Homebrew Stream Deck Pedal Emulates The Real Thing

July 14, 2022 by Lewin Day 5 Comments

Pedals are a great way to control functions on your computer. You’re rarely using your feet for anything else, so they can handle some tasks, freeing up your hands. This Elgato Stream Deck controller from [DDRBoxman] does just that.

[DDRBoxman] wanted to control Elgato Stream Deck much like the offical pedal sold by the company. Thus, some hacking was in order. Using Wireshark with the Elgato pedal helped to determine the communication method of the real hardware.

Once the protocol was figured out, it was just a task of getting the Raspberry Pi Pico to replicate the same functionality. With the help of the tinyusb library, [DDRBoxman] was able to emulate the real Elgato device successfully. Paired with a 3D-printed footswitch design from Adafruit, and the project was functional and complete.

We’ve seen great foot pedal devices over the years, from a simple macro device to a super-useful page turner for sheet music. If you’ve been hacking away at your own nifty input devices, be sure to drop us a line!

Visual Cryptography For Physical Keyrings

July 14, 2022 by Dave Rowntree 14 Comments

Visual cryptography is one of those unusual cases that kind of looks like a good idea, but it turns out is fraught with problems. The idea is straightforward enough — an image to encrypt is sampled and a series of sub-pixel patterns are produced which are distributed to multiple separate images. When individual images are printed to transparent film, and all films in the set are brought into alignment, an image appears out of the randomness. Without at least a minimum number of such images, the original image cannot be resolved. Well, sort of. [anfractuosity] wanted to play with the concept of visual cryptography in a slightly different medium, that of a set of metal plates, shaped as a set of keyrings.

Two image ‘share pairs’ needed as a minimum to form an image when combined

Metal blanks were laser cut, with the image being formed by transmitted light through coincident holes in both plate pairs, when correctly aligned. What, we hear you ask, is the problem with this cryptography technique? Well, one issue is that of faking messages. It is possible for a malicious third party, given either one of the keys in a pair, to construct a matching key composing an entirely different message, and then substitute this for the second key, duping both original parties. Obviously this would need both parties to be physically compromised, but neither would necessarily notice the substitution, if neither party knew the originally encrypted message. For those interested in digging in a little deeper, do checkout this classic paper by Naor and Shamir [pdf] of the Wiezmann Institute. Still, despite the issues, for a visual hack it’s still a pretty fun technique!

Want to learn a little more about crypto techniques you can do at home? Here’s our guide. Encryption too hard to break, but need a way to eavesdrop? Just punt out a flawed system, and you’re good to go.

Continue reading “Visual Cryptography For Physical Keyrings” →

Apple AirTags Hacked And Cloned With Voltage Glitching

July 14, 2022 by Lewin Day 33 Comments

Apple AirTags are useful little devices. They essentially use iPhones in the wild as a mesh network to tell the owner where the AirTag is. Now, researchers have shown that it’s possible to clone these devices.

The research paper explains the cloning process, which requires physical access to the hardware. To achieve the hack, the Nordic nRF52832 inside the AirTag must be voltage glitched to enable its debug port. The researchers were able to achieve this with relatively simple tools, using a Pi Pico fitted with a few additional components.

With the debug interface enabled, it’s simple to extract the microcontroller’s firmware. It’s then possible to clone this firmware onto another tag. The team also experimented with other hacks, like having the AirTag regularly rotate its ID to avoid triggering anti-stalking warnings built into Apple’s tracing system.

As the researchers explain, it’s clear that AirTags can’t really be secure as long as they’re based on a microcontroller that is vulnerable to such attacks. It’s not the first AirTag cloning we’ve seen either. They’re an interesting device with some serious privacy and safety implications, so it pays to stay abreast of developments in this area.

[Thanks to Itay for the tip!]

Cracking The MiFare Classic Could Get You Free Snacks

July 13, 2022 by Lewin Day 24 Comments

[Guillermo] started a new job a while back. That job came with an NFC access card, which was used for booking rooms and building access. The card also served as a wallet for using the vending machines. He set about hacking the card to see what he could uncover.

Initial scans with NFC Tools revealed the card was an Infineon MIFARE Classic Card 1k. These cards are considered fairly old and insecure by now. There’s plenty of guides online on how to crack the private keys that are supposed to make the card secure. Conveniently, [Guillermo] had a reader/writer on hand for these very cards.

[Guillermo] was able to use a tool called mfoc to dump the keys and data off the card. From there, he was able to determine that the credit for the vending machines was stored on the card itself, rather than on a remote server.

This means that it’s simple to change the values on the card in order to get free credit, and thus free snacks. However, [Guillermo] wisely resisted the urge to cash in on candy and sodas. When totals from the machine and credit system were reconciled, there’d be a clear discrepancy, and a short investigation would quickly point to his own card.

