Reverse Engineering Wireless Temperature Probes

March 1, 2015 by Brian Benchoff 13 Comments

[bhunting] lives right up against the Rockies, and for a while he’s wanted to measure the temperature variations against the inside of his house against the temperature swings outside. The sensible way to do this would be to put a few wireless temperature-logging probes around the house, and log all that data with a computer. A temperature sensor, microcontroller, wireless module, battery, case, and miscellaneous parts meant each node in the sensor grid would cost about $10. The other day, [bhunting] came across the exact same thing in the clearance bin of Walmart – $10 for a wireless temperature sensor, and the only thing he would have to do is reverse engineer the protocol.

These wireless temperature sensors are exactly what you would expect for a cheap piece of Chinese electronics found in the clearance bin at Walmart. There’s a small radio operating at 433MHz, a temperature sensor, and a microcontroller under a blob of epoxy. The microcontroller and transmitter board in the temperature sensor were only attached by a ribbon cable, and each of the lines were labeled. After finding power and ground, [bhunting] took a scope to the wires that provided the data to the radio and took a look at it with a logic analyzer.

After a bit of work, [bhunting] was able to figure out how the temperature sensor sent data back to the base station, and with a bit of surgery to one of these base stations, he had a way to read the temperature data with an Arduino. From there, it’s just a data logging problem that’s easily solved with Excel, and [bhunting] has exactly what he originally wanted, thanks to a find in the Walmart clearance bin.

Cardboard CNC Machine Boxes Up Both A Tool And A Framework

March 1, 2015 by Sonya Vasquez 33 Comments

Want to build up a desktop CNC machine without breaking your pocketbook? [James Coleman], [Nadya Peek], and [Ilan Moyer] of MIT Media Labs have cooked up a modular cardboard CNC that gives you the backbone from which you can design your own machine.

The CNC build comprises of design instructions for a single axis linear stage and single axis rotary stage with several ideas on how to combine multiple of these axes together to construct a particular machine. Whether your milling wood, laser-engraving your desk, or pipetting your bacteria samples, the designs [Dropbox] and physical components can be adopted for your end-application.

Perhaps the most interesting aspect of this project is that, at the high level, it is not just a cnc, but a framework known as Gestalt. This architecture enables users to develop their own machine configuration consisting of multiple software nodes linked together with high-level Python Code. Most of the high level computation is organized by a Python library that calls compiled C-code. This high-level framework processes instructions through the desired machine’s kinematics to output commands to the motor controllers. Finally, the top-level interface does away with the archaic GCode with two alternatives: a Python interface consisting of function calls to procedures and a remote interface to make procedure calls through http requests. While the downside of a motion control language is that commands have no standardization; they are, however, far more human-readable, a benefit that plays into the Gestalt Framework’s aim “to be accessible to individuals for personal use.”

In the paper [PDF], [Ilan] expresses the notion of a tool as an impedance-matching device, an instrument that extends the reach of our creativity to bend and morph a broader range of shapes into forms from our imagination. Where our hands fail in their imprecision and weakness, tools bridge this gap. Gestalt and the Cardboard CNC are first steps to creating a framework so that anyone can design and realize their own impedance-matching device, whether they’re weaving steel cables or carving wood.

The folks at MIT Media Labs a familiar heavy-hitters in this field of low-cost machinery, especially the kind that fit in a suitcase. We’re thrilled to see a build that reaches out directly to the community.

via [CreativeApplications.net]

Putting Oculus Rift On A Robot

February 28, 2015 by Anool Mahidharia 15 Comments

Many of the early applications for the much anticipated Oculus Rift VR rig have been in gaming. But it’s interesting to see some more useful applications besides gaming, before it’s commercial release sometime this year. [JoLau] at the Institute i4Ds of FHNW School of Engineering wanted to go a step beyond rendering virtual worlds. So he built the Intuitive Rift Explorer a.k.a IRE. The IRE is a moving reality system consisting of a gimbaled stereo-vision camera rig transmitting video to the Rift, and matching head movements received from the Oculus Rift. The vision platform is mounted on a Remote-controlled robot which is completely wireless.

One of the big challenges with using VR headsets is lag, causing motion sickness in some cases. He had to tackle the problem of latency – reducing the time from moving the head to getting a matching image on the headset – Oculus Rift team specified it should be less than 20ms. The other important requirement is a high frame rate, in this case 60 frames per second. [JoLau] succeeded in overcoming most of the problems, although in conclusion he does mention a couple of enhancements that he would like to add, given more time.

[JoLau] provides a detailed description of the various sub-systems that make up IRE – the Stereo camera, audio and video transmission, media processing, servo driven gimbal for the stereo camera, and control system code. [JoLau]’s reasoning on some of the interesting hardware choices for several components used in the project makes for interesting reading. Watch a video of the IRE in action below.

Continue reading “Putting Oculus Rift On A Robot” →

Bypassing The Windows Lock Screen

February 28, 2015 by Rick Osgood 87 Comments

Most of us know that we should lock our computers when we step away from them. This will prevent any unauthorized users from gaining access to our files. Most companies have some sort of policy in regards to this, and many even automatically lock the screen after a set amount of time with no activity. In some cases, the computers are configured to lock and display a screen saver. In these cases, it may be possible for a local attacker to bypass the lock screen.

[Adrian] explains that the screen saver is configured via a registry key. The key contains the path to a .scr file, which will be played by the Adobe Flash Player when the screen saver is activated. When the victim locks their screen and steps away from the computer, an attacker can swoop in and defeat the lock screen with a few mouse clicks.

