Year: 2014

Hackaday 10th Anniversary: [1o57] And The Art Of Encryption

October 6, 2014 by 35 Comments

[Ryan] a.k.a. [1o57] comes from an age before anyone could ask a question, pull out their smartphone, and instantly receive an answer from the great Google mind. He thinks there’s something we have lost with our new portable cybernetic brains – the opportunity to ask a question, think about it, review what we already know, and reason out a solution. There’s a lot to be said about solving a problem all by yourself, and there’s nothing to compare to the ‘ah-ha’ moment that comes with it.

[1o57] started his Mystery Challenges at DEFCON purely by accident; he had won the TCP/IP embedded device competition one year, and the next year was looking to claim his title again. The head of the TCP/IP embedded competition had resigned from his role, and through a few emails, [1o57] took on the role himself. There was a miscommunication, though, and [1o57] was scheduled to run the TCP/IP drinking competition. This eventually morphed into a not-totally-official ‘Mystery Challenge’ that caught fire in email threads and IRC channels. Everyone wanted to beat the mystery challenge, and it was up to [1o57] to pull something out of his bag of tricks.

The first Mystery Challenge was a mechanical device with three locks ready to be picked (one was already unlocked), magnets to grab ferrous picks, and only slightly bomb-like in appearance. The next few years featured similar devices with more locks, better puzzles, and were heavy enough to make a few security officials believe [1o57] was going to blow up the Hoover dam.

With a few years of practice, [1o57] is turning crypto puzzles into an art. His DEFCON 22 badge had different lanyards that needed to be arranged to spell out a code. To solve the puzzle, you’ll need to talk to other people, a great way to meet one of [1o57]’s goals of getting all the natural introverts working together.

Oh. This talk has its own crypto challenge, something [1o57] just can’t get out of his blood:

We talked for a little bit, and 0x06 0x0a1 MFY YWXDWE MEOYOIB ASAE WBXLU BC S BLOQ ZTAO KUBDR HG SK YTTZSLBIMHB

Winning Game-App Contests With Computer Vision

October 6, 2014 by 10 Comments

[Gadget Addict] found out about a contest being held by a shoe seller. Their mobile app has a game very much like Bejeweled. The high scorer each month gets £500. His choices were to be better at the game than everyone else, or to be smarter. He chose the latter by writing a computer vision program to play the game.

There are two distinct parts of a hack like this one. The first is just figuring out a way to programmatically detect the game board and correctly identify each icon on it. This is an iPad game. [Gadget Addict] is mirroring the screen on his laptop, which gives him easy access to the game board and also allows for simulated swipes for automatic play. Above you can see two examples where black pixels may be counted in order to identify the icon. A set of secondary checks differentiates similar entries after the first filtering. The other part of the hack involves writing the algorithms to solve for the best move.

If you liked this one, check out a super-fast Bejeweled solver from several years back. We should also mention that this was just a proof of concept and [GA] never actually entered the contest.

CP/M Source Code Released

October 6, 2014 by 51 Comments

To celebrate the 40th anniversary of CP/M, the Computer History Museum has released a package containing early source code for several versions of CP/M. Originally designed by [Gary Kildall] in 1973, Control Program for Microcomputers (CP/M) is an early operating system for microprocessor based computers. The OS was originally written for the Intel Intellec 8, an Intel 8008 based computer. Since it was on an Intel machine, CP/M was written in PL/M (Programming Language for Microcomputers), a language [Kildall] had previously developed for Intel .

CP/M pioneered the idea of a ROM based Basic Input Output/System (BIOS) for commonly used routines on a given computer. The use of BIOS made CP/M easy to port. Eventually it was ported to thousands of different machines and architectures, including the Altair, IMSAI 8080, C-64, and C-128 and Apple II systems.

Gary and his company Digital Research, were one of the top contenders for the operating system on IBM’s new personal computer. Ultimately, Microsoft got the job by purchasing 86-DOS from Seattle Computer Products. Somewhat ironically, 86-DOS itself was written based on the CP/M Application Programming interface (API).

The source itself is an amazing trip back in time. Included are portions of CP/M 1.1, 1.3, 1.4, and 2.0. Portions of CP/M have been released previously. As with the previous files, this version includes modifications performed by z80-pack author [Udo Munk] in 2007. Version 1.3 is especially interesting as it is primarily scanned copies of the CP/M source code.

If you’re into vintage computing, and know how important CP/M was to the early days of personal computers, check out the CP/M source. If you find any interesting or clever bits of code, be sure let us know about it in the comments.

[Image Source: CulturaInformatica]

arduino browser

Web Browser Pushes Arduino’s Limits

October 5, 2014 by 21 Comments

Some projects that we build fulfill a genuine need for a new piece of hardware or software that will make life easier or fix a common problem. Other projects, on the other hand, we do just because it’s possible to do. [Gilchrist] has finished work on a project that fits squarely in the second category: a web browser that runs exclusively on an Arduino Uno with an ethernet shield.

