Ask Hackaday: Why Aren’t We Hacking Cellphones?

October 18, 2018 by Elliot Williams 148 Comments

When a project has outgrown using a small microcontroller, almost everyone reaches for a single-board computer — with the Raspberry Pi being the poster child. But doing so leaves you stuck with essentially a headless Linux server: a brain in a jar when what you want is a Swiss Army knife.

It would be a lot more fun if it had a screen attached, and of course the market is filled with options on that front. Then there’s the issue of designing a human interface: touch screens are all the rage these days, so why not buy a screen with a touch interface too? Audio in and out would be great, as would other random peripherals like accelerometers, WiFi, and maybe even a cellular radio when out of WiFi range. Maybe Bluetooth? Oh heck, let’s throw in a video camera and high-powered LED just for fun. Sounds like a Raspberry Pi killer!

And this development platform should be cheap, or better yet, free. Free like any one of the old cell phones that sit piled up in my “hack me” box in the closet, instead of getting put to work in projects. While I cobble together projects out of Pi Zeros and lame TFT LCD screens, the advanced functionality of these phones sits gathering dust. And I’m not alone.

Why is this? Why don’t we see a lot more projects based around the use of old cellphones? They’re abundant, cheap, feature-rich, and powerful. For me, there’s two giant hurdles to overcome: the hardware and the software. I’m going to run down what I see as the problems with using cell phones as hacker tools, but I’d love to be proven wrong. Hence the “Ask Hackaday”: why don’t we see more projects that re-use smartphones?

Continue reading “Ask Hackaday: Why Aren’t We Hacking Cellphones?” →

Hacker Pops Top On NFC Vending Machines

October 16, 2018 by Tom Nardi 23 Comments

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a vending machine that offered users the ability to pay from an application on their phone, he immediately got to wondering if the system could be compromised. After all, how much thought would be put into the security of a machine that basically sells flavored water? The answer, perhaps not surprisingly, is very little.

The write-up [Matteo] has put together is an outstanding case study in hacking Android applications, from pulling the .apk package off the phone to decompiling it into its principal components with programs like apktool and jadx. He even shows how you can reassemble the package and get it suitable for reinstallation on your device after fiddling around with the source code. If you’ve ever wanted a crash course on taking a peek inside of Android programs, this is a great resource.

By snooping around in the source code, [Matteo] was able to discover not only the location of the encrypted database that serves as the “wallet” for the user, but the routine that generates the encryption key. To cut a long story short, the program simply uses the phone’s IMEI as the key to get into the database. With that in hand, he was able to get into the wallet and give himself a nice stack of “coins” for the next time he hit the vending machines. Given his new-found knowledge of how the system works, he even came up with a separate Android app that allows adding credit to the user’s account on a rooted device.

In the video after the break, [Matteo] demonstrates his program by buying a soda and then bumping his credit back up to buy another. He ends his write-up by saying that he has reported his findings to the company that manufacturers the vending machines, but no word on what (if any) changes they plan on making. At the end of the day, you have to wonder what the cost-befit analysis looks like for a full security overhaul when when you’re only selling sodas and bags of chips.

When he isn’t liberating carbonated beverages from their capitalistic prisons, he’s freeing peripherals from their arbitrary OS limitations. We’re starting to get a good idea about what makes this guy tick.

Continue reading “Hacker Pops Top On NFC Vending Machines” →

ESP8266 Powered Tank With Voice Control

September 6, 2018 by Tom Nardi 5 Comments

The high availability of (relatively) low cost modular components has made building hardware easier than ever. Depending on what you want to do, the hardware side of a project might be the hacker equivalent of building with LEGO. In fact, we wouldn’t be surprised if it literally involved building with LEGO. In any event, easy and quick hardware builds leave more time for developing creative software to run the show. The end result is that we’re starting to see very complex systems broken down into easy-to-replicate DIY builds that would have been nearly impossible just a few years ago.

