While internet-connected devices can be very useful around the house, and it is pretty cool to be able to monitor your dishwasher from half a world away, it’s important to be mindful of privacy and security issues. For instance, the Cecotec Conga 1490 robot vacuum [Rastersoft] bought came with an Android app, which upon installation asked for near-total access to the user’s phone. Not content with such an invasion of privacy, let alone the potential security implications, [Rastersoft] set to work trying to reverse engineer the robot’s communications (translated) to find out what exactly it was doing when online. He did this by configuring a Raspberry Pi as an access point, letting the vacuum connect to it, and logging all the data flowing through.
As it turned out, the robot phoned home to its manufacturer, reporting its serial number and some configuration settings. The server then passed control to the mobile app, but not without routing all subsequent commands through the remote server. Not only is this creepy, it also means that if the manufacturer were to shut down the server, the app would stop working entirely. [Rastersoft] therefore got the idea to write custom software to control the robot. He began by reconfiguring the Pi’s network setup to fool the vacuum into thinking it was connecting to its manufacturer’s server, and then wrote some Python code to emulate the server’s response. He was now in control of all data flowing back and forth.
After a lot of experimentation and data analysis, [Rastersoft] managed to decipher the commands sent by the app, enabling him to write a complete replacement app seen in the video after the break that includes control of all the vacuum’s standard actions, but also a new feature to manually control the vacuum’s movement. All code is available on GitHub for those who would like to hack their Congas too.
We think this is a great example of software hacking to future-proof devices that you own, while also mitigating many of the dangers to your security and privacy posed by the default software. The fact that the commands you send from your phone to your vacuum go all the way around the world, potentially being stored and read by others, is rather ridiculous in the first place. After all, we’ve already seen how robot vacuums could spy on you.
Continue reading “Hacking A Robot Vacuum To Write A Replacement App”
Older Android devices can be had for a song, and in many cases are still packing considerable computational power. With built in networking, a battery, and a big touch screen, they could easily take the place of a Raspberry Pi and external display in many applications. As it so happens, Google has made it very easy to develop your own Android software. There’s only one problem: you’ve got to do it in Java.
Looking to get away from all that bloat and overhead, [CNLohr] set out to see what it would take to get 100% C code running on an Android device. After collecting information and resources from the deepest and darkest corners of the Internet, he found out that the process actually wasn’t that bad. He’s crafted a makefile which can be used to get your own C program up and running in seconds.
We mean that literally. As demonstrated in the video after the break, [CNLohr] is able to compile, upload, and run a C Android program in less than two seconds with a single command. This rapid development cycle allows you to spend more time on actually getting work done, as you can iterate through versions of your code almost as quickly as if you were running them on your local machine.
[CNLohr] says you’ll still need to have Google’s Android Studio installed, so it’s not as if this is some clean room implementation. But once it’s installed, you can just call everything from his makefile and never have to interact with it directly. Even if you don’t have any problem with the official Android development tools, there’s certainly something to be said for being able to write a “Hello World” that doesn’t clock in at multiple-megabytes.
Continue reading “Writing Android Apps In C, No Java Required”
When a project has outgrown using a small microcontroller, almost everyone reaches for a single-board computer — with the Raspberry Pi being the poster child. But doing so leaves you stuck with essentially a headless Linux server: a brain in a jar when what you want is a Swiss Army knife.
It would be a lot more fun if it had a screen attached, and of course the market is filled with options on that front. Then there’s the issue of designing a human interface: touch screens are all the rage these days, so why not buy a screen with a touch interface too? Audio in and out would be great, as would other random peripherals like accelerometers, WiFi, and maybe even a cellular radio when out of WiFi range. Maybe Bluetooth? Oh heck, let’s throw in a video camera and high-powered LED just for fun. Sounds like a Raspberry Pi killer!
And this development platform should be cheap, or better yet, free. Free like any one of the old cell phones that sit piled up in my “hack me” box in the closet, instead of getting put to work in projects. While I cobble together projects out of Pi Zeros and lame TFT LCD screens, the advanced functionality of these phones sits gathering dust. And I’m not alone.
Why is this? Why don’t we see a lot more projects based around the use of old cellphones? They’re abundant, cheap, feature-rich, and powerful. For me, there’s two giant hurdles to overcome: the hardware and the software. I’m going to run down what I see as the problems with using cell phones as hacker tools, but I’d love to be proven wrong. Hence the “Ask Hackaday”: why don’t we see more projects that re-use smartphones?
Continue reading “Ask Hackaday: Why Aren’t We Hacking Cellphones?”