Slider

4955 Articles

Reverse Engineering Cyclic Redundancy Codes

June 27, 2019 by 17 Comments

Cyclic redundancy codes (CRC) are a type of checksum commonly used to detect errors in data transmission. For instance, every Ethernet packet that brought you the web page you’re reading now carried with it a frame check sequence that was calculated using a CRC algorithm. Any corrupted packets that failed the check were discarded, and the missing data was detected and re-sent by higher-level protocols. While Ethernet uses a particularly common CRC, there are many, many different possibilities. When you’re reverse-engineering a protocol that contains a CRC, although it’s not intended as a security mechanism, it can throw a wrench in your plans. Luckily, if you know the right tool, you can figure it out from just a few sample messages.

A case in point was discussed recently on the hackaday.io Hack Chat, where [Thomas Flayols] came for help reverse engineering the protocol for some RFID tags used for race timing. Let’s have a look at the CRC, how it is commonly used, and how you can reverse-engineer a protocol that includes one, using [Thomas’] application as an example.

Continue reading “Reverse Engineering Cyclic Redundancy Codes”

What’s The Deal With Square Traces On PCBs

June 26, 2019 by 110 Comments

When designing a printed circuit board, there are certain rules. You should place decoupling capacitors near the power pins to each chip. Your ground planes should be one gigantic fill of copper; two ground planes connected by a single trace is better known as an antenna. Analog sections should be kept separate from digital sections, and if you’re dealing with high voltage, that section needs to be isolated.

One that I hear a lot is that you must never put a 90-degree angle on a trace. Some fear the mere sight of a 90-degree angle on a PCB tells everyone you don’t know what you’re doing. But is there is really no greater sin than a 90-degree trace on a circuit board?

This conventional wisdom of eschewing 90-degree traces is baked into everything we know about circuit board design. It is the first thing you’re taught, and it’s the first thing you’ll criticize when you find a board with 90-degree traces. Do square traces actually matter? The short answer is no, but there’s still a reason we don’t do it.

Continue reading “What’s The Deal With Square Traces On PCBs”

Impersonate The President With Consumer-Grade SDR

June 26, 2019 by 43 Comments

In April of 2018, the Federal Emergency Management Agency sent out the very first “Presidential Alert”, a new class of emergency notification that could be pushed out in addition to the weather and missing child messages that most users were already familiar with. But while those other messages are localized in nature, Presidential Alerts are intended as a way for the Government to reach essentially every mobile phone in the country. But what if the next Presidential Alert that pops up on your phone was actually sent from somebody with a Software Defined Radio?

According to research recently released by a team from the University of Colorado Boulder, it’s not as far-fetched a scenario as you might think. In fact, given what they found about how the Commercial Mobile Alert Service (CMAS) works, there might not be a whole lot we can even do to prevent it. The system was designed to push out these messages in the most expedient and reliable way possible, which meant that niceties like authentication had to take a backseat.

The thirteen page report, which was presented at MobiSys 2019 in Seoul, details their findings on CMAS as well as their successful efforts to send spoofed Presidential Alerts to phones of various makes and models. The team used a BladeRF 2.0 and USRP B210 to perform their mock attacks, and even a commercially available LTE femtocell with modified software. Everything was performed within a Faraday cage to prevent fake messages from reaching the outside world.

So how does the attack work? To make a long story short, the team found that phones will accept CMAS messages even if they are not currently authenticated with a cell tower. So the first phase of the attack is to spoof a cell tower that provides a stronger signal than the real ones in the area; not very difficult in an enclosed space. When the phone sees the stronger “tower” it will attempt, but ultimately fail, to authenticate with it. After a few retries, it will give up and switch to a valid tower.

This negotiation takes around 45 seconds to complete, which gives the attacker a window of opportunity to send the fake alerts. The team says one CMAS message can be sent every 160 milliseconds, so there’s plenty of time to flood the victim’s phone with hundreds of unblockable phony messages.

The attack is possible because the system was intentionally designed to maximize the likelihood that users would receive the message. Rather than risk users missing a Presidential Alert because their phones were negotiating between different towers at the time, the decision was made to just push them through regardless. The paper concludes that one of the best ways to mitigate this attack would be to implement some kind of digital signature check in the phone’s operating system before the message gets displayed to the user. The phone might not be able to refuse the message itself, but it can at least ascertain it’s authentic before showing it to the user.

All of the team’s findings have been passed on to the appropriate Government agencies and manufacturers, but it will likely be some time before we find out what (if any) changes come from this research. Considering the cost of equipment that can spoof cell networks has dropped like a rock over the last few years, we’re hoping all the players can agree on a software fix before we start drowning in Presidential Spam.

You’re Sitting On An Engineering Masterpiece: Chairs As A Design Challenge

June 25, 2019 by 26 Comments

If you move as a hardware hacker through the sometimes surprisingly similar world of artists, craftspeople, designers, blacksmiths, and even architects, there’s one piece of work that you will see time and time again as an object that exerts a curious fascination. It seems that designing and building a chair is a rite of passage, and not just a simple chair, but in many cases an interesting chair.

