Hack My House: Raspberry Pi As A Touchscreen Thermostat

February 27, 2019 by Jonathan Bennett 51 Comments

Your thermostat is some of the oldest and simplest automation in your home. For years these were one-temperature setting and nothing more. Programmable thermostats brought more control; they’re alarm clocks attached to your furnace. Then Nest came along and added beautiful design and “learning features” that felt like magic compared to the old systems. But we can have a lot more fun. I’m taking my favorite single-board computer, the Raspberry Pi, and naming it keeper of heat (and cool) by building my own touchscreen thermostat.

Mercury thermostats started it all, and were ingenious in their simplicity — a glass capsule containing mercury, attached to a wound bi-metal strip. As the temperature changes, the contraption tilts and the mercury bead moves, making or breaking contact with the wiring. More sophisticated thermostats have replaced the mercury bead with electronics, but the signaling method remains the same, just a simple contact switch.

This makes the thermostat the prime target for an aspiring home automation hacker. I’ve had this particular project in mind for quite some time, and was excited to dive into it with simple raw materials: my Raspberry Pi, a touchscreen, and a mechanical relay board.

Continue reading “Hack My House: Raspberry Pi As A Touchscreen Thermostat” →

A Modern Solution To Tea Bag Inventory Management

February 20, 2019 by Lewin Day 13 Comments

Britain is famously known as a land of manners and hospitality. Few situations could make an Englishman’s stiff upper lip quiver, short of running out of tea bags while entertaining house guests. Thankfully, [The Gentleman Maker] is here and living up to his name – with a helpful tea monitor to ensure you’re never caught out again.

The Intelli-T, as it has been dubbed, monitors tea inventory by weight. An Arduino Uno combined with a HX711 IC monitors a load cell mounted under a canister, with a reed switch on the lid. Upon the canister being open and closed, the Arduino takes a measurement, determining whether tea stocks have dipped below critical levels. If the situation is dire, a Raspberry Pi connected over the serial port will sound an urgent warning to the occupants of the home. If there is adequate tea, the Raspberry Pi will instead provide a helpful tea fact to further educate the users about the hallowed beverage.

It’s a fun project, and one that has scope for further features, given the power of the Raspberry Pi. A little more work could arrange automatic ordering of more tea online, or send alerts through a service like IFTTT. We’ve seen [The Gentleman Maker]’s uniquely British hacks before, such as the umbrella that tells you the weather. Video after the break.

Continue reading “A Modern Solution To Tea Bag Inventory Management” →

Hack My House: Garage Door Cryptography Meets Raspberry Pi

February 13, 2019 by Jonathan Bennett 57 Comments

Today’s story is one of victory and defeat, of mystery and adventure… It’s time to automate the garage door. Connecting the garage door to the internet was a must on my list of smart home features. Our opener has internet connection capabilities built-in. As you might guess, I’m very skeptical of connecting a device to the internet when I have no control over the software running on it.

The garage door is controlled by a button hung on the garage wall. There is only a pair of wires, so a simple relay should be all that is needed to simulate the button press from a Raspberry Pi. I wired a relay module to a GPIO on the Pi mounted in the garage ceiling, and wrote a quick and dirty test program in Python. Sure enough, the little relay was clicking happily– but the garage door wasn’t budging. Time to troubleshoot. Does the push button still work? *raises the garage door* yep. How about the relay now? *click…click* nope.

You may have figured out by now, but this garage door opener isn’t just a simple momentary contact push button. Yes, that’s a microcontroller, in a garage door button. This sort of scenario calls for forensic equipment more capable than a simple multimeter, and so I turned to Amazon for a USB oscilloscope that could do some limited signal analysis. A device with Linux support was a must, and Pico Technology fit the bill nicely.

Searching for a Secret We Don’t Actually Need

My 2 channel Picotech oscilloscope, the 2204A, finally arrived, and it was time to see what sort of alien technology was in this garage door opener. There are two leads to the button, a ground and a five volt line. When the button is pressed, the microcontroller sends data back over that line by pulling the 5 V line to ground. If this isn’t an implementation of Dallas 1-wire, it’s a very similar concept.

