IPv6 To 1-wire Protocol Translator

December 2, 2009 by 16 Comments

[Fli] assembled an AVR based system that can assign IPv6 addresses to 1-wire components. An AVR ATmega644 microcontroller is used in conjunction with an ENC28J60 ethernet controller chip. To get up and running with IPv6 on this meek hardware [Fli] ported the uIPv6 stack from the contiki project over to the AVR framework. Although he encountered some hardware snafus along the way, in the end he managed to get five sensors connected to the device, each with their own IP assigned using the stack’s alias capability.

This is great if you’re looking for a low-cost IPv6 solution. We’re not sure if there’s much demand for that, but it’s useful for that 1-wire home automation setup you’re considering.

IPhone 3.0 Adds Custom Protocol Support For Addons

March 17, 2009 by 26 Comments

iphone301

In middle of all the adding features that should have been available day-one, Apple announced something really interesting for the hardware hacking community. The new iPhone 3.0 OS will support application communication over bluetooth or through the dock connector using standard or custom protocols. From Engadget’s coverage:

10:19AM “They talk over the dock, and wirelessly over Bluetooth. Things like playing and pausing music, getting artwork — or you can build your own custom protocols.”
10:19AM “Now here’s a class that we think will be really interesting — medical devices.” Scott’s showing off a blood pressure reader that interfaces with the iPhone — wild.
10:18AM “Here’s an example — an FM transmitter. With 3.0, the dev can build a custom app that pairs up with it, and automatically finds the right station and tunes it in.”
10:18AM “With 3.0, we’re going to enable accessory developers to build custom apps that talk directly to that hardware.”

No solid connection specification has been published yet. We’re excited about the prospect of developing our own accessory hardware, but we wonder what sort of hoops you’ll have to jump through. Apple doesn’t have the best track record when it comes to approvals. Just this week they denied MSA Remote client App Store entry; it’s a multitouch client that uses the standard TUIO protocol. Prepare for similar roadblocks in the future.

[via adafruit]

Manual Protocol Analysis

January 24, 2009 by 2 Comments

packetfu

As a followup to last week’s post on automated protocol analysis, [Tod Beardsley] has written up how to start analyzing a protocol manually. He walks through several examples to show how to pull out the interesting bits in binary protocols. His first step was sending 10 identical select statements and capturing the outbound packets. He used the Ruby library PacketFu to help with the identification. It compared the ten packets and highlighted one byte that was incrementing by four with each packet, probably a counter. Looking at the response indicated a few other bytes that were also incrementing at the same rate, but at different values. Running the same query on two different days turned up what could be a timestamp. Using two different queries helped identify which byte was responsible for the statement length. While you may not find yourself buried in HEX on a daily basis, the post provides good coverage of how to think critically about it.

Automated Protocol Analysis

January 13, 2009 by 4 Comments

wireshark

[I)ruid] from BreakingPoint Labs has been doing quite a bit of protocol reverse engineering as part of his work. He put together a post covering some of the tools that have been useful for this task. Text-based protocols have a lot of human readable characters that can help you identify fields. Binary protocols don’t have this luxury though. He recommends the Protocol Informatics Project for tackling these situations. It applies bioinformatics algorithms to network traffic. You give it a packet dump of the protocol and it compares them to find similarities the same way genetic sequences are compared. It can be confused by protocols that waste a lot of space, but it’s still a very clever approach to reversing.

[photo: slashcrisis]

This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9

September 27, 2024 by 11 Comments

It looks like there’s finally hope for sane password policies. The US National Institue of Standards and Technology, NIST, has released a draft of SP 800-63-4, the Digital Identity Guideline.

There’s password guidance in there, like “SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords” and “SHALL NOT require users to change passwords periodically.” NIST approved passwords must be at least 8 characters long, with a weaker recommendation of at least 15 characters. Security questions like name of first pet get the axe. And it’s strongly recommended that all ASCII and Unicode characters should be acceptable for passwords.

This is definitely moving in the right direction. NIST guidelines are only binding for government services and contractors, though they do eventually get picked up by banks and other industries. So there’s hope for sane password policies eventually.

