Turning A Teensy Into A Better U2F Key

November 14, 2015 by 11 Comments

A few days ago, we saw a project that used a Teensy to build a Universal 2nd Factor (U2F) key. While this project was just an experiment in how to implement U2F on any ‘ol microcontroller, and the creator admitted it wasn’t very secure, the comments for that post said otherwise: “making your own thing is the ONLY way to be secure,” read the comments.

In a stunning turn of events, writing comments on a blog post doesn’t mean you know what you’re talking about. It turns out, to perform a security analysis of a system, you need to look at the code. Shocking, yes, but [makomk] took a good, hard look at the code and found it was horribly broken.

The critical error of the Teensy U2F key crypto is simply how U2F is performed. During authentication, the device sends the U2F key handle to whatever service is trying to authenticating it. Because the key in the Teensy implementation is only ‘encrypted’ with XOR, it only takes 256 signing requests to recover the private key.

The original experimentation with using the Teensy as a U2F key was an educational endeavor, and it was never meant to be used by anyone. The attack on this small lesson in security is interesting, though, and [makomk] wrote a proof of concept that demonstrates his attack. This could be used to perform attacks from a remote server, but hopefully that won’t happen, because the original code should never be used in the wild.

Low Parts Count ARM SDR

November 14, 2015 by 4 Comments

[Alberto di Bene] wanted to build an SDR for relatively low frequencies. Usually, you’d start with some front end to get the radio frequency signal down where you can work with it. But [Alberto] practically just fed an antenna into an STM32F429 Discovery board and did all the radio processing in the onboard ARM chip.

There is a little more to it than that, but only a little. If you open the PDF file on [Alberto’s] site, you’ll see there is a simple front end filter (a transformer, along with a few capacitors and inductors). This low pass filter prevents high frequencies from reaching the ARM processor’s analog to digital converter. In addition, a capacitor and a couple of resistors ensure the converter only sees positive voltages.

The CPU digitizes the incoming signal and processes it, demodulating several different types of radio transmission. The recovered audio is sent through the onboard digital to analog converter.

In addition to an input filter, the output also needs a filter to prevent high frequencies from reaching the speaker. Unlike the input filter, this one is a bit more complicated. The inductors needed for a passive filter were too large to be practical, so the output filter is an active one with a few transistors. The only other external circuitry is the power supply for the Discovery board.

The document does a great job of explaining the rationale behind the design choices and how the whole system works. It also includes simulations of both analog and digital filters used in the design.

This is really bare metal SDR and reading the code is educational. However, if you want to start with something simpler, consider GNU Radio and either an SDRPlay or a cheap RTL-SDR dongle.

 

An E-Waste 3D Printer For Every Child?

November 14, 2015 by 62 Comments

The lofty goal of making sure every school kid has access to a laptop has yet to be reached when along comes an effort to put a 3D printer in the hands of every kid. And not just any printer – a printer the kid builds from a cheap kit of parts and a little e-waste.

The design of the Curiosity printer is pretty simple, and bears a strong resemblance to an earlier e-waste 3D printer we covered back in December. This one has a laser-cut MDF frame rather than acrylic, but the guts are very similar – up-cycled DVD drives for the X- and Z-axes, and a floppy drive for the Y-axis. A NEMA 17 frame stepper motor provides the oomph needed to drive the filament into an off-the-shelf hot end, and an Arduino runs the show. The instructions for assembly are very clear and easy to follow, although we suspect that variability in the sizes of DVD and floppy drives could require a little improvisation at assembly time. But since the assembly of the printer is intended to be as educational as its use, throwing a little variability into the mix is probably a good idea.

The complete kit, less only the e-waste drives and power supply, is currently selling for $149USD. That’s not exactly free, but it’s probably within range of being funded by a few bake sales. Even with the tiny print volume, this effort could get some kids into 3D printers early in their school career.

 

FCC Clears The Air With Wi-Fi Software Updates

November 14, 2015 by 33 Comments

A few months ago, the Internet resounded with news that the FCC would ban open source router firmware. This threat came from proposed rules to devices operating in the U-NII bands – 5GHz WiFi, basically. These rules would have required all devices operating in this band to prevent modification to the radio inside these devices. Thanks to the highly integrated architecture of these devices, Systems-on-Chips, and other cost cutting measures from router manufacturers, the fear was these regulations would ultimately prevent modifications to these devices. It’s a legitimate argument, and a number of the keepers of the Open Source flame aired their concerns on the matter.

Now, the FCC has decided to clear the air on firmware upgrades to wireless routers. There was a fair bit of confusion in the original document, given the wording, “how [its] device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT.” This appeared to mandate wholesale blocking of Open Source firmware on devices, with no suggestion as to how manufacturers would accomplish this impossible task.

[Julias Knapp], chief of the FCC’s Office of Engineering and Technology has since clarified the Commission’s position. In response to the deluge of comments to the FCC’s Notice of Proposed Rulemaking, the phrase, ‘protected from flashing… Open Source firmware” has been removed from the upcoming regulation. There’s new, narrow wording (PDF) in this version that better completes the Commission’s goal of stopping overpowered radios without encroching on the Open Source firmware scene. The people spoke, and the FCC listened — democracy at work.

Halloween Doorbell Prop In Rube-Goldberg Overdrive

November 14, 2015 by 8 Comments

[Conor] wired up his 3D-printed coffin doorbell to an array of RGB LEDs, a screaming speaker, and a spinning skull on a cordless screw driver to make a “quick” Halloween scare. Along the way, he included half of the Adafruit module catalog, a relay circuit board, and ESP8266 WiFi module, a Banana Pi, and more Arduinos of varying shapes and sizes than you could shake a stick at.

