Month: February 2016

Barcodes That Hack Devices

February 17, 2016 by 76 Comments

[virustracker] has been playing around with barcodes lately, and trying to use them as a vector to gain control of the system that’s reading them. It’s a promising attack — nobody expects a takeover via barcodes. The idea isn’t new, and in fact we’ve seen people trying to drop SQL attacks in barcodes long ago, but [virustracker] put a few different pieces together and came up with a viable attack.

The trick is that many POS terminals and barcode readers support command characters in their programming modes. Through use of these Advanced Data Formatting (ADF) modes, [virustracker] sends Windows-Key-r, and then cmd.exe, ftps a file down, and runs it. Whatever computer is on the other side of the barcode scanner has just been owned. ADF even supports a delay function to allow time for the command window to pop up before running the rest of the input.

The article details how they got their payload from requiring more than ten individual barcodes down to four. Still, it’s a suspicious-looking attack to try to pull off where other people (think cashiers) are looking. However, we have many automated machines in our everyday life that use barcodes. How many of these are vulnerable is an open question. [virustracker] suggests lottery machines, package-delivery automats, and even hospitals.

The defense is simple, and it’s the same as everywhere else: disable the debug and configuration modes in your production systems, and sanitize your input. Yes, even the barcodes.

It’s Alive! — Badge For Hackaday Belgrade

February 17, 2016 by 38 Comments

Hackaday Belgrade — our first ever conference in Europe — is coming up fast. One of the really exciting things for me is the hardware badge which [Voja Antonic] designed for the conference. He’s done a great job with hardware choices and I think we’ve hit the sweet spot for badge hacking. Let’s jump into the hardware and firmware details after the break.

Get your ticket now for ten hours of talks and workshops, evening concerts, and of course badge hacking the entire time. Earlybird sales close Monday. We’re still in the process of going through talk proposals but we’ll publish a post next week announcing all of the speakers.

Continue reading “It’s Alive! — Badge For Hackaday Belgrade”

Solar-powered Weather Station Knows Which Way The Wind Blows

February 16, 2016 by 15 Comments

Bob Dylan may not have needed a weatherman to tell him when the wind blows, but the rest of us rely on weather forecasts. These, in turn, rely on data from weather stations, and [Vlad] decided that his old weather station was in need of an upgrade.

His station, which uploads live data to the Weather Underground, needed to be solar-powered, weather-proof and easy to install. He seems to have succeed admirably with this upgrade, which is built around an ATmega328 and the 433 MHz link from the old station. As part of the upgrade, he built a 3D-printed enclosure and installed all-new sensors on a home-made PCB that are more accurate than the old ones.

He looked into upgrading the wireless leg to WiFi, but found that the school’s WiFi had a login page that he couldn’t get around. So he re-used the old 433 MHz radio and connected the other end of the link to an old laptop on the wired network. Good enough, we say. Now how about a snazzy display to go along with it?

Brain Waves Can Answer Spock’s (and VR’s) Toughest Question

February 16, 2016 by 12 Comments

In Star Trek IV: The Voyage Home, the usually unflappable Spock found himself stumped by one question: How do you feel? If researchers at the University of Memphis and IBM are correct, computers by Spock’s era might not have to ask. They’d know.

[Pouya Bashivan] and his colleagues used a relatively inexpensive EEG headset and machine learning techniques to determine if, with limited hardware, the computer could derive a subject’s mental state. This has several potential applications including adapting virtual reality avatars to match the user’s mood. A more practical application might be an alarm that alerts a drowsy driver.

Continue reading “Brain Waves Can Answer Spock’s (and VR’s) Toughest Question”

A Quadcopter Controlled By A Pi Zero

February 16, 2016 by 57 Comments

Flight controllers for quadcopters and other drones are incredible pieces of engineering. Not only do these boards keep an aircraft level, they do so while keeping the drone in one place, or reading a GPS sensor and flying it from waypoint to waypoint. The latest of these flight controllers is built on everyone’s favorite $5 computer, the Raspberry Pi Zero.