[igorfonseca83] writes in to share with us his modular tank platform that uses the ESP8266 and a handful of software hacks to allow for voice control from the user’s mobile device. Presented as a step-by-step guide on Hackaday.io, this project is perfect for getting started in Internet-controlled robotics. Whether you just want to experiment with Google Assistant integration or use this as a blank slate to bootstrap a remotely controlled rover, this project has a lot to offer.

The chassis itself is a commercially available kit, and [igorfonseca83] uses a L298N dual channel H-bridge module to control its two geared motors. A Wemos D1 serves as the brains of the operation, and three 18650 3.7V batteries provide the juice to keep everything running. There’s plenty of expansion capability to add sensors and other gear, but for this project getting it rolling was the only concern.

Software wise, there are a number of pieces that work together to provide the Google Assistant control demonstrated in the video after the break. It starts by interfacing the ESP8266 board Adafruit.IO, which connects to IFTTT, and then finally Google Assistant. By setting up a few two variable phrases in IFTTT that get triggered by voice commands in Google Assistant, you can push commands back down to the ESP8266 through Adafruit.IO. It’s a somewhat convoluted setup, admittedly, but the fact that involves very little programming makes it an interesting solution for anyone who doesn’t want to get bogged down with all the minutiae of developing your own Internet control stack.

[igorfonseca83] is no stranger to building remotely controlled rovers. Last year we covered another of his creations which was commanded through a web browser and carried an Android phone to stream video of its adventures.

Continue reading “ESP8266 Powered Tank With Voice Control” →

Live Streaming Goes Pro With A Hacked Backpack

September 3, 2018 by Adam Fabio 11 Comments

If you haven’t been paying attention, live streaming has become a big business. Streamers are getting out of their basements and moving around among us. While IRL streams may not be our cup of tea, the technology behind creating a solid high upstream bandwidth wireless internet connection is. Sure you can stream with a phone, the top streamers want something a bit more reliable. Enter [Gunrun], who has designed a backpack just for mobile streaming.

The backpack starts with a Sony AS300 Camera. [Gunrun] likes this particular camera for its exceptional audio capabilities. Network connections are handled with no less than four LTE modems. You never know which carrier will have good service out in the field, so the modems are available from a variety of carriers.

The real problem is bonding connections between LTE modems from various carriers, setting up streaming accounts, and piping captured data from an HDMI capture over those accounts. The average hacker would go at it with an HDMI capture card and a Linux Laptop. Most streamers need a more plug and play solution though, so [Gunrun] uses a LiveU Solo HDMI video encoder for the task.

This isn’t a cheap solution, all those parts together along with a beefy battery, LTE data plans, and of course a backpack to hold it all makes for a package north of $2000. Even at this price, plenty of streamers have been following [Gunrun’s] instructions and building their own setup.

Hackers do a bit of live streaming too – check out how [cnlohr] reverse engineered the Vive, while valve engineers played along in the chat.

Knock-Off AirPods Merged Into Bluetooth Receiver

August 31, 2018 by Tom Nardi 8 Comments

Whether or not you personally like the concept of the AirPod Bluetooth headphones is irrelevant, as an Apple product one thing is certain: all the cool kids want them. That also means that plenty of overseas manufacturers are pumping out janky clones for a fraction of the price for those who are more about the Apple look than the Apple price tag. Are they any good? No, of course not. But that doesn’t mean you can’t do something interesting with them.

[Igor Kromin] took apart a pair of fake AirPods and was predictably underwhelmed. So much so that he didn’t even bother putting the things back together. Instead, he took the two poor Bluetooth audio receivers and combined them into one slightly less poor Bluetooth audio receiver. It probably doesn’t meet the classical definition of a “good” use of time and/or money, but at least he got some entertainment out of a product that was otherwise destined for the trash.

As you might imagine, the left and right “AirPod” each has its own battery, Bluetooth receiver, and speaker. It has to, as they have no physical connection to each other. That also means that each receiver is only playing one channel, making them useless individually. What [Igor] realized was that he could put together a little PCB that combines the two audio channels back into a regular stereo 3.5 mm audio jack.

