The Last Week Of The Mooltipass Approacheth

December 8, 2014 by 46 Comments

A year and two days ago, [Mathieu] started out on a quest to develop some hardware with the help of Hackaday readers. This project became known as the Mooltipass, an open source offline password keeper that’s pretty much a password management suite or Post-It notes on a monitor, except not horribly insecure.

The product has gone through multiple iterations of software, [Mathieu] flew out to China to get production started, and the project finally made it to a crowdfunding site. That crowdfunding campaign is almost over with just eight days left and just a little bit left to tip this project into production. This is the last call, all hands in, and if you’re thinking about getting one of these little secure password-storing boxes, this is the time.

You can check out the Developed on Hackaday series going over the entire development of the Mooltipass, made with input from Mooltipass contributors and Hackaday readers. The Venn diagram of those two groups overlaps a lot, making this the first piece of hardware that was developed for and by Hackaday readers.

Even if you have a fool-proof system of remembering all your passwords and login credentials, the Mooltipass is still a very cool-looking Arduino-compatible board. Note that (security device) and (Arduino thing) are two distinct operating modes that should not be conflated.

[Mathieu] and other contributors will be in the comments below, along with a bunch of ‘security researchers’ saying how this device ‘is horrifying’, ‘full of holes’, and ‘a terrible idea’. One of these sets of people have actually done research. Guess which?

Toilet Sink Saves Water

Saving The Planet One Flush At A Time

December 8, 2014 by 88 Comments

Water is a natural resource that some of use humans take for granted. It seems that we can turn on a facet to find an unlimited supply. That’s not true in all parts of the world. In the US, toilets use 27% of household water requirements. That’s a lot of water to only be used once. The water filling the toilet after the flush is the same as that comes out of the sink. [gregory] thought it would make sense to combine toilet tank filling with hand washing as those two activities happen at the same time.

To accomplish this, a DIY sink and faucet were put in-line with the toilet tank fill supply. The first step was to make a new tank lid. [gregory] used particle board and admits it probably isn’t the best material, but it is what he had on hand. A hole was cut in the lid where a metal bowl is glued in. Holes were drilled in the bottom of the bowl so that water could drain down into the tank. The faucet is just standard copper tubing. The curve was bent by hand using a wire wrap method to keep it from kinking. The only remaining part was to connect the fill line (after the fill valve) to the faucet. Now, when the toilet is flushed, the faucet starts flowing.

Continue reading “Saving The Planet One Flush At A Time”

Crosswalk Pong Auf Deutschland

December 8, 2014 by 34 Comments

What is there to do in America while you’re waiting to cross the street at an intersection? Nothing; listen to that impatient clicking sound, and if you live in a busy city, pray you don’t get plowed into. In Germany however, pedestrians will now get to play Pong with the person on the other side.That’s right, as a means to encourage people to just hang in there and wait out the cycle instead of darting across against the light, design students [Sandro Engel] and [Holger Michel] came up with an entertaining incentive involving a potential conversation sparking duel with your impromptu counterpart across the street.

The first of these interactive cross-walk indicators was installed recently in Hildesheim, Germany, two years after the duo first designed them back in 2012. There was a little friction about installing the touch screen equipped modules initially, but after a proper redesign for functionality taking traffic science into account, the city authorities caved and allowed them to test the wings of their progressive idea on one city intersection so far. The mindset behind the invention of these indicators is part of a larger movement to make public spaces safer through means of fun and entertainment. Instead of threatening to punish those partaking in unsafe activity with fines, the notion is to positively enforce following rules by adding a level of play. While pedestrians have the right to walk, the screen shows how much time is left to make their away across, and for the duration that traffic is rolling through, the score will be kept for an individual game of pong for those on either side of the light.

Since the idea is generating some interest, the group of developers involved with the project have moved to promote their work (now branded as Actiwait) with an Indiegogo campaign. They hope to turn their invention into a full fledged product that will potentially be seen all over the world. Admittedly, it’d be charming to see this sort of technology transform our urban or residential environments with a touch of something that promotes friendly social interaction. Hopefully my faith in our worthiness to have nice things is warranted and we start seeing these here in America too. Nice work!

Check out this encounter with the street indicator here. The guy introducing the invention loses to the girl on the other side, but they share a high-five as they pass in the street:

Continue reading “Crosswalk Pong Auf Deutschland”

Calculator Remote with Launchpad

Calculator + MSP430 + IR LED = TV Remote?

December 8, 2014 by 5 Comments

Eschewing the store-bought solution, [Stefan] managed to build a TV remote out of an old calculator. The brains of the calculator were discarded and replaced with an MSP430, leaving only the button matrix and enclosure. Rather than look it up, he successfully mapped the matrix manually before getting stumped with the infrared code timings. Some research pointed him to a peculiarity with Samsung IR codes and with help from an open source remote control library he got it working.

When the range was too limited to satisfy him he added a booster circuit and an LED driver which he snapped off the top of an old remote; now it works from 30 feet away. Some electrical tape and hot glue later and it all fit back into the original case.

It cannot take photos or play Super Smash Brothers, but it does what a remote needs to do: browses channels in the guide, control volume, and turn the TV on or off. Considering that all this calculator was built to do was boring basic arithmetic, it is a procrastination-enabling upgrade.

