Hacking Oklahoma State University’s Student ID Cards

February 25, 2015 by 39 Comments

[Sam] took an information security class at Oklahoma State University back in 2013. For his final project, he and a team of other students had to find a security vulnerability and then devise a theoretical plan to exploit it. [Sam’s] team decided to focus on the school’s ID cards. OSU’s ID cards are very similar to credit cards. They are the same size and shape, they have data encoded on a magnetic strip, and they have a 16 digit identification number. These cards were used for several different purposes. Examples include photo ID, physical access to some areas on campus, charges to an online account, and more.

[Sam] and his team analyzed over 100 different cards in order to get a good sample. They found that all cards started with same eight digits. This is similar to the issuer identification number found in the first six digits of a credit card number. Th analysis also showed that there were only three combinations used for the next two digits. Those were either 05, 06, or 11. With that in mind, the total possible number of combinations for card numbers was mathematically calculated to be three million.

OSU also had a URL printed on the back of each card. This website had a simple form with a single field. The user can enter in a 16 digit card number and the system would tell the user if that card was valid. The page would also tell you if the card holder was an employee, a student, or if there were any other special flags on the card. We’re not sure why every student would need access to this website, but the fact is that the URL was printed right on the back of the card. The website also had no limit to how many times a query could be made. The only hint that the university was aware of possible security implications was the disclaimer on the site. The disclaimer mentioned that usage of the tool was “logged and tracked”.

The next step was to purchase a magnetic card reader and writer. The team decoded all of the cards and analyzed the data. They found that each card held an expiration date, but the expiration date was identical for every single card.  The team used the reader/writer to copy the data from [Sam’s] card and modify the name. They then wrote the data back onto a new, blank magnetic card. This card had no printing or markings on it. [Sam] took the card and was able to use it to purchase items from a store on campus. He noticed that the register reached back to a server somewhere to verify his real name. It didn’t do any checks against the name written onto the magstripe. Even still, the cashier still accepted a card with no official markings.

The final step was to write a node.js script to scrape the number verification website. With just 15 lines of code, the script will run through all possible combinations of numbers in a random sequence and log the result. The website can handle between three and five requests per second, which means that brute forcing all possible combinations can be completed in roughly two days. These harvested numbers can then be written onto blank cards and potentially used to purchase goods on another student’s account.

[Sam’s] team offers several recommendations to improve the security of this system. One idea is to include a second form of authorization, such as a PIN. The PIN wouldn’t be stored on the card, and therefore can’t be copied in this manner. The primary recommendation was to take down the verification website. So far OSU has responded by taking the website offline, but no other changes have been made.

Diode Steering And Counting With A 555

February 25, 2015 by 27 Comments

While you’re not likely to see this technique used very much today, there’s a lot you can do with a 555, some logic chips, and a handful of diodes. [Fran] is here with a great example of using these simple parts to build a circuit that counts to zero, using parts you can probably find under your workbench.

[Fran] was inspired to build this diode counter from one of [Dave]’s Mailbags and [Colin Mitchell]’s 555 circuit book. The 555 is the standard component found in every parts drawer, but since we have tiny microcontrollers that cost the same as a 555, we’re not seeing the artistry of a simple timer chip and a few logic chips much these days.

This circuit began with a 555 attached to a 4017B decade counter. Simply by tying a few LEDs to the output of the 4017, [Fran] made a bunch of LEDs light up in sequence. Cool, but nothing unexpected. The real trick uses a few diodes and six LEDs to build a scanner – a line of LEDs that will blink from left to right, then right to left. Impressive, and with a little more circuitry it’s a Larson Scanner, as seen in Battlestar Galactica and Knight Rider.

The real trick for this technique comes when [Fran] pulls out a piece of protoboard, several dozen diodes, and seven old transistors to have a seven-segment display count from zero to nine. The 4017 simply counts out on ten pins, and each of these pins is wired to a bunch of diodes for each segment in the display. Add in a few resistors and a transistor, and [Fran] replicated what’s inside a seven-segment driver with discrete parts.

If counting to zero isn’t enough proof that you can do a whole lot with some diodes and logic chips, how about programming an Atari 2600 with one?

Video below.

Continue reading “Diode Steering And Counting With A 555”

Arduino V. Arduino

February 25, 2015 by 105 Comments

Arduino LLC is suing Arduino Srl (the Italian version of an LLC). Sounds confusing? It gets juicier. What follows is a summary of the situation as we learned it from this article at MakeMagazin.de (google translatrix)

Arduino LLC is the company founded by [Massimo Banzi], [David Cuartielles], [David Mellis], [Tom Igoe] and [Gianluca Martino] in 2009 and is the owner of the Arduino trademark and gave us the designs, software, and community support that’s gotten the Arduino where it is. The boards were manufactured by a spinoff company, Smart Projects Srl, founded by the same [Gianluca Martino]. So far, so good.

Things got ugly in November when [Martino] and new CEO [Federico Musto] renamed Smart Projects to Arduino Srl and registered arduino.org (which is arguably a better domain name than the old arduino.cc). Whether or not this is a trademark infringement is waiting to be heard in the Massachussetts District Court.

According to this Italian Wired article, the cause of the split is that [Banzi] and the other three wanted to internationalize the brand and license production to other firms freely, while [Martino] and [Musto] at the company formerly known as Smart Projects want to list on the stock market and keep all production strictly in the Italian factory.

Naturally, a lot of the original Arduino’s Open Source Hardware credentials and ethos are hanging in the balance, not to mention its supply chain and dealer relationships. However the trademark suit comes out, we’re guessing it’s only going to be the first in a series of struggles. Get ready for the Arduino wars.

