Year: 2015

Disassembled D-Link Firmware

D-Link Fails At Strings

April 14, 2015 by 32 Comments

Small Office and Home Office (SOHO) wireless routers have terrible security. That’s nothing new. But it is somewhat sad that manufacturers just keep repurposing the same broken firmware. Case in point: D-Link’s new DIR-890L, which looks like a turtled hexapod. [Craig] looked behind the odd case and grabbed the latest firmware for this device from D-Link’s website. Then he found a serious vulnerability.

D-Link's DIR-890 Router

The usual process was applied to the firmware image. Extract it, run binwalk to find the various contents of the firmware image, and then extract the root filesystem. This contains all the code that runs the router’s various services.

The CGI scripts are an obvious place to poke for issues. [Colin] disassembled the single executable that handles all CGI requests and started looking at the code that handles Home Network Administration Protocol (HNAP) requests. The first find was that system commands were being built using HNAP data. The data wasn’t being sanitized, so all that was needed was a way to bypass authentication.

This is where D-Link made a major error. They wanted to allow one specific URL to not require authentication. Seems simple, compare string A to string B and ensure they match. But they used the strstr function. This will return true if string A contains string B. Oops.

So authentication can be bypassed, telnetd can be started, and voila: a root shell on D-Link’s most pyramid-shaped router. Oh, and you can’t disable HNAP. May we suggest OpenWrt or dd-wrt?

Retrotechtacular: Using The Jet Stream For Aerial Warfare

April 14, 2015 by 17 Comments

Unmanned Aerial Vehicles (UAV) are all the rage these days. But while today’s combative UAV technology is as modern as possible, the idea itself is not a new one. Austria floated bomb-laden balloons at Venice in the middle 1800s. About a hundred years later during WWII, the Japanese used their new-found knowledge of the jet stream to send balloons to the US and Canada.

Each balloon took about four days to reach the western coast of North America. They carried both incendiary and anti-personnel devices as a payload, and included a self-destruct. On the “business end” of the balloons was the battery, the demolition block, and a box containing four aneroid barometers to monitor altitude. In order to keep the balloons within the 8,000 ft. vertical range of the jet stream, they were designed to drop ballast sandbags beginning one day into flight using a system of blow plugs and fuses. In theory, the balloon has made it to North American air space on day four with nothing left hanging but the incendiaries and the central anti-personnel payload.

Although the program was short-lived, the Japanese launched some 9,300 of these fire balloons between November 1944 and April 1945. Several of them didn’t make it to land. Others were shot down or landed in remote areas. Several made the journey just fine, and two even floated all the way to Michigan. Not bad for a rice paper gas bag.

Continue reading “Retrotechtacular: Using The Jet Stream For Aerial Warfare”

Time For The Prize: Urban Gardening And Living Off The Land

April 14, 2015 by 64 Comments

What kind of impact does growing your own food have on the world’s resources? Jump aboard for a little thought exercise on this week’s Time for the Prize challenge to brainstorm urban gardening and living off the land.

We figure for any kind of meaningful impact there would need to be wide-spread adoption of people growing at least some of their own food locally. This means making the process fun and easy, a challenge well suited for 2015 Hackaday Prize entries. Write down your ideas as a project on Hackaday.io, tag it 2015HackadayPrize and you could win this week’s prizes which are listed below.

Space, Information, and Automation

urban-gardening-thumbTo get rolling, we started thinking about three things that are needed to convince people to grow their own food or live off the land.

First up, you need space to grow. This has been the subject of a number of urban farming hacks like the one seen here which uses downspouts as a vertical garden apparatus. Openings are cut into the front of the tubes, which are each hanging from a PVC rack. Each opening hosts a plant, holding them where they have access to sunlight, while taking up very little space on a sunny balcony or sidewalk.

The concept also includes a bit of automation. It’s a hydroponic garden and simple sensors and controllers handle the water circulation while providing feedback for the gardener through a smartphone app. We think the technology of the system is one way to attract people who would otherwise not take up seed and trowel.

For those new to taking care of plants the other thing to consider is information. Not only does the sensor network need to monitor the system, but something valuable needs to be done with the data. Perhaps someone has an idea for city-wide aggregate data which will look at successes from one urban garden and make suggestions to another?

This is your time to shine. Get those ideas flowing and post them as your entry for the Hackaday Prize. Even if you don’t see the build through the idea can still help someone else make the leap to greatness in their own brainstorming.

