Chromebook Trades Camera For WiFi Freedom

June 13, 2018 by Tom Nardi 30 Comments

There are a number of companies now providing turn-key computers that meet the Free Software Foundation’s criteria for their “Respects Your Freedom” certification. This means, in a general sense, that the computer is guaranteed not to spy on you or otherwise do anything else you didn’t explicitly ask it to. Unfortunately these machines often have a hefty premium tacked on, making it an unpleasant decision between privacy and performance.

Freedom-loving hacker [SolidHal] writes in to tell us about his quest to create a FSF-compliant laptop without breaking the bank. Based on a cheap Asus C201 Chromebook, his custom machine checks off all the appropriate boxes. The operating system was easy enough with an install of Debian, and the bootloader was rid of any Intel Management Engine shenanigans with a healthy dose of Libreboot. But there was one problem: the permanently installed WiFi hardware that required proprietary firmware. To remedy the issue, he decided to install an internal USB Wi-Fi adapter that has the FSF seal of approval.

As the Chromebook obviously doesn’t have an internal USB port, this was easier said than done. But as [SolidHal] is not the kind of guy who would want his laptop taking pictures of him in the first place, he had the idea to take the internal USB connection used by the integrated webcam and use that. He pulled the webcam out, studied the wiring, and determined which wires corresponded to the normal USB pinout.

The FSF approved ThinkPenguin Wi-Fi adapter he chose is exceptionally small, so it was easy enough to tuck it inside some empty space inside of the Chromebook. [SolidHal] just needed to solder it to the old webcam connection, and wrap it up in Kapton tape to prevent any possible shorts. The signal probably isn’t great considering the antenna is stuck inside the machine with all the noisy components, but it’s a trade-off for having a fully free and open source driver. But as already established, sometimes these are the kind of tough choices you have to make when walking in the righteous footsteps of Saint Ignucius.

Internal laptop modifications like this one remind us of the Ye Olden Days of Hackaday, when Eee PC modifications were all the rage and we still ran black and white pictures “taped” to the screen. Ah, the memories.

A Custom Keypad With Vision

May 26, 2018 by Tom Nardi 7 Comments

A combination of cheap USB HID capable microcontrollers, the ability to buy individual mechanical keys online, and 3D printing has opened up a whole new world of purpose-built input devices. Occasionally these take the form of full keyboards, but more often than not they are small boards with six or so keys that are dedicated to specific tasks or occasionally a particular game or program. An easy and cheap project with tangible benefits to anyone who spends a decent amount of time sitting in front of the computer certainly sounds like a win to us.

But this build by [r0ckR2] takes the concept one step farther. Rather than just being a simple 3×3 keypad, his includes a small screen that shows the current assignments for each key. Not only does this look really cool on the desk (always important), but it also allows assigning multiple functions to each key. The screen enables the user to switch between different pages of key assignments, potentially allowing a different set of hot keys or macros for every piece of software they use.

The case is entirely 3D printed, as are the key caps. To keep things simple, [r0ckR2] didn’t bother to design a full enclosure, leaving all the electronics exposed on the back. Some might think it’s a little messy, but we appreciate the fact that it gives you easy access to the internals if you need to fix anything. Rubber feet were added to the bottom so it doesn’t slide around while in use, but otherwise the case is a pretty straightforward affair.

As for the electronics, [r0ckR2] went with an STM32 “Blue Pill” board, simply because it’s what he had on hand. The screen is a ST7735 1.44 inch SPI TFT, and the keys themselves are Cherry MX Red clones he got off of eBay. All in all, most of the gear came from his parts bins or else was only a couple bucks online.

If you’re looking for something a bit bigger, check out this gorgeous Arduino-powered version, or this far more utilitarian version. Both are almost entirely 3D printed, proving the technology is capable of more than making little boats.

[via /r/functionalprint]

USB Reverse Engineering: A Universal Guide

May 25, 2018 by Ben James 20 Comments

Every hacker knows what it is to venture down a rabbit hole. Whether it lasts an afternoon, a month, or decades, finding a new niche topic and exploring where it leads is a familiar experience for Hackaday readers.

