MalDuino — Open Source BadUSB

January 24, 2017 by Pedro Umbelino 29 Comments

MalDuino is an Arduino-powered USB device which emulates a keyboard and has keystroke injection capabilities. It’s still in crowdfunding stage, but has already been fully backed, so we anticipate full production soon. In essence, it implements BadUSB attacks much like the widely known, having appeared on Mr. Robot, USB Rubber Ducky.

It’s like an advanced version of HID tricks to drop malicious files which we previously reported. Once plugged in, MalDuino acts as a keyboard, executing previous configured key sequences at very fast speeds. This is mostly used by IT security professionals to hack into local computers, just by plugging in the unsuspicious USB ‘Pen’.

[Seytonic], the maker of MalDuino, says its objective is it to be a cheaper, fully open source alternative with the big advantage that it can be programmed straight from the Arduino IDE. It’s based on ATmega32u4 like the Arduino Leonardo and will come in two flavors, Lite and Elite. The Lite is quite small and it will fit into almost any generic USB case. There is a single switch used to enable/disable the device for programming.

The Elite version is where it gets exciting. In addition to the MicroSD slot that will be used to store scripts, there is an onboard set of dip switches that can be used to select the script to run. Since the whole platform is open sourced and based on Arduino, the MicroSD slot and dip switches are entirely modular, nothing is hardcoded, you can use them for whatever you want. The most skilled wielders of BadUSB attacks have shown feats like setting up a fake wired network connection that allows all web traffic to be siphoned off to an outside server. This should be possible with the microcontroller used here although not native to the MalDuino’s default firmware.

For most users, typical feature hacks might include repurposing the dip switches to modify the settings for a particular script. Instead of storing just scripts on the MicroSD card you could store word lists on it for use in password cracking. It will be interesting to see what people will come up with and the scripts they create since there is a lot of space to tinker and enhanced it. That’s the greatness of open source.

Continue reading “MalDuino — Open Source BadUSB” →

Arduino Video Isn’t Quite 4K

January 23, 2017 by Al Williams 30 Comments

Video resolution is always on the rise. The days of 640×480 video have given way to 720, 1080, and even 4K resolutions. There’s no end in sight. However, you need a lot of horsepower to process that many pixels. What if you have a small robot powered by a microcontroller (perhaps an Arduino) and you want it to have vision? You can’t realistically process HD video, or even low-grade video with a small processor. CORTEX systems has an open source solution: a 7 pixel camera with an I2C interface.

The files for SNAIL Vision include a bill of materials and the PCB layout. There’s software for the Vishay sensors used and provisions for mounting a lens holder to the PCB using glue. The design is fairly simple. In addition to the array of sensors, there’s an I2C multiplexer which also acts as a level shifter and a handful of resistors and connectors.

Continue reading “Arduino Video Isn’t Quite 4K” →

Robo-Flute Whistles MIDI

January 23, 2017 by Al Williams 6 Comments

We aren’t sure this technically qualifies as music synthesis, but what else do you call a computer playing music? In this case, the computer is a Teensy, and the music comes from a common classroom instrument: a plastic recorder. The mistaken “flute” label comes from the original project. The contraption uses solenoids to operate 3D printed “fingers” and an air pump — this is much easier with a recorder since (unlike a flute) it just needs reasonable air pressure to generate sound.

A Teensy 3.2 programmed using the Teensyduino IDE drives the solenoids. The board reads MIDI command sent over USB from a PC and translates them into the commands for this excellent driver board. It connects TIP31C transistors, along with flyback diodes, to the solenoids via a terminal strip.

On the PC, a program called Ableton sends the MIDI messages to the Teensy. MIDI message have three parts: one sets the message type and channel, another sets the velocity, and one sets the pitch. The code here only looks at the pitch.

This is one of those projects that would be a lot harder without a 3D printer. There are other ways to actuate the finger holes, but being able to make an exact-fitting bracket is very useful. Alas, we couldn’t find a video demo. If you know of one, please drop the link in the comments below.

We have seen bagpipe robots (in fact, we’ve seen several). We’ve also seen hammering shotguns into flutes, which is certainly more melodious than plowshares.

Newton’s Cradle For Those Too Lazy To Procrastinate

January 22, 2017 by Al Williams 11 Comments

Desk toys are perfect for when you don’t want to work. There’s a particularly old desk toy called the Newton’s cradle. If you don’t know the name, you’d still recognize the toy. It is some ball bearings suspended in midair on strings. If you pull back, say, two balls and let them swing to impact the other balls, the same number of balls on the other side will fly out. When they return, the same number will move on the other side and this repeats until friction wears it all down.

