Hunting Replicants With The 2019 LayerOne Badge

Blade Runner showed us a dystopian megatropolis vision of Los Angeles in the far-off future. What was a distant dream for the 1982 theater-goes (2019) is now our everyday. We know Los Angeles is not perpetually overcast, flying cars are not cruising those skies, and replicants are not hiding among the population. Or… are they?

The LayerOne conference takes place in greater Los Angeles and this year it adopted a Blade Runner theme in honor of that landmark film. My favorite part of the theme was the conference badge modeled after a Voight-Kampff machine. These were used in the film to distinguish replicants from humans, and that’s exactly what this badge does too. In the movies, replicants are tested by asking questions and monitoring their eyes for a reaction — this badge has an optional eye-recognition camera to deliver this effect. Let’s take a look!

Continue reading “Hunting Replicants With The 2019 LayerOne Badge”

KiCon Gets Our KiCad Conference On

Oh, what’s KiCon you say? KiCon is the first dedicated conference on our favorite libre EDA tool: KiCad, organized by friend of Hackaday Chris Gammell and scheduled for April 26 and 27th in Chicago.

Having stuffed ourselves full of treats through the holidays, followed by sleeping through the calm winter months, we find ourselves once again facing the overwhelming tsunami of conference season. This year things are heating up early, and you’ll find a lot of Hackaday staff are headed to Chicago for KiCon.

Now that early selection of talks has been released, the end of April can’t come soon enough. Being user focused the conference is centered around what people make using the tool, and how it can be leveraged to improve your next project. Wayne Stambaugh, the project lead for KiCad itself, will be on hand to talk about the state of the tool and what the road map looks like from here. There will be a pair of talks on effective version control and applying the practice of continuous integration and deployment to the EDA world. We’ll hear about methods for working with distributed project members and tips for designing easy to learn beginner soldering kits. And there will be two talks on RF and microwave design, one of which we hope will teach us how to use that mysterious toolbar with the squiggly lines.

For an extra dash of flavor there will be a few Hackaday staff participating in the festivities. is making the flight over to present a talk about how to quickly generate and use 3D models in FreeCAD, something we’re very interested in applying to our messy part libraries. Kerry Scharfglass will be around to walk through how to lay out a manufacturing line and design the test tools that sit on it. And our illustrious Editor in Chief Mike Szczys will be roaming the halls in search of excellent hacks to explore and brains to pick.

Interested in attending or volunteering for the conference? Now is the time to buy your tickets and/or apply as a volunteer!

Of course there’s a ton of fun and games that surround KiCon. Hackaday will be hosting another edition of our always exciting bring-a-hack the evening of Saturday April 27th after official activities wrap up. Plan to stop by and enjoy a beverage at this gathering of like minded hackers who are showing off awesome toys. We’ll get more location details out soon, but for now, grab a ticket to the con and make your travel arrangements.

35C3: Finding Bugs In Bluetooth

[Jiska Classen] and [Dennis Mantz] created a tool called Internal Blue that aims to be a Swiss-army knife for playing around with Bluetooth at a lower level. The ground for their tool is based in three functions that are common to all Broadcom Bluetooth chipsets: one that lets you read arbitrary memory, on that lets you run it, and one that lets you write it. Well, that was easy. The rest of their work was analyzing this code, and learning how to replace the firmware with their own version. That took them a few months of hard reversing work.

In the end, Internal Blue lets them execute commands at one layer deeper — the LMP layer — easily allowing monitoring and injection. In a series of live (and successful!) demos they probe around on a Nexus 6P from a modified Nexus 5 on their desk. This is where they started digging around in the Bluetooth stack of other devices with Broadcom chipsets, and that’s where they started finding bugs.

As is often the case, [Jiska] was just poking around and found an external code handler that didn’t do bounds checking. And that meant that she could run other functions in the firmware simply by passing the address handler offset. Since they’re essentially calling functions at any location in memory, finding which functions to call with which arguments is a process of trial and error, but the ramifications of this include at least a Bluetooth module crash and reset, but can also pull such tricks as putting the Bluetooth module into “Device Under Test” mode, which should only be accessible from the device itself. All of this is before pairing with the device — just walking by is sufficient to invoke functions through the buggy handler.

All the details of this exploit aren’t yet available, because Broadcom hasn’t fixed the firmware for probably millions of devices in the wild. And one of the reasons that they haven’t fixed it is that patching the bug will disclose where the flaw lies in all of the unpatched phones, and not all vendors can be counted on to push out updates at the same time. While they focused on the Nexus 5 cellphone, which is fairly old now, it’s applicable to any device with a similar Broadcom Bluetooth chipset.

Aside from the zero-day bug here, the big story is their Bluetooth analysis framework which will surely help other researchers learn more about Bluetooth, finding more glitches and hopefully helping make Bluetooth more openly scrutinized and more secure. Now anyone with a Raspberry Pi 3/3+ or a Nexus 5, is able to turn it into a low-level Bluetooth investigation tool.

You might know [Jiska] from her previous FitBit hack. If not, be sure to check it out.

Continue reading “35C3: Finding Bugs In Bluetooth”

Hackaday Links: December 2, 2018

CircuitPython is becoming a thing! CircuitPython was originally developed from MicroPython and ported to various ARM boards by Adafruit. Now, SparkFun is shipping their own CircuitPython board based on the nRF52840, giving this board an ARM Cortex-M4 and a Bluetooth radio.

