Google-Inspired USB-PD Sniffer For The DIY Crowd

If you want to hack around with the communication protocol that USB Power Delivery devices use to negotiate their power requirements with the upstream source, a tool like Google’s Twinkie really helps. With it you can sniff data off the line, analyze it, and even inject your own packets. Luckily for us, the search giant made the device open source so we can all have one of our own.

Unfortunately, as [dojoe] found out, the Twinkie isn’t particularly well suited for small-scale hobbyist manufacturing. So he came up with a revised design he calls Twonkie that replaces the six layer PCB with a much more reasonable four layer version that can be manufactured cheaply by OSHPark, and swaps out the BGA components with QFP alternatives you can hand solder.

That said, it’s still likely to be a challenging build for the home gamer. There’s quite a few 0402 passives on there, and while those are doable with an iron, it can certainly be tricky. To take some pressure off, [dojoe] says he tried to optimize the board layout as much as possible for hand assembly. He was even able to avoid needing hot air by straddling the PCB with USB-C mounts intended for vertical applications.

Given the current chip shortage, [dojoe] says the biggest problem might actually getting your hands on the STM32F072CB microcontroller at the Twonkie’s core. To that end, the board supports TQFP44 and QFN44 footprints, and you can even use a STM32F072C8 at the cost of some functionality. With a bit of luck, hopefully you can find a chip that will work in the parts bin.

A Tamagotchi For WiFi Cracking

OK, let’s start this one by saying that it’s useful to know how to break security measures in order to understand how to better defend yourself, and that you shouldn’t break into any network you don’t have access to. That being said, if you want to learn about security and the weaknesses within the WPA standard, there’s no better way to do it than with a tool that mimics the behavior of a Tamagotchi.

Called the pwnagotchi, this package of artificial intelligence looks for information in local WiFi packets that can be used to crack WPA encryption. It’s able to modify itself in order to maximize the amount of useful information it’s able to obtain from whatever environment you happen to place it in. As an interesting design choice, the pwnagotchi behaves like an old Tamagotchi pet would, acting happy when it gets the inputs it needs.

This project is beyond a novelty though and goes deep in the weeds of network security. If you’re at all interested in the ways in which your own networks might be at risk, this might be a tool you can use to learn a little more about the ways of encryption, general security, and AI to boot. Of course, if you’re new to the network security world, make sure the networks you’re using are secured at least a little bit first.

Thanks to [Itay] for the tip!

The Bluetooth LCD Sniffer You Didn’t Know You Needed

At one time or another, we’ve all suffered through working with a piece of equipment that didn’t feature a way to export its data to another device. Whether it was just too old to offer such niceties, or the manufacturer locked the capability behind some upgrade, the pain of staring at digits ticking over on a glowing LCD display and wishing there was a practical way to scrape what our eyes were seeing is well known to hackers.

That was precisely the inspiration for DoMSnif, the dot matrix LCD sniffer that [Blecky] has been working on. Originally the project started as a way to record the temperature of his BRTRO-420 reflow oven, but realizing that such a device could have widespread appeal to other hardware hackers, he’s rightfully decided to enter it into the 2019 Hackaday Prize. If perfected, it could be an excellent way to bolt data capture capabilities to your older devices.

The first phase of this project was figuring out how to capture and parse the signals going into the device’s KS0108 LCD. Getting the data was certainly easy enough, he just had to hook a logic analyzer up between the display and the main board of the device. Of course, figuring out what it all means is a different story.

After running the oven for a bit with the analyzer recording, [Blecky] had more than enough data to get started on decoding it. Luckily, the layout of this fairly common 128×64 pixel display is well documented and easy enough to understand. With a little work, he was able to create a tool that would import the captured data and display it on a virtual LCD.

Unfortunately, the Bluetooth part is where things get tricky. Ultimately, [Blecky] wants to ditch the logic analyzer and use a Adafruit Feather nRF52 Bluefruit to capture the signals going to the LCD and pipe them to a waiting device over Bluetooth. But his testing has found that the nRF52’s radio is simply too slow. The display is receiving data every 14us, but it takes the radio at least 50us to send a packet.

[Blecky] is looking at ways around this problem, and we’re confident he’ll crack it. The solution could be in buffering and compressing the data before sending it out, though you’d lose the ability to monitor the display in real-time. Even if he has to abandon the Bluetooth aspect entirely and make the device wired, we still think there would be a market for an easy to use hardware and software solution for scraping LCD data.

Drone Gives Up Its Wireless Secrets To Zigbee Sniffer

There’s something thrilling about decoding an unknown communications protocol. You start with a few clues, poke at the problem with some simple tools, and eventually work your way up to that first breakthrough that lets you crack the code. It can be frustrating, but when you eventually win, it can be very rewarding.

