Hackaday Links: February 24, 2019

Back To The Future Part II, released in 1989, told us the far-off future of 2015 would have flying cars, drones working for national newspapers, and self-lacing sneakers. Our best hope for flying cars is Uber, and that’s going to be hilarious when it fails. (Note to Uber: buy KSMO, Santa Monica airport, as an air taxi hub because that’s the most hilarious of all possible realities.) National newspapers — heck, even newspapers — don’t exist anymore. Self-lacing sneakers? Nike’s self-lacing sneakers brick themselves with a firmware update. Don’t worry, it’s only the left shoe.

HackSpace magazine Vol. 16 is out, and there’s a few pages dedicated to Tindie from the person who runs it, our fabulous [Jasmine]. There’s some good tips in here for Tindie sellers — especially shipping — and a good introduction to what Tindie actually is. The three-second elevator pitch of, ‘Etsy but for DIY electronics’ is not in the feature, though.

Is it duct tape or duck tape? That’s a silly question, because it’s ‘duck’ tape, but that’s not important. Gaffer tape is superior. [Ross Lowell], the inventor of gaffer tape, passed away last week at the age of 92.

[Peter Stripol] has a hobby of building ultralights in his basement. Actually, he has a hangar now, so everything’s good. His first two planes flew as Part 103 ultralights, however, there were design problems. [Peter] is using an electric powerplant, with motors and batteries, which is much lighter than a gas-chugging Rotax. However, he was still basing his designs on traditional ultralights. His now third build will be slightly more trimmed down, probably a little bit faster, and might just use 3D-printed control surfaces. Check out the intro to the mk3 airplane here.

[Matthias Wandel], the woodworking Canadian famous for designing the pantorouter, just built a three-legged stool. Sure, that doesn’t sound impressive, but check this out. All the weird mortises were done on the pantorouter, and there are some weird mortises here.

You’re only cool if you got chainz, so here’s some PCB chainz. This was done by [@jeffwurz] with OSHPark PCBs. The design, from as far as we can tell, is simple. It’s just a PCB without a soldermask, and a small cutout in one of the links. Assemble it into a chain, and if you’re clever, solder some resistor leads across the gap to make it a bit more solid.

ASMR, or officially, ‘autonomous sensory meridian response’, is the tingling sensation moving down your back induced by specific auditory (or visual) stimuli. That’s the scientific definition. On the Internet, it’s people breathing into microphones and smacking their lips. Yes, there are videos of this. Thousands of them. There are 11-year-old girls raking in the YouTube money posting ASMR videos. It’s weird and gross, and don’t get me started on slime videos. You’ve also got unboxing videos. The Raspberry Pi foundation found a way to combine ASMR with unboxing videos. I gotta respect the hustle here; ASMR and unboxing videos are some of the most popular content available, and the Pi foundation is not only combining the two, but doing so ironically. It’s exactly the content everyone wants to see, and it’ll bring in people who hate ASMR and unboxing videos. Someone over at the Pi foundation really knows what they’re doing here.

Teardown Of Nike Self-Lacing Shoes

There used to be a time, before running shoes had blinking LEDs and required placing on an inductive charger overnight, when we weren’t worried about whether or not we could dump the firmware running underneath our heels. Those are not the times that we’re living in. Nike came out with a shoe that solves the age-old problem of lacing: the HyperAdapt. And [Telind Bench] has torn them apart.

img_0059Honestly, we’re kinda “meh” about what’s inside. The “laces” are actually tubes with a small Kevlar-like cable running inside, and the whole thing torques up using a small, geared DC motor. That’s kinda cool. (We have real doubts about [Telind]’s guess of 36,000 RPM for the motor speed.) But in an age when Amazon gives away small WiFi-enabled devices for a few bucks as a loss-leader to get you to order a particular brand of laundry detergent, we’re not so dazzled by the technology here, especially not at the price of $720 for a pair of freaking shoes.

The only really interesting bit is the microcontroller, which is over-powered for the job of turning a wheel when a keyboard-style sensor is pressed by your heel. What is Nike thinking? We want to see the firmware, and we’d like it reverse engineered. What other chips are on board? Surely, they’ve got an accelerometer and are measuring your steps, probably tying in with an exercise app or something. Does anyone have more (technical) detail about these things? Want to make a name for yourself with a little stunt hacking?