While he was at it, he also wired the individual buttons on each headphone to a center button on the PCB which would allow him to physically synchronize them. Even still, [Igor] mentions that occasionally they don’t come on at the same time. But what do you expect for something that’s nearly a 20th the price of the original?

The last time we saw a hack related to the Apple AirPod, it was when somebody threw them out the window, so one might presume most hackers prefer their iDevice tethered.

GSM Phone Network At EMF Camp Built On Raspberry Pi And LimeSDR

August 30, 2018 by Jenny List 22 Comments

The Electromagnetic Field 2018 hacker camp in the UK will have its own GSM phone network, and as we have already covered its badge will be a fully-functional GSM phone. This is as far as we are aware a first in the world of badges, and though it may not be a first in hacker camp connectivity it is still no mean achievement at the base station side. To find out more we talked to two of the people behind the network, on the radio side Lime Microsystems‘ [Andrew Back], and on the network side Nexmo‘s developer advocate, [Sam Machin].

There are sixteen base stations spread around the site, of which each one is a Raspberry Pi 3 B+ with a LimeSDR Mini. Development of the system was undertaken prior to the release of the Raspberry Pi Foundation’s PoE board, so they take a separate 24V supply which powers the Pi through a DC-to-DC converter. This arrangement allows for a significant voltage drop should any long cable runs be required.

On the software side the base stations all run the Osmocom (Open Source Mobile Communications) cellular base station infrastructure package. It was a fine decision between the all-in-one Osmocom NITB package and the fully modular Osmocom, going for the former for its reliability. It was commented that this would not necessarily be the case at a future event but that it made sense in the present. It appears on the network as a SIP phone system, meaning that it can easily integrate with the existing DECT network. Let’s take a look at how the network operates from the user side, and the licencing loophole that makes everything possible.

Continue reading “GSM Phone Network At EMF Camp Built On Raspberry Pi And LimeSDR” →

2018 Electromagnetic Field Badge: It’s An Entire Phone!

August 26, 2018 by Jenny List 16 Comments

As is always the case with a significant hacker camp, we’ve been awaiting the official badge announcement for the upcoming Electromagnetic Field 2018 hacker camp with huge interest. These badges, for readers who may have been on Mars for the past few years, are part of a lively scene of wearable electronics at hacker conferences and camps, and can usually be expected to sport a fully-fledged computer in their own right along with other special functionality.

The announcement of the 2018 badge, dubbed the TiLDA Mk4, does not disappoint. We’d been told that there would be an on-site GSM network for which the welcome packs would contain a SIM, and the well-prepared among us had accordingly dusted off our old Nokia handsets alongside our DECT phones. What we hadn’t expected was that the SIM would be for the badge, because the Mk4 is a fully-fledged hackable mobile phone in its own right. The network will be fully functional for calls and texts within the camp, though since it does not explicitly say so we expect that external calls may be an impossibility. Afterwards though it will remain a usable device on any GSM network, giving it a lease of post-camp life that may see more of them staying in use rather than joining the hacker’s dusty collection in a drawer.

Beyond the party-piece phone it appears to follow the lead of its 2016 predecessor, with the same Python environment atop a TI chipset including an MSP432E4 ARM Cortex M4F microcontroller running at 120MHz with 256kB of internal and 8MB of external RAM, a CC3210 WiFi processor, and the usual battery of sensors, LEDs and GPIOs. Importantly, it also has a Shitty Add-on connector. The 2016 badge was remarkably easy to develop for, and we expect that there will soon be an impressive array of apps for this badge too. If any reader would like to put together a Hackaday feed reader app, we can’t offer you fortune but fame such as we can bestow awaits.

We’ll bring you more information as we have it about the TiLDA Mk4, as well as a hands-on report when one lands in front of us. Meanwhile you’d like to see a retrospective of past EMF badges as a demonstration of where this one has come from, have a read of our coverage of the 2016 and 2014 badges.