USB Armory MkII: A USB-C Thumb Drive Based Linux Computer For Pentesters

September 29, 2019 by Tom Nardi 16 Comments

While it might look like a disrobed flash drive or RTL-SDR dongle, the USB Armory Mk II is actually a full-fledged open hardware computer built into the ubiquitous USB “stick” format. But more than just that, it’s optimized for security research and boasts a list of features that are sure to get the attention of any pentesters in the audience. Fine tuned thanks to the feedback developer [Inverse Path] received about the original version of the hardware, the Mk II promises to be the last word in secure mobile computing.

Compared to the original hardware, the most obvious change is the switch to USB-C. The previous USB Armory used traces on the PCB to plug directly into a USB Type-A port, but this time around [Inverse Path] has put a proper male connector on the front of the board. Nominally, the USB Armory is plugged into a host computer to provide it with power and a network connection, though it also has the ability to disguise itself as a storage or input device for more stealthy applications. There’s also a female USB-C port on the Mk II, which can be used to connect additional devices, a feature the previous version lacked.

The USB Armory Mk II is powered by an upgraded 900 MHz ARM Cortex-A7 processor, though it retains the same 512 MB of RAM from the previous version. Like the original, there’s a micro SD slot to hold the Linux operating system, but this time it’s supplemented with an onboard 16 GB eMMC chip. There’s even a physical switch that allows the user to choose which storage device they want to boot from. Other additions for the Mk II include Bluetooth connectivity, and a hardware true random number generator (TRNG).

We first brought you word of the original USB Armory back in 2014, and it’s always good to see an open hardware project thriving and iterating years later. While the $149 price tag arguably puts the MKII out of the tinkering budget for many of us, there’s clearly a market for niche devices like this and we can’t wait to see what [Inverse Path] comes up with next.

Pie Face Game Rigged To Throw Pie At Anyone But You

September 29, 2019 by Lewin Day 4 Comments

Pie Face is a game that does pretty much what you’d expect from the title. Players sit in front of a spring loaded arm, taking turns to twist a crank. Eventually, one unlucky player will release the arm and be splattered with whipped cream to the enjoyment of the group. [Harrison] wasn’t one to leave things to chance, however, so decided to rig the game.

Instead of allowing the spring-loaded arm to be released by the internal rotating drum, [Harrison] had a better idea. The drum was sanded smooth, to remove the teeth used by the release mechanism. Then, the release mechanism was replaced with a servo, controlled by an Arduino Nano fitted with a Bluetooth module. With just a tap on his smart phone, [Harrison] can trigger the game, guaranteeing his friends get the cream every time.

It’s a tidy build, and one that takes care to avoid detection with subtle design. Had he not released a Youtube video on the build, [Harrison]’s friends would likely be none the wiser. If your thirst for cheating is still unsated, consider loading your dice for a round of Settlers of Catan. Video after the break.

Continue reading “Pie Face Game Rigged To Throw Pie At Anyone But You” →

Hackaday Links: September 29, 2019

September 29, 2019 by Dan Maloney 6 Comments

In a sure sign that we’ve arrived in the future, news from off-world is more interesting this week than Earth news. When the InSight probe landed on Mars last year, it placed the first operating magnetometer on the Red Planet. Since then, the sensitive instrument has been logging data about the planet’s magnetic field, and now there are reports that researchers have discovered a chain of pulsations in the magnetic field. Pulsations in planetary magnetic fields aren’t all that strange; pulse trains that occur only at Martian midnight are, though. Researchers haven’t got a clue yet about what this means. We assume they’ve eliminated artifacts like something on the lander being turned on at local midnight, so when they figure it out it should be fascinating.

In more news from the future, Boston Dynamics is trolling us again. We covered the announcement early this week that they’re putting their Spot quadruped robot on sale – sort of. Turns out you need to be selected to qualify based on the application you have in mind, plus have several Ferraris full of cash to spend. While everyone was watching the adorable antics of Spot as it wandered through improbably industrial vignettes, Boston Dynamics also released this slightly terrifying video of their Atlas robot running through a gymnastics routine. It starts with a headstand and a front roll and ends with a slipt leap and whatever the gymnastics equivalent of a figure skating axel jump is. Yes, it has a special roll cage attached to make the tumbles a bit smoother, but it’s still some remarkable stuff.

