Author: Mike Szczys

6403 Articles

Google’s OnHub Goes Toe To Toe With Amazon Echo

August 19, 2015 by 46 Comments

Yesterday Google announced preorders for a new device called OnHub. Their marketing, and most of the coverage I’ve seen so far, touts OnHub as a better WiFi router than you are used to including improved signal, ease of setup, and a better system to get your friends onto your AP (using the ultrasonic communication technique we’ve also seen on the Amazon Dash buttons). Why would Google care about this? I don’t think they do, at least not enough to develop and manufacture a $199.99 cylindrical monolith. Nope, this is all about the Internet of Things, as much as it pains me to use the term.

google-onhub-iot-router-thumbOnHub boasts an array of “smart antennas” connected to its various radios. It has the 2.4 and 5 Gigahertz WiFi bands in all the flavors you would expect. The specs also show an AUX Wireless for 802.11 whose purpose is not entirely clear to me but may be the network congestion sensing built into the system (leave a comment if you think otherwise). Rounding out the communications array is support for ZigBee and Bluetooth 4.0.

I have long looked at Google’s acquisition of Nest and assumed that at some point Nest would become the Router for your Internet of Things, collecting data from your exercise equipment and bathroom scale which would then be sold to your health insurance provider so they may adjust your rates. I know, that’s a juicy piece of Orwellian hyperbole but it gets the point across rather quickly. The OnHub is a much more eloquent attempt at the same thing. Some people were turned off by the Nest because it “watches” you to learn your heating preferences. The same issue has arisen with the Amazon Echo which is “always listening”.

Google has foregone those built-in futuristic features and chosen a device to which almost  everyone has already grown accustom: the WiFi router. They promise better WiFi and I’m sure it will deliver. What’s the average age of a home WiFi AP at this point anyway? Any new hardware would be an improvement. Oh, and when you start buying those smart bulbs, fridges, bathroom scales, egg trays, and whatever else it’ll work for them as well.

As far as hacking and home automation, it’s hard to beat the voice-activated commands we’ve seen with Echo lately, like forcing it to control Nest or operate your Roku. Who wants to bet that we’ll see a Google-Now based IoT standalone device quickly following the shipment of OnHub?

Continue reading “Google’s OnHub Goes Toe To Toe With Amazon Echo”

Hackaday Prize Entry Closes But Work Continues

August 17, 2015 by 4 Comments

If you’ve been watching the countdown timer you’ve noticed that it’s run its course. The entry window for the 2015 Hackaday Prize is now closed, but that doesn’t mean you can stop what you’ve been doing. As we begin judging this slate of entries, heed my advice and continue working on your project in earnest because the next judging deadline is right around the corner: September 21st at 1:50pm Pacific Time.

For all entries complete the following:

  • A second video of no more than 5 minutes including footage of your prototype in action
  • A total of 8 project logs
  • A nearly complete components list
  • A rendering or drawing of the design/look and feel of the project

Early next week we will announce the 100 projects that move on to the next round. We will also announce which of the Best Product entries will be among the 10 finalists. The Best Product competitors have additional benchmarks to meet:

Best Product Entries must complete the following:

  • A third video between 5-10 minutes in length
  • A total of 12 project logs
  • A compete components list and a bill of materials for one unit
  • Schematics
  • Design Files

Of course the Hackaday Prize is about building something that matters and documenting it as an Open Hardware project. Thank you for sharing your time and talent in preparing your entry. To recognize your effort this year, we’ll be awarding a commemorative T-shirt to all who complete the entry requirements. More information about claiming that shirt will be sent in the coming weeks.

The 2015 Hackaday Prize is sponsored by:

Closing Out DEF CON 23

August 14, 2015 by 5 Comments

We had a wild time at DEF CON last week. Here’s a look back on everything that happened.

defcon-23-hackday-breakfast-thumbFor us, the festivities closed out with a Hackaday Breakfast Meetup on Sunday morning. Usually we’d find a bar and have people congregate in the evening but there are so many parties at this conference (official and unofficial) that we didn’t want people to have to choose between them. Instead, we made people shake off the hangover and get out of bed in time for the 10:30am event.