An American-made Windsor chair from the turn of the 19th century. Los Angeles County Museum of Art [Public domain]
An American-made Windsor chair from the turn of the 19th century. Los Angeles County Museum of Art [Public domain]
Some of the most iconic seating designs that you will be instantly familiar with through countless mass-produced imitations began their lives as one-off design exercises. Yet we rarely see them in our community of hackers and makers, a search turns up only a couple of examples. This is surprising, not least because there is more than meets the eye to this particular piece of furniture. Your simple seat can be a surprisingly complex challenge.

Moving Charis From Artisan to Mass Market

The new materials and mass production techniques of the 19th and 20th centuries have brought high-end design into the hands of the masses, but while wealthy homes in earlier centuries had high-quality bespoke furniture in the style of the day, the traditional furniture of the masses was hand-made in the same way for centuries often to a particular style dependent on the region in which it was produced.

Continue reading “You’re Sitting On An Engineering Masterpiece: Chairs As A Design Challenge”

The Future Of Space Is Tiny

June 25, 2019 by 12 Comments

While recent commercial competition has dropped the cost of reaching orbit to a point that many would have deemed impossible just a decade ago, it’s still incredibly expensive. We’ve moved on from the days where space was solely the domain of world superpowers into an era where multi-billion dollar companies can join on on the fun, but the technological leaps required to reduce it much further are still largely relegated to the drawing board. For the time being, thing’s are as good as they’re going to get.

Starlink satellites ready for launch

If we can’t count on the per pound cost of an orbital launch to keep dropping over the next few years, the next best option would logically be to design spacecraft that are smaller and lighter. Thankfully, that part is fairly easy. The smartphone revolution means we can already pack an incredible amount sensors and processing power into something that can fit in the palm of your hand. But there’s a catch: the Tsiolkovsky rocket equation.

Often referred to as simply the “rocket equation”, it allows you to calculate (among other things) the ratio of a vehicle’s useful cargo to its total mass. For an orbital rocket, this figure is very small. Even with a modern launcher like the Falcon 9, the payload makes up less than 5% of the liftoff weight. In other words, the laws of physics demand that orbital rockets are huge.

Unfortunately, the cost of operating such a rocket doesn’t scale with how much mass it’s carrying. No matter how light the payload is, SpaceX is going to want around $60,000,000 USD to launch the Falcon 9. But what if you packed it full of dozens, or even hundreds, of smaller satellites? If they all belong to the same operator, then it’s an extremely cost-effective way to fly. On the other hand, if all those “passengers” belong to different groups that split the cost of the launch, each individual operator could be looking at a hundredfold price reduction.

SpaceX has already packed 60 of their small and light Starlink satellites into a single launch, but even those craft are massive compared to what other groups are working on. We’re seeing the dawn of a new era of spacecraft that are even smaller than CubeSats. These tiny spacecraft offer exciting new possibilities, but also introduce unique engineering challenges.

Continue reading “The Future Of Space Is Tiny”

Raspberry Pi 4 Just Released: Faster CPU, More Memory, Dual HDMI Ports

June 23, 2019 by 260 Comments

The Raspberry Pi 4 was just released. This is the newest version of the Raspberry Pi and offers a better CPU and more memory than the Raspberry Pi 3, dual HDMI outputs, better USB and Ethernet performance, and will remain in production until January, 2026.

There are three varieties of the Raspberry Pi 4 — one with 1GB of RAM, one with 2GB, and one with 4GB of RAM — available for $35, $45, and $55, respectively. There’s a video for this Raspberry Pi launch, and all of the details are on the Raspberry Pi 4 website.

A Better CPU, Better Graphics, and More Memory

The CPU on the new and improved Raspberry Pi 4 is a significant upgrade. While the Raspberry Pi 3 featured a Broadcom BCM2837 SoC (4× ARM Cortex-A53 running at 1.2GHz) the new board has a Broadcom BCM2711 SoC (a quad-core Cortex-A72 running at 1.5GHz). The press literature says this provides desktop performance comparable to entry-level x86 systems.

Of note, the new Raspberry Pi 4 features not one but two HDMI ports, albeit in a micro HDMI format. This allows for dual-display support at up to 4k60p. Graphics power includes H.265 4k60 decode, H.264 1080p60 decode, 1080p30 encode, with support for OpenGL ES, 3.0 graphics. As with all Raspberry Pis, there’s a component  composite video port as well tucked inside the audio port. The 2-lane MIPI DSI display port and 2-lane MIPI CSI camera port remain from the Raspberry Pi 3.

Continue reading “Raspberry Pi 4 Just Released: Faster CPU, More Memory, Dual HDMI Ports”

Hackaday Podcast 024: Mashing Smartphone Buttons, Sound Blastering, Trash Printing, And A Ludicrous Loom

June 21, 2019 by 2 Comments

Hackaday Editors Elliot Williams and Mike Szczys wade through the fun hacks of the week. Looks like Google got caught ripping off song lyrics (how they got caught is the hack) and electric cars are getting artificially noisier. We look at 3D Printing directly from used plastic, and building a loom with many hundreds of 3D printed parts. The Sound Blaster 1.0 lives again thanks to some (well-explained) reverse engineered circuitry. Your smartphone is about to get a lot more buttons that work without any extra electronics, and we’ll finish things up with brass etching and downloadable nuclear reactor plans.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 024: Mashing Smartphone Buttons, Sound Blastering, Trash Printing, And A Ludicrous Loom”