This Week’s Prizes

time-for-the-prize-week-4-prizes

We’ll be picking three of the best ideas based on their potential to help alleviate a wide-ranging problem, the innovation shown by the concept, and its feasibility. First place will receive an RGB Shades Kit. Second place will receive a GoodFET42 JTAG programmer and debugger. Third place will receive a Hackaday CRT Android tee.

The 2015 Hackaday Prize is sponsored by:

Projects For Solving Big Water Problems

April 14, 2015 by 24 Comments

We’re looking for solutions to problems that matter and water waste is high on that list. This week we challenged you to think about Big Water; ideas that could help conserve the water used in agricultural and industrial applications. Take a look at some of the entries, get excited, and start working on your own idea for the 2015 Hackaday Prize.

Windtraps

smart-dewpoint-harvesterThat’s right, windtraps. Like the Fremen of Arrakis there were a few hackers who propose systems to pull moisture from the air.

The RainMaker is targeted for urban farming and explores the possibility of passive systems that water themselves automatically. [Hickss] admits that there are some limitations to the concept. Small systems would have limited ability to collect moisture and a need for direct sunlight in order to be solar powered. However, if you’re growing food we figure direct sunlight was a pre-requisite anyway.

On a bit grander scale is the Smart Dew-Point Water Harvester which is shown off in this diagram. The proof of concept at this point is a desktop system that collects moisture on a small heat-sync. Scroll down to that project’s comments and read about the possibility of building the system underground to take advantage of the naturally colder area.

For us the interesting question is can this be done in conjunction with traditional irrigation? Is a lot of irrigation water lost to evaporation and could reclamation through these means make an impact?

Moisture Sensing

water-sensing-orb-thumbSimple but powerful: only water when the plants need it! Here are several entries focused on sensors that make sure fields are being watered more efficiently.

The Adaptive Watering System focuses on this, seeking to retrofit current setups with sensor pods that make up a mesh network. We found the conjecture about distributing and retrieving these pods using a combine harvester quite interesting.

Going along with the networked concept there is a Moisture Monitoring Mesh Network which proposes individual solar-powered spikes. Much of the info for that project is embodied in the diagram, including a mock-up of how the data could be visualized. One thing we hadn’t spent much time thinking about is that fields may be watered unevenly and a sensor network would be a powerful tool in balancing these systems.

Wrapping up this concept is the Soil Moisture Sensor for Agriculture. [JamesW_001] rendered the image seen above as his concept for the sensor. Toss the orbs throughout the fields and the rings of contacts on the outside make up the sensor while the brains held safely inside report back wirelessly.

Plumbing

solar-water-pumpTwo projects tackled plumbing. The first is the Solar Water Pump seen here. Focused on the developing world, this array provides water for multiple applications, including agricultural irrigation, and can be used for wells or surface water sources.

Once that pump gets the water moving it will be taking a trip through some pipes which are another potential source of waste. When buried pipes leak, how will you know about it? That’s the issue tackled by the Water Pipeline Leak Detection and Location project. When the water pipe is buried, two sets of twisted-pair conductors in permeable sheathing are also buried along with it. These redundant sensors would use Time-Domain Reflectometry (TDR) to detect the location of a short between conductors. We’re a bit fuzzy on how this would detect leaks and not rain or irrigation water but perhaps the pipe/wire pairs would be in their own water-shedding sleeve?

This Week’s Winners

time-for-prize-prizes-week-3

First place this week goes to the Smart Garden and will receive a DSLogic 16-channel Logic Analyzer.

Second place this week goes to Soil Moisture Sensor for Agriculture and will receive an Adafruit Bluefruit Bluetooth Low Energy sniffer.

Third place this week goes to Solar Water Pump and will receive a Hackaday robot head tee.

Next Week’s Theme

We’ll announce next week’s theme a bit later today. Don’t let that stop you from entering any ideas this collection of entries may have inspired. Start your project on Hackaday.io and add the tag 2015HackadayPrize.

The 2015 Hackaday Prize is sponsored by:

Hackaday Prize Worldwide: Toronto

April 14, 2015 by 3 Comments

Tomorrow, April 15th at 7pm, join Hackaday at the Toronto HackLab.

