Teardown: The Guts Of A Digital Sentry

April 18, 2019 by 6 Comments

I have a home alarm system that has me wondering if I can make it better with my maker Kung-fu. Recently we had to replace our system, so I took the time to dissect the main controller, the remote sensors, and all the bits that make a home security system work.

To be precise, the subject of today’s interrogation is a Zicom brand Home Alarm that was quite famous a decade ago. It connects to a wired telephone line, takes inputs from motion, door, and gas sensors, and will make quite a racket if the system is tripped (which sometimes happened accidentally). Even though no circuits were harmed in the making of this post, I assure you that there are some interesting things that will raise an eyebrow or two. Lets take a look.

Continue reading “Teardown: The Guts Of A Digital Sentry”

Reverse Engineered Media Controller From Car Is Best Friends With Android

June 4, 2018 by 17 Comments

The CAN bus is a rich vein to mine for a hacker: allowing the electronic elements of most current vehicles to be re-purposed and controlled with ease. [MikrocontrollerProjekte] has reverse engineered a CAN bus media and navigation controller and connected it to an STM32F746G-Discovery board. The STM32 is in turn connected to an Android phone, and allows the media controller to trigger a large number of functions on the phone, including music playback, maps, and general Android navigation.

When reverse engineering the controller, [MikrocontrollerProjekte] employed a variety of approaches. A small amount of information was found online, some fuzzing was done with random CAN bus IDs and messages, as well as some data logging with the device inside the car to identify message data to the relevant IDs on the bus.

The STM32F746G-Discovery board acts as a Human Interface Device (HID), emulating a mouse and keyboard connected to the Android phone via USB OTG. The LCD screen shows the output of the keystrokes and touchpad area. We’re not sure how useful the mouse-emulation would be, given that the phone has a touchscreen, but the media functions work really well, and would also make a really snazzy music controller for a PC.

We’ve covered plenty of other cool CAN bus hacks, like reverse-engineering this Peugeot 207, or this general purpose CAN sniffer.

Continue reading “Reverse Engineered Media Controller From Car Is Best Friends With Android”

Wireless Protocol Reverse Engineered To Create Wrist Wearable Mouse

March 10, 2018 by 7 Comments

We’ve seen a few near-future sci-fi films recently where computers respond not just to touchscreen gestures but also to broad commands, like swiping a phone to throw its display onto a large flat panel display. It’s a nice metaphor, and if we’re going to see something like it soon, perhaps this wrist-mounted pointing device will be one way to get there.

The video below shows the finished product in action, with the cursor controlled by arm movements. Finger gestures that are very much like handling a real mouse’s buttons are interpreted as clicks. The wearable has a Nano, an MPU6050 IMU, and a nRF24L01 transceiver, all powered by some coin cells and tucked nicely into a 3D-printed case. To be honest, as cool as [Ronan Gaillard]’s wrist mouse is, the real story here is the reverse engineering he and his classmate did to pull this one off.

The road to the finished product was very interesting and more detail is shared in their final presentation (in French and heavy with memes). Our French is sufficient only to decipher “Le dongle Logitech,” but there are enough packet diagrams supporting into get the gist. They sniffed the packets going between a wireless keyboard and its dongle and figured out how to imitate mouse movements using an NRF24 module. Translating wrist and finger movements to cursor position via the 6-axis IMU involved some fairly fancy math, but it all seems to have worked in the end, and it makes for a very impressive project.

Is sniffing wireless packets in your future? Perhaps this guide to Wireshark and the nRF24L01 will prove useful.

Continue reading “Wireless Protocol Reverse Engineered To Create Wrist Wearable Mouse”

All The Speakers Plus We’re Heating It Up A Day Early

September 27, 2017 by 5 Comments

Things are getting real now. Check the list below for the last round of confirmed speakers to the 2017 Hackaday Superconference. This brings our slate of speakers to 32, but we’re not done yet.

Hackaday is adding an extra day to the Superconference by starting the festivities on Friday. Again this year we have an excellent custom hardware badge in development. It’s hard to pull yourself away during the Supercon for badge hacking so this year you can check in on Friday and let the hacking begin. Since you’ll be in town early, we’re also throwing a party at Supplyframe office (minutes walk from the main venue) for all Supercon speakers and attendees.