How are your RF design skills? If they’re good enough to design an RF power amp, you might want to check out this homebrew RF design challenge. Put on by NXP Semiconductors, the design must use one of their new LDMOS RF power transistors. They’ll send you samples so you can build your design, and you stand to win up to $3000 plus $1000 worth of NXP products. The contest opened back in May but is running through the middle of November, so you’d better hurry.

Speaking of RF, wouldn’t it be interesting to see a snapshot of the RF spectrum over the entire planet? ElectroSense thinks so, and they’re working on a crowdsourcing model to set up a globe-spanning network of connected RF sensors. The idea is similar to what FlightAware does for monitoring the locations of aircraft with a distributed network of ADS-B receivers. But where FlightAware only monitors a narrow slice of spectrum, ElectroSense wants it all – DC to 6 GHz. You can build a sensor from an SDR and a Raspberry Pi and start contributing to the effort, which only has a handful of sensors at the moment.

Has affordable metal 3D-printing finally arrived? For certain values of affordability, it soon will, when One Click Metal launches their new selective laser melting printer. Thomas Sanladerer did a video with the principals, and the prototype looks promising. SLM is not a new process, but patents on the core process recently ran out, so startups like One Click Metal are jumping into the market. Their printer won’t be cheap — you’ll still need to write a check with many zeroes — but with more players, the price should come down.

And finally, what’s this world coming to when a startup specializing in building giant fighting robots can’t make a go of it? MegaBots is shutting down, and while that’s certainly bad news for its founders and employees, it’s great news for anyone in the market for used battle bots. The company’s flagship bot, the 15-ton Eagle Prime, is currently up for auction on eBay. Bidding started at $1 with no reserve, but if you were looking for a steal, you’re a bit late. The high bid is currently $100,100, which is still an incredible buy considering it cost $2.5 million to build. You’ll have to pay for shipping, but you’ll have a super-destructive mecha of your own to drive around. And think how cool you’ll look rolling into some kid’s backyard birthday party. Presumably one you’ve been invited to.

Upgrading A MIDI Controller With An FPGA

September 29, 2019 by Bryan Cockfield 16 Comments

While the “M” in MIDI stands for “musical”, it’s possible to use this standard for other things as well. [s-ol] has been working on a VJ setup (mixing video instead of music) using various potentiometer-based hardware and MIDI to interface everything together. After becoming frustrated with drift in the potentiometers, he set out to outfit the entire rig with custom-built encoders.

[s-ol] designed the rotary-encoder based boards around an FPGA. It monitors the encoder for changes, controls eight RGB LEDs per knob, and even does capacitive touch sensing on the aluminum knob itself. The FPGA communicates via SPI with an Arduino master controller which communicates to a PC using a serial interface. This is [s-ol]’s first time diving into an FPGA project and it looks like he hit it out of the park!.

Even if you’re not mixing video or music, these encoders might be useful to any project where a standard analog potentiometer isn’t accurate or precise enough, or if you just need something that can dial into a specific value quickly. Potentiometers fall short in many different ways, but if you don’t want to replace them you might modify potentiometers to suit your purposes.

Continue reading “Upgrading A MIDI Controller With An FPGA” →

Probe The Galaxy On A Shoestring With This DIY Hydrogen-Line Telescope

September 29, 2019 by Dan Maloney 6 Comments

Foil-lined foam insulation board, scraps of lumber, and a paint-thinner can hardly sound like the tools of a radio astronomer. But when coupled with an SDR, a couple of amplifiers, and a fair amount of trial-and-error tweaking, it’s possible to build your own hydrogen-line radio telescope and use it to image the galaxy.

As the wonderfully named [ArtichokeHeartAttack] explains in the remarkably thorough project documentation, the characteristic 1420.4-MHz signal emitted when the spins of a hydrogen atom’s proton and electron flip relative to each other is a vital tool for exploring the universe. It lets you see not only where the hydrogen is, but which way it’s moving if you analyze the Doppler shift of the signal.

