for something that is essentially a homebrew device.Even if it doesn’t win the Hackaday Prize, it’s still an ambitious attempt at putting data collection and science in everyone’s pocket – just like in Star Trek.


SpaceWrencherThe project featured in this post is an entry in The Hackaday Prize. Build something awesome and win a trip to space or hundreds of other prizes.

Follow

Get every new post delivered to your Inbox.

Join 91,428 other followers