Sniffing Passwords, Rickrolling Toothbrushes

July 18, 2023 by Elliot Williams 14 Comments

If you could dump the flash from your smart toothbrush and reverse engineer it, enabling you to play whatever you wanted on the vibrating motor, what would you do? Of course there’s no question: you’d never give up, or let down. Or at least that’s what [Aaron Christophel] did. (Videos, embedded below.)

But that’s just the victory lap. The race began with previous work by [Cyrill Künzi], who figured out that the NFC chip inside was used for a run-time counter, and managed to reset it by sniffing the password with an SDR as it was being transmitted. A great hack to be sure, but it only works for people with their own SDR setup.

With the goal of popularizing toothbrush-head-NFC-hacking, [Aaron] busted open the toothbrush itself, found the debug pins, dumped the flash, and got to reverse engineering. A pass through Ghidra got him to where the toothbrush reads the NFC tag ID from the toothbrush head. But how does it get from the ID to the password? It turns out that it runs a CRC on a device UID from the NFC tag itself and also a manufacturer’s string found in the NFC memory, and scramble-combines the two CRC values.

Sounds complicated, but the NFC UID can be read with a cellphone app, and the manufacturer’s string is also printed right on the toothbrush head itself for your convenience. Armed with these two numbers, you can calculate the password, and convince your toothbrush head that it’s brand new, all from the comfort of your smartphone! Isn’t technology grand?

We’re left guessing a little bit about the Rickroll hack, but we’d guess that once [Aaron] had the debug pins on the toothbrush’s microcontroller, he just couldn’t resist writing and flashing in a custom firmware. Talk about dedication.

[Aaron] has been doing extensive work on e-paper displays, but his recent work on the Sumup payment terminal is a sweet look at hacking into higher security devices with acupuncture needles.

Continue reading “Sniffing Passwords, Rickrolling Toothbrushes” →

Sweet Hacks

July 15, 2023 by Elliot Williams 6 Comments

While talking about a solar powered portable Bluetooth speaker project on the podcast, I realized that I have a new category of favorite hacks: daily-use hacks.

If you read Hackaday long enough, you’ll start to categorize everything. There are the purely technical hacks, beautiful hacks, minimalist hacks, maximalist hacks, and then the straight-up oddball hacks. Sometimes what strikes us is the beauty of the execution. Sometimes it’s clever choice of parts that were designed to do exactly the right thing, and simply watching them do their job well is satisfying, and other times we like to see parts fooled into doing something they have no right to.

While I really like the above speaker build because it’s beautiful, and because it uses a clever choice of audio amplifier to work with the supercapacitors’ wild voltage swings, what really struck me about the project is that [Jamie Matthews] has been using it every day for the last nine months. It’s on his desk and he uses it to listen to music.

That’s a simple feat in a way, but it’s a powerful one. Some of my absolutely favorite projects of my own are similar – they are ones that I use all the time. Not the cliche “life hack”, which are usually like a clever way to peel a grapefruit, but rather hacks that become part of daily life. So look around you, and if you’re anything like me, you’ll find a number of these “daily driver” hacks. And if you do, celebrate them.

(And maybe even send ’em in to the tips line to share!)

99% Partspiration

July 8, 2023 by Elliot Williams 37 Comments

Thomas Edison once said that genius was 1% inspiration and 99% perspiration. That doesn’t leave much room for partspiration.

I’m working on a top-secret project, and had to place a parts order on AliExpress with a minimum order quantity of five in order to get decent shipping times. No big deal, financially, and it’s always great to have spares as backup for the ones you fry.

But as I started lighting up the little round smartwatch displays to put them through their paces, I started thinking of all sorts of ways that I could use something like this. I had no idea how easy to drive they were, or frankly, how good they looked in person. When you get a round display in your hands, you find that you need dial indicators everywhere.

And then my son came by and said “Oh neat. I want one!” and started thinking up all sorts of gizmos that I could put them in. Two of them would make awesome eyes, and he’s been on a chameleon kick – the animal, you know. So we’re looking for chameleon eye animations online.

And all of a sudden, I have more projects lined up than I have remaining screens. I’m calling this phenomenon “partspiration”. You know, when you figure out how to use something and then you see uses for it everywhere? Time to place another Ali order.

Gearing Up for the Hackaday Prize

And don’t forget, we just started the next round of the Hackaday Prize: Gearing Up. In this challenge round we want to see your best DIY tools, jigs, and workflow accelerators. Custom reflow plates, home-built power supplies, or even software tools – as long as it helps you get the job done, it has a place here. You’ve got until Aug. 8 to get your entry finished, but head on over to Hackaday.io and get started now.

Gearing Up With The 2023 Hackaday Prize

July 5, 2023 by Elliot Williams 3 Comments

You know how it goes. You’re working on a project, and you need to do some ultra-precise probing, so you end up making a custom PCB probing octopus along the way. Or you find that you spend more time making the jig to hold down a part for machining than you do machining it. Hackers are not merely a tool-using species, we’re a tool-making species – it’s in our nature to want to build the tools that make it easier to get the job done.

The Gearing Up round of the Hackaday Prize celebrates the tool makers. If you’ve got a project that maybe isn’t an end in itself, but rather one of those utility project that can make all the difference, we want to see it here. Maybe it’s obscure measurement gear, maybe it’s a test rig or a bolt sorter, maybe you’ve built your own reflow hot plate. This is the challenge round for you!

The Gearing Up round runs from yesterday, July 4th, until August 8th. As with all of the 2023 Hackaday Prize rounds, ten finalists will receive $500 and get entered for the big prizes to be announced in November. Continue reading “Gearing Up With The 2023 Hackaday Prize” →

Shall We Hack A Game?

