Shmoocon 2016: The Best Conference Booth You’ll Ever See

January 17, 2016 by 19 Comments

Shmoocon is here, and that means a dozen or so security companies have bought a booth and are out to promote themselves. Some are giving out shot glasses. One is giving out quadcopters. It is exceedingly difficult to stand out in the crowd.

At least one company figured it out. They’ve built a game so perfect for the computer literate crowd, so novel, and so interesting it guarantees a line in front of their booth. Who are they? Fortego, but that’s not important right now. The game they’ve created, BattleBits, is the perfect conference booth.

The game play for BattleBits is as simple as counting to two. You’re presented with an eight-bit hexidecimal number, and the goal is to key them into a controller with eight buttons for 1, 2, 4, 8, 16, 32, 64, and 128. The answer for 0x56 is 01010110, and the answer for 0xFF is mashing all the buttons.

BattleBits Screenshot

To anyone not familiar with hex, there’s actually a rather handy trick to the game: you only need to memorize 16 different numbers. Hexadecimal numbers are easily broken up into nibbles, or groups of four bits. All you need to do is solve one hexadecimal digit at a time.

The controllers, or ‘decks’ as they’re, are built around a BeagleBone and a custom cape running a mishmash of Javascript and Python. When the game starts the player or players are presented with random bytes in hexadecimal format. Input the right bits in the shortest amount of time and you’ll work your way up the leader board.

This is by far the best conference booth I’ve ever seen. The creator of the BattleBits hardware, [Riley Porter], says he’ll be releasing the design files and code for this game so anyone can make one, something we really look forward to.

[Riley] also got a video of someone entering nibbles super, super fast.

Pi Zero Video Card Via Bare Metal Programming

January 17, 2016 by 10 Comments

Rolling your own synthesizer is no small feat, which is what [Thomas] has taken on with his project “Nerdsynth”. [Thomas] has an impressive amount of data on his site covering the overall design and progress of the project, but that isn’t what piqued our interest. [Thomas] has an on-board TFT display to navigate the versatile Nerdsynth’s menu nerdsynth-sketchbut he wanted to add video output to  do some video sequencing. After some investigation and poking around the available options he decided to tackle yet another sub-project (textbook scope-creep).

[Thomas] chose to do to some bare metal programming on the Pi Zero to use it as a video card for video output. By following a tutorial  from Valvers and modifying an SPI driver from Microelecroniki he was able to clone the video on an external monitor. This is a step in the right direction and we’ll have to keep an eye on his site for updates about video sequencing on the external display.

You can check out a recent demo of the Nerdsynth in action after the break, sadly you’ll have to settle for a pic of the cloned screen (below) until [Thomas] posts another update.

nerdsynth_tv-942x707

Continue reading “Pi Zero Video Card Via Bare Metal Programming”

Will Metallic Glue Replace Solder?

January 17, 2016 by 71 Comments

A video recently surfaced touting a new method of joining materials together. It’s called MesoGlue, and apparently, it could replace soldering or even welding in certain cases.

First announced on this month’s Advanced Materials and Processes (caution, big file!) it seems… legit. The basic premise is it uses nanorods of material — kind of like velcro — that once you push together, intertwine with each other, and become solid. They’re surrounded with a shell that liquefies, which solidifies the bond. This makes it able to withstand high heat, once bonded.

This kind of technology could have an impact in the way we join solder circuits, pipes, bond IC’s to heat sinks, and attaching de-similar materials with different thermal expansion coefficients.

Continue reading “Will Metallic Glue Replace Solder?”

The Smallest Google Street View In Miniatur Wunderland

January 17, 2016 by 10 Comments

The world’s largest model railway exhibit — on display in Germany of course — is quite the attraction. The huge Miniatur Wunderland features towns and trains from Germany, Switzerland, Austria, and even a little America. And it’s all on Google Maps.

