Year: 2017

Industrial Indicator Makes The Move From PLC To FPGA

April 9, 2017 by 8 Comments

Industrial controls are fun to use in a build because they’re just so — well, industrial. They’re chunky and built to take a beating, both from the operating environment and the users. They’re often power guzzlers, though, so knowing how to convert an industrial indicator for microcontroller use might be a handy skill to have.

Having decided that an Allen-Bradley cluster indicator worked with the aesthetic of his project, a Halloween prop of some sort, [Glen] set about dissecting the controls. Industrial indicators usually make that a simple task so that they can be configured for different voltages in the field, and it turned out that the easiest approach to replacing the power-hungry incandescent bulbs with LEDs was to build a tiny PCB to fit inside the four-color lens.

The uniquely shaped board ended up being too small for even series resistors for the LEDs, so a separate driver board was also fabbed. The driver board is set up to allow a single 5-volt supply and logic levels of 3.3-volt or 5-volt, making the indicator compatible with just about anything. The finished product lends a suitably sinister look to the prop.

If you’re not familiar with the programmable logic controllers such an indicator would be used with in the field, then maybe you should try running Pong on a PLC for a little background.

The Cubic Cyphercon Badge

April 9, 2017 by 21 Comments

Last week in Milwaukee was Cyphercon, Wisconsin’s premier hacker conference. You can’t do a hacker con without either an electronic conference badge or a 45 hanging off a lanyard, and the Cyphercon 2017 badge doesn’t disappoint. It’s an electronic cube, lovingly designed by the folks at tymkrs. It’s also a puzzle box with security holes and wireless communications. It’s a mesh network of badges, and one of the best conference badges we’ve ever seen.

The most obvious feature of the Cyphercon 2.0 badge is the extra dimension. From the outset, the design of this badge was a 3-dimensional cube, constructed out of beautifully crafted PCBs and soldered together at the edges. The techniques to bring PCBs into the third dimension are really nothing new — we’ve seen 3D PCBs before — but never at this kind of volume. There were over four hundred badges constructed for Cyphercon, and every single joint was hand-soldered. This is something your assembly house just won’t do, and I would hate to think about the poor solder monkeys that would be forced to assemble 3D badges for a larger con.

3D isn’t the only trick up the Cyphercon badge. There are cutouts in each side of the cube exposing LEDs, microprocessors, busses, and a single USB port. This USB port allows the wearer to recharge the battery, yes, but if you install a terminal emulator on your laptop and plug in the badge, you’re dropped into a world of mystery, intrigue, and suffocation. This badge is a text adventure game, with the goal of a game to reassemble a relay-based computer from parts scrounged from around a missile silo. Once the relay computer is complete, the badge turns into an emulator for a vintage time-sharing operating system. In this OS, you’re able to write code and deploy it to other badges. This is seriously impressive stuff.

Between the cubic Cyphercon badge, the Hunter S. Rodriguez badge heading to Vegas this summer, and badges that are Nintendo emulators, this is looking like a great year for electronic conference badges. The artistry and skill here is amazing, and we can’t wait to see what else the community will come up with.

Below, you can check out a few videos on the Cypbercon badge. [Wire]’s explanation of how the badge was created over the last nine months is in there, as is the Cyphercon badge panel talk.

Continue reading “The Cubic Cyphercon Badge”

Shoelace Locks Keep Your Fancy Footwear Firmly Attached

April 9, 2017 by 25 Comments

Remember the 1980s, when velcro sneakers were the hip new thing? (Incidentally, VELCRO® is a registered trademark for VELCRO® brank hook-and-loop fasteners but we use it here as a general term for the fastening technology). Only the coolest kids in school had a fresh pair of Zips. Velcro left a bit to be desired though. The hooks and loops would wear out, and the sneakers always seemed to pop apart at the worst possible moments — like when running or jumping. These days, velcro seems to be relegated to the elderly, which gives it the stigma of “old people shoes”.

So what is an aspiring hacker to do, just tie their shoelaces like a simple plebe? [Pentland_Designs] has the answer with his shoelace locks. The design is his take on the classic plastic clip found on backpacks and jackets. [Pentland_Designs] has added a twist though — a “button” which flexes a plastic ring, releasing the main body of the clip. This means the user doesn’t have to bend down when taking off their shoes. This isn’t just good for folks with disabilities. Anyone with back problems will tell you that avoiding a couple of deep bends at the end of the day helps a lot.

Check out the video of [Pentland_Designs] Shoelace locks after the break. For more shoe-tech, check out these LEGO self-lacing shoes, or this teardown of Nike’s self-lacing offering.

Continue reading “Shoelace Locks Keep Your Fancy Footwear Firmly Attached”

How To Hack Your Own Password

April 9, 2017 by 10 Comments

[Haseeb] failed the marshmallow test as a kid. He has no self-control. He wastes a lot of time on reddit. There is a solution to this problem — simply lock yourself out of your account. The process is simple, and all you need to do is change your password to something random, change the recovery email address, and click submit. In the blink of an eye, all your imaginary Internet points vanish.

