Physical Security Hack Chat With Deviant Ollam

June 1, 2020 by Dan Maloney 1 Comment

Join us on Wednesday, June 3 at noon Pacific for the Physical Security Hack Chat with Deviant Ollam!

You can throw as many resources as possible into securing your systems — patch every vulnerability religiously, train all your users, monitor their traffic, eliminate every conceivable side-channel attack, or even totally air-gap your system — but it all amounts to exactly zero if somebody leaves a door propped open. Or if you’ve put a $5 padlock on a critical gate. Or if your RFID access control system is easily hacked. Ignore details like that and you’re just inviting trouble in.

Once the black-hats are on the inside, their job becomes orders of magnitude easier. Nothing beats hands-on access to a system when it comes to compromising it, and even if the attacker isn’t directly interfacing with your system, having him or her on the inside makes social engineering attacks that much simpler. System security starts with physical security, and physical security starts with understanding how to keep the doors locked.

To help us dig into that, Deviant Ollam will stop by the Hack Chat. Deviant works as a physical security consultant and he’s a fixture on the security con circuit and denizen of many lockpicking villages. He’s well-versed in what it takes to keep hardware safe from unauthorized visits or to keep it from disappearing entirely. From CCTV systems to elevator hacks to just about every possible way to defeat a locked door, Deviant has quite a bag of physical security tricks, and he’ll share his insights on keeping stuff safe in a dangerous world.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 3 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Why Does Solder Smoke Always Find Your Face?

June 1, 2020 by Jenny List 38 Comments

For some of us the smell of rosin soldering flux vaporizing from the tip of an iron as a project takes shape is as evocative as the scent of a rose on a summer’s day. We’ve certainly breathed enough of it over the years, as it invariably goes from the piece of work directly into the face of the person doing the soldering. This is something that has evidently troubled [AlphaPhoenix], who has gone to extravagant lengths to research the problem using planar laser illumination and a home-made (and possibly hazardous) smoke generator.

He starts with a variety of hypotheses with everything from a human-heat-driven air vortex to the Coandă effect, but draws a blank with each one as he models them using cardboard cut-outs and boxes as well as himself. Finally he has the light bulb moment and discovers that the key to the mystery lies in his arms coming across the bench to hold both iron and solder. They close off an area of lower-pressure dead space which draws the air current containing the smoke towards it, and straight into his face. It’s something that can be combated with a small fan or perhaps a fume extractor, as despite some video trickery we have yet to master soldering iron telekinesis.

Continue reading “Why Does Solder Smoke Always Find Your Face?” →

NASA’s Long-Delayed Return To Human Spaceflight

June 1, 2020 by Tom Nardi 55 Comments

With the launch of the SpaceX Demo-2 mission, the United States has achieved something it hasn’t done in nearly a decade: put a human into low Earth orbit with a domestic booster and vehicle. It was a lapse in capability that stretched on far longer than anyone inside or outside of NASA could have imagined. Through a series of delays and program cancellations, the same agency that put boot prints on the Moon and built the iconic Space Shuttle had been forced to rely on Russia to carry its astronauts into space since 2011.

NASA would still be waiting to launch its own astronauts had they relied on America’s traditional aerospace giants to get the job done. The inaugural flight of the Boeing CST-100 “Starliner” to the International Space Station in December was an embarrassing failure that came perilously close to losing the unmanned capsule. A later investigation found that sloppy software development and inconsistent testing had caused at least two major failures during the mission, which ultimately had to be cut short as the vehicle couldn’t even reach the altitude of the ISS, to say nothing of making a docking attempt. NASA and Boeing have since agreed to attempt another test of the CST-100 sometime before the end of the year, though a delay into 2021 seems almost inevitable due to the global pandemic.

But America’s slow return to human spaceflight can’t be blamed on the CST-100, or even Boeing, for that matter. Since the retirement of the Space Shuttle, NASA has been hindered by politics and indecisiveness. With a constantly evolving mandate from the White House, the agency’s human spaceflight program has struggled to make significant progress towards any one goal.

Continue reading “NASA’s Long-Delayed Return To Human Spaceflight” →

Easy Internet For Retro Computers With The PiModem

June 1, 2020 by Lewin Day 34 Comments

Retro computers are great, but what really makes a computer special is how many other computers it can talk to. It’s all about the network! Often, getting these vintage rigs online requires a significant investment in dusty old network cards from eBay and hunting down long-corrupted driver discs to lace everything together. A more modern alternative is to use something like PiModem to do the job instead.