Tank Hacking

Researchers at Bitsight are interested in infrastructure security, and they opted to take a closer look at Automatic Tank Gauging (ATG) systems. Those are found at gas stations, as well as any other facility that needs automated monitoring of liquids or gasses in a tank. There is an actual ATG message format, originally designed for RS-232 serial, and woefully unprepared for the interconnected present. The protocol allows for an optional security code, but it maxes out at only six alpha-numeric characters.

Among the vulnerabilities getting announced today, we have a pair of CVSS 10 command injection flaws, a quartet of 9.8 authentication bypass flaws, with one of those being a hardcoded credential — AKA a backdoor. The other CVSS9+ flaw is a SQL injection, with a trio of slightly less serious flaws. Continue reading “This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9”

An Ode To The SAO

September 26, 2024 by 20 Comments

There are a lot of fantastic things about Hackaday Supercon, but for me personally, the highlight is always seeing the dizzying array of electronic bits and bobs that folks bring with them. If you’ve never had the chance to join us in Pasadena, it’s a bit like a hardware show-and-tell, where half the people you meet are eager to pull some homemade gadget out of their bag for an impromptu demonstration. But what’s really cool is that they’ve often made enough of said device that they can hand them out to anyone who’s interested. Put simply, it’s very easy to leave Supercon with a whole lot more stuff than when you came in with.

Most people would look at this as a benefit of attending, which of course it is. But in a way, the experience bummed me out for the first couple of years. Sure, I got to take home a literal sack of incredible hardware created by members of our community, and I’ve cherished each piece. But I never had anything to give them in return, and that didn’t quite sit right with me.

So last year I decided to be a bit more proactive and make my own Simple Add-On (SAO) in time for Supercon 2023. With a stack of these in my bag, I’d have a personalized piece of hardware to hand out that attendees could plug right into their badge and enjoy. From previous years I also knew there was something of an underground SAO market at Supercon, and that I’d find plenty of people who would be happy to swap one for their own add-ons for mine.

To say that designing, building, and distributing my first SAO was a rewarding experience would be something of an understatement. It made such an impression on me that it ended up helping to guide our brainstorming sessions for what would become the 2024 Supercon badge and the ongoing SAO Contest. Put simply, making an SAO and swapping it with other attendees adds an exciting new element to a hacker con, and you should absolutely do it.

So while you’ve still got time to get PCBs ordered, let’s take a look at some of the unique aspects of creating your own Simple Add-On.

Continue reading “An Ode To The SAO”

Cyberpack Puts All The Radios Right On Your Back

September 25, 2024 by 28 Comments

A disclaimer: Not a single cable tie was harmed in the making of this backpack cyberdeck, and considering that we lost count of the number of USB cables [Bag-Builds] used to connect everything in it, that’s a minor miracle.

The onboard hardware is substantial, starting with a Lattepanda Sigma SBC, a small WiFi travel router, a Samsung SSD, a pair of seven-port USB hubs, and a quartet of Anker USB battery banks. The software defined radio (SDR) gear includes a HackRF One, an Airspy Mini, a USRP B205mini, and a Nooelec NESDR with an active antenna. There are also three USB WiFi adapters, an AX210 WiFi/Bluetooth combo adapter, a uBlox GPS receiver, and a GPS-disciplined oscillator, both with QFH antennas. There’s also a CatSniffer multi-protocol IoT dongle and a Flipper Zero for good measure, and probably a bunch of other stuff we missed. Phew!

As for mounting all this stuff, [Bag-Builds] went the distance with a nicely designed internal frame system. Much of it is 3D printed, but the basic frame and a few rails are made from aluminum. The real hack here, though, is getting the proper USB cables for each connection. The cable lengths are just right so that nothing needs to get bundled up and cable-tied. The correct selection of adapters is a thing of beauty, too, with very little interference between the cables despite some pretty tightly packed gear.

What exactly you’d do with this cyberpack, other than stay the hell away from airports, police stations, and government buildings, isn’t exactly clear. But it sure seems like you’ve got plenty of options. And yes, we’re aware that this is a commercial product for which no build files are provided, but if you’re sufficiently inspired, we’re sure you could roll your own.

Continue reading “Cyberpack Puts All The Radios Right On Your Back”