Hacker Pops Top On NFC Vending Machines

October 16, 2018 by 23 Comments

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a vending machine that offered users the ability to pay from an application on their phone, he immediately got to wondering if the system could be compromised. After all, how much thought would be put into the security of a machine that basically sells flavored water? The answer, perhaps not surprisingly, is very little.

The write-up [Matteo] has put together is an outstanding case study in hacking Android applications, from pulling the .apk package off the phone to decompiling it into its principal components with programs like apktool and jadx. He even shows how you can reassemble the package and get it suitable for reinstallation on your device after fiddling around with the source code. If you’ve ever wanted a crash course on taking a peek inside of Android programs, this is a great resource.

By snooping around in the source code, [Matteo] was able to discover not only the location of the encrypted database that serves as the “wallet” for the user, but the routine that generates the encryption key. To cut a long story short, the program simply uses the phone’s IMEI as the key to get into the database. With that in hand, he was able to get into the wallet and give himself a nice stack of “coins” for the next time he hit the vending machines. Given his new-found knowledge of how the system works, he even came up with a separate Android app that allows adding credit to the user’s account on a rooted device.

In the video after the break, [Matteo] demonstrates his program by buying a soda and then bumping his credit back up to buy another. He ends his write-up by saying that he has reported his findings to the company that manufacturers the vending machines, but no word on what (if any) changes they plan on making. At the end of the day, you have to wonder what the cost-befit analysis looks like for a full security overhaul when when you’re only selling sodas and bags of chips.

When he isn’t liberating carbonated beverages from their capitalistic prisons, he’s freeing peripherals from their arbitrary OS limitations. We’re starting to get a good idea about what makes this guy tick.

Continue reading “Hacker Pops Top On NFC Vending Machines”

These Twenty Projects Won The Musical Instrument Challenge In The Hackaday Prize

October 16, 2018 by 10 Comments

The Hackaday Prize is the greatest hardware competition on the planet. It’s the Academy Awards of Open hardware, and over the past few months we’ve challenged makers and artists to create the Next Big Thing. All things must come to an end, though, and last week we wrapped up the final challenge in the Hackaday Prize. The results were fantastic, with over one hundred entries to the Musical Instrument Challenge. Now, we’re ready to announce the winners.

Over the past few months, we’ve been running a series of five challenges, and picking the best twenty projects to come out of these challenges. The Musical Instrument Challenge was the final challenge in The Hackaday Prize, and now we’re happy to announce the winners. These projects have been awarded a $1,000 cash prize, and they’re moving onto the final round where one lucky winner will receive the Grand Prize of $50,000. Here are the winners of the Musical Instrument Challenge, in no particular order:

Musical Instrument Challenge Hackaday Prize finalists:

Continue reading “These Twenty Projects Won The Musical Instrument Challenge In The Hackaday Prize”

Cool Tools: Deus Ex Autorouter

October 16, 2018 by 35 Comments

The first thing you probably asked yourself when learning how to lay out PCBs was “can’t the computer do this?” which inevitably led to the phrase “never trust the autorouter!”. Even if it hooks up a few traces the result will probably be strange to human eyes; not a design you’d want to use.

But what if the autorouter was better? What if it was so far removed from the autorouter you know that it was something else? That’s the technology that JITX provides. JITX is a company that has developed new tools that can translate a coarse textual specification of a board to KiCAD outputs autonomously.

Continue reading “Cool Tools: Deus Ex Autorouter”

Just In Time For Halloween: Another Talking Skull

October 16, 2018 by 4 Comments

It isn’t a unique idea, but we liked [Eric Wiemers’s] take on the classic animated skull for Halloween. In addition to showing you the code and the wiring, the video spends some time discussing what the audio looks like and what has to happen to get it into a format suitable for the Arduino. You can see the spooky video, below.

Of course, this is also a 3D printing project, although the skull is off-the-shelf. We wondered if he felt like a brain surgeon taking the Dremel to the poor skull. To fix the two parts of the device, he used brass threaded inserts that are heat set, something we’ve seen before, but are always surprised we don’t see more often.

