TEMPEST In A Software Defined Radio

In 1985, [Wim van Eck] published several technical reports on obtaining information the electromagnetic emissions of computer systems. In one analysis, [van Eck] reliably obtained data from a computer system over hundreds of meters using just a handful of components and a TV set. There were obvious security implications, and now computer systems handling highly classified data are TEMPEST shielded – an NSA specification for protection from this van Eck phreaking.

Methods of van Eck phreaking are as numerous as they are awesome. [Craig Ramsay] at Fox It has demonstrated a new method of this interesting side-channel analysis using readily available hardware (PDF warning) that includes the ubiquitous RTL-SDR USB dongle.

The experimental setup for this research involved implementing AES encryption on two FPGA boards, a SmartFusion 2 SOC and a Xilinx Pynq board. After signaling the board to run its encryption routine, analog measurement was performed on various SDRs, recorded, processed, and each byte of the key recovered.

The results from different tests show the AES key can be extracted reliably in any environment, provided the antenna is in direct contact with the device under test. Using an improvised Faraday cage constructed out of mylar space blankets, the key can be reliably extracted at a distance of 30 centimeters. In an anechoic chamber, the key can be extracted over a distance of one meter. While this is a proof of concept, if this attack requires direct, physical access to the device, the attacker is an idiot for using this method; physical access is root access.

However, this is a novel use of software defined radio. As far as the experiment itself is concerned, the same result could be obtained much more quickly with a more relevant side-channel analysis device. The ChipWhisperer, for example, can extract AES keys using power signal analysis. The ChipWhisperer does require a direct, physical access to a device, but if the alternative doesn’t work beyond one meter that shouldn’t be a problem.

Flash a Light Bulb, Win a Prize

How many geeks does it take to flash a lightbulb? Judging from the list of entries in the 2017 Flashing Light Prize, so far only seven. But we suspect Hackaday readers can add to that total.

The goal is almost as simple as possible: build something that can flash an incandescent light bulb for at least five minutes. The system actually has to power the bulb’s filament, so no mechanical shutters are allowed. Other than that, the sky is the limit — any voltage, any wattage, any frequency and duty cycle, and any circuit. Some of the obvious circuits, like an RC network on a relay, have been tried. But we assume there will be points for style, in which case this sculptural cascading relay flasher might have a chance. Rube Goldberg mechanical approaches are encouraged, as in this motor, thread, stick and switch contraption. But our fave thus far is the 1000-watt bulb with solar cell feedback by Hackaday regular [mikeselectricstuff].

Get your entry in before August 1st and you’ll be on your way to glory and riches — if your definition of rich is the £200 prize. What the heck, your chances are great right now, and it’s enough for a few pints with your mates. Just don’t let it distract you from working on your 2017 Hackaday Prize entry — we’re currently in the “Wheels, Wings, and Walkers” phase, so maybe there’ll be a little crossover that you can leverage for your flasher.

Continue reading “Flash a Light Bulb, Win a Prize”

Hackaday Links: June 25th, 2017

There will be no special badges for DEFCON. Everyone will still have badges — and our expectations are tempered because of the one year on / one year off schedule for electronic badges — there just won’t be mind-bending puzzles wrapped up in the official badges. What this means: it probably won’t matter if you’re late for linecon, and someone in the DEFCON hive mind still has a Facebook. Also, DEFCON is canceled.

In the past, we have decried the very existence of fidget spinners. It’s what the kids are into, after all. However, an electronic fidget spinner is an interesting engineering challenge. It combines the mechanical fun of bearing science, the exacting precision of balancing stuff, and stuffing electronics where no electronics should be. This Kickstarter is perhaps the best electronic fidget spinner we’ve seen. The electronics are powered by a coin cell and are packed into one of the spaces for the ‘wing’ bearings, and two additional weighted bearings allow the spinner to balance. There’s a small magnet for a hall effect sensor in the ‘stator cap’ so RPM can be measured. This design uses the most common mold for a fidget spinner, making it very manufacturable. Compare this design to the Internet of Fidget Spinners, a POV fidget Spinner, another POV fidget spinner, an educational electronic fidget spinner, or this amazing technique to measure the speed of a fidget spinner that will blow your mind, and you’ll see this Kickstarter project is clearly the superior design.

You kids are spoiled with your programmable drum machines like your 808 and 909. Back in the day, drum machines were attached to organs, and only had a few patterns. You couldn’t change the patterns, you could only change the speed. [Jan] has created one of these prehistoric drum machines in a microcontroller. You get hard rock, disco, reggae, rock, samba, rumba, cha-cha, bossa nova, beguine, synthpop, boogie, waltz, jazz rock, and slow rock. Awesome.

There’s a new electronics magazine. It’s called DIYODE, and we’re all kicking ourselves for not coming up with that name.

