Analysing 3D Printer Songs For Hacks

3D printers have become indispensable in industry sectors such as biomedical and manufacturing, and are deployed as what is termed as a 3D print farm. They help reduce production costs as well as time-to-market. However, a hacker with access to these manufacturing banks can introduce defects such as microfractures and holes that are intended to compromise the quality of the printed component.

Researchers at the Rutgers University-New Brunswick and Georgia Institute of Technology have published a study on cyber physical attacks and their detection techniques. By monitoring the movement of the extruder using sensors, monitored sounds made by the printer via microphones and finally using structural imaging, they were able to audit the printing process.

A lot of studies have popped up in the last year or so including papers discussing remote data exfiltration on Makerbots that talk about the type of defects introduced. In a paper by [Belikovetsky, S. et al] titled ‘dr0wned‘, such an attack was documented which allowed a compromised 3D printed propeller to crash a UAV. In a follow-up paper, they demonstrated Digital Audio Signing to thwart Cyber-physical attacks. Check out the video below.

In this new study, the attack is identified by using not only the sound of the stepper motors but also the movement of the extruder. After the part has been manufactured, a CT scan ensures the integrity of the part thereby completing the audit.

Disconnected printers and private networks may be the way to go however automation requires connectivity and is the foundation for a lot of online 3D printing services. The universe of Skynet and Terminators may not be far-fetched either if you consider ambitious projects such as this 3D printed BLDC motor. For now, learn to listen to your 3D printer’s song. She may be telling you a story you should hear.

Thanks for the tip [Qes] Continue reading “Analysing 3D Printer Songs For Hacks”

3D printed Curta gets upgrades

It is amazing how makers can accomplish so much when they put their mind to something. [Marcus Wu] has uploaded a mesmerizing video on how to build a 3D printed Curta Mechanical Calculator. After nine iterations of design, [Marcus] presents a polished design that not only works but looks like a master piece.

For the uninitiated, the Curta is a mechanical calculator designed around the time of World War II. It is still often seen used in time-speed-distance (TSD) rallies to aid in the computation of times to checkpoints, distances off-course and so on. Many of these rallies don’t allow electronic calculators, so the Curta is perfect.  The complex inner workings of the contraption were a key feature and point of interest among enthusiasts and the device itself is a highly popular collectible.

As for the 3D printed design, the attention to detail is impeccable. The current version has around 80 parts that need to 3D printed and a requires a few other screws and springs. Some parts like the reversing lever and selector knobs have been painted and digits added to complete the visual detail. The assembly took [Marcus Wu] around 40 minutes to complete and is one of the most satisfying builds we have ever seen.

What is even more amazing is that [Markus Wu], who is a software engineer by profession has shared all the files including the original design files free of cost on Thingiverse. A blog with written instructions is also available along with details of the iterations and original builds. We already did a post on a previous version so check it out for a little more background info.

Thanks for the tip [lonestar] Continue reading “3D printed Curta gets upgrades”

Backchannel UART without the UART

Anyone who has worked with a microcontroller is familiar with using printf as a makeshift debugger. This method is called tracing and it comes with the limitation that it uses up a UART peripheral. Believe it or not, there are 8051 variants out there that come with only one serial block and you are out of luck if your application needs it to communicate with another device.

[Jay Carlson] has a method by which he can piggyback these trace messages over an on-chip debugger. Though the newer ARM Cortex-M software debugger already has this facility but [Jay Carlson]’s hack is designed to work with the SiLabs EFM8 controllers. The idea is to write these debug messages to a predefined location in the RAM which the debugger can access anyway. His application polls a certain area of the memory and when it finds valid information, it reads the data and spits it out into a dedicated window. It’s using the debugger as a makeshift printf!

[Jay Carlson] used slab8051.dll interface and put together a C# program and GUI that works alongside the SiLab’s IDE. The code is available on GitHub for you to check out if you are working the EFM8 and need a helping hand. The idea is quite simple and can be ported to other controllers in a multitude of ways like the MSP430 perhaps. For those of you who like the Teensy, you might want to take a look at adding debugger support to the Teensy 3.5/3.6.

Hacking iBeacons For Automating Routines

Every self-respecting hacker has an automation hack somewhere in his/her bag of tricks. There are a lot of modern-day technologies that facilitate the functionality like GPS, scripting apps, and even IFTTT. In an interesting hack, [Nick Lee] has combined iBeacons and a reverse engineered Starbucks API to create an automated morning routine.

By creating a mobile app that scans for iBeacons, [Nick Lee] was able to reduce the effort made every morning while heading to his office. When the app encounters a relevant beacon, a NodeJS app sitting in the cloud is triggered. This consequently leads to desired actions like ordering an Uber ride and placing an order for an iced latte.

