cons

1388 Articles

35C3: Finding Bugs In Bluetooth

December 30, 2018 by 24 Comments

[Jiska Classen] and [Dennis Mantz] created a tool called Internal Blue that aims to be a Swiss-army knife for playing around with Bluetooth at a lower level. The ground for their tool is based in three functions that are common to all Broadcom Bluetooth chipsets: one that lets you read arbitrary memory, on that lets you run it, and one that lets you write it. Well, that was easy. The rest of their work was analyzing this code, and learning how to replace the firmware with their own version. That took them a few months of hard reversing work.

In the end, Internal Blue lets them execute commands at one layer deeper — the LMP layer — easily allowing monitoring and injection. In a series of live (and successful!) demos they probe around on a Nexus 6P from a modified Nexus 5 on their desk. This is where they started digging around in the Bluetooth stack of other devices with Broadcom chipsets, and that’s where they started finding bugs.

As is often the case, [Jiska] was just poking around and found an external code handler that didn’t do bounds checking. And that meant that she could run other functions in the firmware simply by passing the address handler offset. Since they’re essentially calling functions at any location in memory, finding which functions to call with which arguments is a process of trial and error, but the ramifications of this include at least a Bluetooth module crash and reset, but can also pull such tricks as putting the Bluetooth module into “Device Under Test” mode, which should only be accessible from the device itself. All of this is before pairing with the device — just walking by is sufficient to invoke functions through the buggy handler.

All the details of this exploit aren’t yet available, because Broadcom hasn’t fixed the firmware for probably millions of devices in the wild. And one of the reasons that they haven’t fixed it is that patching the bug will disclose where the flaw lies in all of the unpatched phones, and not all vendors can be counted on to push out updates at the same time. While they focused on the Nexus 5 cellphone, which is fairly old now, it’s applicable to any device with a similar Broadcom Bluetooth chipset.

Aside from the zero-day bug here, the big story is their Bluetooth analysis framework which will surely help other researchers learn more about Bluetooth, finding more glitches and hopefully helping make Bluetooth more openly scrutinized and more secure. Now anyone with a Raspberry Pi 3/3+ or a Nexus 5, is able to turn it into a low-level Bluetooth investigation tool.

You might know [Jiska] from her previous FitBit hack. If not, be sure to check it out.

Continue reading “35C3: Finding Bugs In Bluetooth”

How A Microcontroller Hiding In A USB Port Became An FPGA Hiding In The Same

December 25, 2018 by 21 Comments

When you think of microcontroller development, you probably picture either a breadboard with a chip or a USB-connected circuit board. But Tim Ansell pictured an ARM dev board that is almost completely hidden inside of a USB port. His talk at the 2018 Hackaday Superconference tells that story and then some. Check out the newly published video, along with more details of the talk, after the break.

Continue reading “How A Microcontroller Hiding In A USB Port Became An FPGA Hiding In The Same”

Oh The Lessons You’ll Learn By Building A Robot Familiar

December 24, 2018 by 20 Comments

A familiar spirit, or just a familiar, is a creature rumored to help people in the practice of magic. The moniker is perfect for Archimedes, the robot owl built by Alex Glow, which wields the Amazon Google AIY kit to react when it detects faces. A series of very interesting design choices a what really gives the creature life. Not all of those choices were on purpose, which is the core of her talk at the 2018 Hackaday Superconference.

You can watch the video of her talk, along with an interview with Alex after the break.

Continue reading “Oh The Lessons You’ll Learn By Building A Robot Familiar”

Radio Gets Ridiculous

December 21, 2018 by 16 Comments

There were plenty of great talks at this year’s Supercon, but we really liked the title of Dominic Spill’s talk: Ridiculous Radios. Let’s face it, it is one thing to make a radio or a computer or a drone the way you are supposed to. It is another thing altogether to make one out of things you shouldn’t be using. That’s [Dominic’s] approach. In a quick 30 minutes, he shows you two receivers and two transmitters. What makes them ridiculous? Consider one of the receivers. It is a software defined radio (SDR). How many bits should an SDR have? How about one bit? Ridiculous? Then you are getting the idea.

Dominic is pretty adept at taking a normal microcontroller and bending it to do strange RF things and the results are really entertaining. The breadboard SDR, for example, is a microcontroller with three components: an antenna, a diode, and a resistor. That’s it. If you missed the talk at Supercon, you can see the newly published video below, along with more highlights from Dominic’s talk.

