Those Elevator Emergency Call Buttons Are Actually Pretty Janky

August 10, 2019 by 26 Comments

We’ve all stared at that button in the elevator with the phone icon on it, supremely confident that if the cab came to a screeching halt while rocketing up to the 42nd floor, a simple button press would be your salvation. To be fair, that’s probably true. But the entire system is not nearly as robust as most people think.

Friday at DEF CON 27, [Will Caruana] took the stage to talk about phone phreaking on an elevator. The call buttons first appeared on elevators in 1968 as actual phone handsets, eventually becoming a mandated feature starting in 1976. Unfortunately, the technology they use hasn’t come all that far since. Phone modules on elevators did benefit when DTMF (touch tones) and voice menu systems rolled around. But for the most part, they are a plain old telephone service (POTS) frontend.

[Will] spends his spare time between floors pressing the call button and asking for the phone number. It’s the lowest bar of social engineering, by identifying yourself as an elevator service technician and asking for the number he is calling from. His experience has been that the person at the other end of the phone will give you that number no questions asked nearly every time. What can you do with a phone number? Turns out quite a bit.

The keys to the castle are literally in the elevator phone user manuals. The devices, shipped by multiple manufacturers, come with a default password and [Will’s] experience has been that nobody changes them. This means that once you have the phone number, you can dial in and use the default password to reprogram how the system works. This will not let you directly control the elevator, but it will let you speak to the people inside, and even change the call-out number so that the next time that little button is pressed it calls you, and not the phone service it’s intended to dial. That is, if the system was even correctly set up in the first place. He mentioned that it’s not too hard to find elevators that don’t have their location set up in the system — if you do need help, it may be hard to figure out which elevator you’re actually in. There have also been instances where these call the 24-hour maintenance staff for the building, a bewildering experience for sleepy personnel who didn’t sign up for this.

Want to go beyond the call button and dig deeper into the secrets of pwning elevators? [Will] suggests watching the HOPE X talk from [Deviant Ollam] and [Howard Payne] called Elevator Hacking: From the Pit to the Penthouse.

660 FPS Raspberry Pi Video Captures The Moment In Extreme Slo-Mo

August 10, 2019 by 18 Comments

Filming in slow-motion has long become a standard feature on the higher end of the smartphone spectrum, and can turn the most trivial physical activity into a majestic action shot to share on social media. It also unveils some little wonders of nature that are otherwise hidden to our eyes: the formation of a lightning flash during a thunderstorm, a hummingbird flapping its wings, or an avocado reaching that perfect moment of ripeness. Altogether, it’s a fun way of recording videos, and as [Robert Elder] shows, something you can do with a few dollars worth of Raspberry Pi equipment at a whopping rate of 660 FPS, if you can live with some limitations.

Taking the classic 24 FPS, this will turn a one-second video into a nearly half-minute long slo-mo-fest. To achieve such a frame rate in the first place, [Robert] uses [Hermann-SW]’s modified version of raspiraw to get raw image data straight from the camera sensor to the Pi’s memory, leaving all the heavy lifting of processing it into an actual video for after all the frames are retrieved. RAM size is of course one limiting factor for recording length, but memory bandwidth is the bigger problem, restricting the resolution to 64×640 pixels on the cheaper $6 camera model he uses. Yes, sixty-four pixels height — but hey, look at that super wide-screen aspect ratio!

While you won’t get the highest quality out of this, it’s still an exciting and inexpensive way to play around with slow motion. You can always step up your game though, and have a look at this DIY high-speed camera instead. And well, here’s one mounted on a lawnmower blade destroying anything but a printer.

Continue reading “660 FPS Raspberry Pi Video Captures The Moment In Extreme Slo-Mo”

A Keyboard Interface For Your SInclair ZX

August 10, 2019 by 11 Comments

The SInclair ZX 8-bit computers of the early 1980s were masterpieces of economy, getting the most out of minimal hardware. The cassette tape interface was a one-bit port, the video was (on the first two models anyway) created by the processor itself rather than a CRT controller, and the keyboard? No fancy keyboard controllers here, just a key matrix and some diodes between a set of address lines and some data lines. The ZX80 and ZX81 were not very fast as a result of their processors being tied up with all this work, but it ensured that their retail price could break the magic £100 barrier in the British market, something of a feat in 1980.

A host of hackers still devote their time to these machines, and among them [Danjovic] has updated that ZX keyboard by producing an interface between that matrix and a PS/2 keyboard. As you might expect it uses a modern microcontroller board, in this case an Arduino Nano but it doesn’t stretch the imagination to think that a USB equipped board might perform the same task. It sits upon the relevant lines, and performs the necessary logical connection between them depending upon the serial input from an attached PS/2 keyboard. The project goes into some detail on PS/2 to ZX mappings, but perhaps of most interest is its explanation of the bus timings involved. The Arduino makes use of the ZX WAIT line to hold the Z80 and ensure that there is enough time for it to perform its task, it would be interesting to note whether or not this has a visible impact on BASIC program timing.

