Wireless Hacks

1047 Articles

DropController Sets The Bar For Documentation

August 18, 2020 by 4 Comments

dropController has the kind of documentation we wish would spontaneously generate itself whenever we build something. [Martyn Currey] built a robust rig for water droplet photography, and we don’t want to dismiss the hardware, but the most impressive part might be the website. It might not be very fancy, but it’s thorough and logically organized. You can find parts lists, assembly manuals, tutorials, sketches, and schematics. If only all the projects that came our way were so well detailed.

Water droplet photography is pretty cool, although freehanding it will make your patience fall faster than 9.81 m/s². The concept is that a solenoid valve will flicker open to release a drop of water, wait for a certain number of microseconds, and then trigger your DSLR via a wired remote cable. The tricky part comes from controlling as many as six valves and three flashes. We don’t have enough fingers and toes to press all those buttons.

The bill of materials contains many commonly available parts like an Arduino Nano, an LM2596 voltage regulator, some MOSFETS, an HC-06 Bluetooth module, plus standard audio connectors to hook everything up. Nothing should break the bank, but if money is not an issue, [Martyn] sells kits and complete units.

Waterdrop controllers are not the newest kids on the block, and strobe photography is a time-honored tradition.

Continue reading “DropController Sets The Bar For Documentation”

Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack

August 7, 2020 by 5 Comments

This year, at DEF CON 28 DEF CON Safe Mode, security researchers [Jiska Classen] and [Francesco Gringoli] gave a talk about inter-chip privilege escalation using wireless coexistence mechanisms. The title is catchy, sure, but what exactly is this about?

To understand this security flaw, or group of security flaws, we first need to know what wireless coexistence mechanisms are. Modern devices can support cellular and non-cellular wireless communications standards at the same time (LTE, WiFi, Bluetooth). Given the desired miniaturization of our devices, the different subsystems that support these communication technologies must reside in very close physical proximity within the device (in-device coexistence). The resulting high level of reciprocal leakage can at times cause considerable interference.

There are several scenarios where interference can occur, the main ones are:

  • Two radio systems occupy neighboring frequencies and carrier leakage occurs
  • The harmonics of one transmitter fall on frequencies used by another system
  • Two radio systems share the same frequencies

To tackle these kind of problems, manufacturers had to implement strategies so that the devices wireless chips can coexist (sometimes even sharing the same antenna) and reduce interference to a minimum. They are called coexistence mechanisms and enable high-performance communication on intersecting frequency bands and thus, they are essential to any modern mobile device. Despite open solutions exist, such as the Mobile Wireless Standards, the manufacturers usually implement proprietary solutions.

Spectra

Spectra is a new attack class demonstrated in this DEF CON talk, which is focused on Broadcom and Cypress WiFi/Bluetooth combo chips. On a combo chip, WiFi and Bluetooth run on separate processing cores and coexistence information is directly exchanged between cores using the Serial Enhanced Coexistence Interface (SECI) and does not go through the underlying operating system.

Spectra class attacks exploit flaws in the interfaces between wireless cores in which one core can achieve denial of service (DoS), information disclosure and even code execution on another core. The reasoning here is, from an attacker perspective, to leverage a Bluetooth subsystem remote code execution (RCE) to perform WiFi RCE and maybe even LTE RCE. Keep in mind that this remote code execution is happening in these CPU core subsystems, and so can be completely invisible to the main device CPU and OS.

Join me below where the talk is embedded and where I will also dig into the denial of service, information disclosure, and code execution topics of the Spectra attack.

Continue reading “Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack”

ESP32 Turned Open Source COVID-19 Contact Tracer

July 28, 2020 by 17 Comments

Over the past few months we’ve heard a lot about contact tracers which are designed to inform users if they’ve potentially come into close proximity with someone who has the virus. Generally these systems have been based on smartphone applications, but there are also hardware solutions that can operate independently for those who are unable or unwilling to install the software. Which is precisely what [Tom Bensky] has implemented using an ESP32 and a USB battery bank.

The idea is simple: the software generates a unique ID which is broadcast out by the ESP32 over Bluetooth Low Energy. Appended to that ID is a code that indicates the person’s current physical condition. There’s no centralized database, each user is expected to update their device daily with any symptoms they may be experiencing. If your tracker is blinking, that means somebody has come in close enough proximity that you should look at the collected data and see how they were feeling at the time.

It’s not a perfect system, of course, as for one thing the number of people that are willing and able to flash this firmware onto a spare ESP32 and carry the thing around with them all day is going to be extremely small. This might have filled an interesting niche if we were still going to hacker and maker cons this summer, but all of those have gone virtual anyway. That said, it’s an interesting look at how a decentralized contact tracing system can be implemented cheaply and quickly.

Another detail worth taking a look at is how [Tom] handled the user experience in his firmware. In an effort to make the tracer as easy as possible to configure, he’s using the Web Bluetooth capability of Google Chrome. Just open up the local web page in your browser, and it will handle talking to the hardware for you. Even if you’re not in the market for a contract tracer, we think this is a great example for how to handle end-user configuration on the ESP32.

We’ve already looked at contact tracer APIs from Google and Apple, dedicated COVID-19 hardware tokens, and even other open source attempts at decentralized proximity tracking. It’s a lot to process, and everyone seems to have their own idea on how it should be done. In the end, the most practical solution is probably to just stay at home as much as possible.

ESP8266 Makes A Wireless Card Reader

July 25, 2020 by 19 Comments

You can find commercial USB sticks that can also connect via WiFi. But [Neutrino] made his own using an ESP8266 married to a card reader. It all starts with the old trick of soldering a header to an SD card adapter. The USB port is still there, but it is only for power. A 3.3 V regulator and an ESP12E board round out the hardware.

Of course, the trick is the software. Starting from a few examples, he wound up providing an FTP server that you can connect to and send or receive files using that protocol.

Continue reading “ESP8266 Makes A Wireless Card Reader”

Ham Radio Mobile Operations Circa 1919

July 16, 2020 by 16 Comments

You used to be able to tell a die-hard ham radio operator on the road by the number and length of antennas protruding porcupine-like from their vehicle. There are still some mobile high frequency operators that have respectable car-mounted antenna farms, but they have nothing on Alfred H. Grebe. In 1919, he fitted a medium wave transmitter in his car that operated around 2 MHz. Since it needed a very large antenna, Grebe rigged a wire antenna that looked like a clothesline between the two bumpers. Obviously, you had to stop, set up your antenna, and then operate — you couldn’t talk and drive. But this may have been the world’s first automotive radio setup for voice communication.

The car had a separate battery for the radio and a dynamotor to generate high voltage for the tubes. Although many radio enthusiasts found ways to add receivers to their cars in the 1920s, it would be 1930 before Motorola made radios especially for cars in production quantities.

Continue reading “Ham Radio Mobile Operations Circa 1919”

Bubbles, The People-Pleasing Pandemic Panda

July 13, 2020 by 10 Comments

This year, [Thomas]’ neighborhood has gone from a quiet burg to a bustling lane full of families and children who go out walking for exercise and a change of scenery. Early on, a game emerged to distract children from the pandemic by turning these walks into bear hunts — that is, looking for stuffed bears sitting in the windows of houses and keeping count of them.

With no stuffed bears in the house, he decided to join in the fun by pasting up a 2D panda bear in the window that’s cute enough to calm anyone’s nerves. That was fun for a while, but then he turned it up to eleven by making an interactive 3D version named Bubbles the Bear that blows bubbles and speaks in a friendly voice.

Bubbles sits in a second-story window and waits for passers-by to press one of the buttons mounted on the utility pole below. Both buttons are wired to a 433MHz remote that sends a signal to an ESP32 in Bubbles’ habitat that says it’s time to perform.

We particularly like the bubble maker that [Thomas] designed, which aims a blower fan with an air concentrator at a carousel of 3D printed bubble wands. Both the fan and the carousel can be controlled with a custom web app, and he gets an email every time Bubbles has a visitor that tells him how much bubble liquid is left. Check out the fun-size demo after the break.

Bubbles are fun, especially if you can make them in extremely large quantities. Bubbles can also do work — remember this next time you need a random number generator.

Continue reading “Bubbles, The People-Pleasing Pandemic Panda”

An Off-The-Grid Instant Messaging Plattform

July 2, 2020 by 19 Comments

Having an open-source communication device that is independent of any network and works without fees sounds like a hacker’s dream come true. Well, this is exactly what [bobricius]’ is aiming at with his Armawatch and Armachat devices.

Recently, [bobricius] built a LoRa based instant messaging device named Armachat. The gadget is controlled by a SAMD21 MCU with native USB and includes a QWERTY keyboard and an LCD display. Communication is based on an RFM95 LoRa transceiver which can reach a range of up to 2 km under ideal conditions. [bobricius] is a wiz when it comes to PCB design and one thing that makes his projects look so good is how he often uses PCBs as enclosures.

Armachat came in two form factors a large desktop and a smaller pocket version. The new Armawatch is another downsized version that perfectly fits on your arm by using a smaller display and keyboard. [bobricius] also did a lot of work on the firmware which now features a message delivery confirmation and the possibility to automatically resend undelivered messages. Future improvements will include message encryption, a store-and-forward function, and GPS position parsing. [bobricius] is also working on completing his portfolio of communicators with a credit-card-sized version.

LoRa is the go-to technology for off-the-grid communication devices and there are already other ongoing projects for using it to construct a mesh network.

The HackadayPrize2020 is Sponsored by:
Supplyframe
Digi-Key
Microchip
Arm