A Close Eye on Power Exposes Private Keys

Hardware wallets are devices used exclusively to store the highly sensitive cryptographic information that authenticates cryptocurrency transactions. They are useful if one is worried about the compromise of a general purpose computer leading to the loss of such secrets (and thus loss of the funds the secrets identify). The idea is to move the critical data away from a more vulnerable network-connected machine and onto a device without a network connection that is unable to run other software. When designing a security focused hardware devices like hardware wallets it’s important to consider what threats need to be protected against. More sophisticated threats warrant more sophisticated defenses and at the extreme end these precautions can become highly involved. In 2015 when [Jochen] took a look around his TREZOR hardware wallet he discovered that maybe all the precautions hadn’t been considered.

Continue reading “A Close Eye on Power Exposes Private Keys”

Accessing Blockchain on ESP8266 Using the NodeMCU Board

Blockchains claim to be public, distributed, effectively immutable ledgers. Unfortunately, they also tend to get a little bit huge – presently the Bitcoin blockchain is 194GB and Ethereum weighs in at 444GB. That poses quite an inconvenience for me, as I was looking at making some fun ‘Ethereum blockchain aware’ gadgets and that’s several orders of magnitude too much data to deal with on a microcontroller, not to mention the bandwidth cost if using 3G.

Having imagined a thin device that I could integrate into my mobile phone cover (or perhaps… a wallet?) dealing with the whole blockchain was clearly not a possibility. I could use a VPS or router to efficiently download the necessary data and respond to queries, but even that seemed like a lot of overhead, so I investigated available APIs.

As it turns out, several blockchain explorers offer APIs that do what I want. My efforts get an ESP8266 involved with the blockchain began with two of the available APIs: Ethplorer and Etherscan.

Continue reading “Accessing Blockchain on ESP8266 Using the NodeMCU Board”

What Does ‘Crypto’ Actually Mean?

This article is about crypto. It’s in the title, and the first sentence, yet the topic still remains hidden.

At Hackaday, we are deeply concerned with language. Part of this is the fact that we are a purely text-based publication, yes, but a better reason is right there in the masthead. This is Hackaday, and for more than a decade, we have countered to the notion that ‘hackers’ are only bad actors. We have railed against co-opted language for our entire existence, and our more successful stories are entirely about the use and abuse of language.

Part of this is due to the nature of the Internet. Pedantry is an acceptable substitute for wisdom, it seems, and choosing the right word isn’t just a matter of semantics — it’s a compiler error. The wrong word shuts down all discussion. Use the phrase, ‘fused deposition modeling’ when describing a filament-based 3D printer, and some will inevitably reach for their pitchforks and torches; the correct phrase is, ‘fused filament fabrication’, the term preferred by the RepRap community because it is legally unencumbered by patents. That’s actually a neat tidbit, but the phrase describing a technology is covered by a trademark, and not by a patent.

The technical side of the Internet, or at least the subpopulation concerned about backdoors, 0-days, and commitments to hodl, is now at a semantic crossroads. ‘Crypto’ is starting to mean ‘cryptocurrency’. The netsec and technology-minded populations of the Internet are now deeply concerned over language. Cryptocurrency enthusiasts have usurped the word ‘crypto’, and the folks that were hacking around with DES thirty years ago aren’t happy. A DH key exchange has nothing to do with virtual cats bought with Etherium, and there’s no way anyone losing money to ICO scams could come up with an encryption protocol as elegant as ROT-13.

But language changes. Now, cryptographers are dealing with the same problem hackers had in the 90s, and this time there’s nothing as cool as rollerblading into the Gibson to fall back on. Does ‘crypto’ mean ‘cryptography’, or does ‘crypto’ mean cryptocurrency? If frequency of usage determines the correct definition, a quick perusal of the press releases in my email quickly reveals a winner. It’s cryptocurrency by a mile. However, cryptography has been around much, much longer than cryptocurrency. What’s the right definition of ‘crypto’? Does it mean cryptography, or does it mean cryptocurrency?

Continue reading “What Does ‘Crypto’ Actually Mean?”

Stretched PC Case Turned GPU Cryptominer

We don’t do financial planning here at Hackaday, so we won’t weigh in on the viability of making money mining cryptocurrency in such a volatile market. But we will say that if you’re going to build a machine to hammer away at generating Magical Internet Monies, you might as well make it cool. Even if you don’t turn a profit, at least you’ll have something interesting to look at while you weep over your electricity bill.

Sick of seeing the desktop machine he built a decade ago gathering dust, [plaggle24w5] decided to use it as the base for a cryptocurrency mining rig. Of course, none of the original internals would do him any good, but the case itself ended up being a useful base to expand on. With the addition of some 3D printed components, he stretched out the case and installed an array of video cards.

To start with, all the original plastic was ripped off, leaving just the bare steel case. He then jammed a second power supply into the original optical drive bays to provide the extra power those thirsty GPUs would soon be sucking down. He then designed some 3D printed arms which would push out the side panel of the case far enough that he could mount the video cards vertically alongside the case. Three case fans were then added to the bottom to blow air through the cards.

