Google Security Certificates Forged

Recently, Google discovered that a certificate authority (CA) issued forged certificates for Google domains. This compromises the trust provided by Transport Layer Security (TLS) and Secure HTTP (HTTPS), allowing the holder of the forged certificates to perform a man-in-the-middle attack.

To validate that the website you’re visiting is actually who they claim to be, your browser ensures that the certificate presented by the server you’re accessing was signed by a trusted CA. When someone requests a certificate from a CA, they should verify the identity of the person making the request. Your browser, and operating system, have a set of ultimately trusted CAs (called root CAs). If the certificate was issued by one of them, or a intermediate CA that they trust, you will trust the connection. This whole structure of trust is called a Chain of Trust.

With a forged certificate, you can convince a client that your server is actually http://www.google.com. You can use this to sit between a client’s connection and the actual Google server, eavesdropping their session.

In this case, an intermediate CA did just that. This is scary, because it undermines the security that we all rely on daily for all secure transactions on the internet. Certificate pinning is one tool that can be used to resist this type of attack. It works by associating a host with a specific certificate. If it changes, the connection will not be trusted.

The centralized nature of TLS doesn’t work if you can’t trust the authorities. Unfortunately, we can’t.

Will Dance For Bitcoin

It seems that Bitcoin is all over the news nowadays, but the Bitcoin Bot is probably the first robot that will dance for Bitcoins.

[Ryan] at HeatSync Labs in Mesa, AZ, is a fan of the cryptocurrency, and decided to build something to accept it. He discovered that Coinbase, a popular hosted Bitcoin wallet service, has a callback API. This causes Coinbase to fetch a specified URL any time a wallet receives a transaction, and provides information on the transaction in the request. A Python script handles these requests and updates a running count of the BTC balance sent to the robot’s wallet.

On the hardware side, an Arduino with an Ethernet Shield checks the balance. If it has changed, it calls the dance function and the luau girl dances.

The robot sits in the window of the hackerspace, so anyone passing by can read about Bitcoin and make a donation. The source code is on Github, and a video follows after the break.

Continue reading “Will Dance For Bitcoin”

Repairing Bose Active Noise Cancelling Headphones

[Mansour] was disappointed to find out that his Bose QC15 headphones had a dead right channel. These headphones have active noise cancelling, which uses a microphone to capture ambient noise and digital signal processing to insert an out of phase signal. Since they’re quite expensive, [Mansour] was determined to resurrect them.

First, he determined that the right speaker had died, so he found a replacement on eBay. These were designed for a different set of headphones, but matched the impedance of the original Bose part. After replacing the driver, it seemed that the repair was a failure. The sound cancelling wasn’t working, and a the playback was high-pitched. As a last attempt, he potted the speaker with glue, to match the original construction. Much to his surprise, this worked.

The problem was that the new driver didn’t have sufficient sound isolation from the microphone, which is meant to pick up passive noise. This feedback likely caused issues with the noise cancelling DSP. A little glue meant a $20 fix for a $400 pair of headphones.

A DIY NFC Tag

[Nicholas] built a simple NFC tag using an ATtiny84 microcontroller, four resistors, three capacitors, a diode, and an antenna. It implements ISO 14443-3, a standard for identification cards, and can communicate with the NFC chip sets found in most new smartphones.

This standard uses on-off keying for communication, which makes the hardware slightly more complex than the AVR RFID tag that we saw a few years back. The antenna and a variable capacitor form an LC circuit tuned at 13.56 MHz, which is the carrier frequency for the protocol. The diode acts as an envelope detector, letting the microcontroller recover the signal.

It may not be fully compliant with the standard, but [Nicolas] successfully tested out the device with his Lumia 620 phone. The firmware is available on Google Code so you can program your own tag data into main.c, build the firmware, and send some NFC packets. You can also check out a demo of the device after the break.

Continue reading “A DIY NFC Tag”

Upstagram: A Flying Raspberry Pi

Upstagram Pre-flight

This tiny paper house, modeled after the one in Disney’s UP, contains a Raspberry Pi, battery pack, camera, and 3G stick. The Upstagram, built by the folks at HackerLoop, took to the skies of Paris to snap and share photos on Instagram.

We’ve seen Raspberry Pis in flight before, but this build pulls it off using simple party balloons. It took around 80 balloons to get the house to a height of 300 feet. A kite string was used to tether the device and control its flight.