Continue reading “Hack My House: Garage Door Cryptography Meets Raspberry Pi” →

Don’t Toss That Bulb, It Knows Your Password

January 29, 2019 by Tom Nardi 70 Comments

Whether it was here on Hackaday or elsewhere on the Internet, you’ve surely heard more than a few cautionary tales about the “Internet of Things” by now. As it turns out, giving every gadget you own access to your personal information and Internet connection can lead to unintended consequences. Who knew, right? But if you need yet another example of why trusting your home appliances with your secrets is potentially a bad idea, [Limited Results] is here to make sure you spend the next few hours doubting your recent tech purchases.

In a series of posts on the [Limited Results] blog, low-cost “smart” bulbs are cracked open and investigated to see what kind of knowledge they’ve managed to collect about their owners. Not only was it discovered that bulbs manufactured by Xiaomi, LIFX, and Tuya stored the WiFi SSID and encryption key in plain-text, but that recovering said information from the bulbs was actually quite simple. So next time one of those cheapo smart bulb starts flickering, you might want to take a hammer to it before tossing it in the trash can; you never know where it, and the knowledge it has of your network, might end up.

Regardless of the manufacturer of the bulb, the process to get one of these devices on your network is more or less the same. An application on your smartphone connects to the bulb and provides it with the network SSID and encryption key. The bulb then disconnects from the phone and reconnects to your home network with the new information. It’s a process that at this point we’re all probably familiar with, and there’s nothing inherently wrong with it.

The trouble comes when the bulb needs to store the connection information it was provided. Rather than obfuscating it in some way, the SSID and encryption key are simply stored in plain-text on the bulb’s WiFi module. Recovering that information is just a process of finding the correct traces on the bulb’s PCB (often there are test points which make this very easy), and dumping the chip’s contents to the computer for analysis.

It’s not uncommon for smart bulbs like these to use the ESP8266 or ESP32, and [Limited Results] found that to be the case here. With the wealth of information and software available for these very popular WiFi modules, dumping the firmware binary was no problem. Once the binary was in hand, a little snooping around with a hex editor was all it took to identify the network login information. The firmware dumps also contained information such as the unique hardware IDs used by the “cloud” platforms the bulbs connect to, and in at least one case, the root certificate and RSA private key were found.

On the plus side, being able to buy cheap smart devices that are running easily hackable modules like the ESP makes it easier for us to create custom firmware for them. Hopefully the community can come up with slightly less suspect software, but really just keeping the things from connecting to anything outside the local network would be a step in the right direction.

(Some days later…)

[Limited Results] had hinted to us that he had previously disclosed some vulnerabilities to the bulb’s maker, but that until they fixed them, he didn’t want to make them public. They’re fixed now, and it appears that the bulbs were sending everything over the network unencrypted — your data, OTA firmware upgrades, everything. They’re using TLS now, so good job [Limited Results]! If you’re running an old version of their lightbulbs, you might have a look.

On WiFi credentials, we were told: “In the case where sensitive information in the flash memory wasn’t encrypted, the new version will include encrypted storage processing, and the customer will be able to select this version of the security chips, which can effectively avoid future security problems.” Argue about what that actually means in the comments.

WiFi Controlled Finger Dims Lights Over UDP

January 26, 2019 by Eric Evenchick 10 Comments

While WiFi controlled lights are readily available, replacing your lighting fixtures or switches isn’t always an option. [Thomas] ran into this issue with his office lights. For the developers in the office, these lights always seemed to run a little too bright. The solution? A 3D printed, WiFi controlled finger to poke the dimmer switch.

This little hack consists of a servo, a 3D printed arm and finger assembly, and a Wemos D1 Mini development board. The Wemos is a low cost, Arduino compatible development board based on the ESP8266. We’ve seen it used for a wide variety of hacks here on Hackaday.

