Month: May 2016

The Dark Arts: Anonymity

May 3, 2016 by 34 Comments

Love him or hate him, Edward Snowden knew a thing or two about anonymity. In June of 2013, he blew the whistle on the NSA’s out-of-control programs that can target virtually anyone plugged into the digital age. The former CIA employee was working as a contractor for the NSA, where he had access to highly classified documents for many of these general populace surveillance programs. He eventually took off to Hong Kong and released the documents to a handful of reporters. One of these documents was a power point presentation of the NSA complaining about how the TAILS operating system was a major thorn in their side. Naturally, Snowden insisted that the reporters and himself only communicate via the TAILS O/S. He used PGP, which is an encryption method with the highly sophisticated title of “Pretty Good Privacy”, and asked not to be quoted at length for fear of identification via stylometry.

In this article, we’re going to go over the basics of anonymity, and introduce you to methods of staying anonymous while online.

Continue reading “The Dark Arts: Anonymity”

Not Even Hamsters Are Safe From The Internet Of Things

May 3, 2016 by 9 Comments

The internet of things is this strange marketing buzzword that seems to escape from the aether and infect our toasters and refrigerators. Now even a hamster is not safe.

[Mifulapirus]’s hamster, Ham, was living a pleasant hamster life. Then his owner heard about another hamster named Sushi, whose running wheel stats were broadcasted to the internet. Not to be left behind, Ham’s wheel was soon upgraded. Now Ham is burdened by the same social pressures our exercise apps try to encourage us to use. No, we are most certainly not going to tell our friends about two fourteen minute miles with a twenty minute coffee break in the middle, MapMyRun, we are not.

The feat of techno enslavement for the little hamster was accomplished with a custom board, an esp8266, and an arduino as described in the instructable. The arduino can be left out of the project now that the libraries have been ported to the esp8266. A hall effect sensor detects when the 3D printed hamster wheel is spinning.

If you’d like to check in on Ham, the little guy is alive and well, and the twitter is here. It looks like it’s been upgraded since the original article was posted. Now it shows when Ham is awake and running around the cage doing hamster errands.

Volkswagen Beetle – The Most Hackable Car

May 3, 2016 by 118 Comments

If you build a better mousetrap, the world will beat a path to your door. Of course it helps if your mousetrap is reliable, simple, cheap, and easy to work on. In the car world, look no further than arguably the most successful, and most hackable, car in history: the Volkswagen Type 1, more commonly known as the Beetle. The ways in which this car was modified to suit the needs of a wide range of people over its 65-year-long production run proves that great design, ease of use, and simplicity are the keys to success, regardless of the project or product.

Built by Ferdinand Porsche in 1930’s Germany, the Beetle was designed to be a car for anyone and everyone. Its leader at the time wanted a true “people’s car” (i.e. “Volkswagen”) that was affordable for a German family, could reliably travel at sustained highway speeds on the new German autobahns, and easily be repaired by its owners. The car features an air-cooled engine for simplicity and cost savings: no radiator, water pump, or coolant, plus reduced overall complexity. The engine can be easily removed by disconnecting the fuel line, the throttle cable, and the four bolts that hold it to the transaxle. The entire body is held on to the chassis by eighteen bolts and is also easy to remove by today’s standards. There’s no air conditioning, no power steering, and a rudimentary heater of sorts for the passenger cabin that blows more hot air depending on how fast the engine is running. But possibly the best example of its simplicity is the fact that the windshield washer mechanism is pressurised with air from the over-inflated spare tire, eliminating the need to install another piece of equipment in the car.

It’s not too big of a leap to realize how easily hackable this car is. Even Volkswagen realized this and used the platform to build a number of other vehicles: the Type 2 (otherwise known as the bus, van, hippie van, Kombi, etc.) the eclectic Karmann Ghia, and the Types 3 and 4. Parts of the Type 1 were used to build the Volkswagen 181, commonly referred to as “the Thing”. Ferdinand Porsche also used design elements and other parts of the Type 1 to build the first Porsche, essentially making a souped-up Beetle. The rear-engine, rear-wheel drive layout of modern Porsches is a relic of this distant Beetle cousin. But the real magic is what people started doing to the Beetles in their backyards in the ’60s and 70s: turning them into buggies, off road machines, race cars, and hot rods that are still used today.

