Facebook Bounty

Deleting Facebook Albums Without Permission

February 15, 2015 by 17 Comments

[Laxman] was poking around Facebook looking for security vulnerabilities. Facebook runs a bug bounty program which means if you can find a vulnerability that’s serious enough, it can earn you cold hard cash. It didn’t take much for [Laxman] to find one worthy of a bounty.

The graph API is the primary way for Facebook apps to read and write to the Facebook social graph. Many apps use this API, but there are limitations to what it can do. For example, the API is unable to delete users’ photo albums. At least, it’s not supposed to be able too. [Laxman] decided to test this claim himself.

He started by sending a command to delete one of his own albums using a graph explorer access token. His request was denied. The application didn’t have the correct permissions to be able to perform that action. It seemed that Facebook was correct and the API was unable to delete photos. [Laxman] had another trick up his sleeve, though. He noticed that the wording of the response suggested that other apps would have the ability to delete the albums, so he decided to check the Facebook mobile application.

He decided to send the same request with a different token. This time he used a token from the Facebook for Mobile application. This actually worked, and resulted in his photo album being deleted. To take things a step further, [Laxman] sent the same requests, but changed the user’s ID to a victim account he had set up. The request was accepted and processed without a problem. This meant that [Laxman] could effectively delete photo albums from any other user without that user’s consent. The vulnerability did require that [Laxman] had permission to view the album in the first place.

Since [Laxman] is one of the good guys, he sent this bug in to the Facebook team. It took them less than a day to fix the issue and they rewarded [Laxman] $12,500 for his trouble. It’s always nice to be appreciated. The video below shows [Laxman] walking through how he pulled off this hack using Burp Suite. Continue reading “Deleting Facebook Albums Without Permission”

Home-brew Vibration Cleaner Leaves Your SLA Prints Squeaky-Clean

February 15, 2015 by 11 Comments

If you’ve had the chance to add a Form 1+ 3D printer to your basement, you might find the post-print cleaning step a bit tedious. (A 20-minute alcohol bath? Outrageous!) Fortunately, for the impatient, [ChristopherBarr] has developed the perfect solution: a post-print agitator that cuts the time in-and-out-of the bath from 20 minutes to about two.

[ChristopherBarr’s] build is the right conglomerate of parts we’d expect when keeping the price down for this hack. He’s combined a palm sander, a couple pints of urethane expanding foam, and two loaf pans into one agitating mechanism that he’s dubbed “the Loafinator.” With the urethane expanding foam, [ChristopherBarr] achieved a near-perfect fit of the sander inside the loaf pan, now that the foam has filled in the remaining contours to hold the sander in place. Best of all, the sander hasn’t been sacrificed for this build; instead, the foam holder was assembled in three stages and isolated from the sander with a layer of plastic wrap to enable later extraction.

[ChristopherBarr’s] simple, yet practical, hack serves as an excellent solution to a number of hobbyists looking to “get things agitated.” While his device is able to polish off the uncured resin from his resin prints much faster than the conventional approach, we’d imagine that a similar build could greatly expedite the PCB etching process in a muriatic-acid or ferric-chloride based PCB etching procedure–far more quickly than our previous automated solution. The time-saving comes at a price; however. Once you’ve installed your very own Loafinator alongside your printer, expect a few nosy neighbors to start asking for visits to check out your new motorboat.

Continue reading “Home-brew Vibration Cleaner Leaves Your SLA Prints Squeaky-Clean”

IOT Lightbulb hack

Repurposing IOT Lightbulb Chip For Anything

February 15, 2015 by 27 Comments

Home automation products have hit critical mass in the world of consumerism, and now suddenly everyone has a product you can control using some protocol or other. Cree (the maker of LEDs) has a rather cheap IOT-enabled bulb available in Canada and the US for the low price of $15 — not bad considering regular LED bulbs can run you that much, without wireless connectivity!

So if you want to outfit your house in smart lights — great. But what about other things? Well, [Mac Alpine] decided to crack open one of the bulbs to see if he could re-purpose the IOT board. Turns out, you can.

In fact it’s almost too convenient. It’s a remarkably small chip, about half the size of a silver dollar. And it features a small ZigBee radio module. All you need is a 3V power supply, and boom — you have an IOT module that is capable of PWM output. It features an Atmel ATSAMR21E microprocessor which communicates over the radio to a Quirky Wink hub — it can also be triggered using IFTTT.

Continue reading “Repurposing IOT Lightbulb Chip For Anything”

Hackaday Retro Edition: The Second Most Valuable Home Computer

February 15, 2015 by 38 Comments

This will come to no surprise to anyone who has ever talked to me for more than a few minutes, but one of my guilty Internet pleasures is heading over to eBay’s ‘vintage computing’ category, sorting by highest price, and grabbing a cup of coffee. It’s really just window shopping and after a while you start seeing the same things over and over again; Mac 512s with a starting bid far more than what they’re worth, a bunch of old PC-compatible laptops, and a shocking amount of old software. For the last week I’ve been watching this auction. It’s a Commodore 65 prototype – one of between 50 and 200 that still exist – that has over 60 bids, the highest for over $20,000 USD. It’s the most successful vintage computer auction in recent memory, beating out the usual high-profile auctions like Mac 128s and Altair 8800s. The most valuable home computer is the Apple I, but if you’re wondering what the second most valuable one is, here you go.

