Reusing An Old Android Phone For GPIO With External USB Devices

November 4, 2024 by Maya Posch 44 Comments

Each year millions of old smartphones are either tossed as e-waste or are condemned to lie unloved in dusty drawers, despite the hardware in them usually being still perfectly fine. Reusing these little computers for another purpose once the phone’s manufacturer drops support is made hard by a range of hardware and software (driver) issues. One possible way to do so is suggested by [Doctor Volt] in a video where a Samsung Galaxy S4 is combined with a USB-connected FT232R board to add external GPIO.

The idea is pretty simple: the serial adapter is recognized by the existing Android OS and within the standard Android development environment this module can be used. Within this demonstrator it’s merely used to blink some LEDs and react to inputs, but it shows how to reuse one of these phones in a non-destructive manner. Even better is that the phone’s existing sensors and cameras can still be used as normal in this way, too, which opens a whole range of (cheap) DIY projects that can be programmed either in Java/Kotlin or in C or C++ via the Native Development Kit.

The only wrinkle is that while the phone is connected like this, charging is not possible. For the S4 it’s easy to solve as it has a removable battery, so an external power input was wired in with a dummy battery-sized bit of perfboard. With modern phones without removable batteries simultaneous USB/audio dongle and charging usage via the USB-C connector is claimed to be possible, but this is something to check beforehand.

Continue reading “Reusing An Old Android Phone For GPIO With External USB Devices” →

A Clean Linux Installation For An Android TV Box

September 3, 2024 by Bryan Cockfield 22 Comments

Although Android technically runs on top of Linux, generally most Android devices abstract away the underlying Linux-ness of these machines. In theory this is a good thing; we wouldn’t necessarily want to live in a world where we have to log in to a command-line interface just to make a phone call. But too much abstraction often needlessly restricts the capabilities of the underlying hardware. [Murray] a.k.a [Green Bug-Eyed Monster] has an Android TV box with just such a problem, as the Android OS included with it allows for watching TV just fine, but with a few tweaks it can run a full Linux installation instead, turning it into a much more versatile machine.

This specific Android TV box is based on the Rockchip 3566, a popular single-board computer used in a wide array of products. As such it is one of the easier targets for transforming a limited TV machine into a fully capable desktop computer. The first step is to compile an Armbian image for the machine, in this case using an x86 installation of Ubuntu to cross-compile for the ARM-based machine. With a viable image in hand, there’s an option to either solder on a microSD slot to the included pins on the computer’s PCB or to flash the image directly to the on-board eMMC storage by tricking the machine into thinking that the eMMC is missing. Either option will bring you into a full-fledged Linux environment, with just a few configuration steps to take to get it running like any other computer.

[Murray] began this process as an alternative to paying the inflated prices of Raspberry Pis over the past few years, and for anyone in a similar predicament any computer with the Rockchip 3566 processor in it could be a potential target for a project like this. You might need to make a few tweaks to the compile options and hardware, but overall the process should be similar. And if you don’t have an RK3566, don’t fret too much. We’ve seen plenty of other Android TV boxes turned into similar devices like this one which runs RetroPie instead.

This Week In Security: Chat Control, Vulnerability Extortion, And Emoji Malware

June 21, 2024 by Jonathan Bennett 13 Comments

Way back in 2020, I actually read the proposed US legislation known as EARN IT, and with some controversy, concluded that much of the criticism of that bill was inaccurate. Well what’s old is new again, except this time it’s the European Union that’s wrestling with how to police online Child Sexual Abuse Material (CSAM). And from what I can tell of reading the actual legislation (pdf), this time it really is that bad.

The legislation lays out two primary goals, both of them problematic. The first is detection, or what some are calling “upload moderation”. The technical details are completely omitted here, simply stating that services “… take reasonable measures to mitigate the risk of their services being misused for such abuse …” The implication here is that providers would do some sort of automated scanning to detect illicit text or visuals, but exactly what constitutes “reasonable measures” is left unspecified.

The second goal is the detection order. It’s worth pointing out that interpersonal communication services are explicitly mentioned as required to implement these goals. From the bill:

Providers of hosting services and providers of interpersonal communications services that have received a detection order shall execute it by installing and operating technologies approved by the Commission to detect the dissemination of known or new child sexual abuse material or the solicitation of children…

This bill is careful not to prohibit end-to-end encryption, nor require that such encryption be backdoored. Instead, it requires that the apps themselves be backdoored, to spy on users before encryption happens. No wonder Meredith Whittaker has promised to pull the Signal app out of the EU if it becomes law. As this scanning is done prior to encryption, it’s technically not breaking end-to-end encryption.

You may wonder why that’s such a big deal. Why is it a non-negotiable for the Signal app to not look for CSAM in messages prior to encryption? For starters, it’s a violation of user trust and an intentional weakening of the security of the Signal system. But maybe most importantly, it puts a mechanism in place that will undoubtedly prove too tempting for future governments. If Signal can be forced into looking for CSAM in the EU, why not anti-government speech in China?

