Day: September 29, 2016

Taking A U2F Hardware Key From Design To Production

September 29, 2016 by 17 Comments

Building a circuit from prototyping to printed circuit board assembly is within the reach of pretty much anyone with the will to get the job done. If that turns out to be something that everyone else wants, though, the job gets suddenly much more complex. This is what happened to [Conor], who started with an idea to create two-factor authentication tokens and ended up manufacturing an selling them on Amazon. He documented his trials and tribulations along the way, it’s both an interesting and perhaps cautionary tale.

[Conor]’s tokens themselves are interesting in their simplicity: they use an Atmel ATECC508A specifically designed for P-256 signatures and keys, a the cheapest USB-enabled microcontroller he could find: a Silicon Labs EFM8UB1. His original idea was to solder all of the tokens over the course of one night, which is of course overly optimistic. Instead, he had the tokens fabricated and assembled before being shipped to him for programming.

Normally the programming step would be straightforward, but using identical pieces of software for every token would compromise their security. He wrote a script based on the Atmel chip and creates a unique attestation certificate for each one. He was able to cut a significant amount of time off of the programming step by using the computed values with a programming jig he built to flash three units concurrently. This follows the same testing and programming path that [Bob Baddeley] advocated for in his Tools of the Trade series.

From there [Conor] just needed to get set up with Amazon. This was a process worthy of its own novel, with Amazon requiring an interesting amount of paperwork from [Conor] before he was able to proceed. Then there was an issue of an import tariff, but all-in-all everything seems to have gone pretty smoothly.

Creating a product from scratch like this can be an involved process. In this case it sounds like [Conor] extracted value from having gone through the entire process himself. But he also talks about a best-case-scenario margin of about 43%. That’s a tough bottom line but a good lesson anyone looking at building low-cost electronics.

Distributed Censorship Or Extortion? The IoT Vs Brian Krebs

September 29, 2016 by 118 Comments

Now it’s official. The particular website that was hit by a record-breaking distributed denial of service (DDOS) attack that we covered a few days ago was that of white-hat security journalist [Brian Krebs]: Krebs on Security.

During the DDOS attack, his site got 600 Gigabits per second of traffic. It didn’t involve amplification or reflection attacks, but rather a distributed network of zombie domestic appliances: routers, IP webcams, and digital video recorders (DVRs). All they did was create HTTP requests for his site, but there were well in excess of 100,000 of these bots.

In the end, [Krebs’] ISP, Akamai, had to drop him. He was getting pro bono service from them to start with, and while they’ve defended him against DDOS attacks in the past, it was costing them too much to continue in this case. An Akamai exec estimates it would have cost them millions to continue defending, and [Brian] doesn’t blame them. But when Akamai dropped the shields, his hosting provider would get slammed. [Krebs] told Akamai to redirect his domain to localhost and then he went dark.

Continue reading “Distributed Censorship Or Extortion? The IoT Vs Brian Krebs”

Homebrew Powerwall Sitting At 20kWh

September 29, 2016 by 128 Comments

Every now and then a hacker gets started on a project and forgets to stop. That’s the impression we get from [HBPowerwall]’s channel anyway. He’s working on adding a huge number of 18650 Lithium cells to his home’s power grid and posting about his adventures along the way. This week he gave us a look at the balancing process he uses to get all of these cells to work well together. Last month he gave a great overview of the installed system.

His channel starts off innocently enough. It’s all riding small motor bikes around and having a regular good time.  Then he experiments a bit with the light stuff, like a few solar panels on the roof.  However, it seems like one day he was watching a news brief about the Powerwall (Tesla’s whole-home battery storage system) and was like, “hey, I can do that.”

After some initial work with the new substance it wasn’t long before he was begging, borrowing, and haggling for every used 18650 lithium battery cell the local universe in Brisbane, Australia could sell him. There are a ton of videos documenting his madness, but he’s all the way up to a partly off-grid house with a 20kWh battery bank, for which he has expansion plans.

There’s a lot of marketing flim flam and general technical pitfalls in the process of generating your own non-grid electricity. But for hackers in sunny areas who want to dump those rays into local storage this is an interesting blueprint to start with.

Continue reading “Homebrew Powerwall Sitting At 20kWh”

3D Printing A Stop Motion Animation

September 29, 2016 by 21 Comments

How much access do you have to a 3D printer? What would you do if you had weeks of time on your hands and a couple spools of filament lying around? Perhaps you would make a two second stop-motion animation called Bears on Stairs.

An in-house development by London’s DBLG — a creative design studio — shows a smooth animation of a bear — well — climbing stairs, which at first glance appears animated. In reality, 50 printed sculptures each show an instance of the bear’s looping ascent. The entire process took four weeks of printing, sculpture trimming, and the special diligence that comes with making a stop-motion film.

Continue reading “3D Printing A Stop Motion Animation”