Automated Tank Gauges (ATGs) are nifty bits of tech, sitting unseen in just about every gas station. They keep track of fuel levels, temperature, and other bits of information, and sometimes get tied into the automated systems at the station. The problem, is that a bunch of these devices are listening to port 10001 on the Internet, and some of them appear to be misconfigured. How many? Let’s start with the easier question, how many IPs have port 10001 open? Masscan is one of the best tools for this, and [RoseSecurity] found over 85,000 listening devices. An open port is just the start. How many of those respond to connections with the string In-Tank Inventory Reports
? Shodan reports 11,113 IPs as of August of this year. [RoseSecurity] wrote a simple Python script that checked each of those listening IPs came up with a matching number of devices. The scary bit is that this check was done by sending a Get In-Tank Inventory Report
command, and checking for a good response. It seems like that’s 11K systems, connected to the internet, with no authentication. What could possibly go wrong? Continue reading “This Week In Security: 11,000 Gas Stations, TrustZone Hacks Kernel, And Unexpected Fuzzing Finds”
android359 Articles
The TAK Ecosystem: Military Coordination Goes Open Source
In recent years you’ve probably seen a couple of photos of tablets and smartphones strapped to the armor of soldiers, especially US Special Forces. The primary app loaded on most of those devices is ATAK or Android Tactical Assault Kit. It allows the soldier to view and share geospatial information, like friendly and enemy positions, danger areas, casualties, etc. As a way of working with geospatial information, its civilian applications became apparent, such as firefighting and law-enforcement, so CivTAK/ATAK-Civ was created and open sourced in 2020. Since ATAK-Civ was intended for those not carrying military-issued weapons, the acronym magically become the Android Team Awareness Kit. This caught the attention of the open source community, so today we’ll dive into the growing TAK ecosystem, its quirks, and potential use cases.
Continue reading “The TAK Ecosystem: Military Coordination Goes Open Source”
Restore Your Formerly Useless Ouya Console
Plenty of electronics end up in the junk drawer or even landfill after their useful life ends, but in the modern world of planned obsolescence a lot more devices are thrown out simply because of lack of support. Sometimes it’s even worse than that as some products are designed to “phone home” and will lack critical functionality if the original producer of that product gets purchased by someone else, wants to sell its customers more products, or goes out of business. The latter is essentially what happened to the Ouya console, but if you still have one of these around you might be able to get it running again.
The Ouya was a commercial failure but an ambitious take on a new kind of gaming console. With little more processing power than a smart phone, the idea was to produce a console for the casual gamer that also could play retro games and other games available for Android. It had a low price point but eventually couldn’t sell enough units to stay in business. These devices needed to see a specific server to gain full functionality, and [Christian] has created essentially a spoofed server that allows users to sign in to their consoles and install games again. All that is needed is to modify a few config files on the Ouya to point to a different address and the Ouya boots up just like it’s 2012 again.
This project goes a long way to show that there are plenty of serviceable electronics out there that have just been needlessly borked, and with a little elbow grease it’s sometimes possible to get them working. The state of this machine is a little surprising given that the original machine promised to be hacker and developer friendly.
Thanks to [Josiah] for the tip!
Nokia 5110 Gets Android Stowaway And A Keyboard
Even though Nokia is largely an afterthought in the phone market now, there was a time when their products represented the state-of-the-art in mobile devices. Some of the their handsets even featured slide-out keyboards and the ability to sent emails; largely unheard of for a device from the late 90s. [befinitiv] was a kid back then and couldn’t afford one of these revolutionary devices, so he built his own modern version that still looks and feels like the original.
To do this he borrowed the case and structure of a Nokia 5110 phone, but modified it to hold a small Android device in the old battery compartment along with a tiny Bluetooth keyboard (which was also built from scratch by [befinitiv]) that connects to the Android phone to mimic the old slide-out style. This isn’t just a case mod, though. He also reverse-engineered the original PCB of the phone and included a Bluetooth module there as well, which allows the phone’s screen and keypad to work mostly as originally intended.