Continue reading “This Week In Security: Chat Control, Vulnerability Extortion, And Emoji Malware” →

Lindroid Promises True Linux On Android

June 18, 2024 by Al Williams 16 Comments

Since Android uses Linux, you’d think it would be easier to run Linux apps on your Android phone or tablet. There are some solutions out there, but the experience is usually less than stellar. A new player, Lindroid, claims to provide real Linux distributions with hardware-accelerated Wayland on phones. How capable is it? The suggested window manager is KDE’s KWIN. That software is fairly difficult to run on anything but a full-blown system with dbus, hardware accelerations, and similar features.

There are, however, a few problems. First, you need a rooted phone, which isn’t totally surprising. Second, there are no clear instructions yet about how to install the software. The bulk of the information available is on an X thread. You can go about 4 hours into the very long video below to see a slide presentation about Lindroid.

Continue reading “Lindroid Promises True Linux On Android” →

Webserver Runs On Android Phone

March 27, 2024 by Bryan Cockfield 36 Comments

Android, the popular mobile phone OS, is essentially just Linux with a nice user interface layer covering it all up. In theory, it should be able to do anything a normal computer running Linux could do. And, since most web servers in the world are running Linux, [PelleMannen] figured his Android phone could run a web server just as well as any other Linux machine and built this webpage that’s currently running on a smartphone, with an additional Reddit post for a little more discussion.

The phone uses Termux (which we’ve written about briefly before) to get to a Bash shell on the Android system. Before that happens, though, some setup needs to take place largely involving installing F-Droid through which Termux can be installed. From there the standard SSH and Apache servers can be installed as if the phone were running a normal Linux The rest of the installation involves tricking the phone into thinking it’s a full-fledged computer including a number of considerations to keep the phone from halting execution when the screen locks and other phone-specific issues.

With everything up and running, [PelleMannen] reports that it runs surprisingly well with the small ARM system outputting almost no heat. Since the project page is being hosted on this phone we can’t guarantee that the link above works, though, and it might get a few too many requests to stay online. We wish it were a little easier to get our pocket-sized computers to behave in similar ways to our regular laptops and PCs (even if they don’t have quite the same amount of power) but if you’re dead-set on repurposing an old phone we’ve also seen them used to great effect in place of a Raspberry Pi.

This Week In Security: Loop DOS, Flipper Responds, And More!

March 22, 2024 by Jonathan Bennett 8 Comments

Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could craft a packet that continues that cycle endlessly? That is essentially the idea behind Loop DoS (Denial of Service).

This unique avalanche of packets has been managed using specific implementations of several different network services, like TFTP, DNS, and NTP. There are several CVEs being used to track the issue, but CVE-2024-2169 is particularly odd, with the description that “Implementations of UDP application protocol are vulnerable to network loops.” This seems to be a blanket CVE for UDP, which is particularly inappropriate given that the first DoS of this sort was first reported in 2009 at the latest.

More details are available in a Google Doc. There some interesting tidbits there, like the existence of cross-protocol loops, and several legacy protocols that are vulnerable by design. The important thing to remember here is you have to have an accessible UDP port for this sort of attack to take place, so if you’re not using it, firewall it.

Flipper Flips Back

We’ve covered the saga of the Flipper Zero vs the Canadian government, in the context of car theft. The short version is that Canada has seen an uptick of car thefts from organized crime. Rather than meaningfully dealing with this problem, the Canadian government went looking for scapegoats, and found the Flipper Zero.

Well now, Flipper has responded, and put simply, the message is “stop the madness”. There has never been a confirmed case of using a flipper to steal a car, and it’s very unlikely it’s ever happened. On a modern car with proper rolling-code security, it’s not meaningfully possible to use the Flipper Zero for the theft. The two primary ways criminals actually steal cars are with dedicated keyfob repeaters and CAN bus hackers.

There is a petition to sign, and for Canadians, Flipper suggests contacting your local member of parliament. Continue reading “This Week In Security: Loop DOS, Flipper Responds, And More!” →

Your 1983 Video Phone Is Finally Ready

February 7, 2024 by Al Williams 8 Comments

If you read Byte magazine in 1983, you might have expected that, by now, you’d be able to buy the red phone with the video screen built-in. You know, like the one that appears on the cover of the magazine. Of course, you can’t. But that didn’t stop former Hackaday luminary [Cameron] from duplicating the mythical device, if not precisely, then in spirit. Check it out in the video, below.

While the original Byte article was about VideoTex, [Cameron] built a device with even more capability you couldn’t have dreamed of in 1983. What’s more, the build was simple. He started with an old analog phone and a tiny Android phone. A 3D-printed faceplate lets the fake phone serve as a sort of dock for the cellular device.

That’s not all, though. Using the guts of a Bluetooth headset enables the fake phone’s handset. Now you can access the web — sort of a super Videotex system. You can even make video calls.

There isn’t a lot of detail about the build, but you probably don’t need it. This is more of an art project, and your analog phone, cell phone, and Bluetooth gizmo will probably be different anyway.

Everyone always wanted a video phone, and while we sort of have them now, it doesn’t quite seem the same as we imagined them. We wish [Cameron] would put an app on the phone to simulate a rotary dial and maybe even act as an answering machine.

Continue reading “Your 1983 Video Phone Is Finally Ready” →