FCC Filing Reveals Tasty Hardware McSecrets

August 22, 2018 by Tom Nardi 121 Comments

If you’ve visited a McDonald’s recently, you might have noticed something of a tonal shift. Rather than relying on angsty human teenagers to take customer orders, an increasing number of McDonald’s locations are now using self-serve kiosks. You walk up, enter your order on a giant touch screen, and then take an electronic marker with you to an open table. In mere minutes your tray of ~~nutritious~~ ~~delicious~~ cheap food is brought to you by… well that’s still probably going to be an angsty teenager.

Thanks to a recent FCC filing pointed out to us by an anonymous tipster, we now know what kind of tech Ronald has packed into the electronic table markers (referred to as “tents” in McDonald’s parlance). It turns out they are Bluetooth Low Energy beacons powered by the Nordic nRF52832 chipset, and include some unexpected features such as an accelerometer to detect falls.

The Nordic nRF52832 features a 32-bit ARM Cortex M4F processor at 64 MHz with 512 KB flash and 64 KB SRAM. Quite a bit of punch for a table marker. Incidentally, this is the same chip used in the Adafruit Feather nRF52 Pro, so there’s already an easily obtainable development toolchain.

A image of the backside of the PCB shows a wealth of labeled test points, and we imagine figuring out how to get one of these table markers doing your own bidding wouldn’t be too difficult. Not that we condone you swiping one of these things along with your Quarter Pounder with Cheese. Though we are curious to know just why they need so much hardware to indicate which table to take a particular order to; it seems the number printed on the body of the device would be enough to do that.

This isn’t the first time we’ve taken a peek behind the Golden Arches. From reverse engineering their famous fries to hacking the toys they give out with Happy Meals, there’s more to do at the local McDonald’s than get thrown out of the ball pit again.

Welcome To The Internet Of Swords

August 16, 2018 by Tom Nardi 22 Comments

As has been made abundantly clear by the advertising department of essentially every consumer electronics manufacturer on the planet: everything is improved by the addition of sensors and a smartphone companion app. Doesn’t matter if it’s your thermostat or your toilet, you absolutely must know at all times that it’s operating at peak efficiency. But why stop at household gadgets? What better to induct into the Internet of Things than 600 year old samurai weaponry?

Introducing the eKatana by [Carlos Justiniano]: by adding a microcontroller and accelerometer to the handle of a practice sword, it provides data on the motion of the blade as it’s swung. When accuracy and precision counts in competitive Katana exhibitions, a sword that can give you real time feedback on your performance could be a valuable training aid.

The eKatana is powered by an Adafruit Feather 32u4 Bluefruit LE and LSM9DS0 accelerometer module along with a tiny 110 mAh LiPo battery. Bundled together, it makes for a small and unobtrusive package at the base of the sword’s handle. [Carlos] mentions a 3D printed enclosure of some type would be a logical future improvement, though a practice sword that has a hollow handle to hold the electronics is probably the most ideal solution.

A real-time output of sword rotation, pitch, and heading is sent out by the Adafruit Feather over BLE for analysis by a companion smartphone application. For now he just has a running output of the raw data, but [Carlos] envisions a fully realized application that could provide the user with motions to perform and give feedback on their form.

Incidentally this isn’t the first motion-detecting sword we’ve ever covered, but we think this particular incarnation of the concept might have more practical applications.

Beginning BLE Experiments And Making Everything Better

August 3, 2018 by Inderpreet Singh 15 Comments

Successfully connecting things without physical wires has a profound effect on the maker brain. Machines talking to each other without any cables is as amazing today as it was a decade ago. When Bluetooth came out, it was a breakthrough since it offered a wireless way to connect cellphones to a PC. But Bluetooth is a complicated, high-bandwidth power hog, and it didn’t make sense for battery-powered devices with less demanding throughput requirements to pay the energy price. Enter Bluetooth LE (BLE), with power requirements modest enough to enable a multitude of applications including low power sensor nodes and beacons.

Over the years, a number of gadgets with BLE have popped up such as the LightBlue Bean, BLE Beacons as well as quadcopters like the FlexBot that rely on BLE for communication. Android or iOS apps are the predominant method of talking to these wonderful gadgets though there are alternatives.

This is the first in a two part series on building with BLE devices. First, I’ll survey some BLE devices and how to get started with BLE from the Linux command line. Later, we will go into describing the process of making a NodeJS cross-platform app that will leverage the BLE capabilities and connect it to the Internet.
Lets get started.
Continue reading “Beginning BLE Experiments And Making Everything Better” →

Building Badges The Hard Way

May 1, 2018 by Anool Mahidharia 5 Comments

What’s a hacker to do to profess his love for his dearest beloved? [Nitesh Kadyan] built his lady-love this awesome LED pendant – the LED BLE Hearty Necklace Badge.

The hardware is pretty vanilla by today’s hacker standards. An ATMega328p does most of the heavy lifting. An HM-11 BLE module provides connection to an Android mobile app. Two 74HC595 shift registers drive 16 columns of red LEDs and a ULN2803 sinks current from the 8 rows. The power section consists of a charger for the 320mAh LiPo and an LDO for the BLE module. All the parts are SMD with the passives mostly being 0603, including the 128 LEDs.

