Go Ape With A Banana Macropad

May 14, 2021 by Kristina Panos 14 Comments

The super fun thing about macro pads is that they’re inherently ultra-personalized, so why not have fun with them? This appealing little keeb may have been a joke originally, but [dapperrogue] makes a valid point among a bunch of banana-related puns on the project page — the shape makes it quite the ergonomic little input device.

Inside this open-source banana is that perennial favorite for macro pads, the Arduino Pro Micro, and eight switches that are wired up directly to input pins. We’re not sure what flavor of Cherry those switches are, hopefully brown or green, but we suddenly wish Cherry made yellow switches. If you want to build your own, the STLs and code are available, and we know for a fact that other switch purveyors do in fact make yellow-stemmed switches.

Contrary to what the BOM says, we believe the sticker is mandatory because it just makes the build — we imagine there would be fewer double takes without it. Hopefully this fosters future fun keyboard builds from the community, and we can’t wait to sink our teeth into the split version!

There are a bunch of ways to make a macropad, including printing everything but the microcontroller.

Via r/mk and KBD

This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6

May 14, 2021 by Jonathan Bennett 26 Comments

Some weeks are slow, and the picking are slim when discussing the latest security news. This was not one of those weeks.

First up is Fragattacks, a set of flaws in wireless security protocols, allowing unauthenticated devices to inject packets into the network, and in some cases, read data back out. The flaws revolve around 802.11’s support for packet aggregation and frame fragmentation. The whitepaper is out, so let’s take a look.

Fragmentation and aggregation are techniques for optimizing wireless connections. Packet aggregation is the inclusion of multiple IP packets in a single wireless frame. When a device is sending many small packets, it’s more efficient to send them all at once, in a single wireless frame. On the other hand, if the wireless signal-to-noise ratio is less than ideal, shorter frames are more likely to arrive intact. To better operate in such an environment, long frames can be split into fragments, and recombined upon receipt.

There are a trio of vulnerabilities that are built-in to the wireless protocols themselves. First up is CVE-2020-24588, the aggregation attack. To put this simply, the aggregation section of a wireless frame header is unauthenticated and unencrypted. How to exploit this weakness isn’t immediately obvious, but the authors have done something clever.

First, for the purposes of explanation, we will assume that there is already a TCP connection established between the victim and an attacker controlled server. This could be as simple as an advertisement being displayed on a visited web page, or an image linked to in an email. We will also assume that the attacker is performing a Man in the Middle attack on the target’s wireless connection. Without the password, this only allows the attacker to pass the wireless frames back and forth unmodified, except for the aggregation header data, as mentioned. The actual attack is to send a special IP packet in the established TCP connection, and then modify the header data on the wireless frame that contains that packet.

When the victim tries to unpack what it believes to be an aggregated frame, the TCP payload is interpreted as a discrete packet, which can be addressed to any IP and port the attacker chooses. To put it more simply, it’s a packet within a packet, and the frame aggregation header is abused to pop the internal packet out onto the protected network. Continue reading “This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6” →

Make Android’s New Power Menu Work On Your Terms

May 14, 2021 by Tom Nardi 7 Comments

Introduced in Android 11, the power menu is a way to quickly interact with smart home gadgets without having to open their corresponding applications. Just hold the power button for a beat, and you’ll be presented with an array of interactive tiles for all the gadgets you own. Well that’s the idea, anyway.

[Mat] of “NotEnoughTech” wasn’t exactly thrilled with how this system worked out of the box, so he decided to figure out how he could create his own power menu tiles. His method naturally requires quite a bit more manual work than Google’s automatic solution, but it also offers some compelling advantages. For one thing, you can make tiles for your own DIY devices that wouldn’t be supported otherwise. It also allows you to sidestep the cloud infrastructure normally required by commercial home automation products. After all, does some server halfway across the planet really need to be consulted every time you want to turn on the kitchen light?

The first piece of the puzzle is Tasker, a popular automation framework for Android. It allows you to create custom tiles that will show up on Android’s power menu, complete with their own icons and brief descriptions. If you just wanted to perform tasks on the local device itself, this would be the end of the story. But assuming that you want to control devices on your network, Tasker can be configured to fire off a command to a Node-RED instance when you interact with the tiles.

In his post, [Mat] gives a few examples of how this combination can be used to control smart devices and retrieve sensor data, but the exact implementation will depend on what you’re trying to do. If you need a bit of help getting started, our own [Mike Szczys] put together a Node-RED primer last year that can help you put this flow-based visual programming tool to work for you.

Continue reading “Make Android’s New Power Menu Work On Your Terms” →

Keep An Eye On Your Bike With This DIY GPS Tracker

May 14, 2021 by Lewin Day 31 Comments

Owning a bike and commuting on it regularly is a great way to end up with your bike getting stolen, unfortunately. It can be a frustrating experience, and it can be particularly difficult to track a bike down once it’s vanished. [Johan] didn’t want to be caught out, however, and thus built a compact GPS tracker to give himself a fighting chance to hang on to his ride.

It’s built around the Arduino MKR GSM, a special Arduino built specifically for Internet of Things project. Sporting a cellular modem onboard, it can communicate with GSM and 3G networks out of the box. It’s paired with the MKR GPS shield to determine the bike’s location, and a ADXL345 3-axis accelerometer to detect movement. When unauthorised movement is detected, the tracker can send out text messages via cellular connection in order to help the owner track down the missing bike.

The tracker goes for a stealth installation, giving up the deterrent factor in order to lessen the chance of a thief damaging or disabling the hardware. It’s a project that should give [Johan] some peace of mind, though of course knowing where the bike is, and getting it back, are two different things entirely. We’ve seen creative techniques to build trackers for cats, too. It used to be the case that such “tracking devices” were the preserve of movies alone, but no longer. If you’ve got your own build, be sure to let us know on the tipline!