Reviving A Dead Zanzithophone

June 9, 2016 by Anool Mahidharia No comments

It’s great to hear from people who say they’re inspired to fix stuff by reading about hacks here on Hackaday. [Michael Lüftenegger] from Salzburg is one of them. About a year back, he snagged a digital horn from eBay that turned out to be dead-er than advertised and he wrote a post about how he fixed it and gave it a second life.

The Casio DH-100 is an electronic MIDI digital wind controller/synthesizer musical instrument. Your breath flows through the instrument, making it feel pretty similar to acoustic wind instruments. [Michael]’s unit had already seen some attempted, but unsuccessful repairs. Nothing that could not be fixed, except that the main pressure sensor was missing. Without the sensor, the instrument was practically useless. The eBay seller wasn’t lying when he described the unit as working with breath mode turned off!
Continue reading “Reviving A Dead Zanzithophone” →

The Internet Of Broken Things (or, Why Am I So Cold?)

February 8, 2016 by Al Williams 68 Comments

Although the Internet of Things (IoT) is a reasonably new term, the idea isn’t really all that new. Many engineers and hackers have created networked embedded systems for many years. So what’s different? Two things: the Internet is everywhere and the use of connected embedded systems in a consumer setting.

Like anything else, there’s a spectrum of usefulness to IoT. Watching The Expanse, the other day (which is not a bad show, by the way), I noticed that if you had the right IoT lights, you could run an app that would change your lighting to suit the show in real-time. I don’t have those lights, but I suppose when the action moves to a dark sub-basement, your lights dim and when you are in a space ship’s reactor room, they turn red, and so on. Fun, but hardly useful or life-changing.

On the other hand, there are some very practical IoT items like the Nest thermostat. It might seem lazy to want to monitor and control your thermostat from your tablet, but if you are frequently away from home, or you have multiple houses, it can be a real positive to be able to control things remotely. With the recent blizzard on the U.S. east coast, for example, it would be great to turn on the heat in your weekend cottage 150 miles away while you were still at work or home. However, the Nest recently had a hiccup during an upgrade and it has made many of their customers mad (and cold). I’ll get back to that, in a minute. First, I want to talk about the problems with deploying something that will be in many varied environments (like people’s homes) that controls something real.

Continue reading “The Internet Of Broken Things (or, Why Am I So Cold?)” →

Replacing The IPhone 6 Button Bricks The Phone

February 5, 2016 by Brian Benchoff 131 Comments

News comes from The Guardian that the iPhone 6 will break because of software updates due to non-authorized hardware replacements. Several thousand iPhone 6 users are claiming their phones have been bricked thanks to software updates if the home button – and the integrated TouchID fingerprint sensor – were replaced by non-Apple technicians.

For the last few iPhone generations, the TouchID fingerprint sensor has been integrated into the home button of every iPhone. This fingerprint sensor provides an additional layer of security for the iPhone, and like everything on smartphones, there is a thriving market of companies who will fix broken phones. If you walk into an Apple store, replacing the TouchID sensor will cost about $300. This part is available on Amazon for about $10, and anyone with a pentalobe screwdriver, spudger, and fine motor control can easily replace it. Doing so, however, will eventually brick the phone, as software updates render the device inoperable if the TouchID sensor is not authorized by Apple.

According to an Apple spokeswoman, the reason for the error 53 is because the fingerprint data is uniquely paired to the touch ID sensor found in the home button. If the TouchID sensor was substituted with a malicious TouchID sensor, complete and total access to the phone would be easy, providing a forehead-slapping security hole. Error 53 is just Apple’s way of detecting devices that were tampered with.

In fairness to Apple, not checking the authenticity of the touch ID would mean a huge security hole; if fingerprint data is the only thing keeping evil balaclava-wearing hackers out of your phone, simply replacing this sensor would grant them access. While this line of reasoning is valid, it’s also incredibly stupid: anyone can get around the TouchID fingerprint sensor with a laser printer and a bit of glue. If you ever get ahold of the German Defense Minister’s iPhone, the fingerprint sensor isn’t going to stop you.

This is a rare case where Apple are damned if they do, damned if they don’t. By not disabling the phone when the TouchID sensor is replaced, all iPhones are open to a gaping security hole that would send the Internet into a tizzy. By bricking each and every iPhone with a replacement TouchID sensor, Apple gets a customer support nightmare. That said, the $300 replacement cost for the TouchID sensor will get you a very nice Android phone that doesn’t have this problem.