[Frank] accepted the challenge to build a tiny Google Streetview train, capable of traversing the entire Wunderland. It features a fish-eye camera on both the front and rear car, and is powered by an Arduino — the Wattuino Nanite 85. He upgraded the train to use tiny stepper motors to allow for precise movement along the tracks to get all the shots in perfect Streetview fashion.
Continue reading “The Smallest Google Street View In Miniatur Wunderland”

Swiss Project Looking To Harness Kite Power

January 16, 2016 by 18 Comments

Switzerland has bought us many things: the cuckoo clock, cheese with holes in it, and.. kite power? That’s the idea of a Swiss project that is trying to tap the energy of a regular wind that blows between Lake Geneva and the Alps. The group hopes to build large kites that fly at about 150 meters above the ground, with a generator and other components on the ground. The way that this wind energy is converted into electricity is interesting: the kite is pulled up by the wind, spiraling higher and pulling the cable which drives the generator. Once it reaches a maximum height, the kite is trimmed so it sinks down to a lower altitude, and the kite is trimmed again to catch the wind and climb.

It’s a fascinating idea: by controlling the kites, the system could produce power on demand. As long as the wind is up, of course, but in this region of Switzerland, that isn’t an issue, as the wind is very predictable. It doesn’t require as much permanent infrastructure as a wind turbine, and kites are much more attractive than turbines. This makes us wonder if a system like this would be adaptable to a smaller scale: could you build a portable or off-grid system for hiking in windy areas that could charge a battery this way?

The project webpage hasn’t seen any updates since 2013, but the research project seems to still be alive and kicking. Anyone have any details or wild speculation?

(Related, but only tangentially, video of Thomas Dolby lip-synching below the break.)

Via The Bulletin of Atomic Scientists, thanks to [Austin Bentley]

Continue reading “Swiss Project Looking To Harness Kite Power”

Father And Son Fix A Scale

January 16, 2016 by 8 Comments

It’s awesome when you can tag-team with your dad to fix stuff around the house. [Ilias Giechaskiel], with help from his dad, did a complete refurbishing of a broken bathroom weighing scale, but not before trying to fix it first. The voltage regulator looked bust. Powering the rest of the circuit directly didn’t seem to work, and none of the passives looked suspect. Most of the chips had their markings scratched off and the COB obviously couldn’t be replaced anyway.

Instead of reverse engineering the LCD display, they decided to retain just the sensor and the switches, and replace everything else. The ATtiny85 seemed to have enough IO pins to do the job. But the strain-gauge based load cell, connected in a bridge configuration, did not have a signal span large enough to be measured using the 10 bit ADC on the ATtiny. Instead, they decided to use the HX711 (PDF) – a 24 bit ADC with selectable gain, specifically meant for use in weighing scales. Using a library written for the HX711 allowed interfacing it to the Arduino easy. The display was built using a 4 digit 7 segment display driven by the MAX7219. A slightly modified LEDcontrol library made it easy to hook up the display to the ATtiny. The circuit was assembled on a prototyping board so that it could be plugged in to another Arduino for programming.

Since they were running out of pins, they had to pull out a trick to use a single pin from the ATtiny to act as clock for the display driver and the ADC chip. Implementing the power-on and auto-off feature needed another interesting analog circuit block. Dad did the assembly of the circuit on a prototype board. In hindsight, the lack of IO pins on the ATtiny limited the features they could implement, so the duo are planning to put in an Arduino Nano to improve the hack. If you’re ever stuck with a broken scale, he’s made the schematic (PNG) and code available for use.

Shmoocon 2016: Phishing For The Phishers

January 16, 2016 by 24 Comments

After years of ignoring the emails it’s finally time to get into a conversation with that Nigerian prince you keep hearing from. Robbie Gallagher — an Application Security Engineer with Atlassian in Austin, TX — wanted to find out where perpetrators of phishing emails actually live. Of course you can’t count on the headers of the emails they send you. A better way to track them down is to actually draw them into a conversations, and this means making yourself a juicy target.

Robbie gave an excellent talk on his project Honey-Phish at this year’s Shmoocon. Part of what made it stand out is his narrative on each step of exploring the social engineering technique. For instance, there is already a vibrant community that specializes in forming relationships with scammers. Those who frequent 419 Eater have literally made it into a sport called Scambaiting. The ultimate goal is to prove you’ve baited a scammer is to get the person to take a picture of themselves balancing something on their head. Now the image a the top of this post makes sense, right?

Writing personal emails to your scammer is a great system if you have a lot of time and only want to track down one scammer at a time. Robbie wants to catalog geographic locations for as many as possible and this means automation. Amusingly, the solution is to Phish for Phishers. By automating responses to phishing emails, and enticing the people originating those phishing scams to click on a link, you can ascertain their physical location.

Continue reading “Shmoocon 2016: Phishing For The Phishers”