Continue reading “Radio Gets Ridiculous”

Kitty Yeung On Tech-Fashion Designs And The Wearables Industry

December 20, 2018 by 9 Comments

If there is a field which has promise verging on a true breakout, it is that of wearable electronics. We regularly see 3D printing, retrocomputing, robotics, lasers, and electric vehicle projects whose advances are immediately obvious. These are all exciting fields in which the Hackaday community continually push the boundaries, and from which come the astounding pieces of work you read on these pages daily. Of course the projects that merge textiles and electronics are pushing boundaries in the same way, except for that it’s often not obvious at first glance. Why is that?

Wearables are a field in which hard work and ingenuity abound, but pulling off the projects that stand out and go beyond mere ordinary garments adorned with a few twinkly LEDs or EL wire is hard. Wearables have a sense of either still seeking its killer application or its technological enabler, and it was this topic that physicist, textilist, and artist Kitty Yeung touched upon in her talk at the recent Hackaday Superconference.

Continue reading “Kitty Yeung On Tech-Fashion Designs And The Wearables Industry”

Seeing Like Bees With Ultraviolet Photography

December 19, 2018 by 14 Comments

When it comes to seeing in strange spectrums, David Prutchi is the guy you want to talk to. He’s taken pictures of rocks under long, medium and short UV light, he’s added thermal imaging to consumer cameras, and he’s made cameras see polarization. There’s a lot more to the world than what the rods and cones on your retina can see, and David is one of the best at revealing it. For this year’s talk at the Hackaday Superconference, David is talking about DIY Ultraviolet Photography. It’s how bees see, and it’s the bees knees.

Continue reading “Seeing Like Bees With Ultraviolet Photography”

Scott Swaaley On High Voltage

December 14, 2018 by 29 Comments

If you were to invent a time machine and transport a typical hardware hacker of the 1970s into 2018 and sit them at a bench alongside their modern counterpart, you’d expect them to be faced with a pile of new things, novel experiences, and exciting possibilities. The Internet for all, desktop computing fulfilling its potential, cheap single-board computers, even ubiquitous surface-mount components.

What you might not expect though is that the 2018 hacker might discover a whole field of equivalent unfamiliarity while being very relevant from their grizzled guest. It’s something Scott Swaaley touches upon in his Superconference talk:  “Lessons Learned in Designing High Power Line Voltage Circuits” in which he describes his quest for an electronic motor brake, and how his experiences had left him with a gap in his knowledge when it came to working with AC mains voltage.

When Did You Last Handle AC Line voltages?

If you think about it, the AC supply has become something we rarely encounter for several reasons. Our 1970s hacker would have been used to wiring in mains transformers, to repairing tube-driven equipment or CRT televisions with live chassis’,  and to working with lighting that was almost exclusively provided by mains-driven incandescent bulbs. A common project of the day would have been a lighting dimmer with a triac, by contrast we work in a world of microcontroller-PWM-driven LEDs and off-the-shelf switch-mode power supplies in which we have no need to see the high voltages. It may be no bad thing that we are rarely exposed to high-voltage risk, but along the way we may have lost a part of our collective skillset.

Scott’s path to gaining his mains voltage experience started in a school workshop, with a bandsaw. Inertia in the saw kept the blade moving after the power had been withdrawn, and while that might be something many of us are used to it was inappropriate in that setting as kids are better remaining attached to their fingers. He looked at brakes and electrical loads as the solution to stopping the motor, but finally settled on something far simpler. An induction motor can be stopped very quickly indeed by applying a DC voltage to it, and his quest to achieve this led along the path of working with the AC supply. Eventually he had a working prototype, which he further developed to become the MakeSafe power tool brake.

Get Your AC Switching Right First Time

The full talk is embedded below the break, and gives a very good introduction to the topic of switching AC power. If you’ve never encountered a thryristor, a triac, or even a diac, these once-ubiquitous components make an entrance. We learn about relays and contactors, and how back EMF can destroy them, and about the different strategies to protect them. Our 1970s hacker would recognise some of these, but even here there are components that have reached the market since their time that they would probably give anything to have. We see the genesis of the MakeSafe brake as a panel with a bunch of relays and an electronic fan controller with a rectifier to produce the DC, and we hear about adequate safety precautions. This is music to our ears, as it’s a subject we’ve touched on before both in terms of handling mains on your bench and inside live equipment.

So if you’ve never dealt with AC line voltages, give this talk a look. The days of wiring up transformers to power projects might be largely behind us, but the skills and principles contained within it are still valid.

Continue reading “Scott Swaaley On High Voltage”