[Nitesh] didn’t get a stencil made for his first batch of boards, so all the parts were painstakingly soldered manually and not in a reflow oven. And on his first board, he ended up soldering all of the LED’s the wrong way around. Kudos to him for his doggedness and patience.

The Arduino code on the ATmega is also quite straightforward. All characters are stored as eight bytes each in program memory and occupy 8×8 pixels on the matrix. The bytes to be displayed are stored in a buffer and the columns are left shifted fast enough for the marquee text effect. The Android app is built by modifying a demo BLE app provided by Google. The firmware, Android app, and the KiCAD design files are all hosted on his Github repository.

[Nitesh] is now building a larger batch of these badges to bring them to hillhacks – the annual hacker-con for making and hacking in the Himalayas. Scheduled for later this month, you’ll have to sign up on the mailing list for details and if you’d like to snag one of these badges. To make it more interesting, [Nitesh] has added two games to the code – Tetris and Snakes. Hopefully, this will spur others to create more games for the badge, such as Pong.

Continue reading “Building Badges The Hard Way” →

Cracking A Bluetooth Credit Card

April 8, 2018 by Tom Nardi 44 Comments

You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.

[Mike Ryan] of ICE9 Consulting has recently published an article detailing the work done to examine and ultimately defeat the security on the FUZE Card. From using an x-ray machine to do non-destructive reconnaissance on the device’s internals to methodically discovering all the commands it responds to over Bluetooth, it’s safe to say the FUZE Card is cracked wide open at this point.

To be clear, the attacker must still pair with FUZE, so physical access is required. But as pointed out by [Mike] in the blog post, handing your card over to a merchant is standard operating procedure in many cases. It isn’t as if it would be hard to get a hold of one of these FUZE cards for a minute or two without the owner becoming suspicious. Pairing FUZE to the Linux device to continue to the next step of the attack only takes a few seconds, as demonstrated in the video after the break.

Once paired, the attacker can simply send a BLE command to FUZE which disables the lock screen. It’s really that simple. The attacker can also send commands to dump credit card info over Bluetooth, meaning they could download your information even when the card is “safely” back in your pocket. The inherent failure in the FUZE design is that you don’t need to provide any sort of authentication to pair it to a new Bluetooth device. It makes the (very dangerous) assumption that the person holding it is entitled to do so.

Even if you know better than to ever buy a device like this, the post [Mike] has written up is really a must-read for anyone who’s ever looked at a device and tried to figure out what was going on in its little silicon brain. We especially liked his assertion that reverse engineering a device essentially boils down to: “staring, thinking, a little experimentation, but mostly staring and thinking.” We’re having an internal debate here at Hackaday HQ about making that the site’s tagline.

Incidentally, this is very similar to the Bluetooth gun “safe” that was cracked not so long ago. At this point, it might be wise to just stay away from anything with that little blue logo on it if you intend to trust it with your identity and/or deadly weapon.

Continue reading “Cracking A Bluetooth Credit Card” →

Curing A Parrot’s Amnesia With BLEAH

February 9, 2018 by Tom Nardi 6 Comments

[Dandu] recently wrote in to tell us how he managed to revive his Parrot Flower Power after the manufacturer told him it couldn’t be repaired. To save you the trouble of opening Google in another tab, the Parrot Flower Power is a Bluetooth Low Energy (BLE) “smart” device for your flower pot. Because of course that’s a thing.

When [Dandu] noticed his Flower Power was no longer being detected by his iOS devices, he contacted support who told him that sadly this was a hardware failure and that he should just throw it away. But he had his doubts about this diagnosis as other devices such as his Raspberry Pi could still communicate with it. Upon closer inspection, he realized that the Flower Power didn’t have a name, and could only be contacted by its MAC address directly. Reasoning the lack of a name might be upsetting the “It Just Works” sensibility of his iGadget, [Dandu] started researching if there was some way to get the device to take a new name remotely.

Luckily for our hero, BLE is kind of broken. Searching for a solution to his problem brought him to a blog post by the creator of BLEAH which demonstrated exactly what [Dandu] was looking to do. Following along, it took only a single command to push a new name to the Flower Power’s BLE configuration. With that, his “broken” device was brought back to life. Why the device lost its name, or how to prevent it from happening in the future are questions for another day. [Dandu] will take the win.

If you’re interested in the popular new technology that’s compromising our security in the name of convenience and improved battery life, the rabbit hole starts here.

It’s Curtains For Blu Chip

December 12, 2017 by Al Williams 20 Comments

In theory, there is no reason you can’t automate things all over your house. However — unless you live alone — you need to consider that most people won’t accept your kludgy looking circuits on a breadboard hanging everywhere. Lighting has become easy now that there are a lot of commercial options. However, there are still plenty of things that cry for automation. For [jeevanAnga], the curtains were crying out for remote control.

Since cellphones are ubiquitous, it makes sense to use the phone as a controller and BlueTooth Low Energy (BLE) is perfect for this kind of application. But you can’t hang a big ugly mess of wires off the curtain rods. That’s why [jeevanAnga] used a tiny (16.6 x 11.5 mm) BLE board knows as a BluChip.

We didn’t verify it, but [jeevanAnga] claims it is the smallest BLE board available, and it is certainly tiny. You can see the result in the video below.

Continue reading “It’s Curtains For Blu Chip” →