PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers

November 16, 2016 by Brian Benchoff 53 Comments

[Samy Kamkar], leet haxor extraordinaire, has taken a treasure trove of exploits and backdoors and turned it into a simple hardware device that hijacks all network traffic, enables remote access, and does it all while a machine is locked. It’s PoisonTap, and it’s based on the Raspberry Pi Zero for all that awesome tech blog cred we crave so much.

PoisonTap takes a Raspberry Pi Zero and configures it as a USB Gadget, emulating a network device. When this Pi-come-USB-to-Ethernet adapter is plugged into a computer (even a locked one), the computer sends out a DHCP request, and PoisonTap responds by telling the machine the entire IPv4 space is part of the Pi’s local network. All Internet traffic on the locked computer is then sent over PoisonTap, and if a browser is running on the locked computer, all requests are sent to this tiny exploit device.

With all network access going through PoisonTap, cookies are siphoned off, and the browser cache is poisoned with an exploit providing a WebSocket to the outside world. Even after PoisonTap is unplugged, an attacker can remotely send commands to the target computer and force the browser to execute JavaScript. From there, it’s all pretty much over.

Of course, any device designed to plug into a USB port and run a few exploits has a few limitations. PoisonTap only works if a browser is running. PoisonTap does not work on HTTPS cookies with the Secure cookie flag set. PoisonTap does not work if you have filled your USB ports with epoxy. There are a thousand limitations to PoisonTap, all of which probably don’t apply if you take PoisonTap into any office, plug it into a computer, and walk away. That is, after all, the point of this exploit.

As with all ub3r-1337 pen testing tools, we expect to see a version of PoisonTap for sale next August in the vendor area of DEF CON. Don’t buy it. A Raspberry Pi Zero costs $5, a USB OTG cable less than that, and all the code is available on Github. If you buy a device like PoisonTap, you are too technically illiterate to use it.

[Samy] has a demonstration of PoisonTap in the video below.

Continue reading “PoisonTap Makes Raspberry Pi Zero Exploit Locked Computers” →

How To Control Your Instruments From A Computer: It’s Easier Than You Think

November 16, 2016 by Jenny List 49 Comments

There was a time when instruments sporting a GPIB connector (General Purpose Interface Bus) for computer control on their back panels were expensive and exotic devices, unlikely to be found on the bench of a hardware hacker. Your employer or university would have had them, but you’d have been more likely to own an all-analogue bench that would have been familiar to your parents’ generation.

A GPIB/IEEE488 plug. Alkamid [CC BY-SA 3.], via Wikimedia Commons.

The affordable instruments in front of you today may not have a physical GPIB port, but the chances are they will have a USB port or even Ethernet over which you can exert the same control. The manufacturer will provide some software to allow you to use it, but if it doesn’t cost anything you’ll be lucky if it is either any good, or available for a platform other than Microsoft Windows.

So there you are, with an instrument that speaks a fully documented protocol through a physical interface you have plenty of spare sockets for, but if you’re a Linux user and especially if you don’t have an x86 processor, you’re a bit out of luck on the software front. Surely there must be a way to make your computer talk to it!

Let’s give it a try — I’ll be using a Linux machine and a popular brand of oscilloscope but the technique is widely applicable.

Continue reading “How To Control Your Instruments From A Computer: It’s Easier Than You Think” →

2,000 LEDs On Fire

November 15, 2016 by Al Williams 12 Comments

What’s 18 feet tall, 12 feet wide, has 2,000 LEDs and turbine-driven blast furnaces? Believe it or not, it is a piece of kinetic sculpture created by [Therm] (a collective, not a person) for Burning Man 2016. The project is about 60% salvage, has a Raspberry Pi 3 helping its three human operators, and took a team of 30 about 9 months to complete.

The Raspberry Pi drives LED using fadecandy. You can see a video of the sculpture (three giant moths, to be exact) and a video about fadecandy, below. (We’ve covered a subtler fadecandy project before if you want to see a different take on it.)

Continue reading “2,000 LEDs On Fire” →

Put A Pi In Your JAMMA

November 12, 2016 by Jenny List 13 Comments

Most of us who play an occasional arcade game will have never taken a look inside a cabinet however much its contents might interest us. We’ll know in principle what kind of hardware we’d expect to see if we were given the chance, but the details are probably beyond us.

