Duckhunting – Stopping Rubber Ducky Attacks

October 28, 2016 by 51 Comments

One morning, a balaclava-wearing hacker walks into your office. You assume it’s a coworker, because he’s wearing a balaclava. The hacker sticks a USB drive into a computer in the cube next door. Strange command line tools show up on the screen. Minutes later, your entire company is compromised. The rogue makes a quick retreat carrying a thumb drive in hand.

This is the scenario imagined by purveyors of balaclavas and USB Rubber Duckys, tiny USB devices able to inject code, run programs, and extract data from any system. The best way — and the most common — to prevent this sort of attack is by filling the USB ports with epoxy. [pmsosa] thought there should be a software method of defense against these Rubber Duckys, so he’s created Duckhunter, a small, efficient daemon that can catch and prevent these exploits.

The Rubber Ducky attack is simply opening up a command line and spewing an attack from an emulated USB HID keyboard. If the attacker can’t open up cmd or PowerShell, the attack breaks. That’s simple enough to code, but [pmsosa] has a few more tricks up his sleeve. Duckhunter has a ‘sneaky’ countermeasure feature, where one out of every 5-7 keystrokes is blocked. To the attacker, the ‘sneaky’ countermeasure makes it look like the attack worked, where in fact it failed spectacularly.

There are a number of different attacks similar to what the Rubber Ducky can accomplish. Mousejack performs the same attack over Bluetooth. BadUSB is a little more technical, allowing anyone with access to a device’s firmware to turn your own keyboard against you. Because of the nature of the attack, Duckhunter shuts them all down.

Right now the build is only for Windows, but according to [pmsosa]’s GitHub there will be Linux and OS X versions coming.

The Pumpkin Noti-Fire

October 28, 2016 by 10 Comments

Everyone has an episode somewhere in their youth involving the use of an aerosol spray as an impromptu flamethrower. Take some mildly inebriated teenagers, given them a deodorant can and a box of matches, and sooner or later one or two of them are going to lose their eyebrows.

For most of us an amusing teenage episode is how the aerosol flamethrower remains. Not for [Mike Waddick] though, when last week’s DDoS attack on DNS infrastructure took away his ability to work his, attention turned to a Halloween project. He created a carved pumpkin that spits fire as a notification signal when a text or an email is received.

flame-testKey to the project is the Glade Automatic Spray Air Freshener. This is a battery-powered device with an aerosol can that is operated by either an electronic timer or a push-button switch. Remove the switch, and its line is revealed as an active low trigger for the spray. [Mike] replaced the switch with a line from a microcontroller and put a lit tea-light candle in front of the nozzle for fully controllable (if not entirely safe) flamethrower fun. Early tests proved the concept, so it only remained for the pumpkin to be carved and the system installed.

The microcontroller used in this case was the Lightblue Bean, though almost any similar board could have been put in its place. Notifications were processed via Bluetooth from an iPhone via ANCS (Apple Notification Center Service), which the Bean could query to trigger its fiery alerts. There is a brief video showing the device in action singeing [Mike]’s hand, which we’ve placed below the break.

Continue reading “The Pumpkin Noti-Fire”

Hackaday Prize Entry: Bilateral Brain Stimulator

October 27, 2016 by 28 Comments

In 1987, an American psychologist found voluntary eye movements reduced the intensity of negative thoughts. This is the basis of EMDR, or Eye Movement and Reprocessing Desensibilization, and if it sounds too oogie-boogie to be real, I assure you there are even oogier and boogier techniques in psychology that actually work.

[David]’s entry to the Hackaday Prize is a device that helps psychologists apply EMDR for the treatment of post-traumatic stress disorders. To do this, the psychologist asks the patient to describe a traumatic incident while the patient makes eye movement. According to the literature, this facilitates the connection between the cerebral hemispheres and decreases the emotional burden.

If simply moving your eyes back and forth while reliving your greatest horrors is enough, what’s with the hardware? [David]’s project is just a few LEDs that help enable eye movement. With a linear array of LEDs controlled by a shift register and a PIC microcontroller, this device is just enough to make a patient glance from left to right to left over and over again.