But we’re still not done. 32 talks, an epic hardware badge, and an extra day of festivities, what else could there be you ask? Two things: workshops and the Hackaday Prize party. Supercon will play host to eight hardware workshops this year. We’ll announce workshop presenters and topics next week but I can tell you they’re superb this year!

Continue reading “All The Speakers Plus We’re Heating It Up A Day Early”

Badgelife image by @catmurd0ck

All The Hardware Badges Of DEF CON 25

August 4, 2017 by 22 Comments

Hardware is the future. There is no better proof of this than the hardware clans that have grown up around DEF CON, which in recent years has become known as Badgelife. I was first drawn to the custom hardware badges of the Whiskey Pirates at DC22 back in 2014. Hardware badges were being made by several groups at that time but that was mainly happening in isolation while this year the badge makers are in constant contact with each other.

A slack channel just for those working on their own DEF CON badges sprung up. This served as tech support, social hour, and feature brainstorming for all on the channel. In the past badges were developed without much info getting out during the design process. This year, there was a huge leap forward thanks to a unified badgelife API: the badge makers colluded with each on a unified communcations protocol. In the multitude of images below you frequently see Rigado modules used. These, and some others using different hardware, adopted a unified API for command and control, both through makers’ “god mode” badges, and for wireless gaming between participant badges.

I was able to get into the badge makers meetup on Thursday of DEF CON. What follows is the result of a frantic few hours trying to get through the sheer volume of badges and people to share with you all the custom hardware on display. One thing is for sure — there were literally thousands of custom badges built and sold/distributed during DEF CON. I can’t wait to see what the artisanal hardware industry will look like in five years time.

Continue reading “All The Hardware Badges Of DEF CON 25”

Saving Old Voices By Dumping ROMs

January 20, 2016 by 41 Comments

Some people collect stamps. Others collect porcelain miniatures. [David Viens] collects voice synthesizers and their ROMs. In this video, he just got his hands on the ultra-rare Electronic Voice Alert (EVA) from early 1980s Chrysler automobiles (video embedded below the break).

Back in the 1980s, speech synthesis was in its golden years following the development of TI’s linear-predictive coding speech chips. These are the bits of silicon that gave voice to the Speak and Spell, numerous video game machines, and the TI 99/4A computer’s speech module. And, apparently, some models of Chrysler cars.

IMG_0695We tracked [David]’s website down. He posted a brief entry describing his emulation and ROM-dumping setup. He says he used it for testing out his (software) TMS5200 speech-synthesizer emulation.

The board appears to have a socket for a TMS-series voice synthesizer chip and another slot for the ROM. It looks like an FTDI 2232 USB-serial converter is being used in bit-bang mode with some custom code driving everything, and presumably sniffing data in the middle. We’d love to see a bunch more detail.

The best part of the video, aside from the ROM-dumping goodness, comes at the end when [David] tosses the ROM’s contents into his own chipspeech emulator and starts playing “your engine oil pressure is critical” up and down the keyboard. Fantastic.

Continue reading “Saving Old Voices By Dumping ROMs”

Keystroke Sniffer Hides As A Wall Wart, Is Scary

January 14, 2015 by 79 Comments

For those of us who worry about the security of our wireless devices, every now and then something comes along that scares even the already-paranoid. The latest is a device from [Samy] that is able to log the keystrokes from Microsoft keyboards by sniffing and decrypting the RF signals used in the keyboard’s wireless protocol. Oh, and the entire device is camouflaged as a USB wall wart-style power adapter.

The device is made possible by an Arduino or Teensy hooked up to an NRF24L01+ 2.4GHz RF chip that does the sniffing. Once the firmware for the Arduino is loaded, the two chips plus a USB charging circuit (for charging USB devices and maintaining the camouflage) are stuffed with a lithium battery into a plastic shell from a larger USB charger. The options for retrieving the sniffed data are either an SPI Serial Flash chip or a GSM module for sending the data automatically via SMS.

The scary thing here isn’t so much that this device exists, but that encryption for Microsoft keyboards was less than stellar and provides little more than a false sense of security. This also serves as a wake-up call that the things we don’t even give a passing glance at might be exactly where a less-honorable person might look to exploit whatever information they can get their hands on. Continue past the break for a video of this device in action, and be sure to check out the project in more detail, including source code and schematics, on [Samy]’s webpage.

Thanks to [Juddy] for the tip!

Continue reading “Keystroke Sniffer Hides As A Wall Wart, Is Scary”