He also managed to successfully clone a card onto a “Magic Mifare” from Amazon. In testing, the card performed flawlessly on all systems he tried it on.

It goes to show just how vulnerable some NFC-based access control systems really are. RFID tags are often not as safe as you’d hope, either!

It’s A Bird! It’s A Plane! It’s… A Live Air Traffic Plane Spotting Simulation

July 12, 2022 by Ryan Flowers 5 Comments

Plane spotting has been a hobby of aviation enthusiasts for generations. Hanging out by the airport, watching aircraft come and go, maybe even listening to Air Traffic Control on a scanner from your local Radio Shack. Yep- we’ve been there, and it can be a lot of fun! But how can those of us who don’t live near a major controlled airport keep up on the action? As demonstrated by the [Information Zulu] YouTube channel’s Live Stream, seen below the break, the action may be closer than you think!

By using publicly available information, software, and some ingenuity, [Information Zulu] has created a live simulation of Los Angeles International Airport (LAX) for your simulated plane spotting pleasure. Aircraft positional data is gained through an ADSB receiver and piped into a the flight simulator software with a Traffic Injection Addon, and the simulator itself is used to properly place aircraft, set the weather, and even the correct aircraft types and liveries. Setting off the illusion of a real plane spotting adventure is the live Air Traffic Control radio chatter!

We love the creativity that went into not just making all of the software available, but in combining it into a cohesive product that can be viewed 24/7 on YouTube that, if you squint just right, could be mistaken for a view of the real thing.

If you’re not familiar with ADSB and how it’s used to track aircraft in such a way that anybody can receive it with the right equipment, check out this beginner’s course on ADSB from a few years back!

Continue reading “It’s A Bird! It’s A Plane! It’s… A Live Air Traffic Plane Spotting Simulation” →

Sneeze Into Your Hand, Not Your Elbow With This Nose-Shaped Sanitizer Dispenser

July 9, 2022 by Dan Maloney 7 Comments

You’ve got to love a language like German, where not only is it possible for a word or two to stand in for a complex concept, but you don’t even need to speak the language to make a good guess at what it all means. Of course when your project is a giant nose that mock-sneezes sanitizer into your hands, it doesn’t really matter that you call it Der niesende Desinfektionsmittelspender. Humor based on bodily functions is, after all, the universal language.

Working knowledge of German or not, figuring out exactly what [Nina] is doing here isn’t too difficult. Judging by the video below and the build log, the idea is to detect the presence of a hand underneath the dispenser with a simple IR reflective sensor hooked to some kind of microcontroller — an ESP32 in this case. Audio clips of sneezes are stored on an SD card and played back through a small speaker, while a hobby servo pushes the button on an atomizer. It seems as if selecting the proper dispenser was the hardest thing about the project; [Nina] finally settled on a battery-operated mister that was just the right size to fit into the nose. Oh, didn’t we mention the giant, pink, 3D-printed nose that houses the whole thing? Sorry about that — it’s quite subtle and easy to miss.

Anyway, the whole project is a lot of fun and brought a genuine laugh when we saw it. It’s a clever way to poke gentle fun at the germaphobes who came up with other, less whimsical methods of dispensing hand sanitizer. But let’s face it, they ended up being proven pretty much on the mark about things.

Continue reading “Sneeze Into Your Hand, Not Your Elbow With This Nose-Shaped Sanitizer Dispenser” →

DIY Chicken McMansion Is A Real Hen House

July 6, 2022 by Ryan Flowers 9 Comments

You might recognize [Robert Dunn] from his YouTube channel Aging Wheels, where he hacks on all sorts of automotive delights. On his other channel, Under Dunn, [Robert] tends to focus on building things. In this case, his nine chickens grew a bit, and he needs a new coop for his twenty chickens, three turkeys, and two geese. The build, the video, and the outcome are all typical of [Robert Dunn]’s videos- that is to say fun, informative, and easy to follow along with.

Rather than building on to his existing coop that was designed for less than a dozen chickens, [Robert] decided to start from scratch. Using CAD to overcomplicate matters at every possible step, the build flies together with impressive speed- but never quite takes off until the very last moment.

The video highlights all the things we want to see: The CNC’ing, the fails (including one very large fall-flat-on-your-face moment), the recovery from the fails, routed butt joints, and screen door handles. It’s also got all of the overengineered goodness we’ve all come to love. You’ll also enjoy his solution to moving, then fixing, then finally installing the coop.

If you enjoyed this, and watching people fail, check out [Robert]’s Fail Of The Week that we featured a while back.

Continue reading “DIY Chicken McMansion Is A Real Hen House” →