Bots That Snag The Hottest Fashion While Breaking Social Trust In Commerce

Scarcity on the Internet is the siren song of bot writers. Maybe you’ve lost an eBay bid in the last milliseconds, or missed out on a hacker con when tickets sold out in under a minute — your corporeal self has been outperformed by a bot. But maybe you didn’t know bots are on a buying frenzy in the hyped-up world of fashion. From limited-run sneakers to anything with the word Supreme printed on it, people who will not accept any substitute in wearing the rarest and most sought after are turning to resellers who use bots to snag unobtanium items and profit on the secondary market.

At DEF CON 27 [FinalPhoenix] took the stage to share her adventures in writing bots and uncovering a world that buys and sells purchasing automation, forming groups much like cryptocurrency mining pools to generate leads on when the latest fashion is about to drop. This is no small market either. If your bots are leet enough, you can make a ton of cash. Let’s take a look at what it takes to write a bot, and at the bots-for-sale economy that has grown up around these concepts.

The internet is built with bots in mind and we have Google to thank for this. Their major innovation was moving us off of a curated internet to one that is machine crawled. Everyone wants good Google juice and that means building a site that is friendly to the Google bots that crawl and index the internet. This makes automation for your own purposes quite a bit easier. Namely, the monitor-bots that are used to detect when a retailer has the latest in stock. [FinalPhoenix] demonstrated a simple script that grabs the XML site map, parsing it for newly in-stock items, flagging them when found. But here’s the killer — if your monitor bot is a good one, you can turn it into a discord channel and sell subscriptions to others playing the reseller game, to the tune of $15-30 a month per subscriber.

Example slide of code used in a web-based buy-bot

Once your bot reports stock, the race is on to buy it before anyone else can. For this, you could use the APIs of the site, but that’s time-consuming and a lot easier for retailers to detect and block bot usage. For this part of her botting tools [FinalPhoenix] likes to use web-based bots that go through a browser framework like Chromium and allow obfuscation techniques like scrolling, clicking other items, random pauses, and other simple-minded actions that make your bot appear to be only human. In the examples for this talk, the Puppeteer framework was used for this purpose. In the end, the main role of this part of the bot is to use a verified account to complete the purchase as fast as robotically possible, which is why they’re called buy-bots. Retailers do have some tricks to combat these web-based attacks like adding secret keys in the DOM that need to be sent with the next post, but these are easy to discover and incorporate into the scripts.

This raises up another interesting part of the scheme, the verified accounts. For the best chance at profit, you need multiple accounts, each used just one time to avoid your buy-bot being detected by the retailer. For this, [FinalPHoenix] turns to services that sell accounts in packages of 500-10,000 and cost around just $5-10 per batch.

But wait, here’s where it gets really wild as recursion takes hold. Yes, these buy-bots are for sale (from sites like AIO Bot and usually around $300-1500), but they’re sold in limited quantities so that it’s harder for retailers to notice and take countermeasures. Just like how the clothing was limited release and incentivized bots-wielding resellers to enter the market, there is a secondary market for the bots themselves. [FinalPhoenix] reports that reselling one of these bots can yield $1000-1500 in profit. The same principles apply, and so what we’ve ended up with is bots buying bots to buy clothes. Who knows how many levels of bot-bot transactions there are, but it certainly feels like turtles all the way down.

Bot-based high-speed trading is the real way to make major bank on the securities market. Your average hacker is shut out of that “legitimate” business, but any enterprising programmer has the option of automating whichever reseller market they find most interesting. This breaks the public trust in commerce — buying quality products from a seller connected to their production for a reasonable price. If frustrates the manufacturer, alienates the consumer, but there appears to be little in place preventing it.

Talking Telegram With The ESP8266

At this point it’s something of a given that a member of the ESP8266 family is likely your best bet if you want to cobble together a small Internet-connected gadget. Costing as little as $3 USD, this well documented all-in-one solution really can’t be beat. But of course, the hardware is only one half of the equation. Deciding how to handle the software side of your homebrew Internet of Things device is another story entirely.

A simple Telegram ESP8266 switch

It would be fair to say that there’s no clear-cut “right” way to approach the software, and it really depends on the needs or limitations of your particular project. For example [Brian Lough] finds that building Telegram support into his ESP8266 allows him to accomplish his goals with the minimum amount of fuss while at the same time using an environment he’s already comfortable with. He recently wrote in to share one of his Telegram projects with us, and in the video after the break, takes the time to explain some of the things he likes best about controlling his hardware through the encrypted chat platform.

But you don’t have to take his word for it, you can try it yourself. Thanks to the software library that [Brian] has developed to connect his projects to Telegram, the aptly named “Universal Telegram Bot Library”, anyone can easily follow in his footsteps. Adding his Telegram library to your next ESP8266 project is as easy as selecting it in the Arduino IDE. From there the video explains the process for getting a bot ID from Telegram, and ultimately how you use it to receive messages from the service. What you do with those messages is entirely up to you.

According to [Brian], the main downside is that you are beholden to a web service to control your local devices; not ideal if the Internet goes down or you would rather your little hacker projects not talk to the big scary Internet in the first place. If you’d rather keep all your smart things talking within the confines of your own network, perhaps your next project could be setting up a private MQTT server.