We’re not sure if this schism is at all related to the not-quite-open-source hardware design of the Yun, but it’s surely the case that the company is / the companies are going through some growing pains right now.

Thanks [Philip Steffan] for the pointer to the MakeMagazin.DE article. (And for writing it.)

DIY Through Hole Plating Like A Boss

February 25, 2015 by 67 Comments

We’ve seen plenty of professional looking, homemade PCBs over the years. But this is the first time we’ve seen such professional vias and through hole plating. Don’t let the green solder mask fool you. This is a homemade PCB.

[Kurt Skauen] started with your standard artwork, followed by etching. He then applied a solder mask that is UV curable. At this point, it’s nothing we haven’t seen done before. After drilling he then adds vias with wire. Again, we’ve seen that before as well. Where it gets interesting is his use of through hole plating rivets. We’ve heard of these micro-sized rivets in the past, but hadn’t seen their use documented as well as [Kurt] has.

Making such a professional looking board at home is practically an art form. One could argue that with today’s cheap, short run PCB fab houses, why bother with trying to do it yourself? Well, perhaps you need a professional looking board to show a client ASAP. Maybe you just hate waiting for your boards to arrive. Or maybe you do it just because you can. Either way, the results [Kurt] achieved are very impressive.

Colorful Clock

A Colorful Clock For Toddlers

February 24, 2015 by 34 Comments

[Don] and his wife were looking for a way to teach their two-year old daughter how to tell time. She understood the difference between day and night, but she wasn’t old enough to really comprehend telling the actual time. [Don’s] solution was to simplify the problem by breaking time down into colored chunks representing different tasks or activities. For example, if the clock is yellow that might indicate that it’s time to play. If it’s purple, then it’s time to clean up your room.

[Don] started with a small, battery operated $10 clock from a local retailer. The simple clock had a digital readout with some spare room inside the case for extra components. It was also heavy enough to stay put on the counter or on a shelf. Don opened up the clock and got to work with his Dremel to free up some extra space. He then added a ShiftBrite module as a back light. The ShiftBrite is a high-brightness LED module that is controllable via Serial. This allows [Don] to set the back light to any color he wants.

[Don] already had a Raspberry Pi running his DIY baby monitor, so he opted to just hijack the same device to control the ShiftBrite. [Don] started out using a Hive13 GitHub repo to control the LED, but he found that it wasn’t suitable for this project. He ended up forking the project and altering it. His alterations allow him to set specific colors and then exit the program by typing a single command into the command line.

The color of the ShiftBrite is changed according to a schedule defined in the system’s crontab. [Don] installed Minicron, which provides a nice web interface to make it more pleasant to alter the cron job’s on the system. Now [Don] can easily adjust his daughter’s schedule via web page as needed.

 

Piana – Musical Synthesis For The Raspberry Pi

February 24, 2015 by 23 Comments

For the last 15 years or so, software synths have slowly yet surely replaced those beatboxes, drum machines, and true synthesizers. It’s a loss for old hardware aficionados, but at least everyone with a MacBook is now a musician, amiright?

The Raspberry Pi and Pi2 already have more processing power than a desktop from ’99, so it’s no surprise that all of those classic synths, from a Moog. Yamaha DX, Casio CZ, Linn drum machine, Fairlight, and a mellotron, can all be stuffed into a Pi thanks to the work of [Phil Atkin] and his Raspberry Pi synthesizer.

[Phil]’s efforts to bring audio synthesis to the Pi fall under three techniques: subtractive synthesis, phase distortion synthesis, and sample-based synthesis, something that’s found in everything from Akai MPCs, MacBooks, and that one episode of The Cosby Show. [Phil] is combining all of these techniques into a piece of software that’s capable of running seamlessly on the Pi, giving anyone with a $35 computer a tool that would have been worth several thousand dollars in 1985.

The project is pretty far along, but the recent release of the Raspberry Pi 2 has thrown [Phil] for a loop. On one hand, the Pi 2 is much more capable than the original Pi in terms of hardware, and this lends itself to more sounds and a better GUI. On the other hand, there are millions of original Pi 1s out there that still make for exceptional synthesizers. Either way, [Phil]’s work is a great example of how far you can push the Pi with audio work.

Thanks [Wybren] for the tip. Videos below.

Continue reading “Piana – Musical Synthesis For The Raspberry Pi”

EddiePlus, The Edison Based Balancing Robot

February 24, 2015 by 12 Comments

[Renee] dropped a tip to let us know about EddiePlus, her balancing robot creation. As its name might imply, EddiePlus is controlled by an Intel Edison processor. More specifically, [Renee] is using several of Sparkfun’s Edison Blocks to create Eddie’s brain. EddiePlus’ body is 3D printed, while his movement comes from two Pololu DC motors with wheels and encoders. The full build instructions are available as a PDF from [Renee’s] Google drive.

Eddie is able to balance and drive around on two wheels, much like a Segway. Sensor data for balance comes from Sparkfun’s LSM9DS0 based Inertial Measurement Unit (IMU) block. In this new “plus” version of Eddie, [Renee] has added encoders to the robot’s wheels. This makes it easier for him to adapt to changing loads – such as pumping iron (or banana plugs as the case may be). The encoders also help with varying terrain, as [Renee] demonstrates by tilting a board as Eddie drives on it. Eddie’s code is written in C, and available on Github.  Controlling Eddie is as easy as sending simple commands via UDP.

As you might imagine, the Intel Edison still has plenty of cycles left over after computing Eddie’s balance. [Renee] uses some of these with a webcam based teleoperation mode.

Click past the break to see Eddie in action!

Continue reading “EddiePlus, The Edison Based Balancing Robot”