We think [JimRD] might be carried away on procrastination. You see, he not only has a Newton’s cradle, he has automated it with an Arduino. According to [Jim], this is his third attempt at doing so. You can see the current incarnation in the video, below.

Continue reading “Newton’s Cradle For Those Too Lazy To Procrastinate” →

Hidden Bookshelf Door Shows Incredible Motion

January 21, 2017 by Pedro Umbelino 42 Comments

Who didn’t dream of a hidden door or secret passage in the house when they were kids? Some of us still do! [SPECTREcat] had already built a secret door in a fully functioning bookcase with a unique opening mechanism. The intriguing mechanism allows the doors to start by sliding slightly away form one another before hinging into the hidden space. Their operation was, however, was manual. The next step was to automate the secret door opening mechanism with electronics.

The project brain is an off-the-shelf Arduino Uno paired with a MultiMoto Arduino shield to drive 4 Progressive Automations PA-14 linear actuators. These linear actuators have 50lb force, allowing the doors to fully open or close within 10 seconds and maintain a speed that wouldn’t throw the books off the bookcases.

Not wanting to drill a hole through the bookshelf for a switch or other opening mechanisms, [SPECTREcat] added a reed switch that is activated on the other side by a DVD cover with a magnet inside. In addition to that, there is a PIR sensor on the inside room to automatically close the doors if no motion is detected for 2 hours. Dont worry, there’s also a manual switch inside just in case.

Using one of the items on the shelf to trigger the secret passage is a classic move. He could also have used a secret knock code, like the Secret Attic Library Door we covered in the past. Check out the video below to see the hinge and slide movement in action.

Continue reading “Hidden Bookshelf Door Shows Incredible Motion” →

Brain Controlled Tracked Robot

January 20, 2017 by Pedro Umbelino 1 Comment

[Imetomi] found himself salvaging a camera from a broken drone when he decided to use it in a new project, a tracked robot with a live video feed from the mounted camera.

… I had a cheap Chinese drone that was broken, but its camera seemed to be operating and when I took apart my drone I found a small WiFi chip with a video transmitter. I (decided) that I will use this little circuit for a project and I started to buy and salvage the parts.

Being a tracked robot, it can negotiate most types of terrain and climb hills up to 40 degrees. It is powered by two 18650 lithium-ion batteries with a capacity of 2600 mAh and the remote control is based on the HC-12 serial communication module. You can control it with a joystick and watch the camera’s live-stream in a virtual reality glass. That’s pretty neat but it’s not all.

[Imetomi] also used a hacked Nacomimi Brainwave Toy to make a brain controlled version of his robot. The brainwaves are detected using sensors placed on the scalp. To actually control it the operator has to focus on the right hand to move right, focus on the left hand to move left, blink to move forward and blink again to stop. There is also an ultrasonic sensor to help navigation so the robot doesn’t bump into things. It’s not very precise but you can always build the joystick version or, even better, make a version with both controls.

Continue reading “Brain Controlled Tracked Robot” →

DIY Thermal Imaging Done Low-Tech Style

January 19, 2017 by Steven Dufresne 15 Comments

[Niklas Roy] has always wanted to try out thermal imaging and saw his opportunity when he received one of those handheld IR thermometers as a gift. But not content with just pointing it at different spots and looking at the temperatures on the LCD display, he decided to use it as the basis for a scanning, thermal imaging system that would display a heat map of a chosen location on his laptop.

He still wanted to to be able to use the IR thermometer as normal at a later date so cutting it open was not an option. Instead he firmly mounted a webcam to it pointing at the LCD display. He then wrote software on his laptop to process the resulting image and figure out what temperature was being displayed.

Once he got that working, he next put the thermometer on a platform with servos connected to an Arduino for slowly rotating it in the horizontal and vertical directions, also under control of the software on his laptop. Each time the thermometer measures the temperature of a spot, the software decodes the temperature on the LCD display and then tells the Arduino to use the servos to point the thermometer at the next spot to be measured. Each measurement takes a little time, so scanning an entire location as 70×44 spots takes around a half hour. But the end result is a heat map drawn on the laptop, done by a device that is low-tech. [Editor’s Snark: Because attaching a webcam and processing the images is “low-tech” these days.] He can overlay the heat map on a normal photo to see at a glance where the hot spots are.

The software he wrote is available on GitHub and the video below shows it in action. We’ve got to admit, it’s pretty awesome to watch. You can even see the heat map being filled in one measurement at a time.

Continue reading “DIY Thermal Imaging Done Low-Tech Style” →