Continue reading “Talking Telegram With The ESP8266”

The Precise Science Of Whacking A Wine Glass

It’s common knowledge that tapping a wine glass produces a pitch which can be altered by adjusting the level of the tipple of choice inside. By filling twelve glasses with different amounts of liquid and tuning them to the twelve notes of the scale, it’s possible to make a one-octave instrument – though the speed and polyphony are bottle-necked by the human operator. If you think it sounds like a ripe project for automation, you’re correct: [Bitluni’s lab] has done what needed to be done, and created a MIDI instrument which plays the glasses using mallets.

Electronically it’s a simple build – some 12 V solenoids driven by MOSFETs, with an Arduino in charge. For the mechanical build, a 3D printer proved very useful, as each mallet could be made identical, ensuring a consistent tone across all glasses. Rubber covers printed in flexible filament were fitted to reduce the overtones and produce a clearer sound. [Bitluni] also utilised different types of glasses for the low and high pitches, which also helped to improve the clarity of the tone.

MIDI is of course the perfect protocol for this application; simple, lightweight and incredibly widely used, it’s the hacker’s delight for projects like this. The instrument can perform pre-programmed sequences, or be played live with a MIDI controller. Both of these are shown in the video after the break – stick around for a unique rendition of Flight Of The Bumblebee. For a more compact wine glass based music creation solution, we recommend this nifty project, which alters pitch using a water balloon raised and lowered into the glass by a servo.  Continue reading “The Precise Science Of Whacking A Wine Glass”

What Is This, A Battle-Bot For Ants?

Instructables user [Team_Panic] — inspired by the resurgence of robot battle arena shows — wanted to dive in to his local ‘bot building club. Being that they fight at the UK ant weight scale with a cap of 150 grams, [Team_Panic] built a spunky little Arduino Mini-controlled bot on the cheap.

The Instructable is aimed at beginners, and so is peppered with sound advice. For instance, [Team_Panic] advises building from “the weapon out” as that dictates how the rest of the robot will come together around it. There are also some simple design considerations on wiring and circuit boards considering the robot in question will take a few hits, as well as instructions to bring the robot together. To assist any beginners in the audience, [Team_Panic] has provided his design for a simple, “slightly crude,” wedge-bot, as well as his code. Just don’t forget to change the radio pipe so you aren’t interfering with other bots!

Continue reading “What Is This, A Battle-Bot For Ants?”

NixieBot Films Your Tweets

[Robin Bussell]’s NixieBot is a mash up of new age electronics and retro vintage components and he’s got a bunch of hacks crammed in there. It’s a Nixie tube clock which displays tweets, takes pictures of the display when it encounters tweets with a #NixieBotShowMe hash tag, and then posts requested pictures back to twitter. If a word is eight characters, it takes a snapshot. If it’s a longer message, NixieBot takes a series of pictures of each word, converts it to an animated GIF, and then posts the tweet. In between, it displays random tweets every twenty seconds. You can see the camera setup in the image below and you should check out the @nixiebot twitter feed to see some of the action.

nixiebot_05For the display, he’s using eight big vintage Burroughs B7971 Nixie Tubes. These aren’t easy to source, and current prices hover around $100 each if you can find them. The 170V DC needed to run each tube comes from a set of six 12V to 170V converter boards specifically designed to drive these tubes. Each board can drive at least a couple of nixies, so [Robin]’s able to use just four boards for the eight tubes. Each nixie is driven by its own “B7971 SmartSocket“, a dedicated PIC16F690 micro-controller board custom designed for the purpose. A serial protocol makes it easy to daisy-chain the SmartSockets to build multi character displays.

Continue reading “NixieBot Films Your Tweets”

Pokemon Go – Bot Edition

A wild Python appeared, and it wants to play Pokemon Go. Python bots are taking over the game when you can’t, and they are good. Since you’re likely to bump into one sooner or later, here’s an overview:

One of the first workable bots and the origin of a lot of (dirty) code, as well as the (not dirty at all) Pokemon Trainer Club client secret, is [Mila432’s] Pokemon Go Bot. One of his initial goals was to make better sense of the API, which worked out better than he hoped.

Not wanting to impetuously destroy the numerous helpful applications that had been built upon the already partially known API, he decided to keep the project off Niantic’s radar. The most recent (and most powerful) version of his bot has not been released. The current version works fine within its limited functionality: Wandering around and looting Pokestops.

Continue reading “Pokemon Go – Bot Edition”

Hackaday Prize Entry: Selfie Bot Let’s You Vlog Hands Free

[Sergey Mironov] sent in his SelfieBot project. His company, Endurance Robots, sells a commercial version of the bot, which leads us to believe that in a strange and maybe brilliant move he decided to just sell the prototype stage of the product development as a kit. Since he also gave away the firmware, STLs, BOM, and made a guide so anyone can build it, we’re not complaining.

The bot is simple enough. Nicely housed hobby servos in a 3D printed case take care of the pan and tilt of the camera. The base of the bot encloses the electronics, which are an Arduino nano, a Bluetooth module, and the support electronics for power and motor driving.

To perform the face tracking, the build assumes you have a second phone. This is silly, but isn’t so unreasonable. Most people who’ve had a smart phone for a few years have a spare one living in a drawer as back-up. One phone runs the face tracking software and points the bot, via Bluetooth, towards the user. The other phone records the video.

The bot is pretty jumpy in the example video, but this can be taken care of with better motors. For a proof-of-concept, it works. A video of it in action after the break.

Continue reading “Hackaday Prize Entry: Selfie Bot Let’s You Vlog Hands Free”