[Glenn ‘devalias’ Grant] is a self-proclaimed regular rabbit hole diver and is conscious that, between forays into specific topics, short-term knowledge and state of mind can be lost. This time, whilst exploring reverse engineering USB devices, [Glenn] captured the best resources, information and tools – for his future self as well as others.

His guide is impressively comprehensive, and covers all the necessary areas in hardware and software. After formally defining a USB system, [Glenn] refers us to [LinuxVoice], for a nifty tutorial on writing a linux USB driver for an RC car, in Python. Moving on to hardware, a number of open-source and commercial options are discussed, including GoodFET, FaceDancer, and Daisho – an FPGA based monitoring tool for analysing USB 3.0, HDMI and Gigabit Ethernet. If you only need to sniff low speed USB, here’s a beautifully small packet snooper from last year’s Hackaday prize.

This is a guide which is well-informed, clearly structured, and includes TL;DR sections in the perfect places. It gives due credit to LibUSB and PyUSB, and even includes resources for USB over IP.

If you’re worried about USB hacks like BadUSB, perhaps you should checkout GoodUSB – a hardware firewall for USB devices.

Header image: Ed g2s (CC-SA 3.0).

This Thermal Printer Has Serious Game

April 18, 2018 by Brian McEvoy 11 Comments

[Dhole], like the fox, isn’t the first to connect his computer to a Game Boy printer but he has done a remarkable job of documenting the process so well that anyone can follow. The operation is described well enough that it isn’t necessary to scrutinize his code, so don’t be put off if C and Rust are not your first choices. The whole thing is written like a story in three chapters.

The first chapter is about hacking a link cable between two Game Boys. First, he explains the necessity and process of setting the speed of his microcontroller, a NUCLEO-F411RE development board by STMicroelectronics. Once the rate is set, he builds a sniffer by observing the traffic on the cable and listens in on two Game Boys playing Tetris in competition mode. We can’t help but think that some 8-bit cheating would be possible if Tetris thought your opponent instantly had a screen overflowing with tetrominoes. Spying on a couple of Game Boys meant that no undue stress was put on the printer.

Chapter two built on the first chapter by using the protocol to understand how the printer expects to be spoken to. There is plenty of documentation about this already, and it is thoughtfully referenced. It becomes possible to convince a Game Boy that the connected microcontroller is a printer so it will oblige by sending an image. Since there isn’t a reason to wait for printing hardware, the transfer is nearly instantaneous. In the image above, you can see a picture of [Dhole] taken by a Game Boy camera.

The final chapter, now that all the protocols are understood, is also the climax where the computer and microcontroller convince the printer they are a Game Boy that wants to print an image. In the finale, we get another lesson about measuring controller frequency without an oscilloscope. If you are looking for the hack, there it is. There is a handful of success in the form of old receipts with superimposed grayscale images since virgin thermal printer paper by Nintendo costs as much as a used printer.

This story had a happy ending but grab your reading glasses for the smallest Game Boy and here’s someone who wrote their own Game Boy color game.

Function Generator Gets DIY Frequency Standard

April 8, 2018 by Tom Nardi 5 Comments

For those of us who like to wrangle electrons from time to time, there are some exceptional deals out there for low (or at least lower) cost imported test equipment. If you’re willing to part with a few hundred dollars US, you can get some serious hardware that a decade ago would have been effectively outside the reach of the hobbyist. Right now you can order a four channel oscilloscope for less than what a new Xbox costs; but which one you’ll rack up more hours staring at slack-jawed is up to you.

10 MHz output from DIY frequency standard

Of course, these “cheap” pieces of equipment aren’t always perfect. [Paul Lutus] was pretty happy with his relatively affordable Siglent SDG 1025 Arbitrary Function Generator, but found its accuracy to be a bit lacking. Fortunately, the function generator accepts an external clock which can be used to increase its accuracy, so he decided to build one.

[Paul] starts off by going over the different options he considered for this project, essentially boiling down to whether or not he wanted to jump through the extra hoops required for an oven-controlled crystal oscillator (OCXO). But the decision was effectively made for him when his first attempt at using a more simplistic temperature controlled oscillator failed due to an unfortunate misjudgment in terms of package size.