In fact, there is a standard for the wiring in arcade cabinets. Arcade operators demanded running costs as low as possible, and the industry responded with the JAMMA wiring standard. The Japan Amusement Machinery Manufacturers Association was the name the Japanese trade body was known under in the 1980s, and they originated a specification for both wiring and connector that would allow hardware to be easily installed for any game that supported it.

[Jochen Zurborg] has created an interesting board supporting the JAMMA connector, one that interfaces it with a Raspberry Pi and offers full support of the Pi as a video source. He’s launching his Pi2Jamma as a commercial product so sadly there are no schematics or Gerbers for you to look at, but if you’d prefer to roll your own it probably wouldn’t be beyond most Hackaday readers to do so. What it does though is open up the huge world of emulation on the Pi to owners of classic cabinets, and if you don’t mind forking out for one then we can see it might make for a very versatile addition to your cabinet.

We’ve featured [Jochen]’s work before here at Hackaday with a joystick that faithfully replicates arcade items. As to the Pi, this is the first JAMMA board we’ve seen with video, but we’ve featured another board using a Pi to bring console controllers to JAMMA boards in the past.

Raspberry Pi Spies On… Err… Monitors Baby

November 12, 2016 by Dan Maloney 7 Comments

“Quick! We’re having a baby and we need a baby monitor!” Rather than run to the local big box and plunk down cash for an off-the-shelf solution, any self-respecting hacker would rise to the challenge and hit the shop to build something like this live streaming eye-in-the-sky baby camera. Right?

At least that’s how [Antibore] handled the situation, and the results are pretty good. He designed his build around an old Raspberry Pi 2 that was hanging around. That required a WiFi adapter, and since he wanted video and audio he needed a camera and mic. The first USB mic had a nice compact design but didn’t perform well, so a gutted gooseneck mic soldered right to the USB connector joined the design spec. A camera module, cell-phone quick charge battery bank, and a 3D printed case round out the BOM. A knitted cozy to keep it looking warm and fuzzy was provided by the mother-to-be — although we think it looks a little like [Mike Wazowski].

This self-contained unit will work anywhere it has access to a WiFi network. Mounted on the baby carrier, it’ll provide a live stream to any browser and provide the new parents with a little peace of mind.

There are a lot of baby monitors on the market, some of them terrible and in need of a rebuild. Kudos to [Antibore] for deciding to roll his own custom solution and for getting it done before the blessed event. Now how about painting that nursery?

A Trove Of Arcade Projects

November 11, 2016 by Gerrit Coetzee 4 Comments

[Ryan Bates] loves arcade games, any arcade games. Which is why you can find claw machines, coin pushers, video games, and more on his website.

We’ve covered his work before with his Venduino project. We also really enjoyed his 3D printed arcade joystick based off the design of a commercial variant. His coin pushing machine could help some us finally live our dream of getting a big win out of the most insidious gambling machine at arcades meant for children.

Speaking of frustrating gambling machines for children, he also built his own claw machine. Nothing like enabling test mode and winning a fluffy teddy bear or an Arduino!

It’s quite a large site and there’s good content hidden in nooks and crannys, so explore. He also sells kits, but it’s well balanced against a lot of open source files if you’d like to do it yourself. If you’re wondering how he gets it all done, his energy drink review might provide a clue.

Better Tornado Warnings With Polygons And Pi

November 11, 2016 by Dan Maloney 16 Comments

Everyone pays close attention to the weather, but for those who live where tornadoes are prevalent, watching the sky can be a matter of life and death. When the difference between making it to a shelter or getting caught in the open can be a matter of seconds, it might make sense to build an internet enabled Raspberry Pi weather alert system.

We know what you’re thinking – why not just buy an off-the-shelf weather alert radio with Specific Area Message Encoding (SAME) reporting, or just rely on a smartphone app? As [Jim Scarborough] explains, living in the heart of Tornado Alley and having had a brush with tragedy as a kid teaches you not to be complacent with severe weather. He found a problem with the SAME system: lack of locational granularity below the county level, leading to a tendency to over-warn during tornado season. [Jim]’s build seeks to improve SAME by integrating National Weather Service polygon warnings, which define an area likely to see a severe weather event as a collection of geographic vertices rather than a political unit. He’s using a Raspberry Pi NOAA weather radio receiver with SAME decoding, and while details are sparse and the project is ongoing, the idea seems to be to use the Pi to scrape the NWS site for polygon data once a county-level warning is issued.

It’s an interesting idea, and one we’ll be keeping an eye on as [Jim] continues his build. In the meantime, you can brush up on weather radio and SAME encoding with this Arduino SAME decoder.

[via r/weather]