Hot Air Surgery Revives A Cheap Windows Tablet

March 6, 2018 by Tom Nardi 39 Comments

[Jason Gin] recently wrote in to tell us about his adventures replacing the eMMC storage chip on a cheap Windows tablet, and we have to say, it’s an impressive amount of work for a device which apparently only cost him $15. Surely much better pieces of hardware have been tossed in the trash for less serious failures than what ailed his DigiLand DL801W tablet. We’d love to see the lengths this guy would go to restore something a bit higher up the food chain.

As any good hacker knows, you can’t fix the problem until you understand it. So the first step [Jason] took was to conduct some troubleshooting. The tablet would only boot to the EFI shell, which didn’t do him much good since there was no on-screen keyboard to interact with it. But he had the idea of trying to connect a USB keyboard via an OTG adapter, and sure enough that got him in. Once he was able to enter commands into the EFI shell, he attempted to read from a few different sectors of the eMMC drive, only to get the same nonsense repeating data. So far, not looking good.

But before he fully committed to replacing the eMMC drive, he wanted a second opinion. Using the same USB OTG adapter, he was able to boot the tablet into a Windows 10 environment, and from there got access to some drive diagnostic tools. The software reported that not only was the drive reporting to be half the appropriate size, but that writing to the chip was impossible.

With the fate of the tablet’s Foresee NCEMBS99-16G eMMC chip now confirmed, [Jason] decided it was time to operate. After pulling the tablet apart and masking off the PCB with Kapton tape to protect it from the heat, he slowly went in with his hot air rework station to remove the failed chip. But rather than put another low-end chip in its place, he used this opportunity to replace it with a Samsung KLMBG4GEND-B031. Not only does this chip have twice the capacity of the original, it should be noticeably faster.

With the new Samsung eMMC chip installed, [Jason] put the tablet back together and was able to successfully install Windows 10 onto it. Another piece of tech saved from the big landfill in the sky.

If the casual confidence of this particular repair wasn’t enough of a clue, this isn’t the first time he’s showed some unruly eMMC chips who’s boss.

Eavesdropping With An ESP8266

November 2, 2017 by James Hobson 16 Comments

In the old days, spies eavesdropped on each other using analog radio bugs. These days, everything’s in the cloud. [Sebastian] from [Hacking Beaver] wondered if he could make a WiFi bug that was small and cheap besides. Enter the ESP8266 and some programming wizardry.

[Sebastian] is using a NodeMCU but suggests that it could be pared down to any ESP8266 board — with similar cuts made to the rest of the electronics — but has this working as a proof of concept. A PIC 18 MCU samples the audio data from a microphone at 10 kHz with an 8-bit resolution, dumping it into a 512-byte buffer. Once that fills, a GPIO pin is pulled down and the ESP8266 sends the data to a waiting TCP server over the WiFi which either records or plays the audio in real-time.

[Sebastian] has calculated that he needs at least 51.2 ms to transfer the data which this setup easily handles, but there are occasional two to three second glitches that come out of the blue. To address this and other hangups, [Sebastian] has the ESP8266 control the PIC’s reset pin so that the two are always in sync.

Continue reading “Eavesdropping With An ESP8266” →

Fooling Samsung Galaxy S8 Iris Recognition

May 24, 2017 by Elliot Williams 34 Comments

We have a love-hate relationship with biometric ID. After all, it looks so cool when the hero in a sci-fi movie enters the restricted-access area after having his hand and iris scanned. But that’s about the best you can say about biometric security. It’s conceptually flawed in a bunch of ways, and nearly every implementation we’ve seen gets broken sooner or later.

Case in point: prolific anti-biometry hacker [starbug] and a group of friends at the Berlin CCC are able to authenticate to the “Samsung Pay” payment system through the iris scanner. The video, embedded below, shows you how: take a picture of the target’s eye, print it out, and hold it up to the phone. That was hard!

Sarcasm aside, the iris sensor uses IR to recognize patterns in your eye, so [starbug] and Co. had to use a camera with night vision mode. A contact lens placed over the photo completes the illusion — we’re guessing it gets the reflections from room lighting right. No etching fingerprint patterns into copper, no conductive gel — just a printout and a contact lens.

Continue reading “Fooling Samsung Galaxy S8 Iris Recognition” →

Hack Your Own Samsung TV With The CIA’s Weeping Angel Exploit

April 26, 2017 by Jack Laidlaw 57 Comments

[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.

An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.

It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.

The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.

Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!

