Soundbar Bested By Virtual Android Bluetooth Sniffer

May 2, 2021 by 12 Comments

Out of the box, the Yamaha YAS-207 soundbar can be remotely controlled over Bluetooth, but only when using a dedicated application on iOS or Android. Users who want to command their hardware with their computer, or any other Bluetooth device for that matter, are left out in the cold. Or at least they were, before [Wejn] got on the case.

To capture the communication between the soundbar and the application, [Wejn] first installed Android-x86 in a virtual machine on his computer and then enabled the “Bluetooth HCI snoop log” within Developer Settings. From there, a netcat command running on the virtual Android device continually sent the contents of the btsnoop_hci.log file out to Wireshark on his Linux desktop. As he hit buttons in the Yamaha application, he could watch the data come in live. We’ve seen plenty of people use Android’s integrated Bluetooth packet capture in the past, but never quite like this. It’s certainly a tip worth mentally filing away for the future.

The Pi can now control the TOSLINK connected speakers.

From there, things move pretty quickly. [Wejn] is able to determine that the devices are communicating over a virtual serial port, and starts identifying individual command and response packets. It turns out the commands closely mirror the NEC IR codes that he’d previously decoded on a whim, which helped clear things up. Once the checksum was sorted out, writing some code that can talk to the soundbar from his Raspberry Pi media player was the next logical step.

[Wejn] combined this with the Shairport Sync project, which lets the Raspberry Pi turn on the speaker and switch the input over when he wants to stream AirPlay from his phone. But of course, the same technique could be applied to whatever source of digital audio captures your fancy.

This is one of those posts you should really read in its entirety to truly appreciate. While every device is going to be different, the basic principles and workflow that [Wejn] demonstrates in this project will absolutely be useful in your own reverse engineering adventures. If you’re more of a visual learner, we recently covered a series of YouTube tutorials that cover sniffing BLE devices that’s not to be missed as well.

Hackaday Podcast 105: 486 Doom On FPGA, How Thick Is Your Filament, Raspberry Pi Speaks Android Auto, And We’re Headed To Mars

February 12, 2021 by 3 Comments

Hackaday editors Mike Szczys and Elliot Williams unpack great hacks of the past week. We loves seeing the TIL311 — a retro display in a DIP package — exquisitely recreated with SMD electronics and resin casting. You might never need to continuously measure the diameter of your 3D printer filament, but just in case there’s a clever hall-effect sensor mechanism for that. Both of us admire the work being done in the FPGA realm and this week we saw a RISC-V core plumbed into quite the FPGA stack to run a version of Doom originally played on 486 computers. And we’re getting excited for the three ring circus of engineering acrobatics that will land NASA’s Perseverance rover on the surface of Mars next week.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~60 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 105: 486 Doom On FPGA, How Thick Is Your Filament, Raspberry Pi Speaks Android Auto, And We’re Headed To Mars”

Android 10 Ported To The Nintendo Switch

February 10, 2021 by 3 Comments

Nintendo’s Switch is perhaps most famous for blurring the lines between handheld consoles and those you plug into a TV. However, the tablet-esque device can also run Android if you’re so inclined, and it recently got an upgrade to version 10.

It’s an upgrade that brings many new features to the table, most of which you might consider must haves for regular use. The newer port brings support for USB Power Delivery, as well as deep sleep modes that enable the unit’s battery to last for several weeks. There’s also support for over-the-air updates which should ease ongoing maintenance, and improvements for Bluetooth compatibility and the touch screen as well.

Like most console hacks to run custom code, you’ve got to have the right hardware version with the right firmware, as Nintendo have been regularly iterating to try and lock out hacks where possible. The install has a few hurdles to jump through, but nothing too strenuous that would scare away the average Hackaday reader. Just be sure to not attempt this on a cherished console, as there’s always the chance that it all ends in tears. If you pull it off, you can then go about turning your Nintendo Switch into a networking switch. Net…tendo… Switch? Come up with a better pun in the comments. Continue reading “Android 10 Ported To The Nintendo Switch”

Do Androids Search For Cosmic Rays?

January 22, 2021 by 20 Comments

We always like citizen science projects, so we were very interested in DECO, the Distributed Electronic Cosmic-ray Observatory. That sounds like a physical location, but it is actually a network of cell phones that can detect cosmic rays using an ordinary Android phone’s camera sensor.

There may be some privacy concerns as the phone camera will take a picture and upload it every so often, and it probably also taxes the battery a bit. However, if you really want to do citizen science, maybe dedicate an old phone, put electrical tape over the lens and keep it plugged in. In fact, they encourage you to cover the lens to reduce background light and keep the phone plugged in.

Continue reading “Do Androids Search For Cosmic Rays?”

This Week In Security: Android Bluetooth RCE, Windows VMs, And HTTPS Everywhere

January 8, 2021 by 5 Comments

Android has released it’s monthly round of security updates, and there is one patched bug in particular that’s very serious: CVE-2021-0316. Few further details are available, but a bit of sleuthing finds the code change that fixes this bug.

Fix potential OOB write in libbluetooth
Check event id if of register notification command from remote to avoid OOB write.

It’s another Bluetooth issue, quite reminiscent of BleedingTooth on Linux. In fact, in researching this bug, I realized that Google never released their promised deep-dive into Bleedingtooth. Why? This would usually mean that not all the fixes have been rolled out, or that a significant number of installations are unpatched. Either way, the details are withheld until the ramifications of releasing them are minimal. This similar Bluetooth bug in Android *might* be why the BleedingTooth details haven’t yet been released. Regardless, there are some serious vulnerabilities patched this in this Android update, so make sure to watch for the eventual rollout for your device. Continue reading “This Week In Security: Android Bluetooth RCE, Windows VMs, And HTTPS Everywhere”

Let’s Encrypt Will Stop Working For Older Android Devices

December 1, 2020 by 20 Comments

Let’s Encrypt was founded in 2012, going public in 2014, with the aim to improve security on the web. The goal was to be achieved by providing free, automated access to SSL and TLS certificates that would allow websites to make the switch over to HTTPS without having to spend any money.

Hundreds of millions of sites rely on Let’s Encrypt for their HTTPS certificate needs. HTTPS security helps protect sites and users, and makes it harder for malicious actors to steal private information.

The project has just announced that, come September 1, 2021, some older software will stop trusting their certificates. Let’s look at why this has come to pass, and what it means going forward.

Certificates Expire

When Let’s Encrypt first went public in early 2016, they issued their own root certificate, by the name ISRG Root X1. However, it takes time for companies to include updated root certificates in their software, so until recently, all Let’s Encrypt certificates were cross-signed by an IdenTrust certificate, DST Root X3. This certificate had been around much longer, and was already supported by the vast majority of OSes and browsers in regular use. This allowed Let’s Encrypt to hit the ground running while they waited for the majority of software to support their own root certificate. Continue reading “Let’s Encrypt Will Stop Working For Older Android Devices”

Linux Fu: The Linux Android Convergence

October 7, 2020 by 62 Comments

The Android phone that you carry in your pocket is basically a small computer running Linux. So why is it so hard to get to a usable Linux environment on your phone? If you could run Linux, you could turn your cell phone into an ultra-portable laptop replacement.

Of course, the obvious approach is just to root the phone and clean-slate install a Linux distribution on it. That’s pretty extreme and, honestly, you would probably lose a lot of phone function unless you go with a Linux-specific phone like the PinePhone. However, using an installer called AnLinux, along with a terminal program and a VNC client, you can get a workable setup without nuking your phone’s OS, or even having root access. Let’s see what we can do. Continue reading “Linux Fu: The Linux Android Convergence”