An Android Phone Makes A Better Server Than You’d Think

March 22, 2017 by Jenny List 52 Comments

There was a time a few years ago when the first Android phones made it to market, that they seemed full of promise as general purpose computers. Android is sort of Linux, right, or so the story went, so of course you must be able to run Linux on an Android phone and do all sorts of cool stuff with it.

As anyone who tried to root an Android phone from 2010 will tell you, it was a painful and unrewarding process. There was normally a convoluted rooting process followed by somehow squeezing your own Linux filesystem tree onto the device, then chroot-ing into it. You’d then have to set up a VNC server and VNC into it, and eventually you’d feel immensely proud of your very slow tiny-screen Linux desktop that you’d slaved over creating. It was one of those things that’s simple in theory, but extremely convoluted in practice.

But six years have passed since those days, phones have gotten much faster and so has the software for tasks such as rooting, so maybe it’s time to return to the topic of Linux on an Android device. [Pete Scargill] gave it a try when a friend gave him a Chinese quad-core Android phone with a broken screen. He proceeded to put a Debian installation on it, upon which he runs his collection of server processes.

Rooting the phone was straightforward process using the KingRoot app, a sideloaded version as it seems there’s a bogus copy on the Play Store. Then bringing a Linux system to it could be achieved with the LinuxDeploy app. The result is surprisingly useful, after some installation steps upon which he goes into detail.

You might ask what would be the point of this exercise, given that you can do the same thing much more easily with a single board computer such as a Raspberry Pi. But to buy a Pi, SD card, screen, and UPS, as he points out you’d have to spend a lot more than you would for a second-hand phone from eBay — or a free, slightly broken, one from friends or family.

If getting more from your Android phone is your thing, perhaps you’d like to know about installing Busybox on it. We’ve also advocated for using old Android phones for ARM dev.

Fix-a-Brick: Fighting The Nexus 5X Bootloop

March 21, 2017 by Lewin Day 124 Comments

Oh Nexus 5X, how could you? I found my beloved device was holding my files hostage having succumbed to the dreaded bootloop. But hey, we’re hackers, right? I’ve got this.

It was a long, quiet Friday afternoon when I noticed my Nexus 5X was asking to install yet another update. Usually I leave these things for a few days before eventually giving in, but at some point I must have accidentally clicked to accept the update. Later that day I found my phone mid-way through the update and figured I’d just wait it out. No dice — an hour later, my phone was off. Powering up led to it repeatedly falling back to the “Google” screen; the dreaded bootloop.

Stages of Grief

I kept my phone on me for the rest of the night’s jubilant activities, playing with it from time to time, but alas, nothing would make it budge. The problem was, my Nexus still had a full day’s video shoot locked away on its internal flash that I needed rather badly. I had to fix the phone, at least long enough to recover my files. This is the story of my attempt to debrick my Nexus 5X.

Continue reading “Fix-a-Brick: Fighting The Nexus 5X Bootloop” →

Making A Mega LED Desk

March 2, 2017 by James Hobson 37 Comments

Few things beat a sturdy, home-built desk — especially when it’s jam-packed with over 1200 WS2812 LEDs.

[nolobot] and his bother struggled with setting up and squaring-off the t-slotted, extruded aluminium frame which makes up the desk. He recommends practicing with a smaller frame for anyone else attempting a similar build. The surface of the desk has a few inches between the polycarbonate top and the 1/4″ plywood painted black serving as the substrate for the LEDs. Those LEDs come in strip form but still required several hundred solders, and wiring headaches in an attempt to make future upgrades manageable. Dozens of support bolts with adjustable feet support the desk surface throughout. These all had to be individually adjusted and can be made out if you look closely at the demo videos.

An Arduino Mega controls the LEDs with the help of the FastLED library. Custom code was necessary because one of the major issues [nolobot] faced was the power draw. 1200 LEDs at 5V draw quite a bit of current, so the LEDs were coded to peak at about 50% brightness. The matrix was split into different banks, while also limiting the 40A PSU to only 15A.

Continue reading “Making A Mega LED Desk” →

The Enchanting Power Of SDDSbot

March 1, 2017 by James Hobson 10 Comments

Who doesn’t love a good robot? If you don’t — how dare you! — then this charming little scamp might just bring the hint of a smile to your face.

SDDSbot — built out of an old Sony Dynamic Digital Sound system’s reel cover — can’t do much other than turn left, right, or walk forwards on four D/C motor-controlled legs, but it does so using the power of a Pixy camera and an Arduino. The Pixy reads colour combinations that denote stop and go commands from sheets of paper, attempting to keep it in the center of its field of view as it toddles along. Once the robot gets close enough to the ‘go’ colour code, the paper’s orientation directs the robot to steer itself left or right — the goal being the capacity to navigate a maze. While not quite there yet, it’s certainly a handful as it is.

Continue reading “The Enchanting Power Of SDDSbot” →

Homemade Subaru Head Unit Is Hidden Masterpiece

February 20, 2017 by Anool Mahidharia 30 Comments

The Subaru BRZ (also produced for Toyota as the GT86) is a snappy sportster but [megahercas6]’s old US version had many navigation and entertainment system features which weren’t useful or wouldn’t work in his native Lithuania. He could have swapped out the built in screen for a large 4G Android tablet/phone, but there’s limited adventure in that. Instead, he went ahead and built his own homemade Navigation system by designing and integrating a whole bunch of hardware modules resulting in one “hack” of an upgrade.