First the attacker will right-click anywhere on the screen. This opens a small menu. The attacker can then choose the “Global settings” menu option. From there, the attacker will click on “Advanced – Trusted Location Settings – Add – Add File”. This opens up the standard windows “Open” dialog that allows you to choose a file. All that is required at this point is to right-click on any folder and choose “Open in a new window”. This causes the folder to be opened in a normal Windows Explorer window, and from there it’s game over. This window can be used to open files and execute programs, all while the screen is still locked.

[Adrian] explains that the only remediation method he knows of is to modify the code in the .swf file to disable the right-click menu. The only other option is to completely disable the flash screen saver. This may be the safest option since the screen saver is most likely unnecessary.

Update: Thanks [Ryan] for pointing out some mistakes in our post. This exploit specifically targets screensavers that are flash-based, compiled into a .exe file, and then renamed with the .scr extension. The OP mentions these are most often used in corporate environments. The exploit doesn’t exist in the stock screensaver.

DIY Speaker Build

February 28, 2015 by Anool Mahidharia 11 Comments

There is something refreshing about a neat, portable audio hack – especially one than involves making a DIY Speaker Box from scratch. [Dave] had some time to spare and his ShapeOko was lying idle and hankering for some attention. He needed a small speaker that he could place outside when entertaining guests. After some quick homework, he zeroed in on the speakers he would use.

Using some online resources , he did some basic math to figure out the box size and shape, but then eventually threw caution to the wind and went ahead with the design he had in mind. Most speaker box builds use some form of wood or MDF. [Dave] had 9mm thick ABS sheets lying around and decided to use them instead. He used an interesting technique for putting the box together. The front and rear panels had slots milled in to them to follow the shape of the side panels. The two side panels had strategically cut slots half way through the thickness of the ABS to make it easier to heat bend them. He then used a heat gun to bend the side panels to fit them to the slots on the front and back panels. In the end, we’re guessing he used just four pieces of ABS to build a complex shape. Since the HiVi B3N speakers are full range, he also built a 1st order crossover to make sure the highs were diverted to the tweeters. All in all, a neat, clean build.

Laser Cut Settlers Of Catan Board = Best Christmas Gift Ever

February 28, 2015 by Theodora Fabio 20 Comments

[JoshBaker] wanted to make something special for his brother this past Christmas. He decided on making a wooden game board version of the Settlers of Catan game. [Josh] used CorelDraw to construct the vector images needed for the board. Then, he set out cutting the base, engraving and cutting out the many wooden pieces with a laser cutter. All the pieces were stained and then sealed with polyurethane. He assembled the base so that the removable hex tiles, ports, and resource numbers sit nicely in the recessed parts and don’t shift during gameplay. He complemented the board with tokens and game pieces that he hand-painted. [Josh] also created a new set of cards to fit with the board’s aesthetic.

The board is done incredibly well, not to mention beautiful to look at. The hex tiles’ designs are very detailed. The stained and engraved wood really adds to the atmosphere of the game. We featured a coffee table that would be perfect to play it on. [Josh] has listed all of the vector files for the version he gave his brother, as well as additional ones for the Cities and Knights Expansion. We wish we could have seen the look on his brother’s face when he got such an awesome Christmas gift!

[via Instructables]

Beating Super Hexagon With OpenCV And DLL Injection

February 28, 2015 by Adam Fabio 19 Comments

Every few months a game comes along which is so addictive, players can’t seem to put it down – no matter how frustrating it may get. Last year one of those games was Super Hexagon. After fighting his way through several levels, [Val] decided that designing a bot to beat the game would be more efficient than doing it himself. Having played a few rounds of Super Hexagon ourselves, we can’t fault him on that front!

At its core, Super Hexagon is a simple game. Walls move from the screen edges toward a ship located near the center of the screen. The player uses the arrow keys to “orbit” the ship around a central shape. Avoid getting crushed by the walls, and you’re golden. However, the entire game board is constantly spinning, expanding, contracting, flashing, and generally doing things to disorient the player while ever more complex wall patterns move in to kill you. In short, Super Hexagaon makes Touhou bullet hell games look like a cakewalk.

The first step in beating the game is to capture the screen. [Val] tried Fraps and VLC, but lags of 2 seconds or more were not going to work. Then [Val] turned to DLL Injection. Super Hexagon calls the OpenGL function glutSwapBuffers() to implement double buffering. Every frame of the game is rendered in the background. Once rendering is complete glutSwapBuffers() is called to swap the buffers, and the process starts over again. [Val] changed the game code such that his own frame capture function would be called instead of glutSwapBuffers(). Once he was done capturing the game’s video buffer, [Val] then called the real glutSwapBuffers() function. It worked perfectly.

Now that he had an image, [Val] used OpenCV to process it. Although game is graphically very noisy, there are only a few colors used at any one time. It didn’t take much work to come up with an algorithm which would create a binary image of the walls and the ship itself.

[Val] cast rays from the center of each wall through the center of the screen. The ray which was longest before intersecting another wall would be the best escape route. This simple solution worked, but only for about 40 seconds. At that point, Super Hexagon would start throwing more complex patterns, and the AI would fail. The final solution was to create an accessibility condition which also took into account how much space was available between the various approaching walls. This new version of the AI was able to beat the game.

So was this a more efficient method than grinding through Super Hexagon manually? Since [Val] now knows all about DLL injection and OpenCV, we sure think it was!

Click past the break to see the [Val’s] bot in action!

Continue reading “Beating Super Hexagon With OpenCV And DLL Injection” →