Do you need a new password? Humans really aren’t good at coming up with random numbers, and if you need a completely random alphanumeric password, it’s best left to a computer. Have no fear, because there’s now a website that generates the single most secure password on the planet. This password, “H4!b5at+kWls-8yh4Guq”, features upper and lowercase characters, numbers, symbols, and twenty unique characters. This password was developed by security researchers and encryption specialists in Europe, so you know it has absolutely nothing to do with the NSA, CIA, or any other American three-letter agency.

Speaking of three-letter agencies, last Wednesday was International Selfie Day! That doesn’t mean you still can’t get in on the action. Take a selfie right now and upload it to social media! What’s facial recognition?

Looking for a great little ESP32 breakout board with all the bells and whistles? Olimex has a new board out with Ethernet, a MicroSD card slot, and 20 GPIOs broken out.

Hackaday Prize Entry: Modular Circuits with SnapBloks

[Ekawahyu Susilo]’s twist on the modular circuit kit, SnapBloks helps you create circuits by stacking components on top of each other with the help of three magnetic contacts that not only keep the modules stuck together but also deliver power, ground, and data to each part.

[Ekawahyu] envisioned it as a prototyping kit, used to whip together an idea without a lot of hassle. It could also be an educational aid, used to teach Arduino coding while skipping the confusing tangle of wiring. You can stack a sound module on top of a power module to make a buzzer, or attach power to a wheel Blok to make a robot.

With version 2 of the project [Ekawahyu] updated the look with color-coded shells, with pink signifying input Bloks, green for output, orange for communication, and blue for power. Each Blok has a Arduino chip inside — an STM32, which Hackaday reviewed back in March. For version three, he hopes to leverage the ESP8266 to make a WiFi-enabled Blok. [Ekawahyu]’s idea of having a cheap SMD Arduino in every module seems like a smart way to simplify module creation—no “controller block” needed!

Another Helping Hands Build

[Punamenon2] wanted a soldering station with integrated helping hands. He couldn’t find one, but he decided it would be a good 3D printed project. In all fairness, this is really 3D printing integrating several off-the-shelf components including a magnifier, a soldering iron holder, a soldering iron cleaner, a couple of “octopus” tripods, and some alligator clips. Total cost? Less than $30.

In addition to holding the Frankenstein monster together, the 3D printed structure also provides a storage tray with special sloped edges to make removing small screws easier.

Continue reading “Another Helping Hands Build”

iPad, not Flux Capacitor, Brings DeLorean Back to the Future

Add a flux capacitor and a Mr. Fusion to a DeLorean and it becomes a time machine. But without those, a DeLorean is just a car. A 35-year old car at that, and thus lacking even the most basic modern amenities. No GPS, no Bluetooth — not even remote locks for the gullwing doors!

To fix that, [TheKingofDub] decided to deck his DeLorean out with an iPad dash computer that upgrades the cockpit experience, and we have to say we’re impressed by the results. Luckily, the space occupied by the original stereo and dash vents in the center console is the perfect size for an iPad mini, even with the Lightning cable and audio extension cable attached. A Bluetooth relay module is used to interface to the doors, windows, trunk, garage door remote, and outdoor temperature sensor. A WiFi backup camera frames the rear license plate. Custom software ties everything together with OEM-looking icons and a big GPS speedometer. The build looks great, adds functionality, and should make road trips a little easier.

When [TheKingofDub] finally gets sick of people complaining about where the BTTF guts are, maybe he can add a flux capacitor and time circuits.

[via r/electronics]

Animated Bathroom Sign

Once upon a time, pants were created. After a while, women were allowed to wear them too. This has made a lot of people happy and been widely regarded as a good thing. There is a problem, however – bathroom signage is largely predicated on the idea that there are two rigid genders which all humans must be sorted into, and they’re defined by whether you’re wearing pants or a dress. [Robb Godshaw], among others, disagrees with this, and set about building a gender fluid bathroom sign.

The sign assembled on the motor.

The project seeks to exploit the traditional symbols of “male” and “female” – the human figures wearing pants or a dress – by creating a sign that switches between the two every 15 seconds. This is likely to initially confuse – one might imagine the bathroom is actually changing its gender designation rapidly, forcing users to complete their business in an incredibly short timeframe. However, the message behind the project is to highlight the absurdity of defining gender by pants, colours, or indeed in a binary nature at all. [Robb] also helpfully points out that all humans have to pass waste, regardless of gender.

The sign is built with 3D-printed components, using a crank mechanism to actuate the moving parts. The mechanism is designed to give equal time to the pants and dress configurations. [Robb] shares the important details necessary to replicate the build, such as how to assemble the metal crank pin insert with a paperclip and a lighter. It’s particularly tidy the way the mechanism is integrated into the parts themselves. In true hacker style, the motor is a standard microwave oven turntable motor, which can be harvested easily from a junk appliance and can be plugged straight into mains power to operate, if you know what you’re doing. If you don’t, check out our primer on the topic.

Overall, the project is a great use of hacker techniques, like 3D printing and harvesting parts, to make a statement and start a conversation, while being fun, to boot. We’ve also seen some of [Robb]’s work before, like this giant hamster wheel for people. Video after the break.

Continue reading “Animated Bathroom Sign”