We had a great group show up and many of them brought hardware with them. [TrueControl] spilled all the beans about the hardware and software design of this year’s Whiskey Pirate badge. This was by far my favorite unofficial badge of the conference… I made a post covering all the badges I could find over the weekend.

We had about thirty people roll through and many of them stayed for two hours. A big thanks to Supplyframe, Hackaday’s parent company, for picking up the breakfast check and for making trips like this possible for the Hackaday crew.

Hat Hacking

@RobertPlacencia and Jason were the first at DEF CON 23 to hack
@noahanadeau was the second on the scoreboard

For DEF CON 22 I built a hat that scrolls messages and also serves as a simple WiFi-based crypto game. Log onto the access point and try to load any webpage and you’ll be greeted with the scoreboard shown above. Crack any of the hashes and you can log into the hat, put your name on the scoreboard, and make the hat say anything you want.

Last year only one person hacked the hat, this year there were 7 names on the scoreboard for a total of 22 cracked hashes. Nice work!

  • erich_jjyaco_cpp    16 Accounts
  • UniversityOfAriz     1 Account
  • @badgerops             1 Account
  • conorpp_VT             1 Account
  • C0D3X Pwnd you    1 Account
  • D0ubleN                   1 Account
  • erichahn525_VTe     1 Account

Three of these hackers talked to me, the other four were covert about their hat hacking. The top scorer used a shell script to automate logging-in with the cracked passwords and putting his name on the scoreboard.

I’d really like to change it up next year. Perhaps three hats worn by three people who involves some type of 3-part key to add different challenges to this. If you have any ideas I’d love to hear them below, or as comments on the project page.

[Eric Evenchick] on socketCAN

eric-evenchick-socketCAN-defcon-23-croppedOne of the “village” talks that I really enjoyed was from [Eric Evenchick]. He’s been a writer here for a few years, but his serious engineering life is gobbling up more and more of his time — good for him!

You probably remember the CANtact tool he built to bring car hacking into Open Source. Since then he’s been all over the place giving talks about it. This includes Blackhat Asia earlier in the year (here are the slides), and a talk at BlackHat a few days before DEF CON.

This village talk wasn’t the same as those, instead he focused on showing what socketCAN is capable of and how you might use it in your own hacking. This is an open source software suite that is in the Linux repos. It provides a range of tools that let you listen in on CAN packets, record them, and send them out to your own car. It was great to hear [Eric] rattle off examples of when each would be useful.

Our Posts from DEF CON 23

If you missed any of them, here’s our coverage from the conference. We had a blast and are looking forward to seeing everyone there next year!

Your Homework For This Weekend

August 13, 2015 by 51 Comments

Your homework for this weekend: Build me something and enter it in The Hackaday Prize. I’m not joking.

It’s very rare for me to come out with a big “ask”, but this is it. I need you now. The Hackaday Prize is our STEAM initiative. It very publicly shows that you can have a lot of fun with engineering in your free time. This is a lesson we need to broadcast and to do so, I want to see dozens of entries come together this weekend.

Here’s the gist of it: Choose a problem that is faced by a large number of people. Build something that helps fix it, and document what you did. You need to start a project, publish 4 project logs, a system design diagram, and a video of less than 2 minutes in length. That’s it, and you can easily be done with all of this if you choose to make this weekend a hackathon.

You may win, you may not. But everyone who posts a project is helping to inspire the next generation of great engineers. The next [Forrest Mims] is out there, lets make sure he or she knows how amazing the world of engineering is! Get to work.

