Hackaday Links: January 31, 2016

January 31, 2016 by Brian Benchoff 27 Comments

[Damien] has been working on MicroPython for a while now. We did an interview with him a while ago about porting Python to tiny microcontrollers, and soon the BBC micro:bit will be getting Python into the hands of millions of British schoolchildren. Now [Damien] has a Kickstarter to get MicroPython to the bare metal of an ESP8266. That would be extremely interesting; there’s a lot you can do with an easily scriptable Internet Thing running Python.

A little over a month ago, [Renier] won the Hackaday Prize Best Product competition with the Vinduino, a device that cuts water usage of vinyards (and orchards, I guess) by 25%. Now he’s won the IoT awards for Best DIY Project.

We have lost a great inventor. [Artur Fischer], inventor of the plastic drywall plug, fischertechnik, the plastic wall plug, photo flash light, and holder of over 1100 patents (more than the great Edison), passed away this week.

Who remembers Glider? That old Macintosh game where you fly a paper airplane around a house is now available on GitHub. The creator of Glider, [John Calhoun] put all the code up a few days ago. If you have Metrowerks Code Warrior sitting around on an old box, feel free to dig around.

In the ‘this guy totally won’t get sued’ column is MagSafe for iPhones. The MagSafe power adapter is Apple’s largest contribution to humanity, but they are a little protective about it.

We have two calls for the community: [jimie] had a go at programming the latest, coolest, open source radio. Programming it is hard. Has anyone found an improved guide? Second, I now have a Tadpole Computer that was former property of Quallcom. I can’t find any info on getting *nix or *BSD on it. Anyone have any experience?

Hacking The Internet Of Things: Decoding LoRa

January 31, 2016 by Elliot Williams 20 Comments

Getting software-defined radio (SDR) tools into the hands of the community has been great for the development and decoding of previously-cryptic, if not encrypted, radio signals the world over. As soon as there’s a new protocol or modulation method, it’s in everyone’s sights. A lot of people have been working on LoRa, and [bertrik] at RevSpace in The Hague has done some work of his own, and put together an amazing summary of the state of the art.

LoRa is a new(ish) modulation scheme for low-power radios. It’s patented, so there’s some information about it available. But it’s also proprietary, meaning that you need a license to produce a radio that uses the encoding. In keeping with today’s buzzwords, LoRa is marketed as a wide area network for the internet of things. HopeRF makes a LoRa module that’s fairly affordable, and naturally [bertrik] has already written an Arduino library for using it.

So with a LoRa radio in hand, and a $15 RTL-SDR dongle connected to a laptop, [bertrik] got some captures, converted the FM-modulated chirps down to audio, and did a bunch of hand analysis. He confirmed that an existing plugins for sdrangelove did (mostly) what they should, and he wrote it all up, complete with a fantastic set of links.

There’s more work to be done, so if you’re interested in hacking on LoRa, or just having a look under the hood of this new modulation scheme, you’ve now got a great starting place.

“Hello Barbie” Not An IoT Nightmare After All

January 29, 2016 by Elliot Williams 25 Comments

Security researchers can be a grim crowd. Everything, when looked at closely enough, is insecure at some level, and this leads to a lot of pessimism in the industry. So it’s a bit of a shock to see a security report that’s filled with neither doom nor gloom.

We’d previously covered Somerset Recon’s initial teardown of “Hello Barbie” and were waiting with bated breath for the firmware dump and some real reverse engineering. Well, it happened and basically everything looks alright (PDF report). The Somerset folks desoldered the chip, dumped the flash ROM, and when the IDA-dust settled, Mattel used firmware that’s similar to what everyone else uses to run Amazon cloud service agents, but aimed at the “toytalk.com” network instead. In short, it uses a tested and basically sound firmware.

The web services that the creepy talking doll connected to were another story, and were full of holes that were being actively patched throughout Somerset’s investigation, but we were only really interested in the firmware anyway, and that looked OK. Not everything is horror stories in IoT security. Some stories do have a happy ending. Barbie can sleep well tonight.

