Hackaday Links: August 18, 2013

hackaday-links-chain

Let’s start off with some lock picking. Can you be prosecuted if it was your bird that broke into something? Here’s video of a Cockatoo breaking into a puzzle box as part of an Oxford University study. [Thanks Ferdinand via Endandit]

[Augybendogy] needed a vacuum pump. He headed off to his local TechShop and machined a fitting for his air compressor. It uses the Venturi Effect to generate a vacuum.

Build your own Arduino cluster using this shield designed by [Bertus Kruger]. Each shield has its own ATmega328. Many can be stacked on top of an Arduino board, using I2C for communications.

[Bunnie Huang] has been publishing articles a few articles on Medium called “Exit Reviews”. As a treasured piece of personal electronics is retired he pulls it apart to see what kind of abuse it stood up to over its life. We found his recent article on his Galaxy S II quite interesting. There’s chips in the glass, scuffs on the bezel, cracks on the case, and pervasive gunk on the internals.

We’d love to see how this this paper airplane folder and launcher is put together. If you know of a post that shares more details please let us know.

Squeezing the most out of a tiny microcontroller was a challenge. But [Jacques] reports that he managed to get a PIC 10F322 to play a game of Pong (translated). It even generates an NTSC composite video signal! Watch the demo video here.

Burglar Suspected Of Using Arduino-Onity Hack To Rob Hotel Rooms

Can anyone argue against this being the least-secure hotel room lock on the market? Regular readers will recognize it as an Onity key card lock. A few months back a glaring flaw in the security was exposed that allows these locks to be opened electronically in less than a second. So we are not surprised to hear that a series of hotel room robberies in Houston are suspected to have been performed using this technique.

The image above is from a demonstration video we saw back in October. That hack used an Arduino-compatible chip inside of a dry erase marker as an end-run around the lock’s electronics. It reinforced the warning sound by [Cody Brocious] when he presented the exploit at this year’s Blackhat conference. The barrel jack on the outside of the door lock doubles as a 1-wire communications port and that is how an attacker can gain access. Investigators can find no other means of entry for these thefts.

We applaud one of the victims in this story. At the end of the article she is asked if the information about the Onity flaw should have been kept secret. She said that if there’s a vulnerability that’s not being fixed people have a right to know about it. Bravo [Janet Wolf]!

[Thanks Andrew]

Electromagnetic Field Camp

Emf Electromagnetic Field Camp is a three-day camping festival for people with an inquisitive mind or an interest in making things: hackers, geeks, scientists, engineers, artists, and crafters.

There will be people talking about everything from genetic modification to electronics, blacksmithing to high-energy physics, reverse engineering to lock picking, crocheting to carpentry, and quadcopters to beer brewing. If you want to talk, there’ll be space for you to do so, and plenty of people who will want to listen.

EMF is a volunteer effort by a non-profit group, inspired by European and US hacker camps like CCC, HAR, and toorcamp.  This year on Friday 31st August – Sunday 2nd September 2012 Will hold the first Uk meeting of its kind.

Events and activities will run throughout the day and into the evening, everything else (chats, debates, impromptu circus performances, orbital laser launches) will run as long as your collective energy lasts.

The Event is to be held at Pineham Park, Milton Keynes, UK.

As a Hackaday viewer you can get discounted tickets.

[thanks Jonty]

Arduino, Resistor, And Barrel Plug Lay Waste To Millions Of Hotel Locks

The security flaws on this common hotel keycard lock are nothing short of face-palmingly stupid. Look closely at the picture above. This is a hotel room door swinging open. The device he holds in his hand is an Arduino connected to the OUTSIDE portion of the door lock. It takes approximately 200 milliseconds from the time an attacker plugs the device in, until the door can be opened. Yes, in less than 1/4 of one second an Arduino can open any of the millions of these locks in service.

The exploit in Onity programmable keycard locks was revealed by [Cody Brocious] at the Blackhat conference. Apparently the DC barrel jack on the outside of the lock serves as a one-wire protocol interface. Once communications are established a 32-bit sitecode can be read from any of the locks and immediately used to open the door. There is no authentication or encryption used to obfuscate this kind of attack. To make matters worse, you can even read out master key and skeleton key codes. These codes facilitate ‘magic’ keys used to open a variety of different doors through the system.

We’re no strangers to easy hotel beak-ins. But how can a digital lock possibly be sold with this type of vulnerability present? Really!?

Here’s the white paper on the exploit as well as the slides from his talk (PDF).

[via Reddit]

Time To Get Serious About Going To LayerOne

This year’s LayerOne Hacking and Security Conference is right around the corner. But it’s not too late to attend. You can still get a block-rate hotel room if you register by the end of April, and registration for the two-day event only costs a hundred bucks. It’s scheduled for May 26th and 27th in Anaheim California.

As usual, the Speaker lineup is quite impressive. Everything from Android Malware to embedded exploits and botnet adventures will be discussed. And then there’s the perennial favorite lock picking and hardware hacking villages. Did we mention badges? We’d bet it was this pick-and-place machine which helped assemble this year’s pile of badges. We haven’t seen any word on what they might include, but there’s a hacking contest so plan to pack your tools.

Hackaday Links: August 29, 2010

Hotel room door lock picking

Here’s further proof that you should never leave anything of value in your hotel room. We’re not worried about someone getting in while the room is occupied. But these methods of defeating the chain lock and opening the door without a keycard (YouTube login required) do show how easy it is for the bad guys to steal your stuff.

iPhone frequency generator

Need one more way to make that iPhone a useful lab tool? Why not use it as a frequency generator. Start with a free app and mix in an audio cable with test leads and you’re in business.

Drag Soldering

[Andrei] sent us a link to a video about drag soldering. This is a method of soldering fine-pitch chips using a small bit of solder and a fat solder tip. The link he sent is dead now but we found another great example of the process. We were just using this method earlier in the week to solder a TSSOP38 package for an upcoming project and it worked like a charm.

Laser etched PCB

Here’s some art in PCB form thanks to a laser. We thought this might be interesting to share after seeing those art pieces made from old circuit boards. This example is laser etched, but not directly. As you probably guessed, the copper clad board is coated with resist and the laser etches some of it away. Whatever got zapped by the laser dissolves when the board is placed in acid, leaving [Riley Porter’s] art behind.

LockCon Coming Soon

The Open Organisation Of Lockpickers (TOOOL) is planning a new annual gathering for lockpickers. October 9-12th they will hold the first ever LockCon in Sneek, Netherlands. The event was spawned from the Dutch Open lockpicking championships, but they’ve decided to expand beyond just competition into a full conference. This year the conference is limited to just 100 lockpickers, technicians, manufacturers, hackers, and law enforcement members. They’ll compete in picking competitions, safe manipulation, and key impressioning.

On a related note: Organizer [Barry Wels] just became the first non-German to win an SSDeV competition with his key impressioning skills. We covered key impressioning when we saw his talk about high security keys at The Last Hope. He says it’s only been about two years worth of study and 500 keys to become a master. He managed to open the lock in 5:13 filing two whole keys during that time.

[photo: Rija 2.0]