July 1, 2023 by Elliot Williams 26 Comments

A fantastic summertime game has consumed many of the kids in my neighborhood. It’s basically a treasure hunt, but the treasures are all shoebox-sized NFC readers that are “easily” findable on a map. Players all have a smart card and run around from box to box, collecting points that depend on how far apart the boxes are from each other. Walk, skate, or bike 1 km between check-ins, and ten points show up on the e-paper screen.

It’s been going on for a few weeks now, and it’s not uncommon to see a line of two or three kids at any given box, all with the purple lanyards and smart cards around their necks. So far, the highest-rated plausible single efforts have 450 km (280 miles) under their belt. My son’s grade-school average is 45 km (28 miles) over three weeks. The goal is getting kids out on the early summer afternoons, and that seems to be working!

Of course I had to reverse engineer the infrastructure, so here’s what I started with. Each box knows your point standing as soon as you tap the card, with a small delay. Scores appear online about every four hours. And the boxes are all ~1 km from each other or less.

My first thought was some kind of mesh network – that would be by far the coolest solution. Each box could simply report your card number to a central database, and the rest is a simple matter of software. LoRa radios rounded out my fantasy design.

But the length of time between getting the points and their appearance online suggests otherwise. And, a little bit of playing around with my cellphone’s NFC reader gives up the juice – they are MiFare Classic cards with data storage. So I got my own card, ran around town, and diffed the results. I haven’t cracked the location/time-stamping yet, but I know exactly where my total points are stored.

I’m going to keep observing until I’ve got it figured out completely, but I’m so tempted to tweak the points and see what happens. Are some of the digits in what I think are a timestamp in reality a checksum? Will I get disqualified? Or worse, what if I make a mistake and get myself publicly into first place? OK, better to sit this one out on the sidelines – I really don’t want to be the jerk who crashes a fantastic kid’s game. Sometimes you’ve gotta know when not to hack.

Open Source And Giving Back

June 24, 2023 by Elliot Williams 41 Comments

3D printing YouTuber [Thomas Sanladerer] made a fairly contentious claim in a video about the state of open source hardware and software: namely that it’s not viable “anymore”. You can watch his video for more nuance, but the basic claim is that there are so many firms who are reaping the benefits of open designs and code that the people who are actually doing the work can’t afford to make a living anymore.

[Thomas] then goes on to mention a few companies that are patenting their 3DP innovations, and presumably doing well by it, and he then claims that patenting is probably the right way forward from a business standpoint.

The irony that he says this with a Voron 3D printer sitting behind him was not lost on us. The Voron is, after all, a very successful open-source 3D printer design. It’s just rock solid, has lots of innovative touches, and an extensive bill of materials. They don’t sell anything, but instead rely on donations from their large community to keep afloat and keep designing.

At the same time, a whole bunch of companies are offering Voron kits – all of the parts that you’d have to source yourself otherwise. While not mass-market, these kit sales presumably also help keep some of the 3D printer enthusiast stores that sell them afloat. Which is all to say: the Voron community is thriving, and a number of folks are earning their livings off of it. And it’s completely open.

When [Thomas] complains that some players in the 3DP business landscape aren’t giving back to the open-source community effort, he’s actually calling out a few large-scale Chinese manufacturers making mass-market machines. These companies aren’t interested in pushing the state of the art forward anyway, rather just selling what they’ve got. And sure, there are a million Creality Enders for every Voron 2 out there. And yes, they reap the benefits of open designs and code. But they’re competing in an entirely different market from the real innovators, and I’m not sure that’s a bad thing.

Let us know what you think. (And if you’re reading this in the newsletter format, head on over to Hackaday on Saturday morning to leave us your comments.)

Congratulations To Our Op-Amp Challenge Winners!

June 21, 2023 by Elliot Williams 15 Comments

The real world is analog, and the op-amp is the indispensable building block of many analog circuits. We wanted to give you analog fanatics out there a chance to shine and to encourage our digital brothers and sisters to dip their toes in the murky waters where ones and zeroes define the ends of a spectrum rather than representing the only choice. Hence, we presented the Op Amp Challenge. And you did not disappoint!

We received 83 entries, and it was extraordinarily hard to pick the winners. But since we had three $150 DigiKey shopping sprees to give away, our six judges buckled down and picked their favorites. Whether or not you’ve got the Golden Rules of the ideal op-amp tattooed on your arm, you’ll enjoy looking through all of the projects here. But without further ado…

The Winners

[Craig]’s Op Art is an X-Y voltage generator to plug into an oscilloscope and make classic Lissajous and other spirograph-like images, and it’s all done in analog. Maybe it was his incredible documentation, the nice use of a classic three-op-amp tunable oscillator, or the pun hidden in the title. Whatever the case, it wowed our judges and picked up a deserved place in the top three.

Hearkening back to the pre-digital dinosaur days, [Rainer Glaschick]’s Flexible Analog Computer is a modular analog computer prototyping system on a breadboard backplane. Since you have to re-wire up an analog computer for your particular, it’s great that [Rainer] gave us a bunch of examples on his website as well, including a lunar lander and classic Lorenz attractor demos.

And there was no way that [Chris]’s interactive analog LED wave array wouldn’t place in the top three. It’s a huge 2D analog simulation that runs entirely on op-amps, sensing when your hand moves across any part of its surface and radiating waves out from there. You have to admire the massive scale here, and you simply must check out the video of it in action. Glorious!

Continue reading “Congratulations To Our Op-Amp Challenge Winners!” →