Giving Stranger Things For Christmas

January 24, 2018 by James Hobson 5 Comments

[rudolph] was at a loss on what to get his niece for Christmas. It turns out she’s a huge fan of Stranger Things, so the answer was obvious: make her an alphabet wall she can control!

Downsizing the scale to fit inside a document frame, [rudolph] calls their gift rudLights, and a key parameter of this build was to make it able to display any phrases sent from their niece’s Amazon Fire tablet instead of constantly displaying hard-coded phrases. To do so, it has a HC-05 Bluetooth module to forward the commands to the NeoPixel LEDs running on a 5V DC power supply.

[rudolph] enlisted the help of their son to draw up the alphabet display — printed straight onto thematically decorative wallpaper — and cut out holes in the light bulbs for the LEDs. Next up was cut some fibre board as a firm backing to mount the electronics inside the frame and drill holes for the NeoPixels. It was a small odyssey to cut and solder all the wires to the LEDs, but once done, [rudolph] divided their rudLight alphabet into three rows and added capacitors to receive power directly.

Continue reading “Giving Stranger Things For Christmas” →

Tricked-out Barbecue Will Make You Do A Spit Take

January 20, 2018 by Kristina Panos 8 Comments

[Strn] and his friends love to barbecue no matter what it’s like outside. But something always seems to interrupt the fun: either it’s time to get up and turn the meat, or the music stops because somebody’s phone ran out of juice, or darkness falls and there aren’t enough flashlights or charged-up phones. He had the idea to build the Swiss Army knife of barbecues, a portable powerhouse that solves all of these problems and more (translated).

Most importantly, the E-Mangal rotates the skewers for even cooking. It does this with a 3D-printed worm gear system driven by the heater flap actuator from a car. After 25 minutes of slow rotation, a voice announces that it’s time to eat. [Strn] and friends will never hurt for music options between the pre-loaded tracks, Bluetooth audio, FM antenna, USB, and SD options running through a 3W amp. Two USB lights illuminate nighttime barbecuing, and the 10 Ah battery can do it all and keep everyone’s phone charged. For safety’s sake, [Strn] included a half-liter water tank to extinguish the coals via jet stream. Everything is run by a PIC18F, and it can be controlled at the box or through a simple web interface.

We love the look of this barbecue controller almost as much as the functionality. The sturdy stance of those short, angled legs give it a mid-century appliance feel, and seeing all the guts on display is always a plus. Grab a turkey leg and take the tour after the break.

The E-Mangal has a thermocouple in the coal box to measure the temperature, but there’s no direct control. If you’re more interested in temperature options than entertainment, here’s a project that micromanages everything on the grill.

Continue reading “Tricked-out Barbecue Will Make You Do A Spit Take” →

34C3: Fitbit Sniffing And Firmware Hacking

December 29, 2017 by Brian McEvoy 19 Comments

If you walked into a gym and asked to sniff exercise equipment you would get some mighty strange looks. If you tell hackers you’ve sniffed a Fitbit, you might be asked to give a presentation. [Jiska] and [DanielAW] were not only able to sniff Bluetooth data from a run-of-the-mill Fitbit fitness tracker, they were also able to connect to the hardware with data lines using test points etched right on the board. Their Fitbit sniffing talk at 34C3 can be seen after the break. We appreciate their warning that opening a Fitbit will undoubtedly void your warranty since Fitbits don’t fare so well after the sealed case is cracked. It’s all in the name of science.

There’s some interesting background on how Fitbit generally work. For instance, the Fitbit pairs with your phone which needs to be validated with the cloud server. But once the cloud server sends back authentication credentials they will never change because they’re bound to to the device ID of the Fitbit. This process is vulnerable to replay attacks.

Data begin sent between the Fitbit and the phone can be encrypted, but there is a live mode that sends the data as plain text. The implementation seemed to be security by obscurity as a new Bluetooth handle is used for this mode. This technique prevents the need to send every encrypted packet to the server for decryption (which would be for every heartbeat packet). So far the fix for this has been the ability to disable live mode. If you have your own Fitbit to play with, sniffing live mode would be a fun place to start.

The hardware side of this hack begins by completely removing the PCB from the rubber case. The board is running an STM32 and the team wanted to get deep access by enabling GDB. Unfortunately, the debug pins were only enabled during reset and the stock firmware disables them at startup (as it should). The workaround was to rewrite the firmware so that the necessary GPIO remain active and there’s an interesting approach here. You may remember [Daniel Wegemer] from the Nexmon project that reverse engineered the Nexus 5 WiFi. He leveraged the binary patching he used on Nexmon to patch the Fitbit firmware to enable debugging support. Sneaky!

For more about 34C3 we have a cheatsheet of the first day and for more about Fitbit security, check out this WAV file.

Continue reading “34C3: Fitbit Sniffing And Firmware Hacking” →

Will Hack For Espresso

December 13, 2017 by James Hobson 22 Comments

[Avidan Ross] has an unyielding passion for coffee. Brewing a proper espresso is more than measuring fluid ounces, and to that end, his office’s current espresso machine was not making the cut. What’s a maker to do but enlist his skills to brew some high-tech coffee.