At some point around this time, a few people realized that the Beetle was uniquely suited to off-road racing. The type of suspension combined with the rear-engine, rear-wheel-drive layout meant that even without four-wheel drive, this car could excel in desert racing. There are still classes in this race for stock Beetles and modified Beetles called Baja Bugs.

Continue reading “Volkswagen Beetle – The Most Hackable Car”

I Am Satoshi Nakamoto

May 3, 2016 by 74 Comments

OK, you got me. I’m not. Neither is Dorian Nakamoto, pictured above, and neither is this [Craig White] guy. Or at least, his supposed proof that he is “Satoshi” doesn’t stand up to scrutiny. Indeed, you can re-create it yourself and pretend to be “Satoshi” too.

If you haven’t been following along, “Satoshi Nakamoto” is the person or group of people who invented Bitcoin, and who holds a decent fortune’s worth of the currency. He’s been exceedingly careful at keeping his identity secret. So much so, that upon hearing another “We Found Satoshi” story in the news, we actually laughed at our wife this morning. But then it was picked up by the BBC and is forthcoming in the Economist. Serious journalism.

Well, if you read the BBC piece, they note that “Security expert Dan Kaminsky said the procedure was almost ‘maliciously resistant’ to validation.” Hint: If Dan “DNSSEC” Kaminsky can’t verify a signature, there’s a good chance it’s not the real deal.

The really embarrassing part is that this [Craig White] character claimed to be Satoshi in December 2015. If he actually were Satoshi, who is probably a cryptographic genius, do you think it would take him five months to figure out a cryptographically sound way of proving his identity? Nope.

So here’s how he did it, according to [Patrick McKenzie]’s GitHub, linked above. There is a hashed secret out there that only “Satoshi” knows. Hashes are one-way functions; they produce a number that’s easy to calculate if you know the original data, but devilishly hard to work from the hash backwards to get the data out. This hashed value is public, and part of the blockchain, so we can be pretty sure that it hasn’t been altered.

[Craig] claimed to have some text from Sartre hashed with “Satoshi’s” key, and that this proves his identity. But instead of providing the hash of the Sartre text, [Craig] apparently substituted a hash from the blockchain. When this supposed Sartre hash is validated against the blockchain, of course, it works. In short, he swapped hashes, and people failed to notice.

So I’m not “Satoshi”, and neither is this guy. Who is? The mystery continues. And given how careful “Satoshi” has been so far, it’s likely to remain so for a long while. But one thing’s for sure, when “he” does choose to reveal himself, it won’t be difficult to verify. After all “Satoshi” knows “Satoshi’s” password.

Image via the BBC, of another guy who isn’t “Satoshi”.

(Late Edit: Here’s another really nice writeup, this one by [ErrataRob].)

Reverse Engineering An ATM Card Skimmer

May 3, 2016 by 47 Comments

While vacationing in Bali, [Matt South] walked into a nice, secure, air-conditioned cubicle housing an ATM. Knowing card skimmers are the bane of every traveller, [Matt] did the sensible thing and jiggled the card reader and the guard that hides your PIN when punching it into the numeric keypad. [Matt] found the PIN pad shield came off very easily and was soon the rightful owner of a block of injection molded plastic, a tiny camera, and a few bits of electronics.

The first thing that tipped [Matt] off to the existence of electronics in this brick of plastic was a single switch and a port with four contacts. These four pins could be anything, but guessing it was USB [Matt] eventually had access to a drive filled with 11GB of video taken from inside this PIN pad shield.

An investigation of the videos and the subsequent teardown of the device itself revealed exactly what you would expect. A tiny pinhole camera, probably taken from a ‘spy camera’ device, takes video whenever movement is detected. Oddly, there’s an audio track to these videos, but [Matt] says that makes sense; the scammers can hear the beeps made by the ATM with every keypress and correlate them to each button pressed.

