RTL-SDR brought cheap and ubiquitous Software Defined Radio (SDR) to the masses, opening up whole swaths of the RF spectrum which were simply unavailable to the average hacker previously. Because the RTL-SDR supported devices were designed as TV tuners, they had no capability to transmit. For the price they are still an absolutely fantastic deal, and deserve to be in any modern hacker’s toolkit, but sometimes you want to reach out and touch someone.
Now you can. At OsmoDevCon [Steve Markgraf] released osmo-fl2k, a tool which allows transmit-only SDR through cheap USB 3.0 to VGA adapters based on the Fresco Logic FL2000 chip. Available through the usual overseas suppliers for as little has $5 USD, these devices can be used unmodified to transmit low-power FM, DAB, DVB-T, GSM, UMTS and GPS signals.
In a demonstration on the project page, one of these USB VGA adapters is used to broadcast a GSM cellular network which is picked up by the adjacent cell phones. Another example shows how it can be used to broadcast FM radio. A GitHub repository has been set up which includes more examples. The signals transmitted from the FL2000 chip are obviously quite weak, but the next step will logically be the hardware modifications necessary to boost transmission to more useful levels.
To say this is a big deal is something of an understatement. For a few bucks, you’ll be able to get a device to spoof cellular networks and GPS signals. This was possible before, of course, but took SDR hardware that was generally outside the budget of the casual experimenter. If you bought a HackRF or an Ettus Research rig, you were probably responsible enough not to get into trouble with it, but that’s not necessarily the case anymore. As exciting as this technology is, we would be wise to approach it with caution. In an increasingly automated world, GPS spoofing can have some pretty bad results.
Key to the entire concept is the detection of lines in a black-and-white technical drawing. To some people this won’t sound like a particularly challenging problem; choose one or another baked-in line detection function, maybe with a bit of pre or post-processing, and that should be that. It turns out that detecting lines can be harder than expected, and as usual the devil is in the detail.
When [Conor] tried some existing methods for detecting lines, the results appeared good at first but came up short in frustrating ways. Software did not appreciate that in a technical drawing, a line is a single unbroken unit from point A to point B. Without that assumption, what should be a single line sometimes had sections missing, or single lines were detected as multiple segments instead of a unit. Lines that crossed other lines complicated things. Unwanted lines like a “1” or the lower half of a “Y” were being detected. There had to be a better way.
In the end, a custom solution that took proper advantage of the nature of the source images and made the correct assumptions is what made all the difference. With some intelligent threshold setting combined with looking at vertical and horizontal line instances separately, it was possible to locate lines and their lengths far more accurately than any other method he had tried. The system doesn’t handle sloped lines yet, but it might be possible to simply iterate through rotations of the image while applying the same method. If you have a better solution, [Conor] wants to hear from you.
If you can code, you can create an Alexa skill — the programs that allow an Amazon Echo or similar device interact with you. What if you can’t code or you are just too lazy to do all the setup? Amazon now has Blueprints that can help anyone make a skill. The only problem is the skills you can create are pretty limited. In addition, they are only available to your Alexa devices.
The idea is simple. You start with a template — OK, a blueprint. This is a model application that does something like giving you a compliment or a joke on demand. When you open the blueprint, you’ll see a list of things it can say. You can edit the list, including adding or deleting things. Then you name the new skill. In a few minutes, your skill will be live on your devices.
Deep Neural Networks can be pretty good at identifying images — almost as good as they are at attracting Silicon Valley venture capital. But they can also be fairly brittle, and a slew of research projects over the last few years have been working on making the networks’ image classification less likely to be deliberately fooled.
One particular line of attack involves adding particularly-crafted noise to an image that flips some bits in the deep dark heart of the network, and makes it see something else where no human would notice the difference. We got tipped with a YouTube video of a one-pixel attack, embedded below, where changing a single pixel in the image would fool the network. Take that robot overlords!
Or not so fast. Reading the fine-print in the cited paper paints a significantly less gloomy picture for Deep Neural Nets. First, the images in question were 32 pixels by 32 pixels to begin with, so each pixel matters, especially after it’s run through a convolution step with a few-pixel window. The networks they attacked weren’t the sharpest tools in the shed either, with somewhere around a 68% classification success rate. What this means is that the network was unsure to begin with for many of the test images — making it flip from its marginally best (correct) first choice to a second choice shouldn’t be all that hard.
Fingerprinting text is really very nifty; the ability to encode hidden data within a string of characters opens up a large number of opportunities. For example, someone within your team is leaking confidential information but you don’t know who. Simply send each team member some classified text with their name encoded in it. Wait for it to be leaked, then extract the name from the text — the classic canary trap.
Here’s a method that hides data in text using zero-width characters. Unlike various other ways of text fingerprinting, zero width characters are not removed if the formatting is stripped, making them nearly impossible to get rid of without re-typing the text or using a special tool. In fact you’ll have a hard time detecting them at all – even terminals and code editors won’t display them.
To make the process easy to perform, [Vedhavyas] created a command line utility to embed and extract a payload using any text. Each letter in the secret message is converted to binary, then encoded in zero-width characters. A zero-width-non-joiner character is used for 0, and a zero-width-space character for 1.
Of course, to get your encoding game really tight, you should be looking at getting yourself an enigma wristwatch…
Pi-hole is an open source project to turn that Raspberry Pi collecting dust in your drawer into a whole-network ad blocking appliance. Not only does it stop ads from showing up on all your computers and mobile devices, it also keeps track of how many ads have been blocked and where they came from. Just in case you wanted to know how many thousands of ads you missed out on for a given time period.
While the graphs generated in the web interface of Pi-hole are slick and all, what if you just wanted a quick way of visualizing how effective your ad blocking system is? You’re not so much worried about the exact figures, you just want something to blink away on your desk and let you know all those ads are going to /dev/null. Enter the aptly named pi-hole-visualizer by [simianAstronaut].
With the addition of a Sense HAT to the Pi running the ad blocking, this Python script will generate an animated visualization that can be easily interpreted even from a distance. The primary display is a bar graph of DNS traffic, where the height and color of each column indicate relative activity within a specific time interval. A second screen shows a spiral graph which gives you an idea of what percentage of ads were blocked before they hit your devices.
An array of options can be given to the script from the command line; controlling both physical aspects of the display like orientation and LED brightness, as well the configurable parameters for the different available visualizations. As an added bonus, there’s also support for using the Sense HAT joystick to switch between modes interactively.