See the video after the break for some smiles.

Continue reading “Calculator + MSP430 + IR LED = TV Remote?”

Chaos Theory In Practice: Chua’s Circuit

December 7, 2014 by 29 Comments

Chua’s circuit is the simplest electronic circuit that produces chaos—the output of this circuit never repeats the same sequence, and is a truly random signal. If you need a good source of randomness, Chua’s circuit is easy to make and is built around standard components that you might have lying around. [Valentine] wrote a comprehensive guide which walks you through the process of building your own source of chaos.

The chaos of Chua’s circuit is derived from several elements, most importantly a nonlinear negative resistor. Unfortunately for us, this type of resistor doesn’t exist in a discrete form, so we have to model it with several other components. This resistor, also known as Chua’s diode, can be created with an op-amp configured as a negative impedance converter and a couple pairs of diodes and resistors. Other variations such, as the schematic above,22`01 model Chua’s diode using only op-amps and resistors.

The rest of the circuit is quite simple: only two capacitors, an inductor, and a resistor are needed. [Valentine] does note that the circuit is quite sensitive, so you might encounter issues when building it on a breadboard. The circuit is very sensitive to vibration (especially on a breadboard), and good solder connections are essential to a reliable circuit. Be sure to check out the Wikipedia article on Chua’s circuit for a brief overview of the circuit’s functionality and a rabbit trail of information on chaos theory.

Arris Vulnerability

Bad Code Results In Useless Passwords

December 7, 2014 by 18 Comments

[HeadlessZeke] was excited to try out his new AT&T wireless cable box, but was quickly dismayed by the required wireless access point that came bundled with it. Apparently in order to use the cable box, you also need to have this access point enabled. Not one to blindly put unknown devices on his network, [HeadlessZeke] did some investigating.

The wireless access point was an Arris VAP2500. At first glance, things seemed pretty good. It used WPA2 encryption with a long and seemingly random key. Some more digging revealed a host of security problems, however.

It didn’t take long for [HeadlessZeke] to find the web administration portal. Of course, it required authentication and he didn’t know the credentials. [HeadlessZeke] tried connecting to as many pages as he could, but they all required user authentication. All but one. There existed a plain text file in the root of the web server called “admin.conf”. It contained a list of usernames and hashed passwords. That was strike one for this device.

[HeadlessZeke] could have attempted to crack the passwords but he decided to go further down this rabbit hole instead. He pulled the source code out of the firmware and looked at the authentication mechanism. The system checks the username and password and then sets a cookie to let the system know the user is authenticated. It sounds fine, but upon further inspection it turned out that the data in the cookie was simply an MD5 hash of the username. This may not sound bad, but it means that all you have to do to authenticate is manually create your own cookie with the MD5 hash of any user you want to use. The system will see that cookie and assume you’ve authenticated. You don’t even have to have the password! Strike two.

Now that [HeadlessZeke] was logged into the administration site, he was able to gain access to more functions. One page actually allows the user to select a command from a drop down box and then apply a text argument to go with that command. The command is then run in the device’s shell. It turned out the text arguments were not sanitized at all. This meant that [HeadlessZeke] could append extra commands to the initial command and run any shell command he wanted. That’s strike three. Three strikes and you’re out!

[HeadlessZeke] reported these vulnerabilities to Arris and they have now been patched in the latest firmware version. Something tells us there are likely many more vulnerabilities in this device, though.

[via Reddit]

Hackaday Links Column Banner

Hackaday Links: December 7, 2014

December 7, 2014 by 53 Comments

Have some .40 cal shell casings sitting around with nothing to do? How about some bullet earbuds? If you’ve ever wondered about the DIY community over at imgur, the top comment, by a large margin, is, “All of these tools would cost so much more than just buying the headphones”

Here’s something [Lewin] sent in. It’s a USB cable, with a type A connector on one end, and a type A connector on the other end. There is no circuitry anywhere in this cable. This is prohibited by the USB Implementors Forum, so if you have any idea what this thing is for, drop a note in the comments.

Attention interesting people in Boston. There’s a lecture series this Tuesday on Artificial Consciousness and Revolutionizing Medical Device Design. This is part two in a series that Hackaday writer [Gregory L. Charvat] has been working with. Talks include mixed signal ASIC design, and artificial consciousness as a state of matter. Free event, open bar, and you get to meet (other) interesting people.

Ghostbusters. It’s the 30th anniversary, and to celebrate the event [Luca] is making a custom collectors edition with the BluRay and something very special: the Lego ECTO-1.

Let’s say you need to store the number of days in each month in a program somewhere. You could look it up in the Time Zone Database, but that’s far too easy. How about a lookup table, or just a freakin’ array with 12 entries? What is this, amateur hour? No, the proper way of remembering the number of days in each month is some bizarre piece-wise function. It is: f(x) = 28 + (x + ⌊x8⌋) mod 2 + 2 mod x + 2 ⌊1x⌋. At least the comments are interesting.

Arduinos were sold in the 70s! Shocking, yes, but don’t worry, time travel was involved. Here’s a still from Predestination, in theatres Jan 9, rated R, hail corporate.