Our head spins, not unlike [Conor]’s screaming skull, just reading through this Rube Goldbergy arrangement. (We’re sure that’s half the fun for the builder!) Smoke ’em if ya got ’em!

Start with the RGB LEDs; rather than control them directly, [Conor] connected them to a WiFi-enabled strip controller. Great, now he can control the strip over the airwaves. But the control protocol was closed, so he spent a week learning Wireshark to sniff the network data, and then wrote a Bash script to send the relevant UDP packets to turn on the lights. But that was not fancy-schmancy enough, so [Conor] re-wrote the script in Go.

Yes, that’s right — a Go routine on a Banana Pi sends out custom UDP packets over WiFi to a WiFi-to-LED-driver bridge. To make lights blink. Wait until you see the skull.

spooky_eye_animThe plastic skull has Neopixels in each ping-pong ball eye, controlled by an Arduino Nano and battery taped to the skull’s head. The skull is cemented to a driver bit that’s chucked in a cordless drill. A relay board and another Arduino make it trigger for 10 seconds at a time when the doorbell rings. Finally (wait for it!) an Arduino connected to the doorbell gives the signal, and sets a wire high that all the other Arduini and the Banana Pi are connected to.

Gentle Hackaday reader, now is not the time for “I could do that with a 555 and some chewing gum.” Now is the time to revel in the sheer hackery of it all. Because Halloween’s over, and we’re sure that [Conor] has unplugged all of the breadboards and Arduini and put them to use in his next project. And now he knows a thing or two about sniffing UDP packets.

Continue reading “Halloween Doorbell Prop In Rube-Goldberg Overdrive”

Object Oriented State Machine Operating System Goes Open Source

November 14, 2015 by 19 Comments

On a desktop computer, you think of an operating system as a big piece of complex software. For small systems (like an Arduino) you might want something a lot simpler. Object Oriented State Machine Operating System (OOSMOS) is a single-file and highly portable operating system, and it recently went open source.

OOSMOS has a unique approach because it is threadless, which makes it easy to use in memory constrained systems because there is no stack required for threads that don’t exist. The unit of execution is a C++ object (although you can use C) that contains a state machine.

You can read the API documentation online. Just remember that this is not an end user OS like Windows or Linux, but an operating environment for managing multiple tasks. You can, though, use OOSMOS under Windows or Linux as well as many other host systems.

Continue reading “Object Oriented State Machine Operating System Goes Open Source”

Hacklet 84 – Alarm Clocks

November 13, 2015 by 12 Comments

The stereotypical hardware hacker is a creature of the night. Some of us do our best work in the wee hours. The unfortunate side effect of this is that we have a hard time getting up in the morning. Sometimes life demands a hacker be up-and-at-em before noon though. In these cases, the only solution is an alarm clock. This week’s Hacklet features some of the best alarm clock projects on Hackaday.io!

mercyWe start with [hberg32] and Merciless Pi Alarm Clock. Merciless is a good name for this Raspberry Pi based clock. We have to say it’s quite snazzy with its laser cut case and large seven segment LED face. When the alarm goes off though, this Pi bites back.

Titanium drivers powered by a 20 watt amplifier will wake even the heaviest sleepers. If that’s not enough, [hberg32] added a bed shaker to vibrate you out of the sack. The snooze button only works 3 times, after that you can press all you want, the music will still play. As if that wasn’t enough, this clock even has a pressure sensor. If you get back in bed, the alarm starts up again. Truly fitting of the name “merciless”.

irss[Ceady] took the kinder, gentler route with Integrated Room Sunrise Simulator. This alarm clock simulates dawn, gently waking the user up. A Lutron Maestro series wireless dimmer allows the sunrise simulator to slowly increase the room’s light level over a period of 10 minutes, allowing [Ceady] to wake up silently.

The clock itself uses an ATmega168 for control. [Ceady] spent a considerable amount of time testing out different methods of creating a seven segment LED display. When casting with cornstarch and resin didn’t do the trick, he went to commercial LED diffuser film from Inventables. The film proved to be just what he was looking for.

chumby2Next up is [Spiros Papadimitriou] with DIY Chumby-lite. Taking inspiration from [Bunnie Huang] and the Chumby project, [Spiros] created a friendly alarm clock with a touchscreen LCD. Much like the Chumby, this clock packs a WiFi module.

In this case though, the WiFi module is an ESP8266, whose on-board Xtensa microcontroller runs the whole show. [Spiros] programmed his Sparkfun ESP8266 Thing in C++. To keep costs down, [Spiros] left out anything unnecessary – like a real-time clock module. The Chumby-lite uses NTP to stay regular. The reductions paid off – this clock can be built for around $13.00, not including the very nice 3D printed case.

1983[Wanderingmetalhead] takes us all way back to 1983 with his 7 Day Alarm Clock. 32 years ago, this was [wanderingmetalhead’s] first embedded system project. As the name implies, this clock stores a different wake time for each day of the week. Actual numeric entry sure beats the old “hold two buttons and watch the numbers spin” system.

This is an oldie. The system is based upon a Motorola (which became Freescale, and is now NXP) 6802 micro. The code was written in assembly and cross-assembled on an Apple II. A 3.58MHz colorburst crystal divided down to 60 Hz provides the time base. This setup wasn’t perfect, but good down to a about a minute a month. The whole project lived and worked in an old amplifier case, where it dutifully woke [wanderingmetalhead] each day for 17 years.

If you want to see more alarm clock projects, check out our new alarm clocks list! If I didn’t wake up early enough to catch your project, don’t be shy, just drop me a message on Hackaday.io. That’s it for this week’s Hacklet. As always, see you next week. Same hack time, same hack channel, bringing you the best of Hackaday.io!