Universal Serial Abuse

August 17, 2016 by Jenny List 26 Comments

It’s probable that most Hackaday readers are aware of their own computer security even if they are not specialists. You’ll have some idea of which ports your machines expose to the world, what services they run, and you’ll know of a heap of possible attack vectors even if you may not know about every last one.

So as part of that awareness, it’s likely you’ll be wary of strange USB devices. If someone drops a Flash drive in the parking lot the chances of one of you blithely plugging it into your laptop is not high at all. USB ports are trusted by your computer and its operating system, and to have access to one is to be given the keys to the kingdom.

Our subject today is a DEF CON talk courtesy of [Dominic White] and [Rogan Dawes] entitled “Universal Serial aBUSe“, and it details a USB attack in which they create an innocuous USB stick that emulates a keyboard and mouse which is shared across a WiFi network via a VNC server. This gives an attacker (who can gain momentary physical access to a USB port to install the device) a way into the machine that completely bypasses all network and other security measures.

Their hardware features an AVR and an ESP8266, the former for USB and HID work and the latter to do the heavy lifting and provide WiFi. They started with a Cactus Micro Rev2, but graduated to their own compatible board to make the device more suitable to pose as a USB stick. Both hardware and software files can be found on their GitHub repository, with the software being a fork of esp-link. They go into significant detail of their development and debugging process, and their write-up should be an interesting read for anyone.

Below the break you can find a video description of the attack. It’s not a shock to know that USB ports have such little defense, but it is a sobering moment to realize how far attacks like this one have come into the realm of what is possible.

Continue reading “Universal Serial Abuse” →

Bone Conduction Skull Radio

August 17, 2016 by Jenny List 20 Comments

There are many ways to take an electrical audio signal and turn it into something you can hear. Moving coil speakers, plasma domes, electrostatic speakers, piezo horns, the list goes on. Last week at the Electromagnetic Field festival in the UK, we encountered another we hadn’t experienced directly before. Bite on a brass rod (sheathed in a drinking straw for hygiene), hear music.

This was Skull Radio, a bone conduction speaker courtesy of [Tdr], one of our friends from TOG hackerspace in Dublin, and its simplicity hid a rather surprising performance. A small DC motor has its shaft connected to a piece of rod, and a small audio power amplifier drives the motor. Nothing is audible until you bite on the rod, and then you can hear the music. The bones of your skull are conducting it directly to your inner ear, without an airborne sound wave in sight.

The resulting experience is a sonic cathedral from lips of etherial sibilance, a wider soft palate soundstage broadened by a tongue of bass and masticated by a driving treble overlaid with a toothy resonance before spitting out a dynamic oral texture. You’ll go back to your hi-fi after listening to [Tdr]’s Skull Radio, but you’ll know you’ll never equal its unique sound.

(If you are not the kind of audiophile who spends $1000 on a USB cable, the last paragraph means you bite on it, you hear music, and it sounds not quite as bad as you might expect.)

This isn’t the first bone conduction project we’ve featured here, we’ve seen a Bluetooth speaker and at least one set of headphones, but our favorite is probably this covert radio.

Hackerspacing: Making A Temperature Logger

August 13, 2016 by Jenny List 7 Comments

The folks at Swindon Makerspace took possession of a new space a few months ago after a long time in temporary accommodation. They’ve made impressive progress making it their own, and are the envy of their neighbours.

A small part of the new space is a temperature logger, and it’s one whose construction they’ve detailed on their website. It’s a simple piece of hardware based around a Dallas DS18B20 1-wire temperature sensor and an ESP8266 module, powered by 3 AA batteries and passing its data to data.sparkfun.com. The PCB was created using the space’s CNC router, and the surface-mount components were hand-soldered. The whole thing is dwarfed by its battery box, and will eventually be housed in its own 3D printed case. Sadly they’ve not posted the files, though it’s a simple enough circuit that’s widely used, it looks similar to this one with the addition of a voltage regulator.

The device itself isn’t really the point here though, instead it serves here to highlight the role of a typical small hackspace in bringing simple custom electronic and other prototyping services to the grass roots of our community. Large city hackspaces with hundreds of members will have had the resources to create the space program of a small country for years, but makers in provincial towns like Swindon – even with their strong engineering heritage – have faced an uphill struggle to accumulate the members and resources to get under way.

So to the wider world it’s a simple temperature logger but it really represents more than that — another town now has a thriving and sustainable makerspace. Could your town do the same?

If you’ve never used a Dallas 1-wire temperature sensor like the one the Swindon folks have in their logger, we suggest you read our primer on the parts and their protocol.

A VNA On A 200 Euro Budget

August 13, 2016 by Jenny List 24 Comments

If you were to ask someone who works with RF a lot and isn’t lucky enough to do it for a commercial entity with deep pockets what their test instrument of desire would be, the chances are their response would mention a vector network analyser. A VNA is an instrument that measures the S-parameters of an RF circuit, that rather useful set of things to know whose maths in those lectures as an electronic engineering student are something of a painful memory for some of us.