Of course, the black hats behind this skimmer need two things: the card number, and the PIN. This tiny spy cam only gets the PIN, and there wasn’t a device over or in the card slot in the ATM. How did the scammers get the card number, then? Most likely, the thieves are getting the card number by sniffing the ATM’s connection to the outside world. It’s a bit more complex than sticking a magnetic card reader over the ATM’s card slot, but it’s harder to detect.

Atmel Removes Full-Swing Crystal Oscillator

May 3, 2016 by 56 Comments

It is one of our favorite chips, and the brains behind the Arduino UNO and its clones, and it’s getting a tweak (PDF). The ATmega328 and other megaX8-series chips have undergone a subtle design change that probably won’t affect you, but will cause hours of debugging headaches if it does. So here’s your heads-up. The full-swing oscillator driver circuitry is being removed. As always, there’s good news and bad news.

The older ATmega chips had two different crystal drivers, a low-power one that worked for lower speeds, and higher-current version that would make even recalcitrant crystals with fat loading capacitors sing. This “full-swing” crystal driver was good for 16 MHz and up.

The good news about the change is that the low-power crystal driver has been improved to the point that it’ll drive 16 MHz crystals, so you probably don’t need the full-swing driver anymore unless you’re running the chip at 20 MHz (or higher, you naughty little overclocker).

This is tremendously important for Arduinos, for instance, which run a 16 MHz crystal. Can you imagine the public-relations disaster if future Arduinos just stopped working randomly? Unclear is if this is going to ruin building up a perfboard Arduino as shown in the banner image. The full-swing oscillator was so robust that people were getting away with a lot of hacky designs and sub-optimal loading capacitor choices. Will those continue to work? Time will tell.

The bad news is that if you were using the full-swing oscillator to overcome electrical noise in your environment, you’re going to need to resort to an external oscillator instead of a simple crystal. This will increase parts cost, but might be the right thing to do anyway.

Whenever anyone changes your favorite chip, there’s a predictable kerfuffle on the forums. An Atmel representative said they can get you chips with the full-swing driver with a special order code. We’re thinking that they’re not going to let us special order ten chips, though, so we’re going to have to learn to live with the change.

The ATmega328 has already gotten a makeover, and the new version has improved peripheral devices which are certainly welcome. They don’t have the full-swing oscillator onboard, so you can pick some up now and verify if this change is going to be a problem for you or not. We don’t have any of the new chips to test out just yet.

Thanks to [Ido Gendel] for tipping us off to the change in our comment section! If you have any first-hand experience with the new chips, let us know in the comments and send in a tip anytime you trip over something awesome during your Internet travels.

Detecting Beetles That Kill Trees, Make Great Lumber

May 2, 2016 by 22 Comments

All across southern California there are tiny beetles eating their way into trees and burrowing into the wood. The holes made by these beetles are only about 1mm in diameter, making them nigh invisible on any tree with rough bark. Trees infested with these beetles will eventually die, making this one of the largest botanical catastrophes in the state.

AmbrosaMaple
Ambrosia maple, the result of these beetles boring into maple trees. Although ambrosia maple is arguable prettier, it is significantly cheaper than hard maple, making trees infested with beetles less valuable. Image source: [ironoakrva]
For [Joan]’s project for the 2016 Hackaday Prize, she’s working on a project to detect the polyphagous shothole borer, the beetle that drills into trees and eats them from the inside out. This is a surprisingly hard problem – you can’t look at the inside of a tree without cutting it down – so [Joan] has turned to other means of detecting the beetle, including listening for the beetle’s mastications with a stethoscope.

Although these ambrosia beetles will burrow into trees and kill them, there is another economic advantage to detecting these tiny, tiny beetles. The fungi deposited into these beetle bore holes make very pretty wood, but this wood is less valuable than lumber of the same species that isn’t infested with beetles. It’s a great project for the upcoming Citizen Science portion of the Hackaday Prize, as the best solution for detecting these beetles right now is sending a bunch of grade school students into the woods.

The HackadayPrize2016 is Sponsored by: