Using HID Tricks To Drop Malicious Files

January 27, 2015 by Rick Osgood 38 Comments

[Nikhil] has been experimenting with human interface devices (HID) in relation to security. We’ve seen in the past how HID can be exploited using inexpensive equipment. [Nikhil] has built his own simple device to drop malicious files onto target computers using HID technology.

The system runs on a Teensy 3.0. The Teensy is like a very small version of Arduino that has built-in functionality for emulating human interface devices, such as keyboards. This means that you can trick a computer into believing the Teensy is a keyboard. The computer will treat it as such, and the Teensy can enter keystrokes into the computer as though it were a human typing them. You can see how this might be a security problem.

[Nikhil’s] device uses a very simple trick to install files on a target machine. It simply opens up Powershell and runs a one-liner command. Generally, this commend will create a file based on input received from a web site controlled by the attacker. The script might download a trojan virus, or it might create a shortcut on the user’s desktop which will run a malicious script. The device can also create hot keys that will run a specific script every time the user presses that key.

Protecting from this type off attack can be difficult. Your primary option would be to strictly control USB devices, but this can be difficult to manage, especially in large organizations. Web filtering would also help in this specific case, since the attack relies on downloading files from the web. Your best bet might be to train users to not plug in any old USB device they find lying around. Regardless of the methodology, it’s important to know that this stuff is out there in the wild.

A Remote For CHDK Cameras Made Possible With Arduino

January 26, 2015 by Rick Osgood 9 Comments

[AlxDroidDev] built himself a nice remote control box for CHDK-enabled cameras. If you haven’t heard of CHDK, it’s a pretty cool software modification for some Canon cameras. CHDK adds many new features to inexpensive cameras. In this case, [AlxDroidDev] is using a feature that allows the camera shutter to be activated via USB. CHDK can be run from the SD card, so no permanent modifications need to be made to the camera.

[AlxDroidDev’s] device runs off of an ATMega328p with Arduino. It operates from a 9V battery. The circuit contains an infrared receiver and also a Bluetooth module. This allows [AlxDroidDev] to control his camera using either method. The device interfaces to the camera using a standard USB connector and cable. It contains three LEDs, red, green, and blue. Each one indicates the status of a different function.

The Arduino uses Ken Shirrif’s IR Remote library to handle the infrared remote control functions. SoftwareSerial is used to connect to the Bluetooth module. The Arduino code has built-in functionality for both Canon and Nikon infrared remote controls. To control the camera via Bluetooth, [AlxDroidDev] built a custom Android application. The app can not only control the camera’s shutter, but it can also control the level of zoom.

Trinket Uses RF To Track You Through The House

January 24, 2015 by Adam Fabio 52 Comments

If you carry a cell phone with GPS, you always know where you are on the planet. But what about inside buildings or even your own home? Knowing if you’re in the kitchen or the living room would be a great feature for home automation systems. Lights could come on as you enter the room and your music could follow you on the home audio system. This is exactly the what [Eric] is working on with his Radiolocation using a Pocket Size Transceiver project. [Eric] started this project as an entry in the Trinket Everyday Carry Contest. He didn’t make the top 3, but was one of the fierce competitors who made the competition very hard to judge!

The heart of the project is determining Time Of Flight (TOF) for a radio signal. Since radio waves move at the speed of light, this is no small feat for an Arduino based design! [Eric] isn’t re-inventing the wheel though – he’s basing his design on several research papers, which he’s linked to his project description. Time of flight calculations get easier to handle when calculating round trip times rather than one way. To handle this, one or more base stations send out pings, which are received and returned by small transponders worn by a user. By averaging over many round trip transmissions, a distance estimation can be calculated.

[Eric] used a Pro Trinket as his mobile transponder, while an Arduino Micro with it’s 16 bit counter acted as the base station. For RF, he used the popular Nordic nRF24L01+ 2.4 GHz transceiver modules. Even with this simple hardware, he’s achieved great results. So far he can display distance between base and transponder on a graph. Not bad for a DIY transponder so small if fits in a 2xAAA battery case! [Eric’s] next task is working through multipath issues, and testing out multiple base stations.

Click past the break to see [Eric’s] project in action!

Continue reading “Trinket Uses RF To Track You Through The House” →

Arduino + Servo + Scotch Tape == An Interesting Conversation

January 24, 2015 by Will Sweatman 41 Comments

If one could temporarily remove their sense of humor and cast a serious look into a Rube Goldberg machine, they would not say to themselves “well that looks simple.” Indeed, it would almost always be the case that one would find themselves asking “why all the complexity for such a simple task?”

Too often in hacking are we guilty of making things more complicated than they really need to be. Maybe it’s because we can see many different paths to a single destination. Maybe it’s because we want to explore a specific path, even though we know it might be a little harder to tread. Maybe it’s just because we can.

