How The NSA Can Read Your Emails

October 15, 2015 by 86 Comments

Since [Snowden]’s release of thousands of classified documents in 2013, one question has tugged at the minds of security researchers: how, exactly, did the NSA apparently intercept VPN traffic, and decrypt SSH and HTTP, allowing the NSA to read millions of personal, private emails from persons around the globe? Every guess is invariably speculation, but a paper presented at the ACM Conference on Computer and Communications Security might shed some light on how the NSA appears to have broken some of the most widespread encryption used on the Internet (PDF).

The relevant encryption discussed in the paper is Diffie–Hellman key exchange (D-H), the encryption used for HTTPS, SSH, and VPN. D-H relies on a shared very large prime number. By performing many, many computations, an attacker could pre-compute a ‘crack’ on an individual prime number, then apply a relatively small computation to decrypt any individual message that uses that prime number. If all applications used a different prime number, this wouldn’t be a problem. This is the difference between cryptography theory and practice; 92% of the top 1 Million Alexa HTTPS domains use the same two prime numbers for D-H. An attacker could pre-compute a crack on those two prime numbers and consequently be able to read nearly all Internet traffic through those servers.

This sort of attack was discussed last spring by the usual security researchers, and in that time the researchers behind the paper have been hard at work. The earlier discussion focused on 512-bit D-H primes and the LogJam exploit. Since then, the researchers have focused on the possibility of cracking longer 768- and 1024-bit D-H primes. They conclude that someone with the resources of cracking a single 1024-bit prime would allow an attacker to decrypt 66% of IPsec VPNs and 26% of SSH servers.

There is a bright side to this revelation: the ability to pre-compute the ‘crack’ on these longer primes is a capability that can only be attained by nation states as it’s on a scale that has been compared to cracking Enigma during WWII. The hardware alone to accomplish this would cost millions of dollars, and although this computation could be done faster with dedicated ASICs or other specialized hardware, this too would require an enormous outlay of cash. The downside to this observation is, of course, the capability to decrypt the most prevalent encryption protocols may be in the hands of our governments. This includes the NSA, China, and anyone else with hundreds of millions of dollars to throw at a black project.

Looking Inside The Arksen Dual Power Supply

October 15, 2015 by 55 Comments

I recently picked up an Arksen dual power supply. You’ve seen these before, I’m sure, under a variety of names in places ranging from electronics stores to eBay. They look amazing for the price, and while I didn’t expect it to measure up to some of the pro supplies I have, I just wanted something to stick under my desk instead of having to move things to the bench or–worse–drag a heavy power supply over to my desk.

When I was putting together the sonic motion sensor, I found that the HC-SR04 module needed more current than I could draw out of an Arduino Leonardo. I figured this would be a good chance to use the new supply in anger. It seemed to work without too many problems. But there were a few things you might want to know if you have a similar supply or are thinking about getting a similar one.

Continue reading “Looking Inside The Arksen Dual Power Supply”

Hackaday Dictionary: Near Field Communications (NFC)

October 15, 2015 by 16 Comments

You are at the corner store, buying gum. The cashier rings up the purchase, showing you the amount. You casually pull out your cell phone and wave it near the credit card machine, which beeps appreciatively. The cashier nods, and you walk out, stuffing gum into your face. What just happened? You used Near Field Communications (NFC) to send data between your phone and the credit card terminal.

NFC is a standard that allows two devices to exchange information over a short distance without being in physical contact. The two devices communicate using a weak magnetic field that, in theory, only has a range of a few centimeters, so both devices have to be physically close, and someone standing nearby can’t intercept or alter the signal.

Continue reading “Hackaday Dictionary: Near Field Communications (NFC)”

SuperCon Presenters Revealed

October 15, 2015 by 16 Comments

When we announced the Hackaday SuperConference earlier this week we weren’t able to mention any presenters; the call for proposals to this epic hardware conference was still open. Now that the proposals are in we have been poring over them and starting to send acceptance notifications. Just a few of the notable presenters who have already confirmed are listed below. This is more than enough to get the excitement started but we will of course announce more in the coming days.

Check out the amazing space we’ve booked at Dogpatch Studios. It is perfect for the non-stop, high-throughput schedule that has been assembled. There will be one speaking track for talks that spans the entire weekend, while multiple concurrent workshops are held on the other floor of the venue. The evening party will kick off with the announcement of the 2015 Hackaday Prize winner, and the winner of Best Product.

Head over and apply now to attend the two-day SuperCon in San Francisco on November 14th and 15th. This list of amazing people and topics is just a taste of over thirty talks and workshops going on at the hardware conference you’ve been waiting for.

Shanni R. Prutchi  | Construction of an Entangled Photon Source for Experimenting with Quantum Technologies

Sprite_TM | Implementing the Tamagotchi Singularity

Michael Ossmann | Simple RF Circuit Design Workshop

Fran Blanche | Fun and Relevance of Antiquated Technology

Paul Stoffregen | Advanced Microcontroller-Based Audio Workshop

Noah Feehan | Making in Public

Sarah Petkus | NoodleFeet: Building a Robot as Art

Minas Liarokapis | OpenBionics

Luke Iseman | Starting a Hardware Startup

Dozens more to come.

