Year: 2015

Watch Those VOCs! Open Source Air Quality Monitor

August 9, 2015 by 15 Comments

Ever consider monitoring the air quality of your home? With the cost of sensors coming way down, it’s becoming easier and easier to build devices to monitor pretty much anything and everything. [AirBoxLab] just released open-source designs of an all-in-one indoor air quality monitor, and it looks pretty fantastic.

Capable of monitoring Volatile Organic Compounds (VOCs), basic particulate matter, carbon dioxide, temperature and humidity, it takes care of the basic metrics to measure the air quality of a room.

Exploded CAD View

All of the files you’ll need are shared freely on their GitHub, including their CAD — but what’s really awesome is reading back through their blog on the design and manufacturing process as they took this from an idea to a full fledged open-source device.

Did we mention you can add your own sensors quite easily? Extra ports for both I2C and analog sensors are available, making it a rather attractive expandable home sensor hub.

To keep the costs down on their kits, [AirBoxLab] relied heavily on laser cutting as a form of rapid manufacturing without the need for expensive tooling. The team also used some 3D printed parts. Looking at the finished device, we have to say, we’re impressed. It would look at home next to a Nest or Amazon Echo. Alternatively if you want to mess around with individual sensors and a Raspberry Pi by yourself, you could always make one of these instead.

Wooden Escalator Fit For A Slinky

August 9, 2015 by 24 Comments

Our favorite mechanical master of woodworking, [Matthias Wandel], is at it again, this time making an endless staircase for a Slinky. Making an escalator out of 2×4’s and other lumber bits looks fairly easy when condensed down to a two and a half minute video. In reality a job like this requires lots of cuts, holes, and a ton of planning.

The hard part of this build seemed to be the motor arrangement. There is a sweet spot when it comes to Slinky escalator speeds. Too fast, and you’ll outpace the Slinky. Too slow, and the Slinky flies off the end of the escalator. Keeping the speed in check turned out to be a difficult task with the coarse speed control of a drill trigger. The solution was to ditch the drill and build a simple hand crank mechanism. The Slinky now can cascade down stairs as long as your arm holds out.

Join us after the break for 3 videos, the making of the escalator, a 140 step demonstration video, and a followup video (for geeks like us) explaining where the idea came from, whats wrong with the machine and possible improvements.

Thanks to [Jim Lynch] for the tip

Continue reading “Wooden Escalator Fit For A Slinky”

DEF CON: HDMI CEC Fuzzing

August 9, 2015 by 10 Comments

HDMI is implemented on just about every piece of sufficiently advanced consumer electronics. You can find it in low-end cellphones, and a single board Linux computer without HDMI is considered crippled. There’s some interesting stuff lurking around in the HDMI spec, and at DEF CON, [Joshua Smith] laid the Consumer Electronics Control (CEC) part of HDMI out on the line, and exposed a few vulnerabilities in this protocol that’s in everything with an HDMI port.

CEC is designed to control multiple devices over an HDMI connection; it allows your TV to be controlled from your set top box, your DVD player from your TV, and passing text from one device to another for an On Screen Display. It’s a 1-wire bidirectional bus with 500bits/second of bandwidth. There are a few open source implementations like libCEC, Android HDMI-CEC, and even an Arduino implementation. The circuit to interface a microcontroller with the single CEC pin is very simple – just a handful of jellybean parts.

[Joshua]’s work is based off a talk by [Andy Davis] from Blackhat 2012 (PDF), but greatly expands on this work. After looking at a ton of devices, [Joshua] was able to find some very cool vulnerabilities in a specific Panasonic TV and a Samsung Blu-ray player.

A certain CEC command directed towards the Panasonic TV sent a command to upload new firmware from an SD card. This is somewhat odd, as you would think firmware would be automagically downloaded from an SD card, just like thousands of other consumer electronics devices. For the Samsung Blu-Ray player, a few memcpy() calls were found to be accessed by CEC commands, but they’re not easily exploitable yet.

As far as vulnerabilities go, [Joshua] has a few ideas. Game consoles and BluRay players are ubiquitous, and the holy grail – setting up a network connection over HDMI Ethernet Channel (HEC) – are the keys to the castle in a device no one  would ever think of taking a close look at.

Future work includes a refactor of the current code, and digging into more devices. There are millions of CEC-capable devices out on the market right now, and the CEC commands themselves are not standardized. The only way for HDMI CEC to be a reliable tool is to figure out commands for these devices. It’s a lot of work, but makes for a great call to action to get more people investigating this very interesting and versatile protocol.

