Author: Elliot Williams

1449 Articles

33C3: How Can You Trust Your Random Numbers?

February 1, 2017 by 49 Comments

One of the standout talks at the 33rd Chaos Communications Congress concerned pseudo-random-number generators (PRNGs). [Vladimir Klebanov] (right) and [Felix Dörre] (left) provided a framework for making sure that PRNGs are doing what they should. Along the way, they discovered a flaw in Libgcrypt/GNUPG, which they got fixed. Woot.

mpv-shot0012-zoomCryptographically secure random numbers actually matter, a lot. If you’re old enough to remember the Debian OpenSSL debacle of 2008, essentially every Internet service was backdoorable due to bad random numbers. So they matter. [Vladimir] makes the case that writing good random number generators is very, very hard. Consequently, it’s very important that their output be tested very, very well.

So how can we test them? [Vladimir] warns against our first instinct, running a statistical test suite like DIEHARD. He points out (correctly) that running any algorithm through a good enough hash function will pass statistical tests, but that doesn’t mean it’s good for cryptography.
Continue reading “33C3: How Can You Trust Your Random Numbers?”

Horten Fyr Is Norwegian For Blinkie

January 31, 2017 by 5 Comments

Our Norwegian is pretty weak, so we struggled a little bit with the documentation for a big public LED art project in the lighthouse (translated) in Horten, Norway. But we do speak the universal language of blinkies, and this project has got them: 3,008 WS2812b LEDs ring the windows at the top of the lighthouse and create reactive patterns depending on the wave height and proximity of the ferry that docks there.

This seems to be an evolving project, with more features being added slowly over time. We love the idea of searching for the WiFi access point on the ferry to tell when it’s coming in to port, and the wave height sensor should also prove interesting data, with trends at the low-frequency tidal rate as well as higher frequency single waves that come in every few seconds. What other inputs are available? How many are too many?

It’s so cool that a group of tech-minded art hackers could get access to a big building like this. Great job, [Jan] and [Rasmus] and [everyone else]!

Continue reading “Horten Fyr Is Norwegian For Blinkie”

Awesome Prank Or Circuit-Breaker Tester?

January 31, 2017 by 54 Comments

Many tools can be used either for good or for evil — it just depends on the person flipping the switch. (And their current level of mischievousness.) We’re giving [Callan] the benefit of the doubt here and assuming that he built his remote-controlled Residual Current Device (RDC) tripper for the purpose of testing the safety of the wiring in his own home. On the other hand, he does mention using it to shut off all the power in his house during an “unrelated countdown at a party”. See? Good and evil.

An RCD (or GFCI in the States) is a kind of circuit breaker that trips when the amount of current in the hot and neutral mains power lines aren’t equal and opposite, which would suggest that the juice was leaking out somewhere, hopefully not through someone. They only take a few milliamps of imbalance to blow so that nobody gets hurt. Making a device to test an RCD is easy; a resistor between hot and the protective ground circuit would do.

[Callan] over-engineers. He used a 50 W resistor where 30 W would do under the worst circumstances. A stealthy solid-state relay switches the resistor in, driven by an Uno and a Bluetooth module, so he can trip his circuit breakers from his smartphone, naturally.
Continue reading “Awesome Prank Or Circuit-Breaker Tester?”

GSM Sniffing On A Budget With Multi-RTL

January 30, 2017 by 26 Comments

If you want to eavesdrop on GSM phone conversations or data, it pays to have deep pockets, because you’re going to need to listen to a wide frequency range. Or, you can just use two cheap RTL-SDR units and some clever syncing software. [Piotr Krysik] presented his work on budget GSM hacking at Camp++ in August 2016, and the video of the presentation just came online now (embedded below). The punchline is a method of listening to both the uplink and downlink channels for a pittance.

[Piotr] knows his GSM phone tech, studying it by day and hacking on a GnuRadio GSM decoder by night. His presentation bears this out, and is a great overview of GSM hacking from 2007 to the present. The impetus for Multi-RTL comes out of this work as well. Although it was possible to hack into a cheap phone or use a single RTL-SDR to receive GSM signals, eavesdropping on both the uplink and downlink channels was still out of reach, because it required more bandwidth than the cheap RTL-SDR had. More like the bandwidth of two cheap RTL-SDR modules.

Getting two RTL-SDR modules to operate in phase is as easy as desoldering a crystal from one and slaving it to the other. Aligning the two absolutely in time required a very sweet hack. It turns out that the absolute timing is retained after a frequency switch, so both RTL-SDRs switch to the same channel, lock together on a single signal, and then switch back off, one to the uplink frequency and the other to the downlink. Multi-RTL is a GnuRadio source that takes care of this for you. Bam! Hundreds or thousands of dollar’s worth of gear replaced by commodity hardware you can buy anywhere for less than a fancy dinner. That’s a great hack, and a great presentation.
Continue reading “GSM Sniffing On A Budget With Multi-RTL”

Hacking Together A Serial Backpack

January 30, 2017 by 30 Comments

A serial backpack is really nothing more than a screen and some microcontroller glue to drive it. And a hammer is nothing more than a hardened weight on the end of a stick. But when you’re presented with a nail, or a device that outputs serial diagnostic data, there’s nothing like having the right tool on hand.

1383501485329153153[ogdento] built his own serial backpack using parts on hand and a port of some great old code. Cutting up a Nokia 1100 graphic display and pulling a PIC out of the parts drawer got him the hardware that he needed, and he found a good start for his code in [Peter Andersen]’s plain-old character LCD library, combined with a Nokia 1100 graphic LCD library by [spiralbrain]. [ogdento] added control for the backlight, mashed the two softwares together, and voilà!

A simple screen with a serial port is a great device to have on hand, and it makes a great project. We’ve seen them around here before, of course. And while you could just order one online, why not make your own? Who knows what kind of crazy customizations you might dream up along the way.

SDR And Node.js Remote-Controlled Monster Drift

January 30, 2017 by 9 Comments

Most old-school remote controlled cars broadcast their controls on 27 MHz. Some software-defined radio (SDR) units will go that low. The rest, as we hardware folks like to say, is a simple matter of coding.

So kudos to [watson] for actually doing the coding. His monster drift project starts with the basics — sine and cosine waves of the right frequency — and combines them in just the right durations to spit out to an SDR, in this case a HackRF. Watch the smile on his face as he hits the enter key and the car pulls off an epic office-table 180 (video embedded below).

Continue reading “SDR And Node.js Remote-Controlled Monster Drift”

Retrotechtacular: The Best Pendulum Clock

January 30, 2017 by 31 Comments

Would you believe a pendulum clock that can keep time accurately to within one second per year? If you answered “yes”, you’ve either never tried to regulate a pendulum clock yourself, or you already know about the Shortt Clock. Getting an electromechanical device to behave so well, ticking accurately to within 0.03 parts per million, is no mean feat, and the Shortt clock was the first timekeeping device that actually behaves more regularly than the Earth itself. Continue reading “Retrotechtacular: The Best Pendulum Clock”