android

359 Articles

Smartphone App Uses AR To Visualize The RF Spectrum

January 9, 2019 by 21 Comments

Have you ever wished you could see in the RF part of the radio spectrum? While such a skill would probably make it hard to get a good night’s rest, it would at least allow you to instantly see dead spots in your WiFi coverage. Not a bad tradeoff.

Unwilling to go full [Geordi La Forge] to be able to visualize RF, [Ken Kawamoto] built the next best thing – an augmented-reality RF signal strength app for his smartphone. Built to aid in the repositioning of his router in the post-holiday cleanup, the app uses the Android ARCore framework to figure out where in the house the phone is and overlays a color-coded sphere representing sensor data onto the current camera image. The spheres persist in 3D space, leaving a trail of virtual breadcrumbs that map out the sensor data as you warwalk the house. The app also lets you map Bluetooth and LTE coverage, but RF isn’t its only input: if your phone is properly equipped, magnetic fields and barometric pressure can also be AR mapped. We found the Bluetooth demo in the video below particularly interesting; it’s amazing how much the signal is attenuated by a double layer of aluminum foil. [Ken] even came up with an Arduino with a gas sensor that talks to the phone and maps the atmosphere around the kitchen stove.

The app is called AR Sensor and is available on the Play Store, but you’ll need at least Android 8.0 to play. If your phone is behind the times like ours, you might have to settle for mapping your RF world the hard way.

Continue reading “Smartphone App Uses AR To Visualize The RF Spectrum”

3D Printed Head Can Unlock Your Phone

December 19, 2018 by 23 Comments

[Thomas Brewster] writes for Forbes, but we think he’d be at home with us. He had a 3D printed head made in his own image and then decided to see what phones with facial recognition he could unlock. Turns out the answer is: most of them — at least, those running Android.

The models tested included an iPhone X, an LG, two Samsung phones, and a OnePlus. Ironically, several of the phones warn you when you enroll a face that the method may be less secure than other locking schemes. Conversely, one phone had a faster feature that is known to make the phone less secure.

Continue reading “3D Printed Head Can Unlock Your Phone”

Rooting The Amazon Fire TV Cube With An Arduino

November 7, 2018 by 11 Comments

Amazon might not be happy about it, but at least part of the success of their Fire TV Stick was due to the large hacking and modification scene that cropped up around the Android-powered device. A quick search on YouTube for “Fire Stick Hack” will bring up a seemingly endless array of videos, some with millions of views, which will show viewers how to install unofficial software on the little media dongle. Now it looks like their latest media device, the Fire TV Cube, is starting to attract the same kind of attention.

The team at [Exploitee.rs] has recently taken the wraps off their research which shows the new Fire TV Cube can be rooted with nothing more than an Arduino and an HDMI cable you’re willing to cut apart. Of course, it’s a bit more complicated than just that, but between the video they’ve provided and their WiKi, it looks like all the information is out there for anyone who wants to crack open their own Cube. Just don’t be surprised if it puts you on the Amazon Naughty List.

The process starts by putting the device’s Amlogic S905Z into Device Firmware Upgrade (DFU) mode, which is done by sending the string “boot@USB” to the board over the HDMI port’s I2C interface. That’s where the HDMI cable comes in: you can cut into one and wire it right up to your Arduino and run the sketch [Exploitee.rs] has provided to send the appropriate command. Of course, if you want to get fancy, you could use an HDMI breakout board instead.

With the board in DFU mode in you gain read and write access to the device’s eMMC flash, but that doesn’t exactly get you in because there’s still secure boot to contend with. But as these things tend to go, the team was able to identify a second exploit which could be used in conjunction with DFU mode to trick the device into disabling signature verification. Now with the ability to run unsigned code on the Fire TV Cube, [Exploitee.rs] implemented fastboot to make it easier to flash their custom rooted firmware images to the hardware.

As with the Fire TV Stick before it, make sure you understand the risks involved when you switch off a device’s security features. They’re often there to protect the end user as much as the manufacturer.

Continue reading “Rooting The Amazon Fire TV Cube With An Arduino”

Learn To Optimize Code In Assembly… For Android

October 30, 2018 by 11 Comments

When programming a microcontroller, there are some physical limitations that you’ll come across much earlier than programming a modern computer, whether that’s program size or even processor speed. To make the most use of a small chip, we can easily dig into the assembly language to optimize our code. On the other hand, modern processors in everyday computers and smartphones are so fast and have so much memory compared to microcontrollers that this is rarely necessary, but on the off-chance that you really want to dig into the assembly language for ARM, [Uri Shaked] has a tutorial to get you started.

