Flipper Zero tool reading bank card, displaying data on LCD

What’s On Your Bank Card? Hacker Tool Teaches All About NFC And RFID

October 4, 2021 by Donald Papp 29 Comments

The Flipper Zero is a multipurpose hacker tool that aims to make the world of hardware hacking more accessible with a slick design, wide array of capabilities, and a fantastic looking UI. They are struggling with manufacturing delays like everyone else right now, but there’s a silver lining: the team’s updates are genuinely informative and in-depth. The latest update is all about RFID and NFC, and how the Flipper Zero can interact with a variety of contactless protocols.

Drawing of Flipper Zero and a variety of RFID tags — Popular 125 kHz protocols: EM-Marin, HID Prox II, and Indala

Contactless tags are broadly separated into low-frequency (125 kHz) and high-frequency tags (13.56 MHz), and it’s not really possible to identify which is which just by looking at the outside. Flipper Zero can interface with both, but the update at the link above goes into considerable detail about how these tags are used in the real world, and what they look like from both the outside and inside.

For example, 125 kHz tags have an antenna made from many turns of very fine wire, with no visible space between the loops. High-frequency tags on the other hand will have antennas with fewer loops, and visible space between them. To tell them apart, a bright light is often enough to see the antenna structure through thin plastic.

Low-frequency tags are “dumb” and incapable of encryption or two-way communication, but what about high-frequency (often referred to as NFC) like bank cards and applications like Apple Pay? One thing demonstrated is that mobile payment methods offer up considerably less information on demand than a physical bank or credit card. With a physical contactless card it’s possible to read the full card number, expiry date, and in some cases the name as well as recent transactions. Mobile payment systems (like Apple or Google Pay) don’t do that.

Like many others, we’re looking forward to it becoming available, sadly there is just no getting around component shortages that seem to be affecting everyone.

Download From NFC Datalogger, No App Required

September 23, 2021 by Danie Conradie 14 Comments

The plethora of wireless technologies has made internet-connected devices the norm, but it’s not always necessary if you don’t need real-time updates. Whether it’s due to battery life, or location and range constraints, downloading data directly from the device whenever possible might be a viable solution. [Malcolm Mackay] demonstrates an elegant solution on the open source cuplTag temperature/humidity logger, using any NFC-enabled smartphone, without requiring a custom app.

The cuplTag utilizes the feature on NFC-enabled smartphones to automatically open a URL provided by the cuplTag. It encodes the sensor data from the sensor unit as a circular buffer in a ~1 kB URL, which automatically uploads to a web frontend that plots the data. (You can use their server or run your own.)

This means that data can be collected by anyone with the appropriate phone with zero setup. The data is displayed on the web app and can be downloaded as a CSV. To deter spoofing, each tag ships with a secret key which is used to generate a unique HMAC every time the circular buffer changes.

Battery life is a priority on the cuplTag, and it’s theoretically capable of running seven years on a single CR1220 coin cell using the current-sipping Texas Instruments MSP430 microcontroller. The hardware, firmware, and server-side frontend and backend code are all open source and available on GitHub.

Earlier this year, we held a data logging contest, and featured submissions that monitored everything from your garden’s moisture levels to your caffeine intake.

NFC Who’s At The Door

July 13, 2021 by Michael Shaub 8 Comments

RevK_NFC_v1-Prototype-Photo — An early prototype that worked on the first try, except for one LED

[RevK] wanted to learn about NFC readers, and we agree that the best way to do so is to dive in and build one yourself.

There are readers available from multiple sources, but [RevK] found them either compact but with no prototyping space or plenty of prototyping space and a large footprint. High-speed UART (HSU) was selected over I2C for communication with an ESP32 as testing showed it was just as fast and more reliable over long distances at the cost of only one additional wire.

After a few versions, the resulting PN532 based NFC reader has just enough GPIO for a doorbell and tamper switch and three status LEDs, with board files and a 3D-printed case design included in the open source project on GitHub. When looking into the project, we appreciated learning about tamper switches that can include closed or open contact status when an NFC is read, most often used in the packaging of high-value and collectible products. If you have worked with this tamper feature of NFCs, let us know about it.

Thanks for the tip, [Simon]

This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!

July 9, 2021 by Jonathan Bennett 29 Comments

For the second time, Microsoft has attempted and failed to patch the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We warned you about this last week, but a few more details are available now. The original reporter, [Yunhai Zhang] confirms our suspicions, stating on Twitter that “it seems that they just test with the test case in my report”.

CVE-2021-1675 is meant to fix PrintNightmare, but it seems that they just test with the test case in my report, which is more elegant and also more restricted. So, the patch is incomplete. : (

— Yunhai Zhang (@_f0rgetting_) July 1, 2021

Microsoft has now shipped an out-of-band patch to address the problem, with the caveat that it’s known not to be a perfect fix, but should eliminate the RCE element of the vulnerability. Except … if the server in question has the point and print feature installed, it’s probably still vulnerable. And to make it even more interesting, Microsoft says they have already seen this vulnerability getting exploited in the wild. Continue reading “This Week In Security: Print Nightmare Continues, Ransomware Goes Bigger, And ATM Jackpots!” →

Custom 3D Printer Cart Hides Clever Features

June 26, 2021 by Tom Nardi 8 Comments

Even if you’ve got a decent sized workshop, there’s only so much stuff you can have sitting on the bench at one time. That’s why [Eric Strebel], ever the prolific maker, decided to build this slick cart for his fairly bulky Ultimaker 3 Extended printer. (Video, embedded below.) While the cart is obviously designed to match the aesthetics of the Ultimaker, the video below is sure to have some useful tips and tricks no matter which printer or tool you’re looking to cart around the shop in style.

