PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers

[Samy Kamkar], leet haxor extraordinaire, has taken a treasure trove of exploits and backdoors and turned it into a simple hardware device that hijacks all network traffic, enables remote access, and does it all while a machine is locked. It’s PoisonTap, and it’s based on the Raspberry Pi Zero for all that awesome tech blog cred we crave so much.

PoisonTap takes a Raspberry Pi Zero and configures it as a USB Gadget, emulating a network device. When this Pi-come-USB-to-Ethernet adapter is plugged into a computer (even a locked one), the computer sends out a DHCP request, and PoisonTap responds by telling the machine the entire IPv4 space is part of the Pi’s local network. All Internet traffic on the locked computer is then sent over PoisonTap, and if a browser is running on the locked computer, all requests are sent to this tiny exploit device.

With all network access going through PoisonTap, cookies are siphoned off, and the browser cache is poisoned with an exploit providing a WebSocket to the outside world. Even after PoisonTap is unplugged, an attacker can remotely send commands to the target computer and force the browser to execute JavaScript. From there, it’s all pretty much over.

Of course, any device designed to plug into a USB port and run a few exploits has a few limitations. PoisonTap only works if a browser is running. PoisonTap does not work on HTTPS cookies with the Secure cookie flag set. PoisonTap does not work if you have filled your USB ports with epoxy. There are a thousand limitations to PoisonTap, all of which probably don’t apply if you take PoisonTap into any office, plug it into a computer, and walk away. That is, after all, the point of this exploit.

As with all ub3r-1337 pen testing tools, we expect to see a version of PoisonTap for sale next August in the vendor area of DEF CON. Don’t buy it. A Raspberry Pi Zero costs $5, a USB OTG cable less than that, and all the code is available on Github. If you buy a device like PoisonTap, you are too technically illiterate to use it.

[Samy] has a demonstration of PoisonTap in the video below.

Continue reading “PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers”

How To Control Your Instruments From A Computer: It’s Easier Than You Think

There was a time when instruments sporting a GPIB connector (General Purpose Interface Bus) for computer control on their back panels were expensive and exotic devices, unlikely to be found on the bench of a hardware hacker. Your employer or university would have had them, but you’d have been more likely to own an all-analogue bench that would have been familiar to your parents’ generation.

A GPIB/IEEE488 plug. Alkamid [CC BY-SA 3.], via Wikimedia Commons
A GPIB/IEEE488 plug. Alkamid [CC BY-SA 3.], via Wikimedia Commons.
The affordable instruments in front of you today may not have a physical GPIB port, but the chances are they will have a USB port or even Ethernet over which you can exert the same control. The manufacturer will provide some software to allow you to use it, but if it doesn’t cost anything you’ll be lucky if it is either any good, or available for a platform other than Microsoft Windows.

So there you are, with an instrument that speaks a fully documented protocol through a physical interface you have plenty of spare sockets for, but if you’re a Linux user and especially if you don’t have an x86 processor, you’re a bit out of luck on the software front. Surely there must be a way to make your computer talk to it!

Let’s give it a try — I’ll be using a Linux machine and a popular brand of oscilloscope but the technique is widely applicable.

Continue reading “How To Control Your Instruments From A Computer: It’s Easier Than You Think”

Crowdfunding: Oh Great, Now Anyone Can Invest In An Indiegogo Campaign

Crowdfunding site Indiegogo has partnered with equity crowdfunding startup Microventures to allow anyone to invest in startups.

The comment sections of crowdfunding sites are almost as bad as YouTube. For every crowdfunding campaign that ships on time, you’ll find dozens that don’t. Thousands of people are angry their Bluetooth-enabled Kitten Mittens won’t be delivered before Christmas. Deep in the comments for these ill-conceived projects, you’ll find a common thread. The backers of these projects invested, and they demand a return. This, of course, is idiotic. Backing a project on Indiegogo or Kickstarter isn’t an investment. It is effectively burning money with the hope Kitten Mittens will eventually show up in your mailbox. Until now.

For an actual investment, there are regulations that must be met. The groundwork for this appeared last year when the Securities and Exchange Commission (SEC) introduced rules for equity crowdfunding. These rules include limitations on how much an individual may invest per year (a maximum of $2,000 or 5% of income, whichever is greater, for individuals with an income less than $100,000 per year), how much money these companies can raise ($1M in a 12-month period), and how an individual can invest in these companies.

Right now, the startups shown on Indiegogo and Microventures include an MMORPG, a distillery and cocktail bar in Washington, DC, a ‘social marketplace for music collaboration’, and a Bluetooth-enabled supercapacitor-powered “Gameball™”. All of these projects actually have documentation, and while the legitimacy of each crowdfunding project is highly dependent on the individual investor, there is a lot more data here than your traditional Indiegogo campaign.

This isn’t fire and brimstone and physics-defying electronic baubles raining down on the common investor, as you would expect from a traditional crowdfunding site tapping into the SEC rules on equity crowdfunding. This is, after all, only a partnership between Indiegogo and Microventures, one of the investment ‘funding portals’ that grew out of the equity crowdfunding regulations. In short, putting an investment opportunity up on Indiegogo will require more effort than a project that is just a few renders of a feature-packed smartphone or a video game with stolen assets.

