Today at The Last HOPE, [Far McKon] from Philadelphia’s Hacktory presented on community fabrication. Over the last few years we’ve seen a lot of different accessible rapid prototyping machines created. There’s the RepRap, a fabrication machine that has achieved self replication; our friends at Metalab have gotten their own version of the machine running too. The Hacktory has recently acquired a Fab@home machine. Fab@home hopes to make manufacturing using multiple materials accessible to home users. Multiple materials means people have constructed objects that vary from embedded circuits to hors d’oeuvres. We can’t talk about edible prototyping without bringing up the CandyFab machine, which fuses sugar. The Hacktory has enjoyed their machine so far, but have found the learning curve fairly difficult. While it’s great to see the cost of rapid prototyping dropping, we’ll be much happier when the ease of use improves.
Author: Eliot1332 Articles
SIM Card Reader
Adafruit Industries just announced their next kit: a SIM card reader. Using the kit, you can read or write any SIM card. You could use this for fun things like recovering deleted contacts and SMS messages. The kit looks like a very straight forward design (based on [Dejan]’s work); the only chip is a hex inverter and the board is powered by a regulated 9V battery. With all through-hole components, it should be easy to assemble. You can talk to it using the board mounted serial port or connect to the extra pin header using an FTDI USB cable just like the Boarduino. The FTDI option is bus powered, so you won’t need the battery. [ladyada] has collected some resources in case you want to learn more about smart cards.
HOPE 2008: Wikiscanner 2.0
[Virgil] presented the next version of Wikiscanner at The Last HOPE today. To build the original Wikiscanner, he scanned the monthly database dump of anonymous edits and compared that against a purchased list of known company IP addresses. The 34.5 million edits account for nearly 21% of all edits. The idea was to unearth businesses and groups white washing critical pages. This only handles anonymous edits though. Users could log in to avoid having their IP reversed.
In the new version, [Virgil]’s team developed a Poor Man’s CheckUser. If you spend too much time editing a talk page, your session could end and when you hit save it attaches your IP. Most regular users will then log in and remove their IP. They found 13,000 username/IP address pairs by searching for IPs being removed and replaced with usernames. These are some of the most active users. Using this list, they could potentially uncover sockpuppets or potential collusion by top editors.
HOPE 2008: Cold Boot Attack Tools Released
The team from Princeton has released their cold boot attack tools at The Last HOPE. Earlier this year they showed how to recover crypto keys from the memory of a machine that had been powered off. Now they’ve provided the tools necessary to acquire and play around with your own memory dumps. The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There’s also efi_memimage which implements the BSD TCP/IP stack in EFI, but it can be problematic. aeskeyfind can recover 128 and 256bit AES keys from the memory dumps and rsakeyfind does the same for RSA. They’ve also provided aesfix to correct up to 15% of a key. In testing, they only ever saw 0.1% error in there memory dumps and 0.01% if they cooled the chips first.
Continue reading “HOPE 2008: Cold Boot Attack Tools Released”
HOPE 2008: The Impossibility Of Hardware Obfuscation
The Last HOPE is off and running in NYC. [Karsten Nohl] started the day by presenting The (Im)possibility of Hardware Obfuscation. [Karsten] is well versed in this subject having worked on a team that the broke the MiFare crypto1 RFID chip. The algorithm used is proprietary so part of their investigation was looking directly at the hardware. As [bunnie] mentioned in his Toorcon silicon hacking talk, silicon is hard to design even before considering security, it must obey the laws of physics (everything the hardware does has to be physically built), and in the manufacturing process the chip is reverse engineered to verify it. All of these elements make it very interesting for hackers. For the MiFare crack, they shaved off layers of silicon and photographed them. Using Matlab they visually identified the various gates and looked for crypto like parts. If you’re interested in what these logic cells look like, [Karsten] has assembled The Silicon Zoo. The Zoo has pictures of standard cells like inverters, buffers, latches, flip-flops, etc. Have a look at [Chris Tarnovsky]’s work to learn about how he processes smart cards or [nico]’s guide to exposing standard chips we covered earlier in the week.
Machine Embroidered LED Matrix
Our favorite electric textiles expert, [Leah Buechley], put together this machine embroidered LED matrix proof of concept. For the vertical rows, the top thread is conductive, while the thread on the underside (the bobbin) is not. For the horizontal rows, the the thread is swapped and the fabric acts as an insulator between the two layers of wiring. You can see a small brown bunch of thread next to each LED: this is the via to wiring on the backside of the fabric. The matrix is being controlled by a LilyPad Arduino. This is an interesting idea and has the potential to make prototyping wearable projects much faster. Here are two more pictures of the project.
Tennis For Two Resurrected
The first video game every created is attributed to physicist William Higinbotham. Tennis for Two is played on an oscilloscope using two controllers. Each one has a knob that controls the trajectory and a button to hit the ball. The fine folks at Evil Mad Scientist Laboratories have recreated the game so you can play it on any oscilloscope. An ATmega168 is used to control everything. It takes user input from the paddles and outputs an the X and Y analog signals for the scope. An R-2R style DAC is used for the output stage which gives a 256×256 resolution. Everything is built on top of one of their business card sized project boards-which really shows how useful such a simple board can be. The source code is free and the write up includes plenty of detail. We’d love to see what modifications people come up with since the base game doesn’t even have scoring. There’s a video of EMSL’s system embedded below.