Lego Exoskeleton Mimics Pacific Rim

Lego Exoskeleton Controls Pacific Rim Robot

August 9, 2015 by 11 Comments

As hilariously outrageous as Pacific Rim was, it was still an awesome concept. Giant robot battle suits, duking it out with the aliens. Well, it looks as if it wasn’t quite as far-fetched as we first imagined. Maker [Danny Benedettelli] just released a video of his very own Lego exoskeleton suit that when worn can be used to control a desktop size Cyclops robot. You might remember [Danny] as the author of The Lego Mindstorms EV3 Library,

The Cyclops robot (also his design) was originally built four years ago using Lego Mindstorms NXT system with an Android phone running a custom app. Cyclops has been upgraded a bit for this demonstration. Now it communicates over Bluetooth with an Arduino to [Danny’s] telemetry suit.

Relatively speaking, the system is pretty simple. The Lego exoskeleton has potentiometers on each joint, which map to a degree of freedom for the robot. When one potentiometer spins, the associated robot joint mimics it. Simple, right?

Continue reading “Lego Exoskeleton Controls Pacific Rim Robot”

Millions Of Satellite Receivers Are Low-Hanging Fruit For Botnets

August 9, 2015 by 45 Comments

Satellite television is prevalent in Europe and Northern Africa. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. You need to buy a card if you want to watch. But you know how people like to get something for nothing. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets.

This was the topic of [Sofiane Talmat’s] talk at DEF CON 23. He also gave this talk earlier in the week at BlackHat and has published his slides (PDF).

stb-hardwareThe Hardware in Satellite receivers is running Linux. They use a card reader to pull in a Code Word (CW) which decodes the signal coming in through the satellite radio.

An entire black market has grown up around these Code Words. Instead of purchasing a valid card, people are installing plugins from the Internet which cause the system to phone into a server which will supply valid Code Words. This is known as “card sharing”.

On the user side of things this just works; the user watches TV for free. It might cause more crashes than normal, but the stock software is buggy anyway so this isn’t a major regression. The problem is that now these people have exposed a network-connected Linux box to the Internet and installed non-verified code from unreputable sources to run on the thing.

[Sofiane] demonstrated how little you need to know about this system to create a botnet:

  • Build a plugin in C/C++
  • Host a card-sharing server
  • Botnet victims come to you (profit)

It is literally that easy. The toolchain to compile the STLinux binaries (gcc) is available in the Linux repos. The STB will look for a “bin” directory on a USB thumb drive at boot time, the binary in that folder will be automatically installed. Since the user is getting free TV they voluntarily install this malware.

Click through for more on the STB Hacks.

Continue reading “Millions Of Satellite Receivers Are Low-Hanging Fruit For Botnets”

Hackaday Prize Entry: Gas Grenade Helps Instead Of Exploding

August 8, 2015 by 23 Comments

If someone lobs a grenade, it’s fair to expect that something unpleasant is going to happen. Tear gas grenades are often used by riot police to disperse an unruly crowd, and the military might use a smoke grenade as cover to advance on an armed position, or to mark a location in need of an airstrike. But some gas grenades are meant to help, not hurt, like this talking gas-sensing grenade that’s a 2015 Hackaday Prize entry.

Confined space entry is a particularly dangerous aspect of rescue work, especially in the mining industry. A cave in or other accident can trap not only people, but also dangerous gasses, endangering victims and rescuers alike. Plenty of fancy robots have been developed that can take gas sensors deep into confined spaces ahead of rescuers, but [Eric William] figured out a cheaper way to sniff the air before entering. An MQ2 combination CO, LPG and smoke sensor is interfaced to an Arduino Nano, and a 433MHz transmitter is attached to an output. A little code measures the data from the sensors and synthesizes human voice readings which are fed to the transmitter. The whole package is stuffed into a tough, easily deployed package – a Nerf dog toy! Lobbed into a confined space, the grenade begins squawking its readings out in spoken English, which can be received by any UHF handy-talkie in range. [Eric] reports in the after-break video that he’s received signals over a block away – good standoff distance for a potentially explosive situation.

Continue reading “Hackaday Prize Entry: Gas Grenade Helps Instead Of Exploding”

Hacking A KVM: Teach A Keyboard Switch To Spy

August 8, 2015 by 11 Comments

When it comes to large systems, there are a lot more computers than there are people maintaining them. That’s not a big deal since you can simply use a KVM to connect one Keyboard/Video/Mouse terminal up to all of them, switching between each box simply and seamlessly. The side effect is that now the KVM has just as much access to all of those systems as the human who caresses the keyboard. [Yaniv Balmas] and [Lior Oppenheim] spent some time reverse engineering the firmware for one of these devices and demonstrated how shady firmware can pwn these systems, even when some of the systems themselves are air-gapped from the Internet. This was their first DEF CON talk and they did a great job of explaining what it took to hack these devices.

Continue reading “Hacking A KVM: Teach A Keyboard Switch To Spy”