For this device, the Wemos is used to listen for UDP packets on the company’s WiFi network. When it receives a packet, it tells the servo to push the dimming button for a specified amount of time. [Thomas] wrote a Slack bot to automatically send these packets. Now, when the lights are too bright, a simple message to the bot allows anyone to dim the lights without ever leaving the comfort of their desk. Sure, it’s not the most secure or reliable method of controlling lights, but if something goes wrong, the user can always get up and flip the switch the old fashioned way.

Motorizing An IKEA SKARSTA Table

January 23, 2019 by Tom Nardi 38 Comments

We’ve been told that standing at a desk is good for you, but unless you’re some kind of highly advanced automaton you’re going to have to sit down eventually no matter what all those lifestyle magazines say. That’s where desks like the IKEA SKARSTA come in; they use a crank on the front to raise and lower the desk to whatever height your rapidly aging corporeal form is still capable of maintaining. All the health benefits of a standing desk, without that stinging sense of defeat when you later discover you hate it.

But who wants to turn a crank with their hand in 2019? Certainly not [iLLiac4], who’s spent the last few months working in conjunction with [Martin Mihálek] to add some very impressive features to IKEA’s adjustable table. Replacing the hand crank with a motorized system which can do the raising and lifting was only part of it, the project also includes a slick control panel with a digital display that shows the current table height and even allows the user to set and recall specific positions. The project is still in active development and has a few kinks to work out, but it looks exceptionally promising if you’re looking to get a very capable adjustable desk without breaking the bank.

The heart of the project is a 3D printable device which uses a low-RPM DC gear motor to turn the hex shaft where the crank would normally go. A rotary encoder is linked to the shaft of the motor by way of printed GT2 pulleys and a short length of belt, which gives the system positional information and avoids the complexity of adding limit switches to the table itself.

For controlling the motor the user is given the option between using relays or an H-Bridge PWM driver board, but in either event an Arduino Nano will be running the show. In addition to controlling the motor and reading the output of the rotary encoder, the Arduino also handles the front panel controls. This consists of a TM1637 four digit LED display originally intended for clocks, as well as six momentary contact tactile switches complete with 3D printed caps. The front panel’s simple user interface not only allows for setting and recalling three preset desk heights, but can even be used to perform the calibration routine without having to go in and hack the source code to change minimum and maximum positions.

We’ve seen all manner of hacks and modifications dealing with IKEA products, from a shelving unit converted into a vivarium to a table doing double duty as a cheap plate reverb. Whether you’re looking for meatballs or some hacking inspiration, IKEA seems to be the place to go.

Alexa, Remind Me Of The First Time Your Product Category Failed

January 21, 2019 by Brian Benchoff 94 Comments

For the last few years, the Last Great Hope™ of the consumer electronics industry has been voice assistants. Alexas and Echos and Google Homes and Facebook Portals are all the rage. Over one hundred million Alexa devices have been sold, an impressive feat given that there are only about 120 Million households in the United States, and a similar number in Europe. Look to your left, look to your right, one of you lives in a house with an Internet connected voice assistant.

2018 saw a huge explosion of Internet connected voice assistants, in sometimes bizarre form factors. There’s a voice controlled microwave, which is great if you’ve ever wanted to defrost a chicken through the Internet. You can get hardware for developing your own voice assistant device. 2019 will be even bigger. Facebook is heavily advertising the Facebook Portal. If you haven’t yet deleted your Facebook account, you can put the Facebook Portal on your kitchen counter and make video calls with your family and friends through Facebook Messenger. With the Google Home Hub and a Nest doorbell camera, you too can be just like Stu Pickles from Rugrats.

This is not the first time the world has been enamored with Internet-connected assistants. This is not the first time the consumer electronics industry put all their hope into one product category. This has happened before, and all those devices failed spectacularly. These were the Internet appliances released between 1999 and 2001: the last great hurrah of the dot-com boom. They were dumb then, and they’re dumb now.

Continue reading “Alexa, Remind Me Of The First Time Your Product Category Failed” →