The Science Behind Boost Converters

May 5, 2017 by Jack Laidlaw 30 Comments

[Ludic Science] shows us the basic principles that lie behind the humble boost converter. We all take them for granted, especially when you can make your own boost converter or buy one for only a few dollars, but sometimes it’s good to get back to basics and understand exactly how things work.

The circuit in question is probably as simple as it gets when it comes to a boost converter, and is not really a practical design. However it helps visualize what is going on, and exactly how a boost converter works, using just a few parts, a screw, enameled wire, diode, capacitor and a push button installed on a board.

The video goes on to show us the science behind a boost converter, starting with adding a battery from which the inductor stores a charge in the form of an electromagnetic field. When the button is released, the magnetic field collapses, and this causes a voltage in the circuit which is then fed through a diode and charges the capacitor a little bit. If you toggle the switch fast enough the capacitor will continue to charge, and its voltage will start to rise. This then creates a larger voltage on the output than the input voltage, depending on the value of the inductor. If you were to use this design in a real life application, of course you would use a transistor to do the switching rather than a push button, it’s so much faster and you won’t get a sore finger.

This is very basic stuff, but the video gives us a great explanation of what is happening in the circuit and why. If you liked this article, we’re sure you’ll love Hackaday’s own [Jenny List] explain everything you need to know about inductors.

(updated thanks to [Unferium] – I made a mistake about the magnetic field collapsing when the button is pressed , When in reality it’s when the button is released that this happens. Apologies for confusion.)

Continue reading “The Science Behind Boost Converters” →

Industrial Robots, Hacking And Sabotage

May 4, 2017 by Jack Laidlaw 62 Comments

Everything is online these days creating the perfect storm for cyber shenanigans. Sadly, even industrial robotic equipment is easily compromised because of our ever increasingly connected world. A new report by Trend Micro shows a set of attacks on robot arms and other industrial automation hardware.

This may not seem like a big deal but image a scenario where an attacker intentionally builds invisible defects into thousands of cars without the manufacturer even knowing. Just about everything in a car these days is built using robotic arms. The Chassis could be built too weak, the engine could be built with weaknesses that will fail far before the expected lifespan. Even your brake disks could have manufacturing defects introduced by a computer hacker causing them to shatter under heavy braking. The Forward-looking Threat Research (FTR) team decided to check the feasibility of such attacks and what they found was shocking. Tests were performed in a laboratory with a real in work robot. They managed to come up with five different attack methods.

Attack 1: Altering the Controller’s Parameters
The attacker alters the control system so the robot moves unexpectedly or inaccurately, at the attacker’s will.

Concrete Effects: Defective or modified products
Requirements Violated: Safety, Integrity, Accuracy

Attack 2: Tampering with Calibration Parameters
The attacker changes the calibration to make the robot move unexpectedly or inaccurately, at the attacker’s will.

Concrete Effects: Damage to the robot
Requirements Violated: Safety, Integrity, Accuracy

Why are these robots even connected? As automated factories become more complex it becomes a much larger task to maintain all of the systems. The industry is moving toward more connectivity to monitor the performance of all machines on the factory floor, tracking their service lifetime and alerting when preventive maintenance is necessary. This sounds great for its intended use, but as with all connected devices there are vulnerabilities introduced because of this connectivity. This becomes especially concerning when you consider the reality that often equipment that goes into service simply doesn’t get crucial security updates for any number of reasons (ignorance, constant use, etc.).

For the rest of the attack vectors and more detailed info you should refer to the report (PDF) which is quite an interesting read. The video below also shows insight into how these type of attacks might affect the manufacturing process.

Continue reading “Industrial Robots, Hacking And Sabotage” →

Robotic Glockenspiel And Hacked HDD’s Make Music

May 2, 2017 by Jack Laidlaw 12 Comments

[bd594] likes to make strange objects. This time it’s a robotic glockenspiel and hacked HDD‘s. [bd594] is no stranger to Hackaday either, as we have featured many of his past projects before including the useless candle or recreating the song Funky town from Old Junk.