In the end, he decided to spring for the OCXO, and was able to use the USB port on the front panel of the SDG 1025 to provide the power necessary for the crystal to warm up and remain at operating temperature. After he got the oscillator powered, he just needed to put it in a suitable metal enclosure (to cut down external interference) and calibrate it. [Paul] cleverly used the NIST WWV broadcast and his ears to find when his frequency standard overlapped that of the source, therefore verifying it was at 10 MHz.

Hackers love accuracy, and accordingly, we’ve seen a number of frequency standard builds ranging from extremely cheap to luxuriously overkill.

Cracking An Encrypted External Hard Drive

March 16, 2018 by Tom Nardi 13 Comments

As far as hobbies go, auditing high security external hard drives is not terribly popular. But it’s what [Raphaël Rigo] is into, and truth be told, we’re glad it’s how he gets his kicks. Not only does it make for fascinating content for us to salivate over, but it’s nice to know there’s somebody with his particular skill set out there keeping an eye out for dodgy hardware.

No word on how the “Secret Wang” performs

The latest device to catch his watchful eye is the Aigo “Patriot” SK8671. In a series of posts on his blog, [Raphaël] tears down the drive and proceeds to launch several attacks against it until he finally stumbles upon the trick to dump the user’s encryption PIN. It’s not exactly easy, it did take him about a week of work to sort it all out, but it’s bad enough that you should probably take this particular item off the wishlist on your favorite overseas importer.

[Raphaël] treats us to a proper teardown, including gratuitous images of chips under the microscope. He’s able to identify a number of components on the board, including a PM25LD010 SPI flash chip, Jmicron JMS539 USB-SATA controller, and Cypress CY8C21434 microcontroller. By hooking his logic analyzer up to the SPI chip he was able to dump its contents, but didn’t find anything that seemed particularly useful.

The second post in the series has all the gory details on how he eventually gained access to the CY8C21434 microcontroller, including a description of the methods which didn’t work (something we always love to see). [Raphaël] goes into great detail about the attack that eventually busted the device open: “cold boot stepping”. This method allowed him to painstakingly copy the contents of the chip’s flash; pulling 8192 bytes from the microcontroller took approximately 48 hours. By comparing flash dumps he was able to eventually discover where the PIN was being stored, and as an added bonus, found it was in plaintext. A bit of Python later, and he had a tool to pull the PIN from the drive’s chip.

This isn’t the first time we’ve seen a “secure” hard drive that ended up being anything but. We’ve even been witness to a safe being opened over Bluetooth. Seems like this whole “Security by Obscurity” thing might not be such a hot idea after all…

On A Quest For The Perfect Numpad

March 12, 2018 by Tom Nardi 16 Comments

Often times, the only way to get exactly what you want in a device is to just build it yourself. Well, maybe not the only way, but we’ve all certainly told ourselves it was the only way enough that it might as well be true. We don’t know if the DIY imperative felt by [Olav Vatne] to construct his own Bluetooth mechanical number pad was genuine or self-imposed, but in either event, we’re glad he documented the process for our viewing pleasure.

Broken up into three separate posts on his blog, the construction of his custom numpad starts innocently enough with buying a kit from AliExpress. In a rather bizarre twist, the kit arrived assembled, which lead to an arduous period of desoldering to separate all the principle parts [Olav] wanted in the first place. So much for saving time.

Once he freed all the mechanical keys from the kit’s PCB, he went to town hand-wiring the matrix. After testing to make sure all the keys were wired correctly, the matrix got connected to an Adafruit Feather 32u4 Bluefruit. With the electronics sorted, [Olav] moved on to the software side. Here he was able to accomplish one of his primary goals, having a numpad that works over both USB and Bluetooth.

The last step of the process was creating the wooden enclosure. It basically goes together like a picture frame, with special care given to make sure there are appropriate openings in the case for the switches and USB port to pop through without ruining the overall look of the device.

Thanks to cheap USB-capable microcontrollers, hand-made artisan keyboards are now a thing. This project is a nice way to get started with custom input devices, and it only gets better from here.