Hacking The Nike+ Fuelband

[Simone] was trying to reverse-engineer the Bluetooth protocol of his Nike+ Fuelband and made some surprising discoveries. [Simone] found that the authentication system of the Fuelband can be easily bypassed and discovered that some low-level functions (such as arbitrarily reading and writing to memory) are completely exposed to the end user or anyone else who hacks past the authentication process.

[Simone] started with the official Nike app for the Fuelband. He converted the APK to a JAR and then used JD-Gui to read the Java source code of the app. After reading through the source, he discovered that the authentication method was completely ineffective. The authenticator requires the connecting device to know both a pin code and a nonce, but in reality the authentication algorithm just checks for a hard-coded token of 0xff 0xff 0xff 0xff 0xff 0xff rendering the whole authentication process ineffective.

After he authenticated with the Fuelband, [Simone] started trying various commands to see what he could control over the Bluetooth interface. He discovered that he could send the device into bootloader mode, configure the RTC, and even read/write the first 65k of memory over the Bluetooth interface–not something you typically want to expose, especially with a broken authentication mechanism. If you want to try the exploit yourself, [Simone] wrote an Android app which he posted up on GitHub.

EagerFeet Lets You Scrape Your Nike+ Data From The Web

Runners that wear shoes with the Nike+ system can upload GPS data about their runs to the proprietary website. If you’ve been using this for a while you may be reluctant to switch to another service that works with the hardware because you don’t want to lose the historical data. Faced with this issue, [Robert Kosara] developed some software that can scrape Nike+ data. Not only did he write the code, but he also threw up a website that shows how well it works. EagerFeet lets you copy and paste your Nike+ ID for mapping on Google Maps.

Data is scraped from Nike+ and assembled as GPX files, which are backups of GPS data. From there you can use it for whatever you like. Since the code is available in a Git repository it’s easy to depend on it with your own projects, and still get updates if the scraping system needs to be changed in the future. Even if you don’t want to use the GPX files in your own projects, they can be imported on some third party exercise tracking sites if that’s what you’re interested in.

Of course you could try to pull the data straight off of your iPod.

Nike + IPod As A Tracking Device

[Thomas] found a paper from 2006 that describes using the Nike + iPod system as inexpensive tracking devices. Yep, it’s old as dirt but we think it’s fascinating reading! [Scott Saponas] and his fellow authors take a hard look at the lack of security in the system in a twelve-page PDF. They cover several different ways to capture and track one of the $29 tags in someone’s shoe, including using the Gumstix reader above, or a slightly modified 3G iPod. If the sensors are not removed or manually switched off when not in use they can be picked up by any RF reader within range. Because the tags are cheap and available, one could be planted on an unsuspecting victim James-Bond-style. Maybe this is what prompted Apple’s half-hearted attempt to restrict hacking the devices to do things like unlock doors.

Of course if you don’t want to do the reading you could download their video presentation or just stream it.

Chalkbot Vs GraffitiWriter

For those who watched the Tour de France, you may have been pleasantly surprised to see some cool tech. Nike was using a robot to paint pictures on the street in chalk dot matrix style. It was accepted by the general public as new and innovative, as well as generally cool. In the hacker community though, a bit of trouble began to brew. The Chalkbot bears more than a passing resemblance to a project called GraffitiWriter. GraffitiWriter was a bot initially designed to protest the militarization of robotics. As it turns out, one of the early developers of the GraffitiWriter is behind the Chalkbot in a legitimate contract. The trouble doesn’t seem to be one of intellectual property legalities. People are mad at the corporatization of public work. They want kids watching to know that this system was designed by regular people in their spare time at their homes, not by a team of researches in a secret underground Nike laboratory.

The article takes a bit of a turn and talks some about the possibility of projects being taken and used for corporate advertisement. The specific item they are talking about is the Image Fulgurator which secretly projects images on objects in your photographs. You’ll have to go check that one out to see how it works.

IFob: Keyless Entry

iFOB-11-M (Custom)

[Nate] hates keys. He’s gone through a lot of effort to remove them wherever possible. He has a keypad at home and a keypad at work, but he still has to carry car keys. His solution is to build a device he can carry in his pocket that will unlock the car via RF. To do this, he’s utilizing the guts of a Nike iPod puck along with an Arduino and an iPod serial board. He has managed to get this all working, but still has to carry his key to actually start the car. We know what his next project will be.