It seems that [Jason] learned this while decoding the wireless conversation between his mass-market quad and its controller. The quad in question, a Yuneec Q500, is one of those mid-range, ready-to-fly drones that’s targeted at those looking to get in the air easily and take some cool pictures. Unsure how the drone and controller were talking, [Jason] popped the covers and found a Zigbee chipset within. With the help of a $14 Zigbee USB dongle and some packet sniffing software from TI, [Jason] was able to see packets flowing, but decoding them was laborious. Luckily, the sniffer app can be set up to stream packets to another device, so [Jason] wrote a program to receive and display packets. He used that to completely characterize each controller input and the data coming back from the drone. It’s a long and strange toolchain, but the upshot is that he’s now able to create KML in real time and track the drone on Google Earth as it flies. The video below shows the build and a few backyard test flights.

Congratulations to [Jason] for breaking the protocol and opening up drones like this for other hackers. If you’re interested in learning more about Zigbee sniffing, you can actually hack a few smarthome gadgets into useful sniffers.

Continue reading “Drone Gives Up Its Wireless Secrets To Zigbee Sniffer”

Sniffing RFID Readers With A Piece Of Paper

We feature plenty of printed projects here on Hackaday, though they tend to be of the three dimensional type thanks to the proliferation of affordable 3D printers. But in this case, [Milosch Meriac] has managed to put together a printable design that’s not only a very cool hack, but is made up of a scant two dimensions. His creation, which could perhaps be considered something of an interactive circuit diagram, allows anyone with a paper printer and a few passive components to make a functional low-frequency RFID sniffer.

[Milosch] tells us the goal of the project is to lower the barrier for experimenting with the RFID technology that’s increasingly part of our everyday lives. Rather than having to use something expensive and complicated such as an oscilloscope, experimenters can simply plug their DIY RFID sniffer into their computer’s line-in jack and explore the produced waveform with open source tools.

To create a paper RFID sniffer, you start by printing the image out on a thick piece of paper, like card stock. You then apply foil tape where indicated to serve as traces in this makeshift PCB, and start soldering on the components as described in the text. [Milosch] says the assembly procedure is so simple even a kid can do it, and the total cost of each assembled sniffer is literally pennies; making this an excellent project for schools or really any large group.

If you want to play it safe the sniffer can be connected to a USB sound card rather than your machine’s primary sound hardware, and still come in dirt cheap. [Milosch] stops short of explaining the software side of things in this particular project, but any tool which can use input from the sound card as a makeshift oscilloscope should be a good start.

In the past we’ve seen [Milosch] perform low frequency RFID sniffing through the sound card with the powerful baudline tool, but if you want a little more capable hardware, we can point you in the right direction.

ESP To Wireshark

Everyone’s favorite packet sniffing tool, Wireshark, has been around for almost two decades now. It’s one of the most popular network analysis tools available, partially due to it being free and open source. Its popularity guaranteed that it would eventually be paired with the ESP32/8266, the rising star of the wireless hardware world, and [spacehuhn] has finally brought these two tools together to sniff WiFi packets.

The library that [spacehuhn] created uses the ESP chip to save Pcap files (the default Wireshark filetype) onto an SD card or send the data over a serial connection. The program runs once every 30 seconds, creating a new Pcap file each time. There are many example scripts for the various hardware you might be using, and since this is written for the ESP platform it’s also Arduino compatible. [spacehuhn] has written this as a proof-of-concept, so there are some rough edges still, but this looks very promising as a network analysis tool.

[spacehuhn] is no stranger to wireless networks, either. His YouTube channel is full of interesting videos of him exploring various exploits and testing other pieces of hardware. He’s also been featured here before for using an ESP8266 as a WiFi jammer.

Continue reading “ESP To Wireshark”

Cheap Smarthome Gadget(s) Hacked Into Zigbee Sniffer

French hacker [akila] is building up a home automation system. In particular, he’s been working with the “SmartHome” series of gadgets made by Chinese smartphone giant, Xiaomi. First, he started off by reverse-engineering their very nicely made temperature and humidity sensor. (Original in French, hit the translate button in the lower right.) With that under his belt, he opened up the PIR motion sensor unit to discover that it has the same debugging pinouts and the same processor. Almost too easy.

For a challenge, [akila] decided it was time to implement something useful in one of these gadgets: a ZigBee sniffer so that he can tell what’s going on in the rest of his home network. He built a USB/serial programming cable to work with the NXP JN5169’s bootloader, downloaded the SDK, and rolled up his sleeves to get to work.

While trolling through the SDK, he found some interesting firmware called “JennicSniffer”. Well, that was easy. There’s a demo version of a protocol analyzer that he used. It would be cool to get this working with Wireshark, but that’s a project for another day. [Akila] got far enough with the demo analyzer to discover that the packets sent by the various devices in the home network are encrypted. That’s good news for the security-conscious out there and stands as the next open item on [akila]’s to-do list.

We don’t see as many ZigBee hacks as we’d expect, but they’ve definitely got a solid niche in home automation because of commercial offerings like Philips Hue and Wink. And of course, there’s the XBee line of wireless communications modules. We just wrote up a ZigBee hack that aims to work with the Hue system, though, so maybe times are changing?