PiModem consists of using a Raspberry Pi Zero W to emulate a serial modem, providing older systems with a link to the outside world. This involves setting up the Pi to use its hardware serial port to communicate with the computer in question. A level shifter is usually required, as well as a small hack to enable hardware flow control where necessary. It’s then a simple matter of using tcpser and pppd so you can talk to telnet BBSs and the wider Internet at large.

It’s a tidy hack that makes getting an old machine online much cheaper and easier than using hardware of the era. We’ve seen similar work before, too!

A Home Made Dumper You’d Swear Came From A Factory

June 1, 2020 by Jenny List 9 Comments

When it comes to YouTube videos, there’s little we like more than some good quality workshop action, watching someone in command of their tools craft a machine from raw materials with an amazing result. It’s something [Workshop From Scratch] delivers with his homemade mini dumper, in which he makes a small dump-truck from scratch with a result that looks as though he’d bought it factory-made from his agricultural supplier.

At its heart is a substantial chassis made from welded together double box section tube, to which he’s bolted a second-hand hydraulic transmission of the type you would find on larger walk-behind groundskeeping machinery. At the back is a front steering axle from a mobility scooter, that pivots on a bearing and wheel hub from a Ford Mondeo to ensure stability on rough ground. There is a platform for the operator to stand on as the little Honda 4-stroke engine moves it around. The bucket is plasma cut and welded, and it’s safe to say that his welding ability exceeds ours.

The result is a machine that looks to be very useful, and dare we admit it, one we wouldn’t mind having a go on. It may not be as powerful as this electric home-built dump truck, but we like it.

Continue reading “A Home Made Dumper You’d Swear Came From A Factory” →

Pulling Data From News Feed Telemetry

May 31, 2020 by Jenny List 7 Comments

We are used to seeing shots from TV news helicopters every day, they are part of the backdrop to life in the 21st century. But so often we hear them overlaid with studio commentary, so it’s interesting to hear that their raw audio contains telemetry. It caught the attention of [proto17], who took some audio pulled from a news helicopter video and subjected it to a thorough investigation to retrieve the data.

The write-up is at a very in-depth level, and while there’s an admission that some of the steps could have been performed more easily with ready-made tools, its point is to go through all steps at a low level. So the action largely takes place in GNU Radio, in which we see the process of identifying the signal and shifting it downwards in frequency before deducing its baud rate to retrieve its contents. The story’s not over though, because we then delve into some ASCII tricks to identify the packet frames, before finally retrieving the data itself. It still doesn’t tell you what the data contains, but it’s a fascinating process getting there nonetheless.

It’s easy to forget that GNU Radio has signal processing capabilities far beyond radio, but it was the subject of a fascinating Superconference talk. We even jumped on the bandwagon in the non-foolish part of our April Fool this year.

Receive Analog Video Radio Signals From Scratch

May 31, 2020 by Bryan Cockfield 6 Comments

If you’ve been on the RTL-SDR forums lately you may have seen that a lot of work has been going into the DragonOS software. This is a software-defined radio group that has seen a lot of effort put into a purpose-built Debian-based Linux distribution that can do a lot of SDR out of the box. The latest and most exciting project coming from them involves a method for using the software to receive and demodulate analog video.

[Aaron]’s video (linked below) demonstrates using a particular piece of software called SigDigger to analyze an incoming analog video stream from a drone using a HackRF. (Of course any incoming analog signal could be used, it doesn’t need to be a drone.) The software shows the various active frequency ranges, allows a user to narrow in on one and then start demodulating it. While it has to be dialed in just right to get anything that doesn’t look like snow, [Aaron] is able to get recognizable results in just a few minutes.

Getting something like this to work completely in software is an impressive feat, especially considering that all of the software used here is free. Granted, this wouldn’t be as easy for a digital signal like most TV stations broadcast, but there’s still a lot of fun to be had. In case you missed the release of DragonOS, we covered it a few weeks ago and it’s only gotten better since then, with this project just as one example.

Continue reading “Receive Analog Video Radio Signals From Scratch” →