[Nick Lee] shares the code for the Starbucks application on GitHub for anyone who wants to order their favorite cup of joe automatically. This project can be easily expanded to work with GPS or even RFID tags and if you feel like adding IoT to a coffee machine, you could automate all of your beverage requirements in one go.

Completely Owning the Dreamcast Add-on You Never Had

If you’ve got a SEGA Dreamcast kicking around in a closet somewhere, and you still have the underutilized add-on Visual Memory Unit (VMU), you’re in for a treat today. If not, but you enjoy incredibly detailed hacks into the depths of slightly aged silicon, you’ll be even more excited. Because [Dmitry Grinberg] has a VMU hack that will awe you with its completeness. With all the bits in place, the hacking tally is a new MAME emulator, an IDA plugin, a never-before ROM dump, and an emulator for an ARM chip that doesn’t exist, running Flappy Bird. All in a month’s work!

The VMU was a Dreamcast add-on that primarily stored game data in its flash memory, but it also had a small LCD display, a D-pad, and inter-VMU communications functions. It also had room for a standalone game which could interact with the main Dreamcast games in limited ways. [Dmitry] wanted to see what else he could do with it. Basically everything.

We can’t do this hack justice in a short write-up, but the outline is that he starts out with the datasheet for the VMU’s CPU, and goes looking for interesting instructions. Then he started reverse engineering the ROM that comes with the SDK, which was only trivially obfuscated. Along the way, he wrote his own IDA plugin for the chip. Discovery of two ROP gadgets allowed him to dump the ROM to flash, where it could be easily read out. Those of you in the VMU community will appreciate the first-ever ROM dump.

On to doing something useful with the device! [Dmitry]’s definition of useful is to have it emulate a modern CPU so that it’s a lot easier to program for. Of course, nobody writes an emulator for modern hardware directly on obsolete hardware — you emulate the obsolete hardware on your laptop to get a debug environment first. So [Dmitry] ported the emulator for the VMU’s CPU that he found in MAME from C++ to C (for reasons that we understand) and customized it for the VMU’s hardware.

Within the emulated VMU, [Dmitry] then wrote the ARM Cortex emulator that it would soon run. But what ARM Cortex to emulate? The Cortex-M0 would have been good enough, but it lacked some instructions that [Dmitry] liked, so he ended up writing an emulator of the not-available-in-silicon Cortex-M23, which had the features he wanted. Load up the Cortex emulator in the VMU, and you can write games for it in C. [Dmitry] provides two demos, naturally: a Mandlebrot set grapher, and Flappy Bird.

Amazed? Yeah, we were as well. But then this is the same guy emulated an ARM chip on the AVR architecture, just to run Linux on an ATMega1284p.

Make Some Noise with the Typewriter Keyboard

Are you an angry programmer? Do you get the frequent urge to smash the return key or space bar after finishing every single line of code? Well then [Konstantin Schauwecker]’s typewriter keyboard is just the thing for you. In his project, [Konstantin] hacked a German Olympia Monica typewriter into a USB keyboard.

The project uses no less than 50 photo interrupters mounted on a custom PCB that mounts directly under the typewriter itself. The circuit board is so designed that the hammer arms take a position in obstructing the opto-interrupters. Every time a key is pressed, the corresponding device sends a signal to an Arduino.

In order to enable the wiring of 50 signals to an Arduino Leonardo, multiplexers and decoders are employed. CD4515, 4×16 line decoders work to activate the optical signals and the CD4067, 16×4 multiplexers are used to return the scans. This forms the traditional scanning keyboard matrix and the whole thing is managed in the Arduino code (available as a zip file).

This project can be a great starting point for anyone who wants to hack their grandpa’s old typewriter or make one in order to annoy the guy sitting next to them. Check out the video below for a demo and teardown and if you prefer Raspberry Pis then check out this mechanical typewriter hack.

Hacking Into…. A Wind Farm?

Pick a lock, plug in a WiFi-enabled Raspberry Pi and that’s nearly all there is to it.

There’s more than that of course, but the wind farms that [Jason Staggs] and his fellow researchers at the University of Tulsa had permission to access were — alarmingly — devoid of security measures beyond a padlock or tumbler lock on the turbines’ server closet. Being that wind farms are generally  in open fields away from watchful eyes, there is little indeed to deter a would-be attacker.

[Staggs] notes that a savvy intruder has the potential to shut down or cause considerable — and expensive — damage to entire farms without alerting their operators, usually needing access to only one turbine to do so. Once they’d entered the turbine’s innards, the team made good on their penetration test by plugging their Pi into the turbine’s programmable automation controller and circumventing the modest network security.

The team are presenting their findings from the five farms they accessed at the Black Hat security conference — manufacturers, company names, locations and etc. withheld for obvious reasons. One hopes that security measures are stepped up in the near future if wind power is to become an integral part of the power grid.

All this talk of hacking and wind reminds us of our favourite wind-powered wanderer: the Strandbeest!

[via WIRED]