His latest project is quite exciting. He has incorporated his robotic glockenspiel with a hacked hard drive rhythm section to play audio controlled via a PIC 16F84A microcontroller. The song choice is Axel-F. If you had a cell phone around the early 2000’s you were almost guaranteed to have used this song as a ringtone at some point or another. This is where music is headed these days anyway; the sooner we can replace the likes of Justin Bieber with a robot the better. Or maybe we already have?

Continue reading “Robotic Glockenspiel And Hacked HDD’s Make Music” →

U.S Air Force Is Going To Get Hacked

April 30, 2017 by Jack Laidlaw 24 Comments

[HackerOne] has announced that US Dept of Defense (DoD) has decided to run their biggest bug bounty program ever, Hack the Air force.

You may remember last year there was the Hack the Pentagon bug bounty program, Well this year on the coattails of last year’s success the DoD has decided to run an even bigger program this year: Hack The Air force. Anyone from “The Five Eyes” countries (Australia, Canada, New Zealand, the United Kingdom and of course the United States) can take part. This is a change in format from the Pentagon challenge which was only open to U.S citizens and paid out a total of around $75,000 in bug bounties.

Now obviously there are rules. You can’t just hack The Air Force no matter how much you want “All their base are belong to you”. The DoD want computer hackers to find bugs in their public facing web services and are not so much interested in you penetration testing their weapons systems or any other critical infrastructure. Try that and you may end up with a lovely never-ending tour of Guantanamo Bay Naval Base.

Hack Your Own Samsung TV With The CIA’s Weeping Angel Exploit

April 26, 2017 by Jack Laidlaw 57 Comments

[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.

An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.

It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.

The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.

Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!

PogoPlug Hacking: A Step By Step Guide To Owning The Device

April 24, 2017 by Jack Laidlaw 29 Comments

[Films By Kris Hardware] has started quite an interesting YouTube series on hacking and owning a PogoPlug Mobile v4. While this has been done many times in the past, he gives a great step by step tutorial. The series so far is quite impressive, going into great detail on how to gain root access to the device through serial a serial connection.

PogoPlugs are remote-access devices sporting ARM processor running at 800 MHz, which is supported by the Linux Kernel. The version in question (PogoPlug Mobile v4) have been re-purposed in the past for things like an inexpensive PBX, an OpenWrt router and even a squeezebox replacement. Even if you don’t have a PogoPlug, this could be a great introduction to hacking any Linux-based consumer device.

So far, we’re at part three of what will be an eight-part series, so there’s going to be more to learn if you follow along. His videos have already covered how to connect via a serial port to the device, how to send commands, set the device up, and stop it calling home. This will enable the budding hacker to make the PogoPlug do their bidding. In this age of the cheap single-board Linux computer, hacking this type of device may be going out of style, but the skills you learn here probably won’t any time soon.

Continue reading “PogoPlug Hacking: A Step By Step Guide To Owning The Device” →

White-hat Botnet Infects, Then Secures IoT Devices

April 24, 2017 by Jack Laidlaw 32 Comments

[Symantec] Reports Hajime seems to be a white hat worm that spreads over telnet in order to secure IoT devices instead of actually doing anything malicious.

[Brian Benchoff] wrote a great article about the Hajime Worm just as the story broke when first discovered back in October last year. At the time, it looked like the beginnings of a malicious IoT botnet out to cause some DDoS trouble. In a crazy turn of events, it now seems that the worm is actually securing devices affected by another major IoT botnet, dubbed Mirai, which has been launching DDoS attacks. More recently a new Mirai variant has been launching application-layer attacks since it’s source code was uploaded to a GitHub account and adapted.

Hajime is a much more complex botnet than Mirai as it is controlled through peer-to-peer propagating commands through infected devices, whilst the latter uses hard-coded addresses for the command and control of the botnet. Hajime can also cloak its self better, managing to hide its self from running processes and hide its files from the device.

The author can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added on the fly. It is apparent from the code that a fair amount of development time went into designing this worm.

So where is this all going? So far this is beginning to look like a cyber battle of Good vs Evil. Or it’s a turf war between rival cyber-mafias. Only time will tell.