Hacking A Coffee Machine

January 28, 2016 by Anool Mahidharia 19 Comments

The folks at Q42 write code, lots of it, and this implies the copious consumption of coffee. In more primitive times, an actual human person would measure how many cups were consumed and update a counter on their website once a day. That had to be fixed, obviously, so they hacked their coffee machine so it publishes the amount of coffee being consumed by itself. Their Jura coffee machine makes good coffee, but it wasn’t hacker friendly at all. No API, no documentation, non-standard serial port and encrypted EEPROM contents. It seems the manufacturer tried every trick to keep the hackers away — challenge accepted.

The folks at Q42 found details of the Jura encryption protocol from the internet, and then hooked up a Raspberry-Pi via serial UART to the Jura. Encryption consisted of taking each byte and breaking it up in to 4 bytes, with the data being loaded in bit positions 2 and 5 of each of the 4 bytes, which got OR’ed into 0x5B. To figure out where the counter data was stored by the machine in the EEPROM, they took a data dump of the contents, poured a shot of coffee, took another memory dump, and then compared the two.

Once they had this all figured out, the Raspberry-Pi was no longer required, and was replaced with the more appropriate Particle Photon. The Photon is put on a bread board and stuck with Velcro to the back of the coffee machine, with three wires connected to the serial port on the machine.

If you’d like to dig in to their code, checkout their GitHub repository. Seems the guys at Q42 love playing games too – check out 0h h1 and 0h n0.

Thanks [Max] for letting us know about this.

Finally, A Power Meter Without Nixies

January 22, 2016 by Dan Maloney 17 Comments

We’ve had quite a spate of home-brew energy meters on the tip line these days, and that probably reflects a deep inner desire that hackers seem to have to quantify their worlds. Functionally, these meters have all differed, but we’ve noticed a distinct stylistic trend toward the “Nixies and wood” look. Ironically, it is refreshing to see an energy meter with nothing but a spartan web interface for a change.

Clearly, [Tomasz Salwach] had raw data in mind as a design goal, and his Raspberry Pi-based meter delivers. After harvesting current sensing transformers from a bucket of defunct power meter PC boards, [Tomasz] calibrated them with a DIY oscilloscope and wired them and the voltage sensors up to an STM32 Nucleo development board. Data from the MCU goes to the Pi for processing and display as snazzy charts and GUI elements served internally. [Tomasz] was kind enough to include a link to his meter in his tip line post, but asked that we not share it publicly lest HaD readers love the Pi to death. But we can assure you that it works, and it’s kind of fun to peek in on the power usage of a house in Poland in real time.

It’s a nice project that does exactly what it set out to do. But if you missed the recent spate of Nixie-based displays, check out this front hallway meter or this one for a solar-power company CEO’s desk.

Shmoocon 2016: Z-Wave Protocol Hacked With SDR

January 16, 2016 by Mike Szczys 17 Comments

The first talk at 2016 Shmoocon was a great one. Joseph Hall and Ben Ramsey presented their work hacking Z-Wave, a network that has been gaining a huge market share in both consumer and industrial connected devices. EZ-Wave uses commodity Software Defined Radio to exploit Z-Wave networks. This is not limited to sniffing, but also used for control with the potential for mayhem.

Continue reading “Shmoocon 2016: Z-Wave Protocol Hacked With SDR” →

Internet Of Things In Five Minutes

January 8, 2016 by Elliot Williams 22 Comments

If you’re looking for the quickest way to go from zero to voice-controlled home automation system, you should spend five minutes checking out [Hari Wiguna]’s project on Hackaday.io where he connects up IoT gadgets and services into a functioning lightswitch. (Video below the break.)

[Hari] demonstrates how to set up a complex chain: Amazon Echo to IFTTT to Adafruit.io as a data broker, which is then polled by an ESP8266 unit in his home that controls his X10 setup. (Pshwew.) But each step along the way is designed to be nearly plug-and-play, so it’s really a lot like clicking Lego blocks together. [Hari]’s video is a nice overview.

There’s only one catch if you’re going to replicate this yourself: the X10 system that’s used for the last mile. Unless you have one of these setups already, you’re on your own for controlling the outlets that turn the lights on and off. For price and hackability, we suggest the common 433MHz wireless outlet switches and pairing them with cheap 433MHz transmitters, available at eBay for around $1. We’ve seen a lot of hacks of these systems — they’re quite common both in the US and Europe.

We’ve also covered [Hari]’s projects before: both his self-learning TV remote and a sweet Halloween hack. His video production skills are excellent. We’re in awe of how much info he crams into his YouTube videos.