But to do any of this, you need a receiver, and that starts with a horn antenna to collect the weak signal. In collaboration with a former student, high school teacher [ArtichokeHeartAttack] built a pyramidal horn antenna of insulation board and foil tape. This collects RF signals and directs them to the waveguide, built from a rectangular paint thinner can with a quarter-wavelength stub antenna protruding into it. The signal from the antenna is then piped into an inexpensive low-noise amplifier (LNA) specifically designed for the hydrogen line, some preamps, a bandpass filter, and finally into an AirSpy SDR. GNURadio was used to build the spectrometer needed to determine the galactic rotation curve, or the speed of rotation of the Milky Way galaxy relative to distance from its center.

We’ve seen other budget H-line SDR receiver builds before, but this one sets itself apart by the quality of the documentation alone, not to mention the infectious spirit that it captures. Here’s hoping that it finds its way into a STEM lesson plan and shows some students what’s possible on a limited budget.

The Price Of Domestic Just In Time Manufacturing

September 29, 2019 by Kerry Scharfglass 37 Comments

Hardware is hard, manufacturing only happens in China, accurate pricing is a dark art. Facts which are Known To Be True. And all things which can be hard to conquer as an independent hardware company, especially if you want to subvert the tropes. You may have heard of [Spencer Wright] via his superb mailing list The Prepared, but he has also been selling an unusual FM radio as Centerline Labs for a few years. Two years ago they relaunched their product, and last year the price was bumped up by a third. Why? Well, the answer involves more than just a hand wave about tariffs.

The Public Radio is a single-station FM radio in a mason jar. It’s a seemingly simple single purpose hardware product. No big mechanical assemblies, no complex packaging, not even any tangential accessories to include. In some sense it’s an archetypically atomic hardware product. So what changed? A normal product is manufactured in bulk, tested and packaged, then stored in a warehouse ready to ship. But TPR is factory programmed to a specific radio station, so unless Centerline wanted one SKU for each possible radio station (there are 300) this doesn’t work. The solution was domestic (US) just in time manufacturing. When a customer hits the buy button, a unit is programmed, tested, packed, and shipped.

As with any business, there is a lot more to things than that! The post gives the reader a fascinating look at all the math related to Centerline Labs’ pricing and expenses; in other words, what makes the business tick (or not) including discussion of the pricing tradeoffs between manufacturing different components in Asia. I won’t spoil the logical path that led to the pricing change, go check out the post for more detail on every part.

We love hearing about the cottage hardware world. Got any stories? Drop them in the comments!

This Word Clock Has Dirty Alphanumeric Mouth

September 29, 2019 by Tom Nardi 7 Comments

Clocks which use words to tell the time in place of numbers are an increasingly popular hacker project, but we have to admit that before seeing this gorgeous clock from [Mitch Feig], we didn’t realize how badly we wanted to see one that could curse like a sailor.

But don’t worry, the WordClock-1 knows more than just the bad words. Rather than using an array of illuminated letters as we’ve seen in previous clocks, this one uses six alphanumeric LED displays. So not only can it display the time expressed with words and numbers, but it can show pretty much any other text you might have in mind.

[Mitch] is partial to having his clock toss a swear word on the display every few seconds, but perhaps you’d rather have it show some Klingon vocabulary to help you brush up. The lack of extended characters does limit its language capabilities somewhat, but it still manages to include Spanish, Italian, French, and Croatian libraries.

The ESP32 powered clock comes as a kit, and [Mitch] has provided some very thorough documentation that should make assembling it fairly straightforward as long as you don’t mind tackling a few SMD components. Additional word databases are stored on an SD card, and you can easily add your own or edit the existing ones with nothing more exotic than a text editor. The clock itself is configured via a web interface, and includes features like RGB LED effects and support for pulling the time down from an external GPS receiver.

Of course, if you’re content with what we can apparently now refer to as “old style” word clocks, we’ve seen plenty of projects which should serve as inspiration for anyone looking to roll their own textual timepiece.

Continue reading “This Word Clock Has Dirty Alphanumeric Mouth” →