That’s the one guaranteed way to quit reddit. However, [Haseeb] wanted to hold onto those magic Internet points in the event they become worth something. This led to a far more baroque solution. He found a service that would email him at a later date, send an email to himself containing a random password, and quit reddit temporarily. Until that email was delivered, he was officially off reddit. When that email was received, productivity would stop.

A few years pass, and [Haseeb] had some time to kill at his new job. He decided to scrounge up his old password, only to discover he locked himself out of his Reddit account until 2018. What followed is a security exploit of an ’email me in the future’ service, and a great example of how much effort one person will commit to a lifetime of instant gratification.

The email service in question is LetterMeLater, a site that will send an email at some arbitrary point in the future. You can hide the body of the email from yourself, making this a fairly good solution for what [Haseeb] is doing. He was still locked out of his email, though, and emailing the people running LetterMeLater seemed absurd. Dopamine is fun, though, and [Haseeb] eventually found a workaround. This site indexes the body of an email for search. This is great, because the body of the email this site would send [Haseeb] in 2018 contained his reddit password and only his reddit password. With a little bit of code, he can perform substring queries on an email he can’t read. Now, extracting the password is simply a first year CS homework problem.

At this point, the only thing [Haseeb] knows about his password is that it’s a long string of random characters that probably doesn’t include upper-case characters. That’s 26 possible characters, 10 possible numbers, and a character bank that can be determined by searching his email one character at a time. [Haseeb] is essentially playing Hangman against his former self here.

After figuring out an API for LetterMeLater, [Haseeb] whipped up a quick bit of code that finds the password by searching substrings. It’s beautiful and recursive, although he did break it down into finding a suffix of the password then determining the remainder of the password. It took 443 iterations of the code to find the password, and when that was complete he logged into reddit. Math works, although [Haseeb] will have to figure out a way to wean himself off the opiate of the millennials again.

FreeRTOS Gets Class

April 8, 2017 by 56 Comments

[Michael Becker] has been using FreeRTOS for about seven years. He decided to start adding some features and has a very interesting C++ class wrapper for the OS available.

Real Time Operating Systems (RTOS) add functionality for single-thread microcontrollers to run multiple programs at the same time without threatening the firmware developer’s sanity. This project adds C++ to the rest of the FreeRTOS benefits. We know that people have strong feelings one way or the other about using C++ in embedded systems. However, as the 24 demo projects illustrate, it is possible.

One nice thing about the library is that it is carefully documented. A large number of examples don’t hurt either. The library is clean with just under 30 classes. It seems to have resisted the trend of having classes for everything. You know the kind of library we mean. To create an Integer object, just build a configuration object to pass to the class factory generator which…. This library doesn’t entertain any of that. It has simple abstractions around threads and timers, queues, and mutexes.

Continue reading “FreeRTOS Gets Class”

A Grenade Launcher Named RAMBO

April 8, 2017 by 81 Comments

Always one to push the envelope, U.S. Army researchers from the U.S. Army Armament Research, Development and Engineering Center (ARDEC) have been successfully experimenting with 3D printing for one of their latest technologies. The result? RAMBO — Rapid Additively Manufactured Ballistic Ordinance — a 40mm grenade launcher. Fitting name, no?

Virtually the entire gun was produced using additive manufacturing while some components — ie: the barrel and receiver — were produced via direct metal laser sintering (DMLS). So, 3D printed rounds fired from a 3D printed launcher with the only conventionally manufactured components being springs and fasteners, all within a six month development time.

Continue reading “A Grenade Launcher Named RAMBO”

BrickerBot Takes Down Your IoT Devices Permanently

April 8, 2017 by 69 Comments

There is a new class of virii in town, specifically targeting Internet of Things (IoT) devices. BrickerBot and its variants do exactly as their name says, turning your smart devices into bricks. Someone out there has gotten tired of all the IoT security flaws and has undertaken extreme (and illegal) measures to fix the problem. Some of the early reports have come in from a security company called Radware, who isolated two variants of the virii in their honeypots.

In a nutshell, BrickerBot gains access to insecure Linux-based systems by using brute force. It tries to telnet in using common default root username/password pairs. Once inside it uses shell commands (often provided by BusyBox) to write random data to any mounted drives. It’s as easy as

dd if=/dev/urandom of=/dev/sda1

With the secondary storage wiped, the device is effectively useless. There is already a name for this: a Permanent Denial-of-Service (PDoS) attack.

Now any card carrying Hackaday reader will know that a system taken down like this can be recovered by re-flashing through USB, JTAG, SD, other methods. However, we’re not BrickerBot’s intended audience. We’ve all changed our devices default passwords, right? RIGHT?

For more IoT security, check out Elliot’s excellent article about botnets earlier this year, and its follow-up.