We are more used to seeing ZX keyboards being attached to PCs, rather than this way round.

ZX Spectrum image: Bill Bertram [CC BY-SA 2.5].

Acoustic Lenses Show Sound Can Be Focused Like Light

August 10, 2019 by 30 Comments

Acoustic lenses are remarkable devices that just got cooler. A recent presentation at SIGGRAPH 2019 showed that with the help of 3D printing, it is possible to build the acoustic equivalent of optical devices. That is to say, configurations that redirect or focus sound waves. One fascinating demonstration worked like an acoustic prism, able to send different notes from a simple melody in different directions. Another was a device that dynamically varied the distance between two lenses in order to focus sound onto a moving target. In both cases, the sounds originate from an ordinary speaker and are shaped by passing through the acoustic lens or lenses, which are entirely passive devices.

Researchers from the University of Sussex used 3D printing for a modular approach to acoustic lens design. 16 different pre-printed “bricks” (shown here) can be assembled in various combinations to get different results. There are limitations, however. The demonstration lenses only work in a narrow bandwidth, meaning that the sound they work with is limited to about an octave at best. That’s enough for a simple melody, but not nearly enough to cover a human’s full audible range. Download the PDF for a quick read about the details, it’s only two pages but loaded with enough to whet your appetite to know more.

Directional sound can be done in other ways as well, such as using an array of ultrasonic emitters to create a coherent beam of sound. Ultrasonic emitters can even levitate lightweight objects. Ain’t sound neat?

Individual Neopixels Make Up This Lightsaber’s Blade

August 9, 2019 by 7 Comments

The lightsaber is an iconic weapon from the Star Wars franchise, designed in all sorts of shapes and colors. Several fan-made versions have been built as well, quite a few of which use the almost ubiquitous neopixel. [Tirenoth] decided to build his first lightsaber using a series of neopixels, but decided on a unique build method.

Instead of the usual strip of neopixels, [Tirenoth] chose to use a bunch of neopixels in the 5mm LED form-factor. [Tirenoth] soldered each LED’s 5v pins and GND pins to the same pins on the next, rotating each LED 180 degrees, building a tower of pixels. The data in and out pins are soldered to the next (and previous) LED as well. This allows the series of LEDs to be a bit more stable physically, and allows them to be stacked close together, one on top of the other.

To control the neopixels, a Proffieboard is used, an open-source lightsaber controller. The Proffieboard uses an STM32 microcontroller and allows you to hook up LEDs or neopixels as well as a speaker. Its open-source software allows the animation of the pixels and the playing of sounds. It’s designed specifically for lightsaber builds and is programmed via the Arduino IDE.

[Tirenoth] has some nice pictures of the build in process and, of course some nice pics of the final result. He suggests that the blade would be the first to break in battle, though. There’s been a few lightsaber builds over the years, like this lightsaber with rave mode, or this lightsaber made with real lasers.

via Reddit.

A New Way To Remote Terminal

August 9, 2019 by 14 Comments

Thanks to the wonders of the internet, collaborating with others across great distances has become pretty simple. It’s easy now to share computer desktops over a network connection, and even take control of another person’s computer if the need arises. But these graphical tools are often overkill, especially if all we really need is to share a terminal session with someone else over a network.

A new project from [Elis] allows just that: to share an active terminal session over a web browser for anyone else to view. The browser accesses a “secret” URL which grants access to the terminal via a tunnel which is able to live stream the entire session. The server end takes care of all of the work of generating this URL, and it is encrypted with TLS and HTTPS. It also allows for remote control as well as viewing, so it is exceptionally well-featured for being simple and easy to run.

To run this software only a binary is needed, but [Elis] has also made the source code available. Currently he finds it a much more convenient way of administering his Raspberry Pi, but we can see a lot of use for this beyond the occasional headless server. Certainly this makes remote administration easy, but could be used collaboratively among a large group of people as well.

DEF CON 27: The Badge Talk; Or That One Time Joe Grand Sourced 30,000 Gemstones

August 9, 2019 by 12 Comments

Yesterday we published a first look at the hardware found on the DEF CON 27 badge. Sporting a magnetically coupled wireless communications scheme rather than an RF-based one, and an interesting way to attach the lanyard both caught my attention right away. But the gemstone faceplate and LED diffuser has its own incredible backstory you don’t want to miss.

This morning Joe Grand — badge maker for this year and many of the glory years of hardware badges up through DC18 — took the stage to share his story of conceptualizing, prototyping, and shepherding the manufacturing process for 28,500 badges. Imagine the pressure of delivering a delightful concept, on-time, and on budget… well, almost on budget. During the talk he spilled the beans on the quartz crystal hanging off the front side of every PCB.

Continue reading “DEF CON 27: The Badge Talk; Or That One Time Joe Grand Sourced 30,000 Gemstones”