C65 serialThe C65 is not a contemporary of the C64, or even our own [Bil Herd]’s C128. This was the Amiga era, and the C65 was intended to be the last great 8-bit machine. From a page dedicated to the C65, it’s pretty much what you would expect: the CPU is based on a 6502, with the on-die addition of two 6526 CIA I/O controllers. The standard RAM is 128kB, expandable to 8MB by an Amiga 500-like belly port. Sound would be provided by two SIDs, and the video is based on the VIC-III, giving the C65 a pallette of up to 4096 colors and a resolution of up to 1280×400.

There’s still a little over five hours to go in the auction, but the current $21000 price should go even higher in the final hour; a C65 auction from a few years ago fetched $20100 for ‘a computer with missing parts’. This auction is for a complete, working system that has remained intact since it was discovered during the Commodore closing.

Update: Auction finished for $22,862.01 USD. For historical purposes, here’s a flickr album, a video, and another video.

vt100normal The Hackaday Retro Edition is our celebration of old computers doing something modern, in most cases loading the old, no CSS or Javascript version of our site.

If old and rare computers are your sort of thing, Hackaday will be at the VCF East this year.

If you have an old computer you’d like featured, just load up the retro site, snap some pictures, have them developed, and send them in.

Climbing Wall in Garage

Rock Climbing Wall Installed In Garage Doubles As Storage Space

February 14, 2015 by 8 Comments

Climbing enthusiast and human spider [Swighton] just couldn’t get enough climbing crammed into his day. If he couldn’t get out to the climbing spots, why not bring the climbing spot to him? So he did that by building a climbing wall in his garage.

The process started with determining the available space that can be allocated to the project. In [Swighton]’s case he could afford an 8×12 ft section of real estate. The garage ceilings were 8 ft high. A few days were spent sketching out ideas and designs. To suit his needs, the wall had to have a 45 degree overhang section, a small 90 section (think ceiling, not wall) and a pull-up bar. Once the design was finalized, it was time to pull some sheet rock off the walls and ceiling so that the 2×4 and 2×6 climbing wall framing could be securely fastened to the current garage structure.

Three-quarter inch plywood would cover the wooden frame. Before the plywood sheets were cut to size and installed, he drilled holes every 8 inches to accept t-nuts. These t-nuts allow hand holds to be installed and easily reconfigured. The quantity of t-nuts adds up quickly, an 8 inch square spacing results in 72 t-nuts per sheet of plywood.

[Swighton] also added a hatch to allow access to the inside of the climbing wall so that space would not go to waste. It is now a storage area but may become a kids’ fort in the future. After it was all said and done the wall only cost $400 which includes $180 for the hand holds.

If you’re like [Swighton] and can’t get enough climbing action, check out this wall with light up hand holds or this interactive wall.

Auto-Meter Reader Feeder Keeps Meter-Maids At Bay

February 14, 2015 by 45 Comments

Planting your car just about anywhere almost always comes at a price; and, if you’re overdue for your return, odds are good that you’ll end up paying a much steeper price than intended. Parking meters are wonderful devices at telling the authorities just how much time you have left until you’re ticketworthy. [Zack] figured that five–even ten minutes late—is an absurd reason to pay a fine, so he’s developed a tool that will preload a meter with a few extra coins when the authorities get too close.

The law-enforcement detection system puts together of number of tools and techniques that we’re intimately familiar with: 3D printing, Arduino, a photoresistor, and a proximity (PIR) sensor. At the code level, [Zack] filters his analog photo resistor with a rolling average to get a clean signal that triggers both by day and by night. The trigger? Two possibilities. The PIR sensor detects curious law enforcement officers while the filtered photoresistor detects the periodic twirling siren lights. Both events will energize a solenoid to drop a few extra coins through a slide and into the meter slot.

For a collection of well-known components, [Zack] could’ve packed his contraption into a Altoids Tin and called it a day. Not so. As an interaction designer, looks could make or break the experience. For this reason, he opts for a face-hugging design with a steampunk twist. Furthermore, to achieve compatibility across a range of devices, [Zack’s] CAD model is the result of adjusting for various meter profiles from images he snapped in the urban wilderness. The result? A clean, authentic piece of equipment compatible with a family of meters.

For the shrewd-eyed observers, [Zack’s] first video post arrived online in 2011, but his work later resurfaced at a presentation in the 2015 Tangible, Embedded, and Embodied Conference by his former design instructor [Eric Paulos], who was eager to show off [Zack’s] work. For a deeper dive into the upcoming second edition, head on over to [Zack’s] image feed.

Continue reading “Auto-Meter Reader Feeder Keeps Meter-Maids At Bay”

3D Printed Snowblower

Automate Winter With A 3D Printed Snowblower

February 14, 2015 by 25 Comments

Remote controlled vehicles aren’t just for kids. In fact, you can get some seriously cool mini utility vehicles. In fact, you can even buy a mini tracked snow blowing vehicle! But [The_Great_Moo] was rather disappointed in the performance of his Kyosho Blizzard SR, so he did what any self-respecting hacker would — he redesigned the whole damn thing and 3D printed it.

The beauty with re-designing something from the ground up is you can design it specifically for 3D printing (unless of course you want to mass produce it!), so [The_Great_Moo] took his time and built all his parts with layer strength in mind. The large parts are printed at 0.4mm resolution, and the finer parts; like gears and shafts, are printed at 0.2mm resolution. He printed everything off using his Da Vinci 1.0 printer, and it apparently only took 40 hours!

Besides bolts and nuts everything is 3D printed — even the timing belt gears and gearbox! But the real question is… can it really blow snow. You’ll have to watch the video to find out.

Continue reading “Automate Winter With A 3D Printed Snowblower”