Cheap Sensor Changes Personality

If you want to add humidity and temperature sensors to your home automation sensor, you can — like [Maker’s Fun Duck] did — buy some generic ones for about a buck. For a dollar, you get a little square LCD with sensors and a button. You even get the battery. Can you reprogram the firmware to bend it to your will? As [Duck] shows in the video below, you can.

The device advertises some custom BLE services, but [Duck] didn’t want to use the vendor’s phone app, so he cracked the case open. Inside was a microcontroller with Bluetooth, an LCD driver, a sensor IC, and very little else.

Continue reading “Cheap Sensor Changes Personality”

Keeping Tabs On An Undergraduate Projects Lab’s Door Status

Over at the University of Wisconsin’s Undergraduate Projects Lab (UPL) there’s been a way to check whether this room is open for general use by CS undergraduates and others practically for most of the decades that it has existed. Most recently [Andrew Moses] gave improving on the then latest, machine vision-based iteration a shot. Starting off with a historical retrospective, the 1990s version saw a $15 camera combined with a Mac IIcx running a video grabber, an FTP server and an HP workstation that’d try to fetch the latest FTP image.

As the accuracy of this system means the difference between standing all forlorn in front of a closed UPL door and happily waddling into the room to work on some projects, it’s obvious that any new system had to be as robust as possible. The machine vision based version that got installed previously seemed fancy: it used a Logitech C920 webcam, a YOLOv7 MV model to count humanoids and a tie into Discord to report the results. The problem here was that this would sometimes count items like chairs as people, and there was the slight issue that people in the room didn’t equate an open door, as the room may be used for a meeting.

Thus the solution was changed to keeping track of whether the door was open, using a sensor on the two doors into the room. Sadly, the captive-portal-and-login-based WiFi made the straightforward approach with a reed sensor, a magnet and an ESP32 too much of a liability. Instead the sensor would have to communicate with a device in the room that’d be easier to be updated, ergo a Zigbee-using door sensor, Raspberry Pi with Zigbee dongle and Home Assistant (HA) was used.

One last wrinkle was the need to use a Cloudflare-based tunnel add-on to expose the HA API from the outside, but now at long last the UPL door status can be checked with absolute certainty that it is correct. Probably.

Featured image: The machine vision-based room occupancy system at UoW’s UPL. (Credit: UPL, University of Wisconsin)

Wardriving Tools In The Modern Era

When WiFi first came out, it was a super exciting time. The technology was new, and quite a bit less secure back then—particularly if not configured properly. That gave rise to the practice of wardriving—driving around with a computer, looking for unsecured networks, often just for the fun of it. [Simon] has been examining this classic practice from a modern perspective. 

He’s been at the game for a long time—from back in the days when you might head out with a thick old laptop, a bunch of PCMCIA cards, and dangly antennas. It’s much more advanced these days, given we’ve got WiFi on all different bands and Bluetooth devices to consider to boot. Heck, even Zigbee, if you’re hunting down a rogue house full of Internet of Things gadgets.

Today, when he’s out researching the wireless landscape, he uses devices like the Flipper Zero, the Raspberry Pi, and a Google Pixel 5 running the WiGLE WiFi Wardriving app. [Simon] notes that the latter is the easiest way to get started if you’ve got an Android phone. Beyond that, there’s software and hardware out there these days that can do amazing things compared to the simple rigs of yesteryear.

If you’re out looking for free internet these days, wardriving might be a bit pointless given it’s available in practically every public building you visit. But if you’re a wireless security researcher, or just curious about what your own home setup is putting out, it might be worth looking at these tools! Happy hunting.

Three ZigBee radios in ESD bags, marked "Zigbee Sniffer", "Router" and "Coordinator".

Crash IoT Devices Through Protocol Fuzzing

IoT protocols are a relatively unexplored field compared to most PC-exposed protocols – it’s bothersome to need a whole radio setup before you can tinker on something, and often, for low-level experiments, just any radio won’t do. This means there’s quite a bit of security ground to cover. Now, the U-Fuzz toolkit from [asset-group] helps us make up for it.

Unlike fuzzers you might imagine, U-Fuzz doesn’t go in blindly. This toolkit has provisions to parse protocols and fuzz fields meaningfully, which helps because many of devices will discard packets they deem too malformed. With U-Fuzz, you feed it a couple packet captures, help it make some conclusions about packet and protocol structure, and get suggestions on how to crash your devices in ways not yet foreseen.

