Smart Cards Used To Hack Smart Cards

October 21, 2015 by 61 Comments

Back in the day, true hackers – the kind that would build VCRs out of 555 chips only to end up in the Hackaday comments section in their twilight years – would steal satellite TV feeds with the help of tiny little microcontrollers embedded in a credit card. This was the wild west, when a parallel port was the equivalent of a six-shooter and Jnco jeans were a ten gallon hat.

The backdoors that enabled these satellite pirates have long been closed, but these devices for stealing HBO have now evolved into stealing €600,000 worth of goods using a most unlikely source: chip and pin card terminals. A gang of criminals in Belgium have successfully broken chip and pin, and although the exploit has now been closed, the researchers behind the investigation have published their war story for one of the most interesting hacks in recent memory.

Chip and pin verification for Point of Sale (PoS) transactions are a relatively simple process; during a transaction, the PoS system asks for the user’s PIN and transmits it to the card. The card then simply answers ‘yes’ or ‘no’. In 2010, a vulnerability to this system was discovered, making it a simple matter for anyone to break chip and pin systems. This system used an FPGA with a backpack worth of modified hardware – executing it in a store would raise more than a few eyebrows.

The 2010 exploit hardware
The 2010 exploit hardware

The problem of implementing this system into something that was easily concealable was simply a matter of miniaturization. Thanks to the proliferation of smart cards over the last 20 years, very tiny microcontrollers are available that could manage this man-in-the-middle attack on a chip and pin system. What is a gang of criminals to do? Simply program a smart card with all the smarts required to pull of the hack, of course.

To pull off this exploit, an engineer in the gang of criminals used a FUNcard, a development platform for smart cards loaded up with an Atmel AVR AT90S8515 microcontroller and an EEPROM packaged in a small golden square. By removing the chip from this chipped card and replacing the chip in a stolen credit card, the criminals were able to reproduce the 2010 exploit in the wild, netting them €600,000 in stolen merchandise before they were caught.

How were they caught? The ‘buyer’ of the gang kept shopping at the same place. Rookie mistake, but once security researchers got their hands on this illegal hardware, they were amazed at what they found. Not only did the engineer responsible for this manage to put the code required for the exploit in an off-the-shelf smart card, the gold contact pads from the original credit card were rewired to the new microcontroller in an amazing feat of rework soldering.

Before this exploit was made public, the researchers developed a countermeasure for this attack that was swiftly installed in PoS terminals. They also came up with a few additional countermeasures that can be deployed in the future, just in case. In any event, it’s an amazing bit of reverse engineering, soldering, and craftsmanship that went into this crime spree, and as usual, it only took a massive loss for retailers to do anything about it.

Nurses Create In A Medical Makerspace

October 21, 2015 by 33 Comments

Although there are many skilled and dedicated types of health care professionals, nurses are often the main point of contact between the medical establishment and a patient. You will probably spend more time with your nurse–especially in a hospital setting–than any other health care provider. Every patient’s needs are different, so it isn’t surprising that nurses sometimes improvise unique solutions to help their patients be more comfortable or recover faster.

That’s the idea guiding an innovative program called MakerNurse–an initiative backed by MIT and the Robert W. Johnson Foundation. The idea is to encourage nurses to be makers. One of the project’s cofounders, Anna Young, had found nurses in Central America making do with what they had on hand and naturally acting as makers. “We saw a nurse repair a stethoscope diaphragm with an overhead transparency,” she said. Young noted that often nurses didn’t realize the significance of their making–it was just how they got through the day.

Continue reading “Nurses Create In A Medical Makerspace”

3D Printed Quadcopter Props

October 21, 2015 by 52 Comments

Here’s something that isn’t quite a hack; he’s just using a 3D printer as a 3D printer. It is extremely interesting, though. Over on Hackaday.io [Anton] is creating 3D printable propellers for quadcopters and RC planes. Conventional wisdom says that propellers require exceedingly exacting tolerances, but [Anton] is making it work with the right 3D file and some creative post-processing treatment of his prints.

These 3D printed props are a remix of an earlier project on Thingiverse. In [Anton]’s testing, he didn’t get the expected lift from these original props, so a few small modifications were required. The props fit on his 3D printer bed along their long edge allowing for ease of slicing and removal of support material. For post-processing, [Anton] is using acetone vapor smoothing on his ABS printed design. They come out with a nice glossy sheen, and should be reasonably more aerodynamic than a prop with visible layer lines.

Although [Anton]’s prop is basically a replica of a normal, off-the-shelf quadcopter prop, 3D printing unique, custom props does open up a lot of room for innovation. The most efficient propeller you’ll ever find is actually a single-bladed propeller, and with a lot of experimentation, it’s possible anyone with a well-designed 3D printer could make turn out their own single-blade prop.

Continue reading “3D Printed Quadcopter Props”

Nomograms: Complex Analog Calculators Simple For Everyone

October 21, 2015 by 29 Comments

In the late 1800s, a railway engineer named Philbert Maurice d’Ocagne was part of a group of men faced with the task of expanding the French rail system. Before a single rail could be laid, the intended path had to be laid out and the terrain made level. This type of engineering involves a lot of cut and fill calculations, which determine where dirt must be added or removed. The goal of earthwork is to create a gentle grade and to minimize the work needed to create embankments.

In the course of the project, d’Ocagne came up with an elegant, reusable solution to quickly  solve these critical calculations. Most impressively, he did it with little more than a pen, some paper, and a straightedge. By developing and using a method which he called nomography, d’Ocagne was able to perform all the necessary calculations that made the gentle curves and slopes of the French railway possible.

