I’m Your Overlord, May I Take Your Order?

If you’ve ever been at an eatery and thought the server was a bit robotic, you should try San Francisco’s Mezli. The restaurant claims to be the first one to be totally automated. There are no humans in there. The restaurant serves Mediterranean grain bowls. Honestly, it is hard to decide if Mezli is a restaurant or a very sophisticated vending machine.

Then again, that makes sense. Only in science fiction do you have androids flying spaceships. In real life, the robot probably is the spaceship. Obviously, someone is still loading ingredients into the machine — some precooked — but that’s about it. Some restaurants let you order from a computer while a human makes your food and we’ve seen a few automated chefs, but nothing with this degree of mechanization.

Continue reading “I’m Your Overlord, May I Take Your Order?”

Cracking The MiFare Classic Could Get You Free Snacks

[Guillermo] started a new job a while back. That job came with an NFC access card, which was used for booking rooms and building access. The card also served as a wallet for using the vending machines. He set about hacking the card to see what he could uncover.

Initial scans with NFC Tools revealed the card was an Infineon MIFARE Classic Card 1k. These cards are considered fairly old and insecure by now. There’s plenty of guides online on how to crack the private keys that are supposed to make the card secure. Conveniently, [Guillermo] had a reader/writer on hand for these very cards.

[Guillermo] was able to use a tool called mfoc to dump the keys and data off the card. From there, he was able to determine that the credit for the vending machines was stored on the card itself, rather than on a remote server.

This means that it’s simple to change the values on the card in order to get free credit, and thus free snacks. However, [Guillermo] wisely resisted the urge to cash in on candy and sodas. When totals from the machine and credit system were reconciled, there’d be a clear discrepancy, and a short investigation would quickly point to his own card.

He also managed to successfully clone a card onto a “Magic Mifare” from Amazon. In testing, the card performed flawlessly on all systems he tried it on.

It goes to show just how vulnerable some NFC-based access control systems really are. RFID tags are often not as safe as you’d hope, either!

Coin Acceptors Are Higher-Tech Than You Think

Coin-operated machines have a longer history than you might think. Ancient temples used them to dispense, for example, holy water to the faithful in return for their coins. Old payphones rang a bell when you inserted a coin so the operator knew you paid. Old pinball machines had a wire to catch things with holes in the middle so you couldn’t play with washers. But like everything else, coin acceptors have advanced quite a bit. [Electronoobs] shows a unit that can accept coins from different countries and it is surprisingly complex inside. He used what he learned from the teardown to build his own Arduino-based version.

For scale, there is the obligatory banana. Inside the box there are several induction coils and some photo electronics. In particular, there are two optical sensors that watch the coin roll down a ramp. This produces two pulses. The width of the pulse indicates the diameter of the coin, and the time between the pulses tells its speed.

Continue reading “Coin Acceptors Are Higher-Tech Than You Think”

A Mini Vending Machine To Ramp Up Your Sales

A common sight in the world of hackerspaces is an old vending machine repurposed from hawking soda cans into a one-stop shop for Arduinos or other useful components. [Gabriel D’Espindula]’s mini vending machine may have been originally designed as an exercise for his students and may not be full sized, but we can see it or machines like it taking away some of the demand for those surplus models.

Its construction mimics that of some older 3D printers in using laser-cut ply to form the components of a box. Behind a clear lockable door are the shelves containing the products, at the back of which are continuous rotation servos that will drive the spiral Archimedes screws that eject the products. To the side is a membrane keypad and display, and the whole is drawn together with an STM32 board and an Arduino. It supports both RFID card login and keyboard login, and though it’s not finished we can see it forming the basis of a very useful system.

He’s posted the most recent progress in the form of a video that we’ve placed below the break. All the various files are available for download, so should you fancy one yourself then you have a good chance of success.

Continue reading “A Mini Vending Machine To Ramp Up Your Sales”

The Automated Solution To Your Unpopularity

You feel that you’re unpopular and no one likes you. The bad news is that if that’s the case in the real world there’s no easy way to fix it. The good news is there’s a great substitute — your popularity on Instagram. With this vending machine you can replace your personality with followers on Instagram. It’s just a shame we have to wait a year until Coachella.

This project is an interactive installation from [Dries Depoorter] that makes it possible to buy followers and likes in just a few seconds. It’s not limited to Instagram — you can get followers on FaceBook, YouTube, and Twitter, too. The hardware consists of a Raspberry Pi 3B+, an Arduino, coin acceptor, a few character LCDs running over I2C, and somewhat surprising for a one-off ‘art installation’, a lot of DIN rails mounted to a real industrial enclosure. Someone here knows what they’re doing;  there’s something resembling cable management inside this box and this vending machine is built to last.

Using this vending machine is as easy as sticking a few Euro coins in the slot and selecting the number of followers or likes you’d like. In a few minutes afterward, hundreds of notifications pop up on your phone. There’s no mention of the software in this vending machine aside from it being written in Python, which makes us wonder where these Instagram bots are based. Check out the video below.

Continue reading “The Automated Solution To Your Unpopularity”

Hacker Pops Top On NFC Vending Machines

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a vending machine that offered users the ability to pay from an application on their phone, he immediately got to wondering if the system could be compromised. After all, how much thought would be put into the security of a machine that basically sells flavored water? The answer, perhaps not surprisingly, is very little.

The write-up [Matteo] has put together is an outstanding case study in hacking Android applications, from pulling the .apk package off the phone to decompiling it into its principal components with programs like apktool and jadx. He even shows how you can reassemble the package and get it suitable for reinstallation on your device after fiddling around with the source code. If you’ve ever wanted a crash course on taking a peek inside of Android programs, this is a great resource.

By snooping around in the source code, [Matteo] was able to discover not only the location of the encrypted database that serves as the “wallet” for the user, but the routine that generates the encryption key. To cut a long story short, the program simply uses the phone’s IMEI as the key to get into the database. With that in hand, he was able to get into the wallet and give himself a nice stack of “coins” for the next time he hit the vending machines. Given his new-found knowledge of how the system works, he even came up with a separate Android app that allows adding credit to the user’s account on a rooted device.

In the video after the break, [Matteo] demonstrates his program by buying a soda and then bumping his credit back up to buy another. He ends his write-up by saying that he has reported his findings to the company that manufacturers the vending machines, but no word on what (if any) changes they plan on making. At the end of the day, you have to wonder what the cost-befit analysis looks like for a full security overhaul when when you’re only selling sodas and bags of chips.

When he isn’t liberating carbonated beverages from their capitalistic prisons, he’s freeing peripherals from their arbitrary OS limitations. We’re starting to get a good idea about what makes this guy tick.

Continue reading “Hacker Pops Top On NFC Vending Machines”