Download the SuperCon poster and hang it everywhere. Share the @hackaday #SuperCon.  Do it now.

Hijacking Quadcopters With A MAVLink Exploit

October 15, 2015 by 61 Comments

Not many people would like a quadcopter with an HD camera hovering above their property, and until now there’s no technical resource to tell drone pilots to buzz off. That would require actually talking to a person. Horrors. Why be reasonable when you can use a Raspberry Pi to hijack a drone? It’s the only reasonable thing to do, really.

The folks at shellIntel have been messing around with quads for a while, and have recently stumbled upon a vulnerability in the Pixhawk flight controller and every other quadcopter that uses the MAVLink protocol. This includes the Parrot AR.drone, ArduPilot, PX4FMU, pxIMU, SmartAP, MatrixPilot, Armazila 10dM3UOP88, Hexo+, TauLabs and AutoQuad. Right now, the only requirement to make a drone fall out of the sky is a simple radio module and a computer. A Raspberry Pi was used in shellIntel’s demo.

The exploit is a consequence of the MAVLink sending the channel or NetID used to send commands from the transmitter to the quadcopter in each radio frame. This NetID number is used so multiple transmitters don’t interfere with each other; if two transmitters use the same NetID, there will be a conflict and two very confused pilots. Unfortunately, this also means anyone with a MAVLink radio using the same NetID can disarm a quadcopter remotely, and anyone with a MAVLink radio can tell a quad to turn off, or even emulate the DJI Phantom’s ‘Return to China’ function.

The only required hardware for this exploit is a $100 radio and three lines of code. It is certainly possible to build a Raspberry Pi-based box that would shut down any Pixhawk-equipped quadcopter within radio range, although the folks at shellIntel didn’t go that far just yet. Now it’s just a proof of concept to demonstrate that there’s always a technical solution to your privacy concerns. Video below.

Continue reading “Hijacking Quadcopters With A MAVLink Exploit”

Draw bot poetry

Sandy Poems Drawn By A Robot Named Skryf

October 15, 2015 by 14 Comments

If you were lucky at the 2015 World Maker Faire you may have stumbled upon strange writings of poetry on the ground — written in sand.  While at first confusing, if you followed the poetry along you also caught a glimpse of Skryf, a draw bot by [Gijs van Bon].

skryf-drawbot-thumbThe creator was asked to perform poems for a festival about transition and letting go. Naturally, building a robot to write poetry in sand was the downright obvious answer to the question.

I was asked to perform 40 poems during a 10 day festival, and the poems were about transition and letting go. And then I thought the obvious thing to do as an artist is to make a machine that writes those poems with sand. I started writing them, and when the third poem was written, the first one was completely gone, and it was such a beautiful thing.

The robot uses a laptop for input, which is connected to the bicycle carriage. One servo controls the left-to-right movement, and another releases the sand. Forward and back is controlled by the main drive train, which must have been fun to account for (they aren’t servos!)

Continue reading “Sandy Poems Drawn By A Robot Named Skryf”

ASCII Games, Chiptunes, Hacker Celebrities At Hackaday Prize Worldwide Berlin

October 14, 2015 by 4 Comments

Hackaday teamed up with the Vintage Computer Festival to have a Meetup last week. It was quite a party, with Berlin based chiptunes band Thunder.Bird and TheRyk using Commodore 64s and SID sound chip. The age of this equipment and relatively small volume original production runs makes it hard to find these days, but there is an underground group making music with these who trade among themselves. TheRyk created PlayEm64 (pictured above) to organize and play the music using the SID hardware and says that an advantage of this software is that it includes the play time (not in the fileheader), which is really useful for party entertainment! These chips sounded fantastic and added to the energy of the packed house.

zoovideoA Hackaday party means that people bring their projects to show off and entertain the crowd with. [Nils Dagsson Moskopp] brought a game called Zoo Tycoon Roguelike that he built for a 7 day long competition. This is a text based roguelike game based on the 2011 Microsoft game Zoo Tycoon. As with the original game, Nils’ game aimed to keep animals happy within a thriving zoo. What’s neat about Nils’ version is that all the actions are displayed in words on the right side of the screen and he custom developed the characters in bitmap form.

SONY DSC
[Sisam] brought Cube Tetris, a social gaming device with 4 sides, each individually controlled so that players must collaborate with each other to win. The new take on the already addictive game kept a crowd around this table the entire night.

[Dave Darko] and [Alex] brought a collaborative project that they’ve been developing on Hackaday.io together. The first, third and 4th board shown below are [Alex’s] boards, and the second one with the acrylic case is [Dave Darko’s]. They both started with 5x5cm breakout boards for the ESP8266 but they’ve been adding features off of each other’s boards like support for the ESP-07 / ESP-12 and an additional ESP-01 footprint. Someone wished for a USB micro port, and that is now on both of their boards. The next stage for [Alex] is adding 2 pin rows for GVS (ground-voltage-signal) to his boards, a feature which [Dave Darko] has already put in place on his offerings.

Alex and DaveDarko ESP8266 boards

We also saw an appearance by Captain Crunch (John Draper) – he’s pictured here with some friends from Lithuania. Our next event is in San Francisco in November, and we hope to see you at some point somewhere in the world.

The 2015 Hackaday Prize is sponsored by: