LoRa-Based Plant Monitoring

September 23, 2019 by Sharon Lin 28 Comments

Croatian engineers [Slaven Damjanovic] and [Marko Čalić] have developed a wireless system for farmers to monitor plant conditions and weather along their agricultural fields. The system uses an RFM95W module for LoRa communication, and devices are designed to be plug-and-play, battery-powered, and have long-range communication (up to 10km from the gateway).

It uses an ATMega328 microprocessor, and includes sensors for measuring soil moisture (FC28 sensor), leaf moisture (FC37 sensor), pressure (BME280 sensor), and air temperature and humidity (DHT22 or SHT71 sensor). The data is sent to a multichannel The Things Network gateway that forwards the information to an external database, which then displays the data through a series of graphs and tables.

The software for sending messages to the gateway is based on the LoRa MAC in C (LMIC) and LowPower libraries and was developed by [ph2lb].

Continue reading “LoRa-Based Plant Monitoring” →

Dissecting The TL-WR841N For Fun And Profit

September 12, 2019 by Tom Nardi 34 Comments

The TP-Link TL-WR841N isn’t a particularly impressive piece of hardware, but since it works decently well and sells for under $20 USD, it’s one of the most popular consumer routers on Amazon. Now, thanks to [TrendyTofu] of the Zero Day Initiative, we now have a concise step-by-step guide on how to hack your way into the newer versions of the hardware and take full control over this bargain WiFi device. This work was initially done to help test out reported vulnerabilities in the router’s firmware, but we’re sure the readers of Hackaday can come up with all sorts of potential uses for this information.

The story starts, as so many before it have, with a serial port. Finding the UART pads on the PCB and wiring up a level shifter was no problem, but [TrendyTofu] found it was only working one-way. Some troubleshooting and an oscilloscope later, the culprit was found to be a 1kΩ pull down resistor connected to the RX line that was keeping the voltage from peaking high enough to be recognized.

Once two-way communication was established, proper poking around inside the router’s Linux operating system could begin. It wasn’t a huge surprise to find the kernel was ancient (version 2.6.36, from 2010) and that the system utilities had been stripped to the absolute bare minimum to save space. Replacing the firmware entirely would of course be ideal, but unfortunately OpenWRT has dropped support for the newer hardware revisions of the TL-WR841N.

To teach this barebones build of Linux some new tricks, [TrendyTofu] used the mount command to find a partition on the system that actually had write-access, and used that to stash a pre-compiled build of BusyBox for MIPS. With a more complete set of tools, the real fun could begin: using GDB to debug TP-Link’s binaries and look for chinks in the armor. But feel free to insert your own brand of mayhem here.

You might think that in the era of the Raspberry Pi, abusing cheap routers to turn them into general purpose Linux boxes would be somewhat out of style. Frankly, you’d be right. But while the days of strapping Linksys WRT54Gs to remote controlled cars might be long be gone, there are still some routers out there interesting enough to make it worth dusting off this time-honored hardware hacker tradition.

Handheld LoRa Joystick For Long-Range Bots

September 11, 2019 by Tom Nardi 11 Comments

Wanting a simple tool to aid in the development of LoRa controlled robotic projects, [Jay Doscher] put together this very slick one-handed controller based on the 900 MHz Adafruit Feather M0. With a single trigger and a miniature analog joystick it’s a fairly simple input device, but should be just enough to test basic functionality of whatever moving gadget you might find yourself working on.

Wiring for this project is about as simple as you’d expect, with the trigger and joystick hanging off the Feather’s digital ports. The CircuitPython code is also very straightforward, though [Jay] says in the future he might expand on this a bit to support LoRaWAN. The controller was designed as a barebones diagnostic tool, but the hardware and software in its current form offers an excellent opportunity to layer additional functionality on a known good base.

Everything is held inside a very well designed 3D printed enclosure which [Jay] ran off on his ELEGOO Mars, one of the new breed of low-cost resin 3D printers. The machine might be pretty cheap, but the results speak for themselves. While resin printing certainly has its downsides, it’s hard not to be impressed by the finish quality of this enclosure.

While LoRa is generally used for transmitting small bits of information over long distances, such as from remote sensors, this isn’t the first time we’ve seen it used for direct control of a moving object. If you’re not up to speed on LoRa, check out this excellent talk from [Reinier van der Lee] that goes over the basics of the technology and how he used it to build a community sensor network.

ESP8266 And ESP32 WiFi Hacked!

September 5, 2019 by Elliot Williams 48 Comments

[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quick.

The first flaw is the simplest, and only effects ESP8266s. While connecting to an access point, the access point sends the ESP8266 an “AKM suite count” field that contains the number of authentication methods that are available for the connection. Because the ESP doesn’t do bounds-checking on this value, a malicious fake access point can send a large number here, probably overflowing a buffer, but definitely crashing the ESP. If you can send an ESP8266 a bogus beacon frame or probe response, you can crash it.

What’s most fun about the beacon frame crasher is that it can be implemented on an ESP8266 as well. Crash-ception! This takes advantage of the ESP’s packet injection mode, which we’ve covered before.

The second and third vulnerabilities exploit bugs in the way the ESP libraries handle the extensible authentication protocol (EAP) which is mostly used in enterprise and higher-security environments. One hack makes the ESP32 or ESP8266 on the EAP-enabled network crash, but the other hack allows for a complete hijacking of the encrypted session.

These EAP hacks are more troubling, and not just because session hijacking is more dangerous than a crash-DOS scenario. The ESP32 codebase has already been patched against them, but the older ESP8266 SDK has not yet. So as of now, if you’re running an ESP8266 on EAP, you’re vulnerable. We have no idea how many ESP8266 devices are out there in EAP networks, but we’d really like to see Espressif patch up this hole anyway.

[Matheus] points out the irony that if you’re using WPA2, you’re actually safer than if you’re unpatched and using the nominally more secure EAP. He also wrote us that if you’re stuck with a bunch of ESP8266s in an EAP environment, you should at least encrypt and sign your data to prevent eavesdropping and/or replay attacks.

Again, because [Matheus] informed Espressif first, most of the bugs are already fixed. It’s even percolated downstream into the Arduino-for-ESP, where it’s just been worked into the latest release a few hours ago. Time for an update. But those crusty old NodeMCU builds that we’ve got running everything in our house? Time for a full recompile.

We’ve always wondered when we’d see the first ESP8266 attacks in the wild, and that day has finally come. Thanks, [Matheus]!

Pegleg: Raspberry Pi Implanted Below The Skin (Not Coming To A Store Near You)

August 29, 2019 by Brian McEvoy 87 Comments

Earlier this month, a group of biohackers installed two Rasberry Pis in their legs. While that sounds like the bleeding edge, those computers were already v2 of a project called PegLeg. I was fortunate enough to see both versions in the flesh, so to speak. The first version was scarily large — a mainboard donated by a wifi router roughly the size of an Altoids tin. It’s a reminder that the line between technology’s cutting edge and bleeding edge is moving ever onward and this one was firmly on the bleeding edge.

How does that line end up moving? Sometimes it’s just a matter of what intelligent people can accomplish in a long week. Back in May, during a three-day biohacker convention called Grindfest, someone said something along the lines of, “Wouldn’t it be cool if…” Anyone who has spent an hour in a maker space or hacker convention knows how those conversations go. Rather than ending with a laugh, things progressed at a fever pitch.

The router shed all non-vital components. USB ports: ground off. Plastic case: recycled. Battery: repurposed. Amazon’s fastest delivery brought a Qi wireless coil to power the implant from outside the body and the smallest USB stick with 64 GB on the silicon. The only recipient of PegLeg version 1.0 was [Lepht Anonym], who uses the pronoun ‘it’. [Lepht] has a well-earned reputation among biohackers who focus on technological implants who often use the term “grinder,” not to be confused with the dating app or power tool.

Continue reading “Pegleg: Raspberry Pi Implanted Below The Skin (Not Coming To A Store Near You)” →

Following Pigs: Building An Injectable Livestock Tracking System

August 27, 2019 by Sean Boyce 43 Comments

I’m often asked to design customer and employee tracking systems. There are quite a few ways to do it, and it’s an interesting intersection of engineering and ethics – what information is reasonable to collect in different contexts, anonymizing and securely storing it, and at a fundamental level whether the entire system should exist at all.

On one end of the spectrum, a system that simply counts the number of people that are in your restaurant at different times of day is pretty innocuous and allows you to offer better service. On the other end, when you don’t pay for a mobile app, generally that means your private data is the product being bought and sold. Personally, I find that the whole ‘move fast and break things’ attitude, along with a general disregard for the privacy of user data, has created a pretty toxic tech scene. So until a short while ago, I refused to build invasive tracking systems – then I got a request that I simply couldn’t put aside…

Continue reading “Following Pigs: Building An Injectable Livestock Tracking System” →

The Satellite Phone You Already Own: From Orbit, UbiquitiLink Will Look Like A Cell Tower

August 26, 2019 by Dan Maloney 54 Comments

For anyone that’s ever been broken down along a remote stretch of highway and desperately searched for a cell signal, knowing that a constellation of communications satellites is zipping by overhead is cold comfort indeed. One needs specialized gear to tap into the satphone network, few of us can justify the expense of satellite phone service, and fewer still care to carry around a brick with a chunky antenna on it as our main phone.

But what if a regular phone could somehow leverage those satellites to make a call or send a text from a dead zone? As it turns out, it just might be possible to do exactly that, and a Virginia-based startup called UbiquitiLink is in the process of filling in all the gaps in cell phone coverage by orbiting a constellation of satellites that will act as cell towers of last resort. And the best part is that it’ll work with a regular cell phone — no brick needed.

Continue reading “The Satellite Phone You Already Own: From Orbit, UbiquitiLink Will Look Like A Cell Tower” →