You like contests, right? You like circuit boards too, right? Hackster.io now has a BadgeLove contest going on to create the Blinkiest Badge on Earth. Yes, this is a #badgelife contest, with the goal of demonstrating how much you can do in a single circuit badge. Prizes include a trip to San Francisco, a badass drone, a skateboard, a t-shirt, or socks. YES, THERE ARE SOCKS.

We have a date for the Vintage Computer Festival Pacific Northwest 2019. It’s going down March 23 and 24 at the Living Computers Museum in Seattle. The call for exhibitors is now open so head over and check it out. So far the tentative list of exhibits and presenters include Attack of the SPARC Clones, and I must mention that SPARC systems are showing up on eBay with much higher frequency lately. I have no idea why.

Need another con? How about a KiCAD con? The inaugural conference for KiCAD users is happening next April in Chicago and the call for talk proposals just opened up. The con focuses on topics like using KiCAD in a manufacturing setting, what’s going on ‘under the hood’ of KiCAD, and how to use KiCAD to make an advanced product.

Spanish police have stopped a homemade scooter. Someone, apparently, was tearing around a public road in Galacia on a homemade scooter. From the single picture, we’re going to say ‘not bad.’ It’s a gas-powered weed wacker mounted to a homemade frame.

Every year, in December, we take a look back at what Hackaday has accomplished in the past twelve months. Sure, we gave out hundreds of thousands of dollars in awards in the Hackaday Prize, and yes, we’ve pushed our coverage of tech advancements into weird, uncharted, but awesome territory. Our biggest accomplishment, though, is always how many readers we reach. This year, we had a slight fall-off in our readership in the Democratic People’s Republic of North Korea. We’re down from 156 views in 2017 to 75 views this year. While the year isn’t over, we don’t expect that number to change much. What was the cause of this drop-off? We’re not quite sure. Only time will tell, and we’re looking forward to serving fresh hacks every day to the DPRK in 2019.

Friday Hack Chat: Hacking The Wild

It’s nearly summer, and that means we’re right at the start of conference season, at least for the tech and netsec crowd. Conferences, if you’re not aware, are a conspiracy for the hotel-industrial complex and a terrible way to spend thousands of dollars on a crappy hotel room and twenty-five dollar hamburgers.

[Andrew Quitmeyer] is working on an experimental academic conference that might just put an end to the horrors of conference season. He’s creating his own conference called Dinacon, and it’s going to be cheaper to attend, even though it’s on a tropical island in the Pacific.

For this week’s Hack Chat, we’re going to be talking with [Andrew] about Dinacon, a free, two-month-long conference with over 140 attendees from every continent except Antarctica. [Andrew]’s research is in ‘digital naturalism’ at the National University of Singapore and blends biological fieldwork with DIY crafting. The focus of this conference will be workshops where participants build technology in the wild meant to interact with nature.

Not only is the intersection of DIY electronics interesting to the Hackaday community, this is also an interesting conference from a logistical standpoint. The conference philosophy spells it out pretty clearly, with the main takeaway being that [Andrew] is self-funding this conference himself. It’s only going to take about $10,000 USD to host this conference (!), and there are even a few travel stipends to go around. This is also a two-month-long conference. I assure you, after dealing with Supercons, Hackaday meetups, and all the other events Hackaday puts on, this is exceptionally interesting. It’s unheard of, even.

For this week’s Hack Chat, we’re going to be discussing:

  • What is digital Naturalism?
  • What does DIY electronics look like in the forest? 
  • What did you learn from Hacking The Wild
  • What kind of things do people make at Dinacon? 
  • What is the biggest bug that ever got into one of your electronics experiments? 

You are, of course, encouraged to add your own questions to the discussion. You can do that by leaving a comment on the Hack Chat Event Page and we’ll put that in the queue for the Hack Chat discussion.join-hack-chat

Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This week is just like any other, and we’ll be gathering ’round our video terminals at noon, Pacific, on Friday, June 8th.  Here’s a clock counting down the time until the Hack Chat starts.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io.

You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.

Badge Bling And More At LayerOne 2018

The security conference LayerOne 2018 took place this past weekend in Pasadena, California. A schedule conflict meant most of our crew was at Hackaday Belgrade but I went to LayerOne to check it out as a first-time attendee. It was a weekend full of deciphering an enigmatic badge, hands-on learning about physical security, admiring impressive demos, and building a crappy robot.

Continue reading “Badge Bling And More At LayerOne 2018”

LayerOne InfoSec Conference Returns Next Weekend

This year’s LayerOne conference is May 25-27 in Los Angeles and Hackaday will be there! Hurry and get your ticket now as today is the last day for pre-registration.

As the InfoSec community takes over the Pasadena Hilton next weekend you’ll wish you had a week instead of just three days to take part in all that is offered. There are organized talks and workshops on pen testing, being the bad guy, and DevOps Security. Learn or improve on your lockpicking skills in the Lockpicking Village. The conference hardware badge will be hacking in every direction in the Hardware Village, and new this year is an Internet of Things Village.

If you ask us, the L1 Demo Party is where it’s at. We love seeing what kind of audio and video demos can be squeezed out of a microcontroller board. If you want one of your own, LayerOne is selling the L1 Demoscene Board on Tindie, and you can dig into the hardware on the Hackaday.io page. Take a look back at the results of the 2015 Demo Party for some of the highlights.

This con has an incredible community supporting it, many of the people you’ll meet have been at every LayerOne since it started back in 2004. Supplyframe, Hackaday’s parent company, has been a sponsor since 2015 and is once again proud to support the event and sponsor the hardware badge. Members of the Hackaday and Tindie crew will be on site so come say hello and don’t be afraid to bring a hack to show off!