It’s a good project, made even better by the fact that [David]’s sister, a psychotherapist and EMDR practitioner, asked [David] to create an electronic device for this technique. [David]’s already produced a video on his device, and you can check that out below.

Continue reading “Hackaday Prize Entry: Bilateral Brain Stimulator”

Train Time Ticker Will Save Your Morning Commute

October 27, 2016 by 13 Comments

The fatal combination of not being a early riser and commuting to work using public transit can easily result in missed buses or trains. Frustrated with missing train after train while fumbling with a complicated transit schedule app, [Fergal Carroll] created a Train Time Ticker to help his morning routine run right on time.

A Particle Photon hooked up to a 2.2″ TFT screen — both mounted on a breadboard with a button — fit the purpose tidily. Weekday mornings, the Ticker pulls — from a server he set up — the departure times for the specific station and platform along [Carroll]’s commute every three minutes; at all other times, the Ticker can be manually refreshed for any impending trips.

Continue reading “Train Time Ticker Will Save Your Morning Commute”

Battery Powered Fog Machine Just In Time For Halloween

October 27, 2016 by 31 Comments

[makendo] needed a portable fog machine for an upcoming project. It seemed like the kind of a thing a liberal application of money on the Internet could fix in no time. But quality fog machines are too expensive, and the cheap machines are just, well, cheap. Stuck between $800 and quickly broken crap, he decided instead to fashion his own.

Fortunately for him, a recent fad has made it so that a certain segment of the populace absolutely require dramatic clouds of scented drug fog or they get cranky. The market saw an opportunity, cost optimized, and now there are many portable fog machines just waiting to be born in the form of an e-cigarette. However, an e-cigarette needs interaction from a person’s lungs to provide an annoying cloud. So he modeled up a 3D printable case that would blow air into the intake of the e-cigarette. Instead of filling a person’s lungs with a cloud of eye drops and nicotine, it would let out a steady stream of fog.

This device does burn through emitters, because the e-cigarette was not designed for this kind of heavy duty. Even reading the Amazon comments for the $800 dollar version, this is fairly normal for these things. So now [makendo] is able to produce a nice cloud of smoke whenever he needs and it only set him back around $40 US dollars.

Shocking Halloween Decoration

October 27, 2016 by 12 Comments

Sure, you could animate some Halloween lights using a microcontroller, some random number generation and some LEDs, and if the decorations are powered by AC, you could use some relays with your microcontroller. What if you don’t have that kind of time? [Gadget Addict] had some AC powered decorations that he’d previously animated with an Arduino and some relays, but this year wanted to do something quicker and simpler.

In another video, he goes over the wiring of a fluorescent starter to create a flickering effect with an incandescent light bulb. A fluorescent starter works because the current heats up a gas discharge tube which causes a bit of metal to bend and touch another, closing the circuit. A fluorescent bulb is a big enough load that the flowing current keeps the starter hot and, therefore, the circuit closed. If you wire the starter in series with a regular incandescent bulb, the starter heats up but the load isn’t big enough to keep the starter hot enough, so it cools down and the circuit breaks, which causes the starter to heat up again. This causes the bulb to flicker on and off. [Gadget Addict] uses two circuits with a fluorescent starter each wired to alternate bulbs in the decoration in order to get the effect to look a bit more random.

Continue reading “Shocking Halloween Decoration”

You Kids Get Those Drones Out Of My Airspace!

October 27, 2016 by 52 Comments

The PacTec Security Conference in Tokyo had something interesting show up. A countermeasure against drones that allows you to take control of any craft using the popular DSMx protocol. According to Ars Technica, DSMx transmitters and receivers exchange a key to prevent interference between adjacent systems. The key isn’t protected very well so by observing traffic and applying a little brute force, you can recover the key (which is set when the transmitter binds to the aircraft).

What’s more is a timing vulnerability allows the rogue transmitter to lock out the legitimate one. You can see a demonstration of the system, called Icarus, in the video below.

Continue reading “You Kids Get Those Drones Out Of My Airspace!”