[Eric] made a second video on sketching out the design.

On the surface this might look like a pretty standard rolling cart, and admittedly, at least half of the video is a bit more New Yankee Workshop than something we’d usually be interested in here on Hackaday. But [Eric] has built a number of neat little details into the cart that we think are worth mentally filing away for future projects.

For example, we really liked his use of magnets to hold the plastic totes in place, especially his method of letting the magnets align themselves first before locking everything down with screws and hot glue. The integrated uninterruptible power supply is also a nice touch, as it not only helps protect your prints in the event of a power outage, but means you could even move the cart around (very carefully…) as the printer does its thing.

But perhaps the most interesting element of the cart is that [Eric] has relocated the Ultimaker’s NFC sensors from the back of the printer and into the cart itself. This allows the printer to still read the NFC chip built into the rolls of Ultimaker filament, even when they’re locked safely away from humidity in a sealed box.

Now all you’ve got to do is apply for the loan it will take to pay for all of the MDF you’ll need to build your own version. At this point, we wouldn’t be surprised if encasing your 3D printer in metal would end up being cheaper than using wood.

Continue reading “Custom 3D Printer Cart Hides Clever Features” →

Hackaday Links: June 13, 2021

June 13, 2021 by Dan Maloney 6 Comments

When someone offers to write you a check for $5 billion for your company, it seems like a good idea to take it. But in the world of corporate acquisitions and mergers, that’s not always the case, as Altium proved this week when they rebuffed a A$38.50 per share offer from Autodesk. Altium Ltd., the Australian company whose flagship Altium Designer suite is used by PCB and electronic designers around the world, said that the Autodesk offer “significantly undervalues” Altium, despite the fact that it represents a 42% premium of the company’s share price at the end of last week. Altium’s rejection doesn’t close the door on ha deal with Autodesk, or any other comers who present a better offer, which means that whatever happens, changes are likely in the EDA world soon.

There were reports this week of a massive explosion and fire at a Chinese polysilicon plant — sort of. A number of cell phone videos have popped up on YouTube and elsewhere that purport to show the dramatic events unfolding at a plant in Xinjiang province, with one trade publication for the photovoltaic industry reporting that it happened at the Hoshine Silicon “997 siloxane” packing facility. They further reported that the fire was brought under control after about ten hours of effort by firefighters, and that the cause is under investigation. The odd thing is that we can’t find a single mention of the incident in any of the mainstream media outlets, even five full days after it purportedly happened. We’d have figured the media would have been all over this, and linking it to the ongoing semiconductor shortage, perhaps erroneously since the damage appears to be limited to organic silicone production as opposed to metallic silicon. But the company does supply something like 17% of the world’s supply of silicon metal, so anything that could potentially disrupt that should be pretty big news.

It’s always fun to see “one of our own” take a project from idea to product, and we like to celebrate such successes when they come along. And so it was great to see the battery-free bicycle tire pressure sensor that Hackaday.io user CaptMcAllister has been working on make it to the crowdfunding stage. The sensor is dubbed the PSIcle, and it attaches directly to the valve stem on a bike tire. The 5-gram sensor has an NFC chip, a MEMS pressure sensor, and a loop antenna. The neat thing about this is the injection molding process, which basically pots the electronics in EDPM while leaving a cavity for the air to reach the sensor. The whole thing is powered by the NFC radio in a smartphone, so you just hold your phone up to the sensor to get a reading. Check out the Kickstarter for more details, and congratulations to CaptMcAllister!

We’re saddened to learn of the passing of Dale Heatherington last week. While the name might not ring a bell, the name of his business partner Dennis Hayes probably does, as together they founded Hayes Microcomputer Products, makers of the world’s first modems specifically for the personal computer market. Dale was the technical guru of the partnership, and it’s said that he’s the one who came up with the famous “AT-command set”. Heatherington only stayed with Hayes for seven years or so before taking his a $20 million share of the company and retiring, which of course meant more time and resources to devote to tinkering with everything from ham radio to battle bots. ATH0, Dale.

Automated Balcony Shade Uses NFC

January 20, 2021 by Bryan Cockfield 3 Comments

[Udi] lives in an apartment with a pleasant balcony. He also has three kids who are home most of the time now, so he finds himself spending a little more time out on the balcony than he used to. To upgrade his experience, he installed a completely custom shade controller to automatically open and close his sunshade as the day progresses.

Automatic motors for blinds and other shades are available for purchase, but [Udi]’s shade is too big for any of these small motors to work. Finding a large servo with a 2:1 gear ration was the first step, as well as creating a custom mount for it to attach to the sunshade. Once the mechanical situation was solved, he programmed an ESP32 to control the servo. The ESP32 originally had control buttons wired to it, but [Udi] eventually transitioned to NFC for limit switch capabilities and also implemented voice control for the build as well.

While not the first shade controller we’ve ever seen, this build does make excellent use of appropriate hardware and its built-in features and although we suppose it’s possible this could have been done with a 555 timer, the project came together very well, especially for [Ubi]’s first Arduino-compatible build. If you decide to replicate this build, though, make sure that your shade controller is rental-friendly if it needs to be.

Continue reading “Automated Balcony Shade Uses NFC” →