This hack also required some reverse engineering of Instagram. Since the photo sharing service only allows the official Android and iOS apps to upload, they had to use a reverse engineered Instagram client. This allows the unsupported Raspberry Pi to interact with the service, snapping pictures periodically and sharing them on the device’s stream.

After the break, check out a quick video overview of the project.

Continue reading “Upstagram: A Flying Raspberry Pi”

CAN Hacking: The Hardware

So far we have discussed the basics of CAN, in-vehicle networks, and protocols used over CAN. We’re going to wrap up with a discussion of CAN tools, and parts to build your own CAN hardware.

Wiring

Unfortunately, there’s no set standard for CAN connections. The most common connector for high-speed CAN is a DE-9, with CAN high on pin 7 and CAN low on pin 2. However cables will differ, and many are incompatible.

CAN needs to be terminated, preferably by a 120 ohm resistance on either end of the bus. In practice, you can stick a single 120 ohm resistor across the bus to deal with termination.

Tools

A good CAN tool will let you transmit and receive CAN messages, interpret live data using CAN databases, and talk CAN protocols. The tools with this feature set are proprietary and expensive, but some hacker friendly options exist.

GoodThopter

The GoodThopter12

Based on [Travis Goodspeed’s] GoodFET, the GoodThopter by [Q] uses the Microchip MCP2515 CAN to SPI controller to access the bus. The open hardware tool lets you send and receive messages using Python scripts.

CAN Bus Triple

CAN Bus Triple

The CAN Bus Triple device provides an interface to three CAN buses, and can be programmed in an environment similar to Arduino. The open source code provided lets you muck with the second generation Mazda 3. Unfortunately, the hardware does not appear to be open source.

Saleae Logic

Saleae Logic

It’s not open source, but the Saleae Logic is a very handy and cheap tool for looking at CAN buses. It can capture, decode, and display CAN traffic. This is most useful when you’re building your own CAN hardware.

DIY

The Parts

If you want to design your own hardware for CAN, you’ll need two things: a CAN controller, and a CAN transceiver.

The CAN controller generates and interprets CAN messages. There’s many microcontrollers on the market with built-in CAN controllers, such as the Atmel ATmega32M1, Freescale S08D, and the TI Tiva C Series. When using a built-in CAN controller, you’ll have to use an external oscillator, internal oscillators are not sufficiently accurate for high-speed CAN. If you want to add CAN to an existing microcontroller, the MCP2515 is an option. It’s a standalone CAN controller that communicates over SPI.

The transceiver translates signals from the controller to the bus, and from the bus to the transceiver. Different transceivers are needed for high-speed and low-speed CAN networks. The NXP TJA1050 works with high-speed buses, and the ON Semi NCV7356 works with low-speed, single wire buses.

Dev Boards

There’s a ton of development boards out there featuring microcontrollers with a CAN controller. The Arduino Due‘s SAM3 processor has a controller, but there’s no transceiver on the board. You can pick up a CAN bus shield, and the Due CAN Library to get started.

The ChipKIT Max32 is similar to the Due. It has two CAN controllers, but you’ll need to provide external transceivers to actually get on a bus. Fortunately there’s a shield for that. The ChipKIT is officially supported by Ford’s OpenXC Platform, so you can grab their firmware.

That concludes our discussion of CAN Hacking. Hopefully you’re now ready to go out and experiment with the protocol. If you have questions, send them along to our tip line with “CAN Hacking” in the subject, and we’ll compile some answers. If you liked this series and want to suggest a topic for the next set of posts we’d love to hear that as well!

CAN Hacking

Bass Bump Headphone Amp

bass-boost-headphone-amp

Headphone amplifiers make for simple, practical electronics projects. The Bass Bump Headphone Amp is no exception, since it’s made out of easy to source parts, and can be built on a proto-board.

We’ve seen many variants of the classic cMoy amplifier, including this pretty one. The Bass Bump differs by providing control over bass frequencies. It does this by putting a filter in front of the amplifier, with a potentiometer to select the mix of frequencies. This goes into a LM386 audio amplifier. At the output is a Zobel network to keep the impedance low at high frequencies. The amplifier can be powered from either a 9V rechargeable battery, or a USB port.

It’s a simple build, but definitely a good one to try on a rainy day. The write up explains how the analog circuitry works, and gives you full instructions on how to build it. After the break, check out a video overview of the project.

Continue reading “Bass Bump Headphone Amp”