Continue reading “Just In Time For Halloween: Another Talking Skull”

The Science Of Landing On An Asteroid

October 16, 2018 by 17 Comments

Exploiting the resources of the rock-strewn expanse of space between Mars and the outer planets has been the stuff of science fiction for ages. There’s gold in them ‘thar space rocks, or diamonds, or platinum, or something that makes them attractive targets for capitalists and scientists alike. But before actually extracting the riches of the asteroid belt, stuck here as we are at the bottom of a very deep gravity well that’s very expensive to climb out of, we have to answer a few questions. Like, how does one rendezvous with an asteroid? What’s involved with maneuvering near a comparatively tiny celestial body? And most importantly, how exactly does one land on an asteroid and do any useful work?

Back in June, a spacecraft launched by the Japanese Aerospace Exploration Agency (JAXA) finally caught up to an asteroid named Ryugu after having chased it for the better part of four years. The Hayabusa2 was equipped to answer all those questions and more, and as it settled in close to the asteroid with a small fleet of robotic rovers on board, it was about to make history. Here’s how they managed to not only land on an asteroid, but how the rovers move around on the surface, and how they’ll return samples of the asteroid to Earth for study.

Continue reading “The Science Of Landing On An Asteroid”

Life Imitates Art: 3D Printed Banksy Frame “Shreds” Oeuvre, Prints Money

October 16, 2018 by 14 Comments

[Dave Buchanan] is giving the world his own take on the now famous shredding Banksy frame. This version has a few extra features though – like reverse shredding and printing money! Like many of us, [David] was impressed with the Banksy art auction shredding last week. We’re still not sure how he pulled it off, and the jury is still out if it was real, or all some sort of stunt involving the auction house.

[David] took his inspiration straight to CAD software, and designed a miniature version of the frame. A quick trip to the 3D printer and he had the actual frame in hand.  He even hand-painted his own copy of Girl with Balloon on canvas. Assembly didn’t quite go as planned, a few parts had to be adjusted — i.e. cut off and hot-glued together. But in the end, the hack worked – the frame would shred and un-shred the painting whenever someone cranked the handle.

If you haven’t guessed yet, [David’s] frame is a version of the classic money printing trick. What looks like two rollers is actually a simple belt drive. The mechanism pulls in one piece of paper while pushing out a hidden piece. It creates the illusion of printing money – or of shredding art. Given Banksy’s sense of humor, we can’t help but wonder if his frame worked the same way.

[David] is working on a re-design of his piece which will be easier to build — so keep an eye on his Reddit thread if you’d like to print your own.

Continue reading “Life Imitates Art: 3D Printed Banksy Frame “Shreds” Oeuvre, Prints Money”

Performing A Chip Transplant To Resurrect A Dead Board

October 16, 2018 by 12 Comments

[Uri Shaked] accidentally touched a GPIO pin on his 3.3 V board with a 12 V alligator clip, frying the board. Sound familiar? A replacement would have cost $60, which for him wasn’t cheap. Also, he needed it for an upcoming conference so time was of the essence. His only option was to try to fix it, which in the end involved a delicate chip transplant.

Removing the shield on the Bluetooth LE boardThe board was the Pixl.js, an LCD board with the nRF52832 SoC with its ARM Cortex M4, RAM, flash, and Bluetooth LE. It also has a pre-installed Espruino JavaScript interpreter and of course the GPIO pins through which the damage was done.

Fortunately, he had the good instinct to feel the metal shield over the nRF52832 immediately after the event. It was hot. Applying 3.3 V to the board now also heated up the chip, confirming for him that the chip was short-circuiting. All he had to do was replace it.

Digging around, he found another nRF52832 on a different board. To our surprise, transplanting it and getting the board up and running again took only an hour, including the time to document it. If that sounds simple, it was only in the way that a skilled person makes something seem simple. It included plenty of delicate heat gun work, some soldering iron microsurgery, and persistence with a JLink debugger. But we’ll leave the details of the operation and its complications to his blog. You can see one of the steps in the video below.

It’s no surprise that [Uri] was able to dig up another board with the same nRF52832 chip. It’s a popular SoC, being used in tiny, pocket-sized robots, conference badges, and the Primo Core board along with a variety of other sensors.

Continue reading “Performing A Chip Transplant To Resurrect A Dead Board”