Our own Mythical Creature, [Sophi Kravitz] is headed North of the border to talk about all things hardware hacking! As always, we love to see what people are working on in their labs, basements, garages, and workplaces. Make sure to bring your builds with you to show off to the rest of the crowd. [Sophi] will have her Breathe project on hand. Solenoids, balloons, compressed air, and visualizations are the secret sauce behind this clever interactive build.

Since there will be snacks, hacks, drinks, and swag we’d appreciate a quick RSVP (use the link at the top of this post) just so we know you’re incoming. Apart from seeing a slew of cool builds there will be lightning talks, some information about the 2015 Hackaday Prize, and if you haven’t been to the Hacklab before this is the perfect time for your first tour. We know there’s a lot of awesome to be seen there!

The 2015 Hackaday Prize is sponsored by:

circuit board

Ask Hackaday: Is Amazon Echo The Future Of Home Automation?

April 14, 2015 by 117 Comments

Unless you’ve been living under a case of 1 farad capacitors, you’ve heard of the Amazon Echo. Roughly the size of two cans of beans, the Echo packs quite a punch for such a small package. It’s powered by a Texas Instrument DM3725 processor riding on 256 megs of RAM and 4 gigs of SanDisk iNAND ultra flash memory. Qualcomm Atheros takes care of the WiFi and Bluetooth, and various TI chips take care of the audio codecs and amplifiers.

What’s unique about Echo is its amazing voice recognition. While the “brains” of the Echo exist somewhere on the Internets, the hardware for this circuitry is straight forward. Seven, yes seven microphones are positioned around the top of the device. They feed into four Texas Instrument 92dB SNR low-power stereo ADCs. The hardware and software make for a very capable voice recognition that works from anywhere in the room. For the output sound, two speakers are utilized – a woofer and a tweeter. They’re both powered via a TI 15 watts class D amplifier. Check out this full tear down for more details of the hardware.

circuit board

Now that we have a good idea of the hardware, we have to accept the bad news that this is a closed source device. While we’ve seen other hacks where people poll the to-do list through the unofficial API, it still leaves a lot to be desired. For instance, the wake word, or the word which signals the Echo to start listening to commands, is either “Alexa” or “Amazon”. There is no other way to change this, even though it should be easily doable in the software. It should be obvious that people will want to call it “Computer” or “Jarvis”. But do not fret my hacker friends, for I have good news!

It appears that Amazon sees (or had seen all along) that home automation is the future of the Echo. They now officially support Philips Hue and Belkin WeMo gadgets. The Belkin WeMo, which is no stranger to the hacker’s workbench, has a good handle on home automation already, making the ability to control things in your house with the Echo tantalizingly close. See the video below where I test it out. Now, if you’re not excited yet, you haven’t heard of the WeMo Maker, a device which they claim will let you “Control nearly any low-voltage electronics device“. While the WeMo Maker is not supported as of yet, it surely will be in the near future.

We know it sucks that all of this is closed source. But it sure is cool! So here’s the question: Is the Echo the future of home automation? Sure, it has its obvious flaws, and one would think home automation is not exactly Amazon’s most direct business model (they just want you to buy stuff). However, it works very well as a home automation core. Possibility better than anything out there right now – both closed and open source.

Do you think Amazon would ever open the door to letting the Echo run open source modules which allow the community to add control of just about any wireless devices? Do you think that doing so would crown Amazon the king of home automation in the years to come?

Continue reading “Ask Hackaday: Is Amazon Echo The Future Of Home Automation?”

Old Fluorescent Fixtures Turned Into Fill Lights

April 14, 2015 by 10 Comments

The Tymkrs are hard at work setting up their home studio, and since they’ll be shooting a few videos, they need some lights. The lights themselves aren’t very special; for YouTube videos, anything bright enough will work. The real challenge is making a mount and putting them in the right place, With a shop full of tools, making some video lights isn’t that hard and easily translates into a neat video project.

The lights began their lives as large fluorescent fixtures, the kind that would normally house long fluorescent tubes. The Tymkrs cut the metal reflector of this fixture in half, capped the ends with wood, and installed normal incandescent sockets in one end.

The inside of this reflector was coated with a reflective material, and a beautiful rice paper diffuser was glued on. The Tymkrs attached a metal bracket to these lights and screwed the bracket to the ceiling. There’s enough friction to keep the lights in one spot, but there’s also enough play in the joints to position them at just the right angle.

Continue reading “Old Fluorescent Fixtures Turned Into Fill Lights”