Continue reading “Nomograms: Complex Analog Calculators Simple For Everyone”

Toy Television’s Dreams Come True

October 21, 2015 by 12 Comments

A couple of years ago, [Alec]’s boss brought him a souvenir from Mexico City—a small mid-century console television made of scrap wood and cardboard. It’s probably meant to be a picture frame, but [Alec] was determined to give it a better life.

As it turns out, the screen of [Alec]’s old Samsung I9000 was a perfect fit for the cabinet with room to spare. It was on its way to becoming a real (YouTube) TV once [Alec] could find a way to control it remotely. A giant new-old stock remote that’s almost bigger than the TV was just the thing. There’s enough room inside the remote for a non-LE Bluefruit module, which is what the I9000 will accept as input without complaint.

Trouble is, Bluefruit doesn’t support matrix keypads, so [Alec] used a bare ATMega328 running on the internal clock. Since the Bluefruit board provides voltage regulation, the remote was able to keep its native 9V power. [Alec] is happy with the results, though he plans to refine his button choices and maybe make a new overlay for the remote. Stay tuned for a tiny TV tour.

Continue reading “Toy Television’s Dreams Come True”

The Inaccurate Predictions Of Back To The Future

October 21, 2015 by 83 Comments

Sometime this evening, after we haven’t rehydrated a pizza for dinner, all of the events portrayed in Back To The Future will have happened in the past. This is it. This is the day all your dreams die.

So, what’s so special about the technology in Back To The Future that we don’t have now? Hoverboards, obviously, but a lot of people have been doing their part to make sure we have something like a hoverboard on this important day. Last week, the record for the longest hoverboard flight was broken by a Canadian company making large multirotor platforms. While it’s called a hoverboard, it’s really not in the spirit of the device that would recreate the skateboard chase scene in front of Hill Valley’s courthouse. For that, you’ll need something that doesn’t use propellers, at least.

There’s a better way to construct a hoverboard than by strapping a few blenders to your feet. Last summer, Lexus built one with superconducting materials and magnets. Yes, it’s effectively the same demonstration you’ve always seen with superconducting materials, only this time it’s dressed up with pro skaters. There are tens of thousands of dollars worth of magnets in the Lexus hoverboard, making this entirely impractical for anyone who wants to build their own.

next-yearThere is another option if you want a hoverboard. This day, last year, Hendo Hoverboards launched a Kickstarter with the best media blitz we’ve ever seen. They built a hoverboard that is basically a quadcopter, but instead of propellers, they use magnets. These magnets produce eddy currents in the metallic, non-ferrous ‘hover surface’. The grand prize for this Kickstarter? Today, October 21, 2015, you’ll be invited to a VIP event where you will not only get to ride a hoverboard, you’ll get one to take home. Price: $10,000.

News Drones
News drones. People still read newspapers.

This company isn’t in the market of building hoverboards; they have a much, much more grandiose idea: the founder wants to use hoverboards as a stepping stone to an active earthquake mitigation strategy for buildings. Yes, buildings can hover inches above their foundation, just in case an earthquake strikes. You say the power might go out during an earthquake, causing the building to fall inches to the ground? I never said it was a good idea.

Lucky for us, the Hendo hoverboard did prove to be a proof of concept that a ‘spinning magnet’ hoverboard is capable of supporting the weight of a rider. We know a few people have been working on this technology before the Hendo hoverboard was announced, and replicating the Hendo hoverboard build shouldn’t cost more than about $1000 USD. We’re eventually going to have to do this, and we’re going to replicate the Pitbull hoverboard, bojo, because we want powah.

So, what else of Back to the Future Part II hasn’t become a reality? News drones. People don’t read newspapers anymore. Self-driving cars are more realistic than hovercar conversions. Pepsi Perfect exists, but only at a Comic Con. Nike Air Mags exist, but not with power laces. The world of Hill Valley still has fax machines, and I really want to rehydrate a pizza.

cubbiesIt’s alright, most of the technology of Back to the Future was just a joke; ‘Queen Diana’ would have never happened, and what exactly was the point of Gray’s Sports Almanac if you can look everything up on the Internet?

There was one possibly accurate prediction in Back to the Future: The Chicago Cubs may win the 2015 World Series. Let me repeat that, for effect. The most accurate prediction of the future given to us in Back to the Future was that the Chicago Cubs win the World Series. That’s how inaccurate Back To The Future was.

Laptop hardware hack

Laptop’s Aren’t Upgradable? Ha!

October 20, 2015 by 45 Comments

[MX372] is a pretty dedicated hardware hacker. Instead of chucking a 10 year old laptop with specs weaker than his latest cellphone — he decided to breath new life into it with a few hardware upgrades, and a switch to Linux of course.

Featuring a 1.1GHz Pentium M processor with a whopping 512mb DDR RAM, a dvd burner, a 40GB HDD, USB 2.0, BlueTooth, 802.11b/g wireless and even a FireWire port, his old Sony Vaio used to command a pretty hefty price tag. In fact, he’s pretty sure he paid $2,100 for it back in ’05. It was called an “ultrabook” before ultrabook actually meant a MacBook-Air sized laptop.

Still running Windows XP, it had gotten slower with age as all good computers do, and since XP is no longer supported, [MX372] thought it was time to switch it over to Linux. He started with Xubuntu 12, but quickly found Lubuntu instead. But, it still wasn’t that great. Continue reading “Laptop’s Aren’t Upgradable? Ha!”