For a proper espresso, the mass of the grounds and the brewed output need to be precisely measured. So, the office La Marzocco GS3 has been transformed into a closed-loop espresso machine with a Particle Photon and an Acaia Lunar waterproof scale at its heart.

Continue reading “Will Hack For Espresso” →

Guitar Game Plays With Enhanced Realism

December 13, 2017 by Kristina Panos 5 Comments

There’s a lot more to learning how to play the guitar than just playing the right notes at the right time and in the right order. To produce any sound at all requires learning how to do completely different things with your hands simultaneously, unless maybe you’re a direct descendant of Eddie Van Halen and thus born to do hammer ons. There’s a bunch of other stuff that comes with the territory, like stringing the thing, tuning it, and storing it properly, all of which can be frustrating and discouraging to new players. Add in the calluses, and it’s no wonder people like Guitar Hero so much.

[Jake] and [Jonah] have found a way to bridge the gap between pushing candy colored buttons and developing fireproof calluses and enough grip strength to crush a tin can. For their final project in [Bruce Land]’s embedded microcontroller design class, they made a guitar video game and a controller that’s much closer to the experience of actually playing a guitar. Whether you’re learning to play for real or just want to have fun, the game is a good introduction to the coordination required to make more than just noise.

Continue reading “Guitar Game Plays With Enhanced Realism” →

Bluetooth Gun Safe Cracked By Researchers

December 13, 2017 by Tom Nardi 64 Comments

Believe it or not, there are quite a few people out there who have purchased gun safes that can be remotely unlocked by Bluetooth. Now we can understand why somebody might think this was a good idea: the convenience of being able to hit a button on your phone and have your weapon available in the heat of the moment is arguably a big selling point for people who are purchasing something like this for home defense. But those with a more technical mind will likely wonder if the inherent risks of having your firearm (or other valuables) protected by a protocol that often relies on security by obscurity outweighs the convenience of not needing to enter in a combination on the keypad.

Well, you can wonder no more, as researchers at [Two Six Labs] have recently published a detailed document on how they managed to remotely unlock the Vaultek VT20i with nothing more exotic than an Ubertooth. In the end, even the Ubertooth wasn’t actually required, as this particular device turned out to be riddled with security issues.

[Two Six Labs] has not publicly released the complete source code of the software demonstrated in their YouTube video for very obvious reasons, but the page on their site does go into fantastic detail on how they uncovered the multiple vulnerabilities that allowed them to write it. Even if you’re not the kind of person who would ever need a gun safe, the information contained in their documentation about analyzing Bluetooth communications is fascinating reading.

It was discovered that the PIN for the safe was actually being transmitted by the accompanying smartphone application in plain-text, which would be bad enough normally. But after further analysis, it became clear that the safe wasn’t even bothering to check the PIN code anyway.

Scripting app interactions with ADB and Python

For extra style points, [Two Six Labs] also show a way to brute force the PIN using the Vaultek Android application by writing a Python script that punches in codes sequentially until it hits on the right one; the developers didn’t even bother to put in limits on failed attempts.

For a device that is ostensibly designed to contain a deadly weapon, the security flaws the team at [Two Six Labs] discovered are absolutely inexcusable. But there is a positive outcome, as the manufacturer has vowed to update the vulnerable safes and make a better effort in the future to more rigorously design and test their Bluetooth implementation. This is the goal of responsible disclosure, and we’re encouraged to see the manufacturer doing the right thing

The security concerns of Bluetooth controlled locks are well known, so it’s a bit disappointing that devices like this are still slipping through the cracks. We suggest you remain skeptical of any security device utilizing Bluetooth until the industry starts taking things a little more seriously.

Continue reading “Bluetooth Gun Safe Cracked By Researchers” →

Smart Station Runs Entertainment, Is Entertainment

December 11, 2017 by Kristina Panos 10 Comments

It’s that special time of year—time for the parade of student projects from [Bruce Land]’s embedded microcontroller design course at Cornell. [Timothy], [Dhruv], and [Shaurya] are all into remote sensing and control applications, so they built a smart station that combines audiovisual entertainment with environmental sensing.

As with the other projects in this course, the smart station is built on a PIC32 dev board. It does Bluetooth audio playback via RN-52 module and has a beat-matching light show in the form of a NeoPixel ring mounted atop the 3D-printed enclosure. But those blinkenlights aren’t just there to party. They also provide visual feedback about the environment, which comes from user-adjustable high and low trigger values for the mic, an accelerometer, a temperature and humidity sensor, and a luminosity sensor.

The group wanted to add an ultrasonic wake-up feature, but it refused to work with the 3.3V from the PIC. The NeoPixel ring wanted 5V too, but isn’t as picky. It looks to be plenty bright at 3.3V. Another challenge came from combining I²C, UART, analog inputs, and digital outputs. They had to go to the chip’s errata to verify it, but it’s there: whenever I²C1 is enabled, the first two analog pins are compromised, and there’s no official solution. The team got around it by using a single analog pin and a multiplexer. You can check out those blinkenlights after the break.

Maybe you prefer working in wood. If so, you might like this hexagonal take on audio-visualization.

Continue reading “Smart Station Runs Entertainment, Is Entertainment” →