This project goes pretty far to scratch the 90s phone nostalgia itch while still being largely usable as a real phone in the modern world. Assuming you aren’t too hung up on the literal phone aspect, the Notkia project is also an impressive effort to bring new life to these old handsets.
Continue reading “Nokia 5110 Gets Android Stowaway And A Keyboard”
Quick Hack: The Phone To Stream Deck Conversion
What do you do with those old Android or iPhone phones and tablets? You have plenty of options, but it is pretty easy to build your own stream deck with a little off-the-shelf software. What’s a stream deck, you ask? The name comes from its use as a controller for a live-streaming setup, but essentially, it’s an LCD touchscreen that can trigger things on your computer.
The software I’m using, Deckboard, is a server for Windows or Linux and, of course, an Android app. The app is free with some limitations, but for under $4 you can buy the full version. However, even the free version is pretty capable. You can use an Android phone or tablet and you can connect to the PC with a USB cable or WiFi. I’ve found that even with WiFi, it is handy to keep the phone charged, so realistically you are going to have a cable, but it doesn’t necessarily have to connect to the host computer.
Linux Setup
Setup is very easy. The biggest hurdle is you might need to set up your firewall to allow the server to listen on port 8500 with TCP. There are a few small issues when installing with Linux that you might want to watch out for. There are 32-bit and 64-bit versions in deb
, tar.gz
, and appimage format. There’s also a snap. The problem with the snap is it is sandboxed, so without effort you can’t easily launch programs, which is kinda the entire point. I finally removed it and installed the deb file which was fine.
There were still two other wrinkles. First, while Deckboard offers a way to launch programs, it must be a program from a list it reads from your system. That would be acceptable, but the list wasn’t complete. I never did figure out why some things show up on the list and others don’t. For example, GIMP which shows up on my application menu was absent. Yet other things that were fairly obscure did show up.
I thought this might be a dealbreaker until I found that Deckboard has a well-developed plugin system and one of those plugins lets you run an arbitrary command line. I guess it is a little less convenient, but it is much more flexible since you can launch any program you want and provide options to it as well.
The only other complaint I had is that when you run the program, it shows its configuration interface and puts itself in the system tray. That’s great the first time you run it, but on system startup, it would be nice to just have it quietly start. If there’s an option for that I haven’t found it. I’ll tell you how I solved that later, but, for now, just live with it.
Continue reading “Quick Hack: The Phone To Stream Deck Conversion”
Robot Arm Has The Touch
[Maurizio] built a robot arm, which is always a great accomplishment. But his project includes a very cool touch interface for an Android device that sets it apart from many other similar projects.You can see a very fast summary of the construction in the video below.
The design uses Fusion 360 and there are good explanations of each step in the process. The gripper is adapted from an existing design. Various 3D printed parts make up the wrist, shoulder, elbow, and rotating base.
Metal Detector Gets Help From Smartphone
[mircemk] is quite a wizard when it comes to using coils of wires in projects, especially when their application is within easy-to-build metal detectors. There are all kinds of ways to send signals through coiled wire to detect metal objects in the ground, and today [mircemk] is demonstrating a new method he is experimenting with which uses a smartphone to detect the frequency changes generated by the metal detector.
Like other metal detectors, this one uses two coils of wire with an oscillator circuit and some transistors. The unique part of this build, though, is how the detector alerts the user to a piece of metal. Normally there would be an audible alert as the frequencies of the circuit change when in the presence of metal, but this one uses a smartphone to analyze the frequency information instead. The circuit is fed directly into the headphone jack on the smartphone and can be calibrated and used from within an Android app.
Not only can this build detect metal, but it can discriminate between different types of metal. [mircemk] notes that since this was just for experimentation, it needs to be calibrated often and isn’t as sensitive as others he’s built in the past. Of course this build also presumes that your phone still has a headphone jack, but we won’t dig up that can of worms for this feature. Instead, we’ll point out that [mircemk] has shown off other builds that don’t require any external hardware to uncover buried treasure.