IPhone Jailbreak Hackers Await $1M Bounty

November 3, 2015 by Elliot Williams 33 Comments

According to Motherboard, some unspecified (software) hacker just won a $1 million bounty for an iPhone exploit. But this is no ordinary there’s-a-glitch-in-your-Javascript bug bounty.

On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.

But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.

Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.

We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.

And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)

Bypassing Broken SIP ALG Implementations

January 11, 2015 by Rick Osgood 15 Comments

The SIP protocol is commonly used for IP telephone communications. Unfortunately it’s notorious for having issues with NAT traversal. Even some major vendors can’t seem to get it right. [Stephen] had this problem with his Cisco WRVS4400N router. After a bit of troubleshooting, he was able to come up with a workaround that others may find useful.

The router had built in SIP ALG functionality, but it just didn’t work. [Stephen] was trying to route SIP traffic from a phone to an Asterisk PBX system behind the router. The router just couldn’t properly handle these packets regardless of whether SIP ALG was enabled or disabled.

[Stephen] first tried to change the SIP port on the external VOIP phone from the default of 5060 to something else. Then he setup port forwarding on the router to the Asterisk box to forward the traffic to the Asterisk system on the original port. This sort of worked. The calls would go through but they would eventually drop after about 20 seconds.

The only thing that [Stephen] could get to work completely was to change the SIP port in Asterisk’s sip.conf file using the “bindport” directive. He changed it to some random unused high port number. Then he setup port forwarding on the router to forward incoming UDP packets on that port to the Asterisk system. This worked fine, but now all of the original phones behind the router stopped working because they were configured to use the default port of 5060.

Rather than re-configure all of the phones in the organization, [Stephen] made one change on the Asterisk system. He setup an iptables rule to forward all incoming traffic on UDP port 5060 to the new SIP port. Now all of the phones are working with minimal changes across the organization. It’s a lot of hassle to go through just because the router couldn’t handle SIP correctly, but it gets the job done.

Garage Door Monitoring And Control Using A Dedicated Android Phone

October 11, 2011 by Mike Szczys 29 Comments

[Sean] happened to have an extra Android phone sitting around and wanted to see what type of home automation he could use it for. One simple hardware modification, and some apps from the Android Market let him monitor and control his garage door remotely.

The hardware modification is a hack we’ve already looked at. The BTmate uses a Bluetooth headset with an added transistor to short the connections on your garage door opener. The only issue is that you need to be within range for the Bluetooth to work. [Sean] adds a layer of abstraction by using two Android phones. One is permanently mounted in the garage and handles the Bluetooth connectivity, while the other uses VNC to tunnel in anywhere he has an Internet connection.

But why stop there? He knew that this one feature was overkill, and added a second which the phone was perfect for. Since it has its own camera, he used the tinyCam app to create a webcam server. This even allows him to turn the LED on and off for a better view in dim light conditions. See [Sean’s] demonstration after the break.

Overkill? Maybe, but if you’ve got a phone with a broken LCD, this might be just the thing to give it a new purpose.

Continue reading “Garage Door Monitoring And Control Using A Dedicated Android Phone” →

Cellphone Controlled Retro-radio Stores And Plays Your Digital Library

August 24, 2011 by Mike Szczys 6 Comments

[Autuin] was worried about having desirable electronics stolen while on the road with his band. He didn’t want to take a laptop along on tour, but he didn’t want to be without his music either. To solve this problem, he built a music player inside of a cheap-looking radio. His write-up covers two different portable MP3 solutions, but it’s the second rendition that catches our attention.

After hollowing out the old radio he filled the void with an Asus WL-HDD 2.5. That hardware is meant to be an easy way to add network storage; it houses a laptop hard drive and has WiFi and Ethernet connectivity. But it also has one USB port, and can be hacked to add a second. [Autuin] did just that, using the two USB connections to add a Bluetooth dongle and a USB sound card. Music is synced with the hard drive via some cat-5 cable that’s hidden in the battery compartment of the vintage box. The NAS runs Linux, and the audio playback software is controlled though a Mobile Java application running on a somewhat broken cellphone. That’s an idea that might find its way into our next project.