Get Your Hands On A 2017 Hackaday Superconference Badge

November 8, 2017 by Elliot Williams 14 Comments

We just got the shipment of hot Hackaday Superconference badges in our hands yesterday, and they’re frankly awesome. Due to great manufacturing partners and a fantastic design by [Mike Harrison], we ended up with too few manufacturing defects and too many badges. How’s that for a nice problem to have?

But our gain is your gain! We have enough badges for everyone who’s coming to the con, and we’re selling the rest on Tindie.

In case you missed it, the badge is a digital video camera, or at least that’s how it’s going to start out its life. It’s got a camera sensor, enough processing power on-board to handle the image data, a screen, and SD card storage. It’s also got a good assortment of buttons, and more importantly, prototyping space and an abundance of pins broken out for you to play with. For the nitty-gritty, see the badge’s Hackaday.io project page. We’ve coded up the obvious applications, added in some challenging puzzles, and now we’re handing them off to you.

Hackaday Badge History

What will you do with them? That remains to be seen. The first time we put on a Supercon, we made the best badge you’ve ever seen — a blank protoboard, and a big pile of parts. Add in an enthusiastic and creative crowd, and out pops magic. Last year, [Voja] produced a badge with finesse and more resources, adding blinkies, IR, and an accelerometer, and we saw hacks making use of each of the features. This year, we’ve pushed it even further. Now it’s your turn.

The Superconference is this weekend, and a few hundred Hackaday hackers will get their hands on this lump of open hardware. Something fantastic is certainly going to happen. If you couldn’t make it but still want to play along, now’s your chance!

Conference badges are a fantastic playground for hardware hackers: they’re a small enough project to get done, but large enough to do something interesting. Some badges, like [Brian Benchoff]’s badge for Tindie, are minimalistic. Others, like this unofficial badge for DEFCON, are quadcopters. In between, there’s room for artistry and aesthetics and just plain cleverness. And don’t forget utility. The 2017 Layer One conference badge (here on Hackaday.io) is easily converted into an OBD II CAN bus sniffer or a video game machine — your pick.

Hackaday loves custom hardware and badges like this are more than just a PCB full of components. They’re a piece of the culture from the event where they made their debut. We’re happy we can share that with some of the hackers who couldn’t make it to Supercon this year.

What Is Entropy And How Do I Get More Of It?

November 2, 2017 by Elliot Williams 55 Comments

Let’s start off with one of my favorite quotes from John von Neumann: “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.”

What von Neumann is getting at is that the “pseudo” in pseudorandom number generator (PRNG) is really a synonym for “not at all”. Granted, if you come in the middle of a good PRNG sequence, guessing the next number is nearly impossible. But if you know, or can guess, the seed that started the PRNG off, you know all past and future values nearly instantly; it’s a purely deterministic mathematical function. This shouldn’t be taken as a rant against PRNGs, but merely as a reminder that when you use one, the un-guessability of the numbers that it spits out is only as un-guessable as the seed. And while “un-guessability” isn’t a well-defined mathematical concept, or even a real word, entropy is.

That’s why entropy matters to you. Almost anything that your computer wants to keep secret will require the generation of a secret random number at some point, and any series of “random” numbers that a computer generates will have only as much entropy, and thus un-guessability, as the seed used. So how does a computer, a deterministic machine, harvest entropy for that seed in the first place? And how can you make sure you’ve got enough? And did you know that your Raspberry Pi can be turned into a heavy-duty source of entropy? Read on!

Continue reading “What Is Entropy And How Do I Get More Of It?” →

Pull Passwords Out Of Silicon

October 30, 2017 by Elliot Williams 15 Comments

[q3k] got tipped off to a very cool problem in the ongoing Pwn2Win capture-the-flag, and he blew it out of the water by decoding the metal interconnect layers that encode a password in a VLSI IC. And not one to rent someone else’s netlist extraction code, he did it by writing his own.

The problem in the Pwn2Win CTF came in the form of the design files for a hypothetical rocket launch code. The custom IC takes an ASCII string as input, and flips a pin high if it matches. Probably the simplest way to do this in logic is to implement a shift register that’s long enough for the code string’s bits, and then hard-wire some combinatorial logic that only reads true when all of the individual bits are correct.

(No, you don’t want to implement a password-checker this way — it means that you could simply brute-force the password far too easily — but such implementations have been seen in the wild.)

Anyway, back to our story. After reversing the netlist, [q3k] located 320 flip-flops in a chain, suggesting a 40-byte ASCII code string. Working backward in the circuit from the “unlocked” pin to the flip-flops, he found a network of NOR and NAND gates, which were converted into a logic notation and then tossed into Z3 to solve. Some cycles later, he had pulled the password straight out of the silicon!

This looks like a really fun challenge if you’re into logic design or hardware reverse engineering. You don’t have to write your own tools to do this, of course, but [q3k] would say that it was worth it.

Thanks [Victor] for the great tip!
Featured image by David Carron, via Wikipedia.