But imagine approaching a hack as simply a means to an end. Imagine if you did not have all of that knowledge in your head. All of those tools at your disposal. How would this change your approach? When [yavin427] decided to automate the leveling up process in his favorite video game, odds are he had never taken a game controller apart. Had never touched an oscilloscope. Indeed, he might have no knowledge of what a transistor or microcontroller even is. While many of our readers would have taken the more difficult path and tapped directly into the TTL of the controller to achieve maximum efficiency; it is most likely that [yavin427] would not have known how to do this, and thus would not have seen the many other paths to his end goal that would have been obvious to us. Yet he achieved his end goal. And he did it far easier and with less complication than many of us would have done.

Thoughts?

Continue reading “Arduino + Servo + Scotch Tape == An Interesting Conversation” →

Get Better At Mortal Kombat By Hacking Your PS3 Controller

January 24, 2015 by Rick Osgood 12 Comments

Fighting games like Mortal Kombat provide you with a variety of different available moves. These include kicks, punches, grabs, etc. They also normally include various combination moves you can perform. These combo moves require you to press the proper buttons in the correct order and also require you to time the presses correctly. [Egzola] realized that he could just hack his controller to simulate the button presses for him. This bypasses the learning curve and allows him to perform more complicated combinations with just the press of a single button.

[Egzola] started by taking apart his Playstation 3 controller. There were two PCB’s inside connected by a ribbon cable. Luckily, each individual pad for this cable was labeled with the corresponding controller button. This made it extremely simple to hack the controller. [Egzola] soldered his own wires to each of these pads. Each wire is a different color. The wires then go to two different connectors to make them easier to hook up to a bread board.

Each wire is then broken out on the breadboard. The signal from each button is run through a 4n25 optoisolator. From there the signal makes its way back to various Arduino pins. The 4n25 chips keeps the controller circuit isolated from the Arduino’s electrical circuit. The Arduino also has two push buttons connected to it. These buttons are mounted to the PS3 controller.

Now when [Egzola] presses one of the buttons, the Arduino senses the button press and simulates pressing the various controller buttons in a pre-programmed order. The result is a devastating combination move that would normally require practice and repetition to remember. You might say that [Egzola] could have spent his time just learning the moves, but that wasn’t really the point was it? Check out the video below for a demonstration. Continue reading “Get Better At Mortal Kombat By Hacking Your PS3 Controller” →

Arduino Tetris On A Multiplexed LED Matrix

January 21, 2015 by Rick Osgood 19 Comments

[Alex] needed a project for his microcomputer circuits class. He wanted something that would challenge him on both the electronics side of things, as well as the programming side. He ended up designing an 8 by 16 grid of LED’s that was turned into a game of Tetris.

He arranged all 128 LED’s into the grid on a piece of perfboard. All of the anodes were bent over and connected together into rows of 8 LED’s. The cathodes were bent perpendicularly and forms columns of 16 LED’s. This way, if power is applied to one row and a single column is grounded, one LED will light up at the intersection. This method only works reliably to light up a single LED at a time. With that in mind, [Alex] needed to have a very high “refresh rate” for his display. He only ever lights up one LED at a time, but he scans through the 128 LED’s so fast that persistence of vision prevents you from noticing. To the human eye, it looks like multiple LED’s are lit up simultaneously.

[Alex] planned to use an Arduino to control this display, but it doesn’t have enough outputs on its own to control all of those lights. He ended up using multiple 74138 decoder/multiplexer IC’s to control the LED’s. Since the columns have inverted outputs, he couldn’t just hook them straight up to the LED’s. Instead he had to run the signals through a set of PNP transistors to flip the logic. This setup allowed [Alex] to control all 128 LED’s with just seven bits, but it was too slow for him.

His solution was to control the multiplexers with counter IC’s. The Arduino can just increment the counter up to the appropriate LED. The Arduino then controls the state of the LED using the active high enable line from the column multiplexer chip.

[Alex] wanted more than just a static image to show off on his new display, so he programmed in a version of Tetris. The controller is just a piece of perfboard with four push buttons. He had to work out all of the programming to ensure the game ran smoothly while properly updating the screen and simultaneously reading the controller for new input. All of this ran on the Arduino.

Can’t get enough Tetris hacks? Try these on for size.

Closed Loop Control For 3D Printers

January 20, 2015 by Brian Benchoff 129 Comments

One of the bigger problems with any CNC machine or 3D printer is the issue of missed steps when moving the toolhead. If a stepper motor misses a step, the entire layer of the print – and every layer thereafter – will be off by just a tiny bit. Miss a few more steps, and that print will eventually make its way into the garbage. [Misan] has the solution to this: closed loop control of DC motors for a 3D printer.

Most printer firmwares use an open loop control system for moving their motors around. Step a few times in one direction, and you know where the nozzle of a 3D printer will be. Missed steps confound the problem, and there’s no way for the firmware to know if the nozzle is where it should be at any one time.

[Misan]’s solution to this was a DC motor coupled to an optical encoder. Both the motor and the encoder are connected to an Arduino Pro Mini which receives step and direction commands from the printer controller. The controller takes care of telling the motor where to go, the Arduino takes care of making sure it gets there.

The entire build is heavily derived from ServoStrap, but [Misan] has a very cool demo of his hardware: during a print, he can force the X and Y axes to either side, and the Arduino in each motor will move the print head back to where it needs to be. You can check that out below.

Continue reading “Closed Loop Control For 3D Printers” →