The PXFmini controller and autopilot shield is the latest project from Erle Robotics that puts eight servo outputs on the Pi, barometer and IMU sensors, a power supply, and all the adapters to turn the Raspberry Pi Zero into a capable flight controller. Since the Pi Zero will have some computational horsepower left over after keeping a quadcopter level, there’s a possibility of some very cool peripherals. Erle Robotics has been working with depth cameras and Lidar on more than a few drones. This makes for some interesting applications we can only imagine now.

The schematics for the PXFmini are open source in the best traditions of the RC and drone community and will be available soon. You can check out a video of the FXPmini flying around an office below.

Continue reading “A Quadcopter Controlled By A Pi Zero”

Repairing And Improving Cheap Bench Power Supplies

February 16, 2016 by 20 Comments

Cheap benchtop power supplies are generally regarded as pieces of junk around these parts. They can measure well enough under perfect conditions, but when you use them a little bit, they fall over. There’s proof of this in hundreds of EEVblog posts, Amazon reviews, and stories from people who have actually owned these el-cheapo power supplies.

One of the guys who has had a difficult time with these power supplies is [Richard]. He picked up a MPJA 9616PS (or Circuit Specialists CSI3003SM) for a song. It quickly broke, and that means it’s time for a repair video. [Richard] is doing this one better – he has the 3A power supply, that sells for $55. With a stupidly simple modification, he upgraded this power supply to the 5A model that usually sells for $100.

The problem with [Richard]’s broken power supply were voltage and current adjustments knobs. This cheap power supply didn’t use rotary encoders – voltage and current were controlled by a pair of 1k and 10k pots. Replacing these parts cost about $5, and [Richard]’s power supply was back up on its feet.

After poking around inside this power supply, [Richard] noticed two blue trim pots. These trim pots were cranked all the way to the left, and by cranking them all the way to the right, the power supply could output 5 Amps. Yes, the 3A version of this power supply was almost identical to the 5A version, with the only difference being the price. It’s a good repair to a somewhat crappy but serviceable supply, but a great mod that puts a beefier power supply on [Richard]’s desk.

Continue reading “Repairing And Improving Cheap Bench Power Supplies”

How I Embraced My Introvert And Joined The Hacker Community

February 16, 2016 by 67 Comments

For some people to join a new group is an exciting proposal, to meet new people and interact with them to accomplish a goal is their idea of a good time. If this describes you then you’re all set to jump in there and make some new friends! There are other people who see social interaction as not such a good time. They would rather avoid that situation and go on about their normal day, I get it. In general my level of comfort is inversely proportional to the number of people with me. This is not a character trait that I chose, I’m an introvert by nature.

The stereotype depicts hackers, nerds, or geeks as people without many friends who spend most of our time alone or you might just call us “loners”. I should make it clear that I’m writing this article from a table for 1 at my local diner and it would be out of the ordinary if there was another person at this table with me. Just in case someone feels the need to speak to me I’m wearing headphones as a deterrent, audio delivery is not their use at this time (headphone hack). I can feel the first comment brewing so let me nip that in the bud real quick: I’m in a restaurant AND actively being alone because there are often too many distractions at home to get things done in a timely manner. And I like the pancakes.

Before I climb up on this soapbox let me say that many of you are already involved in the community and are doing a great job, in fact I’m pretty sure many of the old-timers I talk about are Hackaday readers. This article is a result of my self reflection regarding my lack of community involvement as of late. I can’t think of any reasons why I shouldn’t take myself down a peg or two publicly, enjoy.

I won’t bother with the “Ra-Ra! Team Spirit!” garbage to get you all jazzed up to be a part of the team. But I will tell you what you’re missing out on by not being active and participating. It’s similar to the saying “You can lead a horse to water but you can’t make that horse join a group of like-minded horses that would all benefit from a wealth of horse-knowledge.” The saying changes depending on where you’re from, that’s how it was told to me.

Continue reading “How I Embraced My Introvert And Joined The Hacker Community”