Hackaday Podcast 082: DJ CNC, NFC Black Box, Sound Of Keys, And Payin’ For 3D Prints

Hackaday editors Elliot Williams and Mike Szczys check in on the best hacks from the past week. All the buzz is the algorithm that can reverse engineer your house keys from the way they sound going into the lock. Cardboard construction goes extreme with an RC car build that’s beyond wizard-level. Speaking of junk builds, there’s a CNC mill tipped on its side grinding out results worlds better than you expect from something made with salvaged CD-ROM drives. And a starburst character display is a clever combination of laser cutting and alternative using UV-cured resin as a diffuser.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 082: DJ CNC, NFC Black Box, Sound Of Keys, And Payin’ For 3D Prints”

Breaking Smartphone NFC Firmware: The Gory Details

Near-field Communication (NFC) has been around a while and is used for example in access control, small data exchange, and of course in mobile payment systems. With such sensitive application areas, security is naturally a crucial element of the protocol, and therefore any lower-level access is usually heavily restricted and guarded.

This hardware is especially well-guarded in phones, and rooting your Android device won’t be of much help here. Well, that was of course only until [Christopher Wade] took a deep look into that subject, which he presented in his NFC firmware hacking talk at for this year’s DEF CON.

But before you cry out “duplicate!” in the comments now, [Jonathan Bennett] has indeed mentioned the talk in a recent This Week In Security article, but [Christopher] has since written up the content of his talk in a blog post that we thought deserves some additional attention.

To recap: [Christopher] took a rooted Samsung S6 and searched for vulnerabilities in the NFC chip’s safe firmware update process, in hopes to run a custom firmware image on it. Obviously, this wouldn’t be worth mentioning twice if he hadn’t succeeded, and he goes at serious length into describing how he got there. Picking a brain like his by reading up on the process he went through — from reverse engineering the firmware to actually exploiting a weakness that let him run his own code — is always fascinating and downright fun. And if you’re someone who prefers the code to do the talking, the exploits are on GitHub.

Naturally, [Christopher] disclosed his findings to Samsung, but the exploited vulnerability — and therefore the ability to reproduce this — has of course been out there for a long time already. Sure, you can use a Proxmark device to attack NFC, or the hardware we saw a few DEF CONs back, but a regular-looking phone will certainly raise a lot less suspicion at the checkout counter, and might open whole new possibilities for penetration testers. But then again, sometimes a regular app will be enough, as we’ve seen in this NFC vending machine hack.

Continue reading “Breaking Smartphone NFC Firmware: The Gory Details”

Son Of Rothult

We are continuously inspired by our readers which is why we share what we love, and that inspiration flows both ways. [jetpilot305] connected a Rothult unit to the Arduino IDE in response to Ripping up a Rothult. Consider us flattered. There are several factors at play here. One, the Arduino banner covers a lot of programmable hardware, and it is a powerful tool in a hardware hacker’s belt. Two, someone saw a tool they wanted to control and made it happen. Three, it’s a piece of (minimal) security hardware, but who knows where that can scale. The secure is made accessible.

The Github upload instructions are illustrated, and you know we appreciate documentation. There are a couple of tables for the controller pins and header for your convenience. You will be compiling your sketch in Arduino’s IDE, but uploading through ST-Link across some wires you will have to solder. We are in advanced territory now, but keep this inspiration train going and drop us a tip to share something you make with this miniature deadbolt.

Locks and security are our bread and butter, so enjoy some physical key appreciation and digital lock love.

Hands On With A Batteryless E-Paper Display

E-paper displays are unusual in that power is only needed during a screen update. Once the display’s contents have been set, no power whatsoever is required to maintain the image. That’s pretty nifty. By making the display driver board communicate wirelessly over near-field communication (NFC) — which also provides a small amount of power — it is possible for this device to be both wireless and without any power source of its own. In a way, the technology required to do this has existed for some time, but the company Waveshare Electronics has recently made easy to use options available for sale. I ordered one of their 2.9 inch battery-less NFC displays to see how it acts.

Continue reading “Hands On With A Batteryless E-Paper Display”

New Part Day: Battery-Less NFC E-Paper Display

Waveshare, known for e-ink components aimed at hobbyists among other cool parts, has recently released a very interesting addition to their product line. This is an enclosed e-ink display which gets updated over a wireless NFC connection. By that description, nothing head-turning, but the kicker is that there is no battery inside the device at all, as it harvests the energy needed from the wireless communication itself.

Just like wireless induction charging in certain smartphones, the communication waves involved in NFC can generate a small current when passing through a coil, located on this device’s PCB. Since microcontrollers and e-ink displays consume a very small amount of current compared to other components such as a backlit LCD or OLED display, this harvested passive energy is enough to allow the display to update. And because e-paper requires no power at all to retain its image, once the connection is ended, no further battery backup is needed.

The innovation here doesn’t come from Waveshare however, as in 2013 Intel had already demoed a very similar device to promising results. There’s some more details about the project, but it never left the proof of concept stage despite being awarded two best paper awards. We wonder why it hadn’t been made into a commercial product for 5 years, but we’re glad it’s finally here for us to tinker with it.

E-paper is notorious for having very low refresh rates when compared to more conventional screens, much more so when driven in this method, but there are ways to speed them up a bit. Nevertheless, even when used as designed, they’re perfectly suited for being used in clocks which are easy on the eyes without a glaring backlight.

[Thanks Steveww for the tip!]

NFC For Your Home Automation

If home automation in the IoT era has taught us anything, it is that no one wants to run wires. Many of us rent, so new cabling is not even an option, even if we wanted to go that route. If you want a unique sensor, you have to build your own, and [tmkThings] wanted an NFC scanner at his front door. Just like arriving at work, he scans his credentials, and the door unlocks automagically.

Inside a little white box, we find an ESP8266 speaking Wifi attached to a PN532 talking NFC, and both are familiar names on these pages. The code, which is available on GitHub, links up with IFTTT and MQTT. For the security-minded, we won’t see this on your front door, but you can trigger your imagination’s limit of events from playing your favorite jams at the end of the day to powering down all the televisions at bedtime.

NFC hacks are great because they are instantly recognizable and readers are inexpensive, but deadbolt hacking is delightful in our books.

Continue reading “NFC For Your Home Automation”

Hacking An Arduino NFC Reader With WebUSB

When [gdarchen] wanted to read some NFC tags, he went through several iterations. First, he tried an Electron application, and then a client-server architecture. But his final iteration was to make a standalone reader with an Arduino and use WebUSB to connect to the application on the PC.

This sounds easy, but there were quite a few tricks required to make it work. He had to hack the board to get the NFC reader’s interrupt connected correctly because he was using a Leonardo board. But the biggest problem was enabling WebUSB support. There’s a library, but you have to change over your Arduino to use USB 2.1. It turns out that’s not hard, but there’s a caveat: Once you make this change you will need the WebUSB library in all your programs or Windows will refuse to recognize the Arduino and you won’t be able to easily reprogram it.

Once you fix those things, the rest is pretty easy. The PC side uses node.js. If you back up a level in the GitHub repository, you can see the earlier non-Arduino versions of the code, as well.

If you want to understand all the logic that went into the design, the author also included a slide show that discusses the three versions and their pros and cons. He did mention that he wanted a short-range solution so barcodes and QR codes were out. He also decided against RFID but didn’t really say why.

NFC business cards are a thing. You can also use them to catch some public transportation.