While [plaggle24w5] mentions this arrangement does work with the case standing up, there’s obviously not a lot of air getting to the fans on the bottom when they’re only an inch or so off the ground. Turning the case on its side, with the motherboard parallel to the floor, allows for much better airflow and results in a measurable dip in operating temperature. Just hope you never drop anything down onto the exposed motherboard…

Mining Bitcoin on desktop computers might be a distant memory, but the latest crop of cryptocurrencies are (for now) giving new players a chance to relive those heady early days.

Hackaday Links: February 11, 2018

Are you a student? Are you part of a hackerspace? We have a contest going on right now where you can win a fancy new Prusa i3 MK3. The Repairs You Can Print contest is a challenge to do something useful with that machine that spits out tugboats. We’re looking for functional repairs of items around your house, office, or garage. Did you repair something with a 3D printer? Then you too can get in on the action! Enter now! Check out the entries!

You may know Flite Test as the group who do everything surrounding remote control flight (mostly fixed wings, a nice counter to the quadification of the hobby over the last few years). Flite Test designs and sells airplanes made out of Dollar Tree foam board, they have yearly, bi-coastal meetups, and they’re all-around awesome dudes. Now, they want to build the Disneyland of RC flight. [Josh Bixler], the face of Flite Test and a guy who has a plane named after him, wants to buy a golf course and turn it into the world’s best RC flying park, with a ~2000 foot grass strip for general aviation. We’re looking at their crowdfunding campaign, and it looks promising it might be funded by the time this goes live.

A while ago, [Peter Jansen], the guy who built a tricorder and a laser-cut CT scanner, made a magnetic camera. This Hall Effect camera is a camera for magnetism instead of light. Now, this camera has been fully built and vastly improved. He’s capturing ‘frames’ of magnetism in a spinning fan at 2000 Hz (or FPS, terminology kind of breaks down here), and it’s beautiful.

Oh thank God we can finally buy GPUs again. Try buying them with Bitcoin.

In the last few years, CITES, the Convention on International Trade in Endangered Species of Wild Fauna and Flora, has expanded. Originally, this was one of the treaties that banned the import or export of rhino horn, but recently this expanded to the export of rosewood thanks to increased demand in China for rosewood furniture. The laws of unintended consequences kicked into effect, and importing anything made out of rosewood is now a mess of permits and inspections at the border, including musical instruments. Travelling orchestras, for example, are at risk of having their string section confiscated because of rosewood tuning pegs. Cooler minds may now be prevailing, and there’s some hope the regulations may be changed during the next meeting of the CITES convention next year.

As noted a few months ago, there was a possibility of Broadcom buying Qualcomm for one… hundred… Billion dollarsThis offer was rejected, with Qualcomm saying the offer wasn’t high enough. Broadcom fired back with an offer of $82 per share, or $121B. This offer was rejected this week.

Need some EMC testing? [Zach]’s got your back. He’s reserved some time in a 10m EMC chamber for testing NeuroBytes this week. If you have an Open Source project that needs a pre-test scan for unintentional radiator, you can get in on the action. This is just a pre-test, you’re not getting certification, and you’re not going to test anything with radios, and you need to ship [Zach] your stuff. But still, free test time. Woo.

Reverse Engineering A Bitcoin Miner

If you’re brave enough to have dipped your toes into the Wild West that is cryptocurrency, you probably know that people have long since abandoned trying to mine on their desktop computers. Farms of GPUs are all the rage now, but dedicated mining hardware has also enjoyed a following among those who are serious about their fictitious money. The state-of-the-art for such devices is moving just as rapidly as cryptocurrency itself is, which means older mining gear can now be picked up fairly cheap on the second-hand market. This is an excellent opportunity for those who want to experiment with this type of hardware and potentially utilize it for some other purpose, but first you’ve got to figure out how the thing works.

To that end, [Tomasz Wątorowski] wrote in to the tip line to tell us about the progress he’s made reverse engineering the control protocol for the Antminer S1. As is often the case, the documentation didn’t have all the details he needed, but it did have a schematic of the BM1380 chip at the heart of the device.

Performance of the Antminer S1 controlled via UART

The Antminer S1 contains 64 BM1380 chips on an internal UART bus. With the information from the schematic, [Tomasz] was able to tap into this UART bus with a USB adapter and start listening in on the conversation. He compiled a collection of commands and learned enough to be dangerous (which is always the goal here at Hackaday).

For example, he found that the could set the frequency of the BM1380 as high as he wished without any consideration for thermal overload. This could potentially allow somebody to run  the hardware to the point of destruction, à la Stuxnet.

Once he figured out how to give the hardware hashes to work on over the UART interface, he setup a little head-to-head competition between the software he wrote to command the Antminer S1 and the official control software. No drop in performance was found between his software and the real deal, which sounds like a win in our book.

Even if he can’t improve on the performance of this particular piece of outdated mining hardware, it still beats doing it by hand on a piece of paper.

The 348,296th Article About Cryptocurrency

The public has latched onto the recent market events with an intense curiosity brought about by a greed for instant riches. In the last year alone, the value of Bitcoin has risen by 1,731%. We’re talking gold rush V2.0, baby. Money talks, and with a resounding $615 billion held up in cryptocurrencies, it is clear why this is assuredly not the first cryptocurrency article you have read — maybe even today. An unfortunate side effect of mass interest in a subject is the wildfire-like spread of misinformation. So, what exactly is a blockchain, and what can you still do now that everyone has finally jumped on the cryptocurrency bandwagon?

Continue reading “The 348,296th Article About Cryptocurrency”