The tutorial starts with a “hello, world” program for Android written entirely in assembly. [Uri] goes into detail on every line of the program, since it looks a little confusing if you’ve never dealt with assembly before. The second half of the program is a walkthrough on how to actually execute this program on your device by using the Android Native Deveolpment Kit (NDK) and using ADB to communicate with the phone. This might be second nature for some of us already, but for those who have never programmed on a handheld device before, it’s worthwhile to notice that there are a lot more steps to go through than you might have on a regular computer.

If you want to skip the assembly language part of all of this and just get started writing programs for Android, you can download an IDE and get started pretty easily, but there’s a huge advantage to knowing assembly once you get deep in the weeds especially if you want to start reverse engineering software or bitbanging communications protocols. And if you don’t have an Android device handy to learn on, you can still learn assembly just by playing a game.

Ask Hackaday: Why Aren’t We Hacking Cellphones?

October 18, 2018 by 148 Comments

When a project has outgrown using a small microcontroller, almost everyone reaches for a single-board computer — with the Raspberry Pi being the poster child. But doing so leaves you stuck with essentially a headless Linux server: a brain in a jar when what you want is a Swiss Army knife.

It would be a lot more fun if it had a screen attached, and of course the market is filled with options on that front. Then there’s the issue of designing a human interface: touch screens are all the rage these days, so why not buy a screen with a touch interface too? Audio in and out would be great, as would other random peripherals like accelerometers, WiFi, and maybe even a cellular radio when out of WiFi range. Maybe Bluetooth? Oh heck, let’s throw in a video camera and high-powered LED just for fun. Sounds like a Raspberry Pi killer!

And this development platform should be cheap, or better yet, free. Free like any one of the old cell phones that sit piled up in my “hack me” box in the closet, instead of getting put to work in projects. While I cobble together projects out of Pi Zeros and lame TFT LCD screens, the advanced functionality of these phones sits gathering dust. And I’m not alone.

Why is this? Why don’t we see a lot more projects based around the use of old cellphones? They’re abundant, cheap, feature-rich, and powerful. For me, there’s two giant hurdles to overcome: the hardware and the software. I’m going to run down what I see as the problems with using cell phones as hacker tools, but I’d love to be proven wrong. Hence the “Ask Hackaday”: why don’t we see more projects that re-use smartphones?

Continue reading “Ask Hackaday: Why Aren’t We Hacking Cellphones?”

Hacker Pops Top On NFC Vending Machines

October 16, 2018 by 23 Comments

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a vending machine that offered users the ability to pay from an application on their phone, he immediately got to wondering if the system could be compromised. After all, how much thought would be put into the security of a machine that basically sells flavored water? The answer, perhaps not surprisingly, is very little.

The write-up [Matteo] has put together is an outstanding case study in hacking Android applications, from pulling the .apk package off the phone to decompiling it into its principal components with programs like apktool and jadx. He even shows how you can reassemble the package and get it suitable for reinstallation on your device after fiddling around with the source code. If you’ve ever wanted a crash course on taking a peek inside of Android programs, this is a great resource.

By snooping around in the source code, [Matteo] was able to discover not only the location of the encrypted database that serves as the “wallet” for the user, but the routine that generates the encryption key. To cut a long story short, the program simply uses the phone’s IMEI as the key to get into the database. With that in hand, he was able to get into the wallet and give himself a nice stack of “coins” for the next time he hit the vending machines. Given his new-found knowledge of how the system works, he even came up with a separate Android app that allows adding credit to the user’s account on a rooted device.

In the video after the break, [Matteo] demonstrates his program by buying a soda and then bumping his credit back up to buy another. He ends his write-up by saying that he has reported his findings to the company that manufacturers the vending machines, but no word on what (if any) changes they plan on making. At the end of the day, you have to wonder what the cost-befit analysis looks like for a full security overhaul when when you’re only selling sodas and bags of chips.

When he isn’t liberating carbonated beverages from their capitalistic prisons, he’s freeing peripherals from their arbitrary OS limitations. We’re starting to get a good idea about what makes this guy tick.

Continue reading “Hacker Pops Top On NFC Vending Machines”

Golf Practice Made Easy With Robotics

September 20, 2018 by 11 Comments

When you think of sports, you usually think of something that takes a lot of physical effort. Golf is a bit different. Sure, you can get some walking in if you don’t take a cart. But mostly golfing is about coordination and skill and less about physical exertion. Until you want to practice driving. You hit a bucket of balls and then you have to go walk around and pick them up. Unless you have help, of course. In particular, you can delegate the task to a robot.

The robot that [webzuweb] built looks a little like a plywood robot vacuum. However, instead of suction, it uses some plywood disks to lift the balls and deposit them in a hopper. The electronics consist of an Arduino and an Orange Pi Lite. A GPS tells the robot where it is and it develops a search pattern based on its location.

Continue reading “Golf Practice Made Easy With Robotics”