The 2015 Hackaday Prize is sponsored by:

 

Tonight Is Hacker Chat With The Hackaday Writing Crew

August 12, 2015 by No comments

Tonight at 6pm PDT (UTC-7) is that last Hacker Chat before the entry deadline for the 2015 Hackaday Prize. Join us to talk about all things hardware. Those who need last-minute advice, or are looking for team members for an epic weekend hackathon to bootstrap your winning entry, this is the place to find it. It’s worth entering something… we’re giving everyone with an entry a limited-edition shirt.. and a well executed idea just might get you to the next round!

Joining [Brian Benchoff], [Adam Fabio], and me for tonight’s festivities are [Richard Baguley], [Kevin Dady] (aka [Osgeld]), [Bil Herd], [Kristina Panos], and [Al Williams]. We run these things a bit like the wild-west. There is just a bit of structure, but mostly anything goes. As far as the structure, add your project to this sheet if you want it to be one of the discussion topics. Other than that, share your knowledge and opinions while being excellent to each other. See you this evening!

The 2015 Hackaday Prize is sponsored by:

All The Unofficial Electronic Badges Of DEF CON

August 10, 2015 by 26 Comments

2015 was the year of the unofficial hardware badge at DEF CON 23. There were a ton of different hardware badges designed for the love of custom electronics and I tried to catch up with the designer of each different badge. Here is the collection of images, video demos, and build details for each one I saw this weekend.

Whiskey Pirates

Gorgeous text treatment on back of this badge is indicative of [True’s] mastery

[TrueControl] did a great job with his badge design this year for the Whiskey Pirate Crew. This is a great update from the badge he designed last year, keeping the skull and bones outline. It uses a PSOC4 chip to control a ton of LEDs. The eyes are RGB pixels which are each on their own PCB that is soldered onto the back of the badge, with openings for the LED to show through. Two AA batteries power the board which has a surface-mount LED matrix. The user controls are all capacitive touch. There is a spinner around one eye, and pads for select and back. The NRF24L01 radio operates at 2.4GHz. This badge is slave to commands from last year’s badge. When the two are in the same area the 2015 badges will scroll the nickname of the 2014 badge it “sees”. The piezo element also chirps many different sounds based on the interactions with different badges.

[True] makes design an art form. The matte black solder mask looks fantastic, and he took great care in use of font, size, alignment, and things like letting copper show through for a really stunning piece of hardware art.

Keep reading for ten more great badges seen over the weekend.

Continue reading “All The Unofficial Electronic Badges Of DEF CON”

Millions Of Satellite Receivers Are Low-Hanging Fruit For Botnets

August 9, 2015 by 45 Comments

Satellite television is prevalent in Europe and Northern Africa. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. You need to buy a card if you want to watch. But you know how people like to get something for nothing. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets.

This was the topic of [Sofiane Talmat’s] talk at DEF CON 23. He also gave this talk earlier in the week at BlackHat and has published his slides (PDF).

stb-hardwareThe Hardware in Satellite receivers is running Linux. They use a card reader to pull in a Code Word (CW) which decodes the signal coming in through the satellite radio.

An entire black market has grown up around these Code Words. Instead of purchasing a valid card, people are installing plugins from the Internet which cause the system to phone into a server which will supply valid Code Words. This is known as “card sharing”.

On the user side of things this just works; the user watches TV for free. It might cause more crashes than normal, but the stock software is buggy anyway so this isn’t a major regression. The problem is that now these people have exposed a network-connected Linux box to the Internet and installed non-verified code from unreputable sources to run on the thing.

[Sofiane] demonstrated how little you need to know about this system to create a botnet:

  • Build a plugin in C/C++
  • Host a card-sharing server
  • Botnet victims come to you (profit)

It is literally that easy. The toolchain to compile the STLinux binaries (gcc) is available in the Linux repos. The STB will look for a “bin” directory on a USB thumb drive at boot time, the binary in that folder will be automatically installed. Since the user is getting free TV they voluntarily install this malware.

Click through for more on the STB Hacks.

Continue reading “Millions Of Satellite Receivers Are Low-Hanging Fruit For Botnets”