If anything, this is just the continuation of what we’ve had for the past year. Since the SEC released the final regulations for equity crowdfunding, there have been a number of startups wanting to get in on the action. This partnership between Microventures and Indiegogo was perhaps inevitable, and we can only wonder who Kickstarter is about to team up with.

Direct To Object 3D Printing

As the patents for fused-filament 3D printers began to expire back in 2013, hackers and makers across the globe started making 3D objects in their garages, workshops and hackerspaces. Entire industries and businesses have sprung up from the desktop 3D printing revolution, and ushered in a new era for the do-it-yourself community. Over the past couple of years, hackers have been pushing the limits of the technology by working with ever more exotic filament materials and exploring novel and innovative ways to make multi-colored 3D prints. One of the areas lagging behind the revolution, however, is finishing the 3D print into a final product. We’d be willing to bet a four meter reel of 5 V three-and-a-half amp NeoPixels that there are just as many artists and craftsman using 3D printers as there are traditional hackers and makers. These brave souls are currently forced to use the caveman technique of paint-and-brush in order to apply color to their print. We at Hackaday hereby declare this unacceptable.

Continue reading “Direct To Object 3D Printing”

Star Trek Phone Dock Might As Well Be From Picard’s Night Stand

Star Trek is often credited with helping spur the development of technologies we have today — the go-to example being cell phones. When a Star Trek April Fool’s product inspires a maker to build the real thing? Well, that seems par for the course. [MS3FGX] decided to make it so. The 3D printed Star Trek-themed phone dock acts as a Bluetooth speaker and white noise generator. The result is shown off in the video below and equals the special effects you expect to find on the silver screen.

Taking a few liberties from the product it’s based on — which was much larger and had embedded screens — makes [MS3FGX]’s version a little more practical. Two industrial toggle switches control a tech cube nightlight and the internal Bluetooth speaker. An NFC tag behind the phone dock launches the pre-installed LCARS UI app and turns on the phone’s Bluetooth. Despite being a challenge for [MS3FGX] to design, the end product seems to work exactly as intended.

Continue reading “Star Trek Phone Dock Might As Well Be From Picard’s Night Stand”

Another Kind Of Cloud: The Internet Of Farts

It’s taken as canon that girls mature faster than boys. In reality, what happens is that boys stop maturing at about age 12 while girls keep going. And nothing tickles the fancy of the ageless pre-teen boy trapped within all men more than a good fart joke. To wit, we present a geolocating fart tracker for your daily commute.

[Michel] is the hero this world needs, and although he seems to have somewhat of a preoccupation with hacks involving combustible gasses, his other non-methane related projects have graced our pages before, like this electrical meter snooper or an IoT lawn mower. The current effort, though, is a bit on the cheekier side.

The goal is to keep track of his emissions while driving, so with a PIC, an ESP8266, a GPS module, and a small LCD display and keyboard, he now has a way to log his rolling flatulence. When the urge overcomes him he simply presses a button, which logs his location and speed and allows him to make certain qualitative notes regarding the event. The data gets uploaded to the cloud every Friday, which apparently allows [Michel] to while away his weekends mapping his results.

It turns out that he mainly farts while heading south, and he’s worried about the implications both in terms of polar ice cap loss and how Santa is going to treat him next month. We’re thinking he’s got a lock on coal — or at least activated charcoal.

Our beef with this project is obvious – it relies on the honor system for input. We really need to see this reworked with an in-seat methane detector to keep [Michel] honest. Until then, stay young, [Michel].

An SDR For The Rest Of Them

If you are a radio enthusiast it is very likely that you will own at least one software defined radio. With the entry point into the world of SDRs starting with the ultra-cheap RTL2382 based USB receiver sticks originally designed for digital TV, it’s a technology that passed long ago into the impulse purchase bracket.

If you are not a radio enthusiast, or not even a Hackaday reader, you may not have heard of SDR technology. Even the humblest up-to-date radio or TV may well contain it somewhere within its silicon, but at the user interface it will still resemble the device you would have had in the 1950s: analogue tuning, or a channel-flipper.

It is interesting to see an attempt to market a consumer device that is unashamedly an SDR, indeed that is its unique selling point. The Titus II SDR bills itself as the “World’s First Consumer Ready SDR Package”, and is based around an Android tablet mated with a 100 kHz to 2 GHz SDR tuner and a pair of speakers in a portable radio styled case. It will support all modes including digital broadcasting through software plugins, and there will be an open plugin API for developers. They are taking pre-orders, and claim that the launch price will be under $100.

It sounds like an exciting product, after all who wouldn’t want a radio with those capabilities at that price! However it leaves us wondering whether the price point is just a little too ambitious for the hardware in question, and we’ll reluctantly say we’ll believe it when we see real devices on the market. A $100 consumer price doesn’t get you much in the tablet world, and that is from high-volume Chinese manufacturing without the extra cost of the SDR hardware and the overhead of smaller volume from a niche product. There are pictures online of real prototypes at trade shows, but we’d like to see a website with fewer renders and more hard plastic.

There is another angle to this device that might interest Hackaday readers though. It should remind anyone that building one yourself is hardly a difficult task. Take an RTL2382 stick with or without the HF modification, plug it into a tablet with an OTG cable, install an app like SDR Touch, and away you go. 3D print your own case and speaker surrounds as you see fit, and post the result on hackaday.io.

Via the SWLing Post.