Breaking The IClass Security

February 23, 2011 by Mike Szczys 9 Comments

iClass is a popular format of RFID enabled access cards. These are issued to company employees to grant them access to parts of a building via a card reader at each security door. We’ve known for a long time that these access systems are rather weak when it comes to security. But now you can find out just how weak they are and how the security can be cracked. [Milosch Meriac] delved deep into the security protocol for HID iClass devices and has laid out the details in a white paper.

The most invasive part of the process was breaking the copy protection on PIC 18F family of chips in order to read out the firmware that controls card readers. This was done with a USB to serial cable and software that bit-bangs its own implementation of the ICSP protocol. After erasing and attacking several chips (one data block at a time) the original code was read off and patched together. Check out [Milosch’s] talk at 27C3 embedded after the break, and get the code for the ICSP bit banging attacks from the white paper (PDF).

Continue reading “Breaking The IClass Security” →

Kindle 3.1 Jailbreak

February 23, 2011 by Mike Nathan 15 Comments

kindle_3_1_jailbreak

In the constant battle of manufacturers vs. jailbreakers, the turnaround time between a new software release and a new jailbreak seems to be getting shorter and shorter. [Yifan] noticed that a recent Kindle update broke a previous method of running unsigned code and started the search for a new workaround.

He eventually found a way to force the Kindle to run unsigned code based upon how the software update checked for digitally signed files. With that knowledge in hand, he discovered that he could trick the updater to run any file he wanted by exploiting the standard functionality found in the Unix ‘cat’ command.

On his site, [Yifan] provides more details, source code, and a compiled update file that performs the jailbreak for you. Much like the previous jailbreaks we have featured, it is perfectly legal to do, but you do risk voiding your warranty during the process.

[Picture via Amazon.com]

Building A Dead Mouse’s Switch

February 23, 2011 by Mike Nathan 40 Comments

building_a_better_mousetrap

[Ned] had a mouse problem in a very uncomfortable place.

No, not like the back of a Volkswagen, in his ceiling. He wanted to put a mouse trap up there to take care of the critter, but knowing how nasty a tripped trap can be after a few days, he was hesitant. He recalled a project he saw online where a mouse trap was wired like a dead man’s switch and he got to work putting together a trap of his own.

He scavenged some parts from around the house and wired up the mouse trap so that a pair of LEDs were lit so long as the trap had not been sprung on an unsuspecting mouse. Once a mouse is caught in the trap, his circuit is broken, and the LEDs go off, letting [Ned] know it’s time to poke his head back up into the ceiling and clean things up.

While his trap is decidedly low-tech, we always enjoy seeing a cheap and easy solution to annoying, everyday problems.

Easy DIY Stroboscope

February 23, 2011 by Mike Nathan 12 Comments

stroboscope_output

Looking for something to do in his downtime, [Mista Sparkle] decided that building a simple stroboscope was in order. He already had a set of six LEDs connected to his Arduino from a previous project, so he added a potentiometer to control the rate at which the LEDs flashed, and dug into the IDE.

During his build he discovered that using the Arduino millis() function at high speeds provides terrible resolution, while using the micros() function exclusively limits his low end measuring capabilities. He desired a better range of measurement, so his program was broken into main functions: One which measures the LED flashing frequency in milliseconds and another that measures the LED flashing frequency in microseconds. This allowed him to gauge rotational frequencies from 577 to 30,000 RPM.

[Mista Sparkle] admits that he is not yet well-versed in driving displays with the Arduino, so he views his readings over a serial connection on his PC. Hopefully we’ll see an updated version with those features in the near future.

Xteardown

February 23, 2011 by Kevin Dady 9 Comments

A hot topic in the gadget world right now is the Sony Ericsson XperiaPlay phone, and while that is not our usual cup of tea, when we see the newest toy stripped down to its bits n pieces it piques our interest.

This 8 page teardown of the XperiaPlay (google translated to english) takes you though all the steps needed to dismantle your new joy. Every screw, clip, header and connector, each in order so you can get it back together again.

As the carnage progresses time is taken to point out some of the parts of the phone. From the mundane like I/O jacks, to the more interesting like the Synaptics touch pad driver that are handling the “analog” sticks, the Cypress multi-touch controller for the screen, and of course, the brains.

(thanks Frogz)

Mystery Box Out Of Lego

February 23, 2011 by Kevin Dady 8 Comments

[Todd] recently completed completed his biggest LEGO project, and its pretty wild. The Mystery Box is an 8 compartment LEGO brick puzzle box, covered in a psychedelic pattern of interconnecting question marks.

The question mark pattern was inspired by a few things, the book called “The Curious Incident of the Dog in the Nighttime” contained an illustration that looked sort of like a M.C. Escher painting, which with some looking around brought up tessellation. With the look in mind [Todd] sat down with a paint program, drew out a grid, and started flood filling blocks until the pattern was perfect.

In puzzle box tradition, to gain access to the contents you must remove each compartment in the specific mystery order, and to accomplish this was no easy task. Lego Digital Designer was used to prototype everything on the box and then once happy, [Todd] broke the model down for a parts count.

Nearly 8,000 parts, 35 brick orders, and some long waits, the box was finally completed and its definetly worth a look. If you’re not that extreme, they also make cool electronics enclosures.

MIDI Controller Fit For An Arcade

February 23, 2011 by Mike Nathan 6 Comments

arcade_midi_controller

MIDI controllers can be relatively expensive depending on feature sets and requirements, so Instructables user [fraganator] went about building one on his own for just under $100. He originally wanted to replicate a commercially available MIDI controller, which used arcade buttons in lieu of the more common rubberized buttons, since they are large and have a better feel when pressed. Once he drew up plans for his MIDI clone, he realized he wanted more features in his controller than were available in the commercial version, so he started revising.

His final plan included three rows of four arcade buttons as well as four rotary and two sliding potentiometers. All of the components were mounted in a small keyboard enclosure, then wired to an Arduino clone, which manages all of the controller’s functions. The controller is connected to a PC via USB and can perform any number of operations once the buttons are mapped in MIDI-compatible software.

There are no videos of the controller in action just yet, though [fraganator] says one is forthcoming.