The Arduino can serve plain-text web pages to an attached LCD and can follow hyperlinks. User input is handled by a small joystick, but the impressive part of the build is on the software side. The Arduino only has 2KB of RAM to handle web pages, and the required libraries take up 20KB of memory, leaving only about 12 KB for the HTML parser/renderer and the LCD renderer.

The Arduino browser is a work in progress, and [Gilchrist] mentions that goals for the project include more robustness to handle poor HTML (the Hackaday retro edition loads flawlessly though), a terminal, and WiFi capabilities. To that end, maybe a good solution would be using the new ESP8266 chip to keep things small and inexpensive?

BadUSB Means We’re All Screwed

October 5, 2014 by 138 Comments

Does anyone else get the feeling that the frequency of rather horrible vulnerabilities coming to light is accelerating? Off the top of our head, there’s Heartbleed, Shellshock, and now this one. The BadUSB exploit attack stems from the “invisible” microcontroller in most USB devices.

We first heard about it when we were attending DEFCON in August. The exploit had been announced the same week at Blackhat but there wasn’t much information out yet. Now the talk has been posted and there’s a well-explained overview article at Big Mess o’ Wires.

Here’s how this one goes: all USB devices rely on a microcontroller to handle the peripheral-side of USB communications. The computer doesn’t care which microcontroller, nor does it have a way of knowing even if it wanted to. The uC is “invisible” in this situation, it’s the interface and data flowing through it that the computer cares about. BadUSB is an attack that adds malicious functionality to this microcontroller. To the computer it’s a perfectly normal and functional USB device, while all the bad stuff is happening on the peripheral’s controller where the computer can’t see it.

badusb

How deeply do you think about plugging each and every USB device? Check out what happens at 19:20 into the video below. The USB device enumerates and very quickly sets up a spoofed Ethernet connection. You can still load a webpage via WiFi but the fake connection is forwarding packets to a second server.

Once discovered, you can wipe the computer and this will stop happening; until you plug the same device again and reinfect. Worse yet, because the controller is invisible to the computer there’s almost no way to scan for infected devices. If you are smart enough to suspect BadUSB, how long will it take you to figure out if its your mouse, your keyboard, a thumb drive, a webcam, your scanner… you get the point.

Continue reading “BadUSB Means We’re All Screwed”

Hackaday Links Column Banner

Hackaday Links: October 5th, 2014

October 5, 2014 by 8 Comments

Good news from CadSoft this week. They didn’t miss all the complaints about their decision to use a Node Lock License for EAGLE 7. This had meant that users of the popular PCB design software would be limit on how many machines they could use the software with a license. They have removed License Management from the package (and all the citizens rejoiced).

We’re tripping over the growing pile of hardware that boast the “next-big-thing” in getting devices onto a network. That’s not a complaint at all. This time around it’s a cell chip, the U-blox SARA-U260, which can connect to 3G on the AT&T network and is just 16x26mm. They call it world’s smallest but we have no idea if that’s true or not. Anyone have a source and/or pricing for these? [Thanks Austin]

This guy loves his Nixie tube. How much? To the extent that he built up a hardware and software interface that behaves much like a pet. It’s voice activated, and the infectious delight of [Glasslinger’s] video demo is in itself worth watching. [Thanks Morris]

Making this Magnetic Stripe Reader work as a USB device is really nothing more than adding a serial-to-USB converter. The journey to find the way to add the converter makes for a fun read though.

We know from watching Breaking Bad that you can kill power to a building by shorting the power lines outside with a huge bouquet of mylar balloons. This installation is a twist on the idea. Connecting one mylar balloon to a Van de Graaff generator and floating it next to another results in an oscillating repel-discharge-repel cycle. [Thanks filnt via NPR]

Hackaday 10th Anniversary: Quinn Dunki And Veronica

October 5, 2014 by 19 Comments

In case you haven’t been reading Hackaday for the last few weeks, we just had an amazing 10th anniversary party in Pasadena this weekend, full of workshops, talks, and a party that reportedly went until four in the morning. One of the amazing hackers we invited to give a talk was [Quinn Dunki], creator of Veronica, the modern 6502 computer stuffed inside an old radio.

We first saw Veronica a few years ago, but [Quinn] figures she’s been building her computer for about five years now. She’s a software developer by trade that decided one day to dip her toes into the murky seas of hardware development and build a computer from the ground up. She chose the 6502 as the brains of her contraption, laid out everything on single-sided boards etched in a kitchen, and connected everything with a backplane. Right now it has a USB keyboard, (technically a PS/2 keyboard with a USB plug), NES controllers, a VGA display, and a monitor and Pong in ROM. [Quinn]’s goal was to build a computer that could program itself, and after five years, she’s accomplished that goal.

[Quinn] admits her software background was responsible for a few of her admittedly bad design choices; the VGA is generated by an ATMega microcontroller, working under the theory that if she could clock the micro fast enough, she could do VGA. She now believes an FPGA would have been a better choice for video output, but now that the video circuit is done, she probably won’t revisit that problem.

There is one thing missing from Veronica, and something that [Quinn] will be working on in the future: mass storage. Right now every program Veronica can run is either stored in ROM or entered via the keyboard. A hard drive is the next problem to solve, either with an SD card, or a Compact Flash or IDE hard drive.