Failing Infrastructure And The Lessons It Teaches

Infrastructure seems so permanent and mundane that most of us never give it a second thought. Maintenance doesn’t make for a flashy news story, but you will frequently find a nagging story on the inside pages of the news cycle discussing the slowly degrading, crumbling infrastructure in the United States.

If not given proper attention, it’s easy for these structures to fall into a state of disrepair until one suddenly, and often catastrophically, fails. We’ve already looked at a precarious dam situation currently playing out in California, and although engineers have that situation under control for now, other times we haven’t been so lucky. Today we’ll delve into a couple of notable catastrophic failures and how they might be avoided in future designs.

Gaining Weight While Delaying Repairs

Most of us take infrastructure for granted every day. Power lines, roads, pipelines, and everything else have a sense of permanence and banality that can’t be easily shaken. Sadly, this reality shattered for most people in Minneapolis, Minnesota in August 2007.

Continue reading “Failing Infrastructure And The Lessons It Teaches”

Michael Ossmann Pulls DSSS Out Of Nowhere

[Michael Ossmann] spoke on Friday to a packed house in the wireless hacking village at DEF CON 25. There’s still a day and a half of talks remaining but it will be hard for anything to unseat his Reverse Engineering Direct Sequence Spread Spectrum (DSSS) talk as my favorite of the con.

DSSS is a technique used to transmit reliable data where low signal strength and high noise are likely. It’s used in GPS communications where the signal received from a satellite is often far too small for you to detect visually on a waterfall display. Yet we know that data is being received and decoded by every cell phone on the planet. It is also used for WiFi management packets, ZigBee, and found in proprietary systems especially any dealing with satellite communications.

[Michael] really pulled a rabbit out of a hat with his demos which detected the DSSS signal parameters in what appeared to be nothing but noise. You can see below the signal with and without noise; the latter is completely indiscernible as a signal at all to the eye, but can be detected using his techniques.

Detecting DSSS with Simple Math

[Michael] mentioned simple math tricks, and he wasn’t kidding. It’s easy to assume that someone as experienced in RF as he would have a different definition of ‘simple’ than we would. But truly, he’s using multiplication and subtraction to do an awful lot.

DSSS transmits binary values as a set called a chip. The chip for digital 1 might be 11100010010 with the digital 0 being the inverse of that. You can see this in the slide at the top of this article. Normal DSSS decoding compares the signal to expected values, using a correlation algorithm that multiplies the two and gives a score. If the score is high enough, 11 in this example, then a bit has been detected.

To reverse engineer this it is necessary to center on the correct frequency and then detect the chip encoding. GNU radio is the tool of choice for processing a DSSS capture from a SPOT Connect module designed to push simple messages to a satellite communication network. The first math trick is to multiply the signal by itself and then look at spectrum analysis to see if there is a noticeable spike indicating the center of the frequency. This can then be adjusted with an offset and smaller spikes on either side will be observed.

When visualized in a constellation view you begin to observe a center and two opposite clusters. The next math trick is to square the signal (multiply it by itself) and it will join those opposite clusters onto one side. What this accomplishes is a strong periodic component (the cycle from the center to the cluster and back again) which reveals the chip rate.

Detecting symbols within the chip is another math trick. Subtract each successive value in the signal from the last and you will mostly end up with zero (high signal minus high signal is zero, etc). But every time the signal spikes you’re looking at a transition point and the visualization begins to look like logic traced out on an oscilloscope. This technique can deal with small amounts of noise but becomes more robust with a bit of filtering.

This sort of exploration of the signal is both fun and interesting. But if you want to actually get some work done you need a tool. [Michael] built his own in the form of a python script that cobbles up a .cfile and spits out the frequency offset, chip rate, chip sequence length, and decoded chip sequence.

Running his sample file through with increasing levels of noise added, the script was rock solid on detecting the parameters of the signal. Interestingly, it is even measuring the 3 parts per million difference between the transmitter and receiver clocks in the detected chip rate value. What isn’t rock solid is the actual bit information, which begins to degrade as the noise is increased. But just establishing the parameters of the protocol being used is the biggest part of the battle and this is a dependable solution for doing that quickly and automatically.

You can give the script a try. It is part of [Michael’s] Clock Recovery repo. This talk was recorded and you should add it to your reminder list for after the con when talks begin to be published. To hold you over until then, we suggest you take a look at his RF Design workshop from the 2015 Hackaday Superconference.

North Carolina Hackerspace Destroyed By Fire, Members Vow To Rebuild

There’s something about old industrial buildings that just seems to attract hackerspaces. It could be the open floor plans typical in buildings that used to house big manufacturing operations, or it could be a desire to reinvigorate places where machines once hummed and skilled hands plied their trades. Whatever the attraction, the relationship is not without risk; old buildings with wood floors and frames can be tinderboxes, and tragedy can strike at any moment.

Such a fate befell The Foothills Community Workshop in Granite Falls, North Carolina, this past Friday. Details are still sketchy as the remnants of the 75,000-square foot former Shuford Mills textile factory are still smoldering, and the Fire Marshal’s investigation is not yet complete. Thankfully, no lives were lost, and injuries were limited to heat exhaustion of several of the firefighters from 16 counties who battled the blaze in the hot and humid North Carolina Piedmont.