Simple Samsung NX Remote Shutter Release From USB Cable

February 27, 2016 by Richard Baguley 15 Comments

Samsung makes some nice cameras, but they have fallen into the trap of building proprietary controllers. Their NX models, for instance, have a micro USB port rather than the more usual 2.5mm socket for triggering the camera remotely. What’s a hacker to do?

[Niels] did some poking around, and found that it is pretty easy to trigger these cameras remotely, because Samsung simply moved the standard connections for half-press and full press of the shutter onto the USB socket: ground D+ (pin 3) and the camera focuses, then ground D- (pin 2) and the shutter is triggered. In his Instructable, he covers how to build a simple remote from a micro USB cable and a couple of switches.

Don’t feel left out if you have another type of digital camera: there are plenty of ways to build a simple shutter release switch with a few simple parts, or ways to put a microcontroller in control for more sophisticated shoots.

Samsung ARTIK Dev Boards Start To Ship

February 26, 2016 by Jenny List 23 Comments

Another week’s news, another single board computer aimed at Internet of Things applications is launched. This time it’s Samsung’s Artik 5, a platform they’ve been talking about for a while now but which you can now buy as a dev board from Digi-Key for $99.99. For that you get Wi-Fi, Bluetooth and Zigbee connectivity, a dual-core ARM Cortex A7 running at 1GHz, 512MB of memory, and 4GB of eMMC storage. There are the usual plethora of interfaces: GPIO, I2C, SPI, UART, SDIO, USB 2.0, JTAG, and analogue.

The single board computer marketplace is starting to look rather crowded, and with so many competitors to choose from at more reasonable prices you might ask yourself why the ARTIK could be of interest to a maker. And given that Samsung are positioning it in their literature on its increased security for use in commercial applications such as IoT hubs, IP cameras and industrial and commercial lighting systems, you’d probably be on to something. If you were to make a very rough analogy with the Raspberry Pi range this has more in common with the Compute Module when it comes to intended marketplace than it does with the Pi Zero.

One answer to that question though could be that it is one of the first devices to support the Thread networking protocol for IoT devices. Thread is a collaboration between Google and a range of other interested parties that has been designed to deliver reliable and secure mesh networking for IoT devices in connected homes. As with all new connectivity protocols only time will tell whether Thread is the Next Big Thing, but it is interesting to note in this board nevertheless.

The ARTIK hasn’t made many waves as yet, though we covered the story when it was announced last year. It is worth mentioning that the ARTIK 5 is only the first of three platforms, the ARTIK 1 will be a tiny board with Bluetooth LE aimed at portable and wearable applications while the ARTIK 10 will be an octo-core powerhouse aimed at mulitmedia processing and network storage applications.

BBC Micro:Bit Gets An App

February 21, 2016 by Jenny List 10 Comments

It’s a small, cheap, British single board computer, and nobody can get hold of them. Another Raspberry Pi Zero story, you might think, but no, this is about the other small cheap and difficult to find British SBC, the BBC micro:bit. Samsung UK have produced an app for the micro:bit that allows owners to write code on their Android phones, and upload it to their micro:bit via Bluetooth.

The micro:bit story has played out with agonising slowness over the last year, but it seems that there may now be light at the end of the tunnel. The idea is a good one: give a small but very capable single board computer to every Year 7 (about 12 years old) child, and watch them learn something more useful about computers than how to use a Windows application. It has echoes of the BBC Micro 8-bit computer for schools sponsored by the UK government in the 1980s, and the hope is that it will help reproduce the same technical literacy enjoyed by 1980s kids.

The plan was for the youngsters to receive their boards last October but the project as been plagued by a series of delays and the latest estimate from January was that the boards would reach the kids after the school half-term. In other words within the next couple of weeks, depending on which part of the UK the school is located in.

We recently had a brief opportunity here at Hackaday to examine a micro:bit in the wild. It is a capable little board in its own right, being at heart an mbed, however the recommended web-based micro:bit IDE and compiler differs from the more usual mbed toolchain. One thing that caught our attention in the demo we were given was the micro:bit’s use of USB to deploy code; since schools lock down computer hardware to the n’th degree we were concerned that the micro:bits might not be visible on school USB ports. Easy Bluetooth deployment through the Samsung app promises to bypass that barrier, which can only be a good thing.

We’ve been watching the micro:bit story here at Hackaday from the start, most recently we noted the arrival of Python on the platform. If it has a formative influence on the generation of developers and engineers you’ll be hiring in the mid-2020s then we expect it to feature in many future stories.