The system is built around a Lenovo 4G phone-tablet running android and supporting GPS, GLONASS as well as the Chinese BeiDou satellite navigation systems. He removed the original daughter board handling the USB OTG connection on the tablet, and replaced it with his version so he could connect it to his external USB board via a flat ribbon cable. The USB board contains a Cypress 4-port USB hub. One port is used as the USB HID device to allow external buttons for system control — Power, Volume Up/Down, Fwd/Rev, Play/Pause, and Phone Answer/Hangup. The second port is used as a regular USB input to allow connecting external devices such as flash drives. The third one goes to a reversing camera while the fourth port goes to a USB DAC.

The USB DAC is another hardware board by itself and also includes a Bluetooth module which integrates his phone’s audio and control functions with the on-board system. There’s also an audio mixer which allows him to use the phone audio without having to miss out on the navigation prompts from the tablet. Both boards also contain several peripheral circuits such as amplifiers and DC power supplies. Audio to the speakers is routed through six LM3886 based power amplifier boards. And the GPS module receives its own special low-noise amplifier board to ensure extremely strong reception at all times. That’s a total of ten boards custom built for this project. He’s also managed to source all the original harness connectors so his system is literally a snap in replacement. The final assembly looks pretty dashing.

For some strange reason, the Lenovo tablet uses 4.35V as the ‘fully charged” value for its LiPo instead of the more common 4.20V, so even with the whole system connected to a hefty 12V lead acid battery from which he’s deriving the 4.20V charging voltage for the tablet, it still complains about “low battery” — and he’s looking for advice on how he can resolve that issue short of blowing up the LiPo by using the higher charge voltage. Besides that, he’s (obviously a kickass) hardware designer and a little bit rusty on the software and programming side of things, for which he’s looking for inputs from the community. His introductory video is almost 30 minutes long, but the shorter demo video after the break shows the system after installation in his car. He’s posted all of his Altium hardware source files on the project page, but until he shares PDF versions, it would be difficult for most of us to look at his work.

Continue reading “Homemade Subaru Head Unit Is Hidden Masterpiece” →

Super Mario Run(s) — Away With Your Money

January 11, 2017 by Pedro Umbelino 37 Comments

If you are an Android user and a big fan of Super Mario beware: there is no Android version! There has been no official news on the Android version yet, let alone a version of the game. There is, however, a version circulating outside of Google Play market that will steal your bank account.

Right now attackers are taking advantage of the game’s popularity and Android users despair to spread malware posing as an Android version of Super Mario Run as they did in the past for Pokemon GO. The trojan is called Android Marcher and has been around since 2013, mostly targeting mobile users financial information. After installation, the application attempts to trick users with fake finance apps and a credit card page in an effort to capture banking details. The malware also locks out Google Play until the user supplies their credit card information.

In this new variant of Marcher, it can monitor the device and steal login data of regular apps, not just banking and payment apps, and send the stolen data back to command and control (C&C) servers. Facebook, WhatsApp, Skype, Gmail, the Google Play store are all vulnerable. Criminals can exploit these stolen accounts to carry out additional fraud.

Zscaler researchers advice is:

To avoid becoming a victim of such malware, it is a good practice to download apps only from trusted app stores such as Google Play. This practice can be enforced by unchecking the “Unknown Sources” option under the “Security” settings of your device.

We may add to turn on “App Verification”. Verify Apps regularly checks activity on your device and prevents or warns you about potential harm. Verify Apps is on by default, as is Unknown Sources turned off. Verify Apps also checks apps when you install them from sources other than Google Play. Of course, there is a privacy trade-off. Some information has to be sent about the apps you install back to Google.

The main advice is: use common sense. It’s common practice for companies to release official apps versions through Google Play and highly unlikely to do it via any other way.

FANCY BEAR Targets Ukrainian Howitzers

December 22, 2016 by Elliot Williams 74 Comments

Just in case you’re one of the people out there who still doesn’t believe in “the cyber” — it appears that the Russian military served malicious cell-phone apps to the Ukrainian army that allowed them to track a particular artillery cannon.

The legitimate version of the Android app helped its operator use the 1960’s-era former Soviet howitzer. The trojanized version of this application did just the same, except it also phoned home to Russian military intelligence with its location. In addition to giving the Russian army valuable information about troop movements in general, it also led to the destruction of 80% of the cannons in question over two years.

The cited article goes into depth about how certain it is that a hacking group, referred to as FANCY BEAR, are nearly certainly responsible for the attack. The exploit has fingerprints that are not widely known outside of the security research community, and the use of the exploit against the Ukrainian army pretty much ties FANCY BEAR to the Russian military.

This is also the same exploit that was used against the Democratic National Committee in the United States. Attribution is one of the hardest parts of white-hat hacking — attackers don’t want to be found and will leave misleading clues when they can — but the use of the same proprietary malware in these two attacks is pretty convincing evidence that Russian military intelligence has also hacked into US political parties and NGOs.

(Banner image by Vitaly Kuzmin, CC-BY-SA 3.0.)