Continue reading “North Carolina Hackerspace Destroyed By Fire, Members Vow To Rebuild”

Rotary Phones And The Birth Of A Network

I can’t help but wonder how long it will be before the movie title  “Dial M for Murder” becomes mysterious to most of the population. After all, who has seen a dial phone lately? Sure, there are a few retro phones, but they aren’t in widespread use. It may not be murder, but it turns out that the dial telephone has its roots in death — or at least the business of death. But to understand why that’s true, you need to go back to the early days of the telephone.

Did you ever make a tin can phone with a string when you were a kid? That dates back to at least 1667. Prior to the invention of what we think of as the telephone, these acoustic phones were actually used for specialized purposes.

We all know that [Alexander Graham Bell] made a working telephone over a wire, drawing inspiration from the telegraph system. However, there’s a lot of dispute and many others about the same time were working on similar devices. It is probably more accurate to say that [Bell] was the first to successfully patent the telephone (in 1876, to be exact).

Continue reading “Rotary Phones And The Birth Of A Network”

Home Automation: Evolution Of A Term

Home automation: for me the term recalls rich dudes in the ’80s who could turn off their garage lights with remote-control pads. The stereotype for that era was the more buttons your system had—even non-enabled ones—the more awesome it was, and by extension any luxury remote control had to be three times the size of any TV remote.

And it was a luxury–the hardware was expensive and most people couldn’t justify it. Kind of like the laser-disc player of home improvements. The technology was opaque to casual tinkering, it cost a lot to buy, and also was expensive to install.

The richie-rich stereotypes were reinforced with the technology seen in Bond movies and similar near-future flicks. Everything, even silly things, is motorized, with chrome and concrete everywhere. You, the hero, control everything in the house in the comfort of your acrylic half-dome chair. Kick the motorized blinds, dim the track lighting, and volume up the hi-fi!

This Moonraker-esque notion of home automation turned out to be something of a red herring, because home automation stopped being pretty forever ago; eventually it became available to everyone with a WiFi router in the form of Amazon Echo and Google Nest.

But the precise definition of the term home automation remains elusive. I mean, the essence of it. Let’s break it down.

Continue reading “Home Automation: Evolution Of A Term”

Smart Gun Beaten By Dumb Magnets

[Plore], a hacker with an interest in safe cracking, read a vehemently anti-smart-gun thread in 2015. With the words “Could you imagine what the guys at DEF CON could do with this?” [Plore] knew what he had to do: hack some smart guns. Watch the video below the break.

Armed with the Armatix IP1, [Plore] started with one of the oldest tricks in the book: an RF relay attack. The Armatix IP1 is designed to fire only when a corresponding watch is nearby, indicating that a trusted individual is the one holding the gun. However, by using a custom-built $20 amplifier to extend the range of the watch, [Plore] is able to fire the gun more than ten feet away, which is more than enough distance to be dangerous and certainly more than the few inches the manufacturers intended.

Not stopping there, [Plore] went to the other extreme, creating what he calls an “electromagnetic compatibility tester” (in other words, a jammer) that jams the signal from the watch, effectively preventing a legitimate gun owner from firing their gun at 10 to 20 feet!

Not one to call it quits, [Plore] realised that the gun prevented illicit firing with a simple metal pin which it moved out of the way once it sensed the watch nearby. However, this metal just happened to be ferrous, and you know what that means: [Plore], with the help of some strong magnets, was able to move the pin without any electrical trickery.

Now, we’ve already covered the many hurdles that smart guns face, and this specific investigation of the state of smart gun technology doesn’t make the picture look any brighter. We’re aware that hindsight is always 20/20, so let us know in the comments how you would fix the problems with the Armatix IP1.
Continue reading “Smart Gun Beaten By Dumb Magnets”

Earth Ground And The Grid

The electrical grid transmits power over wires to our houses, and our Bryan Cockfield has covered it very well in his Electrical Grid Demystified series, but what part does the earth ground play? It’s commonly known to be used for safety, but did you know that in some cases it’s also used for power transmission?

Typical House Grounding System

Grounding system normal case
Grounding system normal case

A pretty typical diagram for the grounding system for a house is shown here, along with a few of the current carrying conductors commonly called live and neutral. On the far left is the transformer outside the house and on the far right is an appliance that’s plugged in. In between them is a breaker panel and a wall socket of the style found in North America. The green dashed line shows the normal path for current to flow.

Notice the grounding electrodes for making an electrical connection with the earth ground. To use the US National Electrical Code (NEC) as an example, article 250.52 lists eight types of grounding electrodes. One very good type is an electrode encased in concrete since concrete continues to draw moisture from the ground and makes good physical contact due to its weight. Another is a grounding rod or pipe at least eight feet long and inserted deep enough into the ground. By deep enough, we mean to include factors such as the fact that the frost line doesn’t count as a good ground since it has a high resistance. You have to be careful of using metal water pipes that seemingly go into the ground, as sections of these are often replaced with non-metallic pipes during regular maintenance.

Notice also in the diagram that there are places where the various metal cases are connected to the grounding system. This is called bonding.

Now, how does all this system grounding help us? Let’s start with handling a fault.

Continue reading “Earth Ground And The Grid”