The reason your RF engineer respondent won’t have a VNA on their bench already will be fairly straightforward. VNAs are eye-wateringly expensive. Second-hand ones are in the multi-thousands, new ones can require the keys to Fort Knox. All this is no obstacle to [Henrik Forstén] though, he’s built himself a 30MHz to 6 GHz VNA on the cheap, with the astoundingly low budget of 200 Euros.

On paper, the operation of a VNA is surprisingly simple. RF at a known power level is passed through the device under test into a load, and the forward and reverse RF is sampled on both its input and output with a set of directional couplers. Each of the four couplers feeds what amounts to an SDR, and the resulting samples are processed by a computer. His write-up contains a full run-down of each section of the circuit, and is an interesting primer on the operation of a VNA,

[Henrik] admits that his VNA isn’t as accurate an instrument as its commercial cousins, but for his tiny budget the quality of his work is evident in that it is a functional VNA. He could have a batch of these assembled and he’d find a willing queue of buyers even after taking into account the work he’s put in with his pricing.

[Henrik]’s work has appeared on these pages several times before, and every time he has delivered something special. We’ve seen his radar systems, home-made horn antennas, and a very well-executed ARM single board computer. This guy is one to watch.

Thanks [theEngineer] for the tip.

From Project To Kit: Instructions Are Everything

August 12, 2016 by Jenny List 26 Comments

A printed copy of the instructions for our example kit

We’ve had two previous articles in this series on turning a personal electronic project into a saleable kit, in which we’ve examined the kit market in a broader context for a new entrant, and gone on to take a look at the process of assembling the hardware required to create a product. We’ve used an NE555 LED flasher as a simple example , from which we’ve gone through the exercise of setting a cost of production and therefore a retail price.

The remaining task required to complete our kit production is to write the documentation that will accompany it. These will be the instructions from which your customers will build the kit, and their success and any other customers they may send your way will hang on their quality. So many otherwise flawless kits get this part of the offering so wrong, so for a kit manufacturer it represents an easy win into which to put some effort.
Continue reading “From Project To Kit: Instructions Are Everything” →

Pimoroni Wash Their Hands Of Arduino

August 11, 2016 by Jenny List 115 Comments

One of the big stories of last year was the fracture of the official Arduino supply into two competing organisations at daggers drawn, each headed by a different faction with its origins in the team that gave us the popular single board computers. Since then we’ve had Arduinos from Arduino LLC (the [Massimo] Arduino.cc, arguably the ‘original’, and Arduino trademark holder in the United States) and Arduino SRL (the [Musto] Arduino.org, and owner of the Arduino trademark everywhere except the US) , two websites, two forks of the IDE, and “real” Arduino boards available under a couple of names depending on where in the world you live due to a flurry of legal manoeuvres. Yes. it’s confusing.

Today came news of a supplier throwing its hands up in despair at the demands imposed on them as part of this debacle. Pimoroni, famous as supplier of Raspberry Pi goodies, has put up a blog post explaining why they will henceforth no longer be selling Arduinos. They took the side of Arduino LLC, and the blog post details their extensive trials and delays in making contact with the company before eventually being told they would have to agree to purchase substantial stocks both Arduino and Genuino branded versions of identical products and agree to sell them through separate supply channels for both Europe and the rest of the world before they could proceed. This is not a practical proposition for a small company, and the Pimoroni people deliver a very pithy explanation of exactly why towards the bottom of their post.

We’ve covered the Arduino versus Arduino debacle extensively in the past, this is simply the latest in a long line of stories. Pimoroni have hit the nail on the head when they make the point that the customers and suppliers really don’t care about spats between the various inheritors of the Arduino legacy, they just want an Arduino. And with so many other Arduino-compatible boards available they don’t have to look very hard to find one if the right shade of blue solder-resist or the shape of the map of Italy on the back isn’t a special concern. Can we be the only ones wishing something like this might knock a bit of sense into the various parties?

EMF Camp 2016, A Personal Review

August 11, 2016 by Jenny List 18 Comments

If I can offer one piece of advice to the Hackaday readership, it is this: Never, ever, be the sole member of your hackerspace’s board that owns a large station wagon, unless you relish the thought of packing an entire hacker camp village into your vehicle and transporting it halfway across the country in the blazing August heat.

I’ve done my laundry, aired my tent, and just sorted the contents of a brace of Tesco bags into several categories: rubbish, food, camping gear and interesting stuff. As I write this, yesterday was teardown day for Electromagnetic Field 2016, an event that bills itself as “a non-profit UK camping festival for those with an inquisitive mind or an interest in making things: hackers, artists, geeks, crafters, scientists, and engineers”, and this is a personal account of the event from the point of view of both being part of the Oxford Hackspace village and of waving the flag for Hackaday and Tindie.

Continue reading “EMF Camp 2016, A Personal Review” →