Hackaday Prize Entry: Two Leg Robot

October 20, 2017 by Elliot Williams 12 Comments

If you’re working on your own bipedal robot, you don’t have to start from the ground up anymore. [Ted Huntington]’s Two Leg Robot project aims to be an Open Source platform that’ll give any future humanoid-robot builders a leg up.

While we’ve seen quite a few small two-legged walkers, making a pair of legs for something human-sized is a totally different endeavor. [Ted]’s legs are chock-full of sensors, and there’s a lot of software that processes all of the data. That’s full kinematics and sensor info going back and forth from 3D model to hardware. Very cool. And to top it all off, “Two Leg” uses affordable motors and gearing. This is a full-sized bipedal robot platform that you might someday be to afford!

Will walking robots really change the world? Maybe. Will easily available designs for an affordable bipedal platform give hackers of the future a good base to stand on? We hope so! And that’s why this is a great entry for the Hackaday Prize.

Inside Two-Factor Authentication Apps

October 16, 2017 by Elliot Williams 66 Comments

Passwords are in a pretty broken state of implementation for authentication. People pick horrible passwords and use the same password all over the place, firms fail to store them correctly and then their databases get leaked, and if anyone’s looking over your shoulder as you type it in (literally or metaphorically), you’re hosed. We’re told that two-factor authentication (2FA) is here to the rescue.

Well maybe. 2FA that actually implements a second factor is fantastic, but Google Authenticator, Facebook Code Generator, and any of the other app-based “second factors” are really just a second password. And worse, that second password cannot be stored hashed in the server’s database, which means that when the database is eventually compromised, your “second factor” blows away with the breeze.

Second factor apps can improve your overall security if you’re already following good password practices. We’ll demonstrate why and how below, but the punchline is that the most popular 2FA app implementations protect you against eavesdropping by creating a different, unpredictable, but verifiable, password every 30 seconds. This means that if someone overhears your login right now, they wouldn’t be able to use the same login info later on. What 2FA apps don’t protect you against, however, are database leaks.

Continue reading “Inside Two-Factor Authentication Apps” →

Happy Ada Lovelace Day!

October 10, 2017 by Elliot Williams 74 Comments

Today is Ada Lovelace Day, a day to celebrate and encourage women in the fields of science and technology. The day is named after Augusta Ada King-Noel, Countess of Lovelace, born Byron. (You can see why we just call her Ada Lovelace.) She was a brilliant mathematician, and the writer of what’s probably the first real computer program — it computed the Bernoulli series. At least according Charles Babbage, in correspondence to Michael Faraday, she was an “enchanted math fairy”. Not only a proto-coder, she wrote almost all of the existing documentation about Babbage’s computation engine. She’s a stellar example of a brilliant and unique individual. If you were looking for a superhero to represent women in science and tech, Ada’s a good pick.

In our minds, she gets stiff competition from Marie Curie. Curie did fundamental research on radioactivity, is one of two people with Nobel Prizes in two different sciences, and got to name the two elements that she discovered. 2011 was the Year of Marie Curie in France and Poland. She has her own year in addition to her own unit. Even Spiderman doesn’t have those radioactive super powers!

Don’t Need Another Hero?

But on a day dedicated to getting more women into the technical arts, it’s also a little bit daunting to pick Lovelace or Curie as a symbol. Are you ever going to have something that equals “first computer program” or “two Nobel Prizes” on your résumé? We aren’t. It’s great to have heroes, but maybe we need more than just heroes — we also need mentors.

Continue reading “Happy Ada Lovelace Day!” →

Who Owns Arduino?

October 5, 2017 by Elliot Williams 67 Comments

Who owns Arduino? We don’t mean metaphorically — we’d say that’s the community of users and developers who’ve all contributed to this amazing hardware/software ecosystem. We mean literally. Whose chips are on the table? Whose money talks? It looks like ARM could have a stake!

The Arduino vs Arduino saga “ended” just under a year ago with an out-of-court settlement that created a private holding company part-owned by both parties in the prior dispute over the trademark. And then, [Banzi] and the original founders bought out [Musto]’s shares and took over. That much is known fact.

The murky thing about privately held companies and out-of-court settlements is that all of the details remain private, so we can only guess from outside. We can speculate, however, that buying out half of the Arduino AG wasn’t cheap, and that even pooling all of their resources together, the original founders just didn’t have the scratch to buy [Musto] out. Or as the Arduino website puts it, “In order to make [t]his a reality, we needed a partner that would provide us with the resources to regain full ownership of Arduino as a company… and Arm graciously agreed to support us to complete the operation.” That, and the rest of the Arduino blog post, sure looks like ARM provided some funds to buy back Arduino.

We reached out to [Massimo Banzi] for clarification and he replied:

“Hi arm did not buy nor invest in arduino. The founders + Fabio Violante still own the company. As I wrote in the blog post we are still independent, open source and cross platform.”

We frankly can’t make sense of these conflicting statements, at least regarding whether ARM did or didn’t contribute monetary resources to the deal. ARM has no press release on the deal as we write this. Continue reading “Who Owns Arduino?” →