This allows for basically arbitrary protocol fuzzing, and to demonstrate, we get examples on 5G, CoAP and ZigBee probing alike, with a list of found CVEs to wrap the README up. As Wikipedia often states, this list is incomplete, and you can help by expanding it. Fuzzing is an underestimated tool – it will help you hack ubiquitous wireless protocols, proprietary standards, and smart home hubs alike.

Wireless All The Things!

Neither Tom Nardi nor I are exactly young anymore, and we can both remember a time when joysticks were actually connected with wires to the computer or console, for instance. Back then, even though wireless options were on the market, you’d still want the wired version if it was a reaction-speed game, because wireless links just used to be too slow.

Somehow, in the intervening years, and although we never even really noticed the transition as such, everything has become wireless. And that includes our own hacker projects. Sure, the ESP8266 and other WiFi-capable chips made a big difference, but I still have a soft spot in my heart for the nRF24 chipset, which made at least point-to-point wireless affordable and easy. Others will feel the same about ZigBee, but the point stands: nothing has wires anymore, except to charge back up.

The reason? As this experiment comparing the latency of many different wireless connections bears out, wireless data links have just gotten that good, to the point that the latency in the radio is on par with what you’d get over USB. And the relevant software ecosystems have made it easier to go wireless as well. Except for the extra power requirement, and for cases where you need to move a lot of data, there’s almost no reason that any of your devices need wires anymore.

Are you with us? Will you throw down your chains and go wireless?

Benchmarking Latency Across Common Wireless Links For MCUs

Although factors like bandwidth, power usage, and the number of (kilo)meters reach are important considerations with wireless communication for microcontrollers, latency should be another important factor to pay attention to. This is especially true for projects like controllers where round-trip latency and instant response to an input are essential, but where do you find the latency number in datasheets? This is where [Michael Orenstein] and [Scott] over at Electric UI found a lack of data, especially when taking software stacks into account. In other words, it was time to do some serious benchmarking.

The question to be answered here was specifically how fast a one-way wireless user interaction can be across three levels of payload sizes (12, 128, and 1024 bytes). The effective latency is measured from when the input is provided on the transmitter, and the receiver has processed it and triggered the relevant output pin. The internal latency was also measured by having a range of framework implementations respond to an external interrupt and drive a GPIO pin high. Even this test on an STM32F429 MCU already showed that, for example, the STM32 low-level (LL) framework is much faster than the stm32duino one.

Continue reading “Benchmarking Latency Across Common Wireless Links For MCUs”

802.11ah Wi-Fi HaLOW: The 1 Kilometer WiFi Standard

You too can add long-distance WiFi to your laptop with this new not-quite dongle solution. (Credit: Ben Jeffery)
You, too, can add long-distance WiFi to your laptop with this new not-quite dongle solution. (Credit: Ben Jeffery)

The 802.11ah WiFi (HaLow) standard is fairly new, having only been introduced in 2017. It’s supposed to fall somewhere between standard WiFi used in domiciles and offices and the longer range but low-bitrate LoRaWAN, ZigBee, and others, with bandwidth measured in megabits per second. In a recent video, [Ben Jeffery] looks at the 802.11ah chipsets available today and some products integrating these.

The primary vendors selling these chipsets are TaiXin Semiconductor (TXW8301), Morse Micro (MM6108), and Newracom (NRC7394), with a range of manufacturers selling modules integrating these. Among the products using these, [Ben] found an Ethernet range extender kit (pictured) that takes 12V input as power, along with Ethernet. Running some distance tests in a quarry showed that 300 meters was no problem getting a strong signal, though adding some trees between the two transceivers did attenuate the signal somewhat.

Another interesting product [Ben] tested is what is essentially an 802.11ah-based WiFi extender, using an 802.11ah link between the server node – with an Ethernet socket – and a client that features a standard 2.4 GHz 802.11n that most WiFi-enabled devices can connect to. Using this, he was able to provide a solid ~10 Mbps link to a cabin near the main house (~10 meters) through two outside walls. What makes 802.11ah so interesting is that it is directly compatible with standard Ethernet and WiFi protocols and uses the 900 MHz spectrum, for which a wide range of alternative antennae exist that can conceivably extend the range even more.

(Thanks to [Keith Olson] for the tip)

Continue reading “802.11ah Wi-Fi HaLOW: The 1 Kilometer WiFi Standard”