When Will Our Cars Finally Speak the Same Language? DSRC for Vehicles

At the turn of the 21st century, it became pretty clear that even our cars wouldn’t escape the Digital Revolution. Years before anyone even uttered the term “smartphone”, it seemed obvious that automobiles would not only become increasingly computer-laden, but they’d need a way to communicate with each other and the world around them. After all, the potential gains would be enormous. Imagine if all the cars on the road could tell what their peers were doing?

Forget about rear-end collisions; a car slamming on the brakes would broadcast its intention to stop and trigger a response in the vehicle behind it before the human occupants even realized what was happening. On the highway, vehicles could synchronize their cruise control systems, creating “flocks” of cars that moved in unison and maintained a safe distance from each other. You’d never need to stop to pay a toll, as your vehicle’s computer would communicate with the toll booth and deduct the money directly from your bank account. All of this, and more, would one day be possible. But only if a special low-latency vehicle to vehicle communication protocol could be developed, and only if it was mandated that all new cars integrate the technology.

Except of course, that never happened. While modern cars are brimming with sensors and computing power just as predicted, they operate in isolation from the other vehicles on the road. Despite this, a well-equipped car rolling off the lot today is capable of all the tricks promised to us by car magazines circa 1998, and some that even the most breathless of publications would have considered too fantastic to publish. Faced with the challenge of building increasingly “smart” vehicles, manufacturers developed their own individual approaches that don’t rely on an omnipresent vehicle to vehicle communication network. The automotive industry has embraced technology like radar, LiDAR, and computer vision, things which back in the 1990s would have been tantamount to saying cars in the future would avoid traffic jams by simply flying over them.

In light of all these advancements, you might be surprised to find that the seemingly antiquated concept of vehicle to vehicle communication originally proposed decades ago hasn’t gone the way of the cassette tape. There’s still a push to implement Dedicated Short-Range Communications (DSRC), a WiFi-derived protocol designed specifically for automotive applications which at this point has been a work in progress for over 20 years. Supporters believe DSRC still holds promise for reducing accidents, but opponents believe it’s a technology which has been superseded by more capable systems. To complicate matters, a valuable section of the radio spectrum reserved for DSRC by the Federal Communications Commission all the way back in 1999 still remains all but unused. So what exactly does DSRC offer, and do we really still need it as we approach the era of “self-driving” cars?

Continue reading “When Will Our Cars Finally Speak the Same Language? DSRC for Vehicles”

A Malicious WiFi Backdoor In A Keyboard’s Clothing

The USB Rubber Ducky burst onto the scene a few years ago, and invented a new attack vector – keystroke injection. The malicious USB device presents itself as a keyboard to the target system, blurting out keystrokes at up to 1000 words per minute. The device is typically used to open a phishing site or otherwise enter commands to exfiltrate data from the victim. Now things have stepped up a notch, with ESPloitV2 – a WiFi-enabled take on the same concept.

Running on the Cactus WHID platform, the device is so named for the ESP12 WiFi microcontroller it employs, along with an Atmega 32u4 for USB HID device emulation. By virtue of its wireless connection, no longer does the aspiring hacker have to rely on pre-cooked routines. Various exploits can be stored in the ESP12’s spacious 4 megabytes of flash, and there’s even the potential to live type your attack if you’re feeling bold.

It goes to show that the trust we implicitly place in foreign USB devices is potentially our future downfall. BadUSB is another great example, and the USB Wrapper is a great way to get a charge if you’re stuck using an untrusted port.

 

Humans vs. Zombies Via The ESP8266

Zombies, for the most part, remain fictional and are yet to trouble human communities. Despite the many real world calamities we face, the zombie concept remains a compelling one and the subject of many books, films, and video games. [CNLohr] was at MagStock Eight when he met [Aaron], who has developed a real world game in this vein. (YouTube, embedded below.)

[Aaron]’s game goes by the name of SpyTag, and is played by a group of people who each have a small device affixed to their wrist. Two players start off as zombies, and the rest are humans. The zombies can use their devices as proximity detectors to hunt down nearby humans, and the humans can use their devices to detect nearby zombies, helping them escape and evade.

The devices operate using the ESP8266, in AP+station mode. The proximity sensing works on a very simple method. Devices show their human or zombie status by appearing as a WiFi AP by that name, and proximity detection is achieved by showing the signal strength of the opposite AP on an LED bar on the device. Once zombies get close enough to human devices, the humans are infected and become zombies themselves.

It’s a tidy and lightweight way to implement the gameplay, and requires no infrastructure or support hardware outside of the wristband hardware for the players. While this method would likely be vulnerable to spoofing, [CNLohr] reports that future work will likely switch to using the ESP-NOW protocol to make the game more secure.

[Aaron] has shared the project on Github for those interested in digging deeper into the code. We’ve seen a similar game played before, using IR instead. Video after the break.

[Thanks to Baldpower for the tip!]

Continue reading “Humans vs. Zombies Via The ESP8266”

Badland Brawler Lets Arduino Tackle Terrain

For an electronics person, building the mechanics of a robot — especially a robust robot — can be somewhat daunting. [Jithin] started with an off-the-shelf 4 wheel drive chassis to build an off-road Arduino robot he calls the Badland Brawler. The kit was a bit over $100, but as you can see in the video below, it is pretty substantial, with an enclosed frame and large mud tires.

The remaining parts include an Arduino, a battery, and a motor driver IC. The Arduino is one with WiFi (an MKR 1000, in fact) and there’s a phone app for controlling the robot.

Honestly, once you have the chassis taken care of, the rest is pretty easy. Of course, the phone app is a bit more effort, but you could replace it in a number of ways. Blynk, comes to mind, for example.

The motor drivers are easy to figure out. This would be a great platform for some sensors to allow for more autonomy. We liked how the frame had mount points for a lot of different boards and sensors and could hold everything, for the most part, inside. That’s probably a good idea for a robot which will be traversing rugged terrain.

If you do decide to roll your own app with Blynk, we’ve done it with a very different kind of robot. Four-wheel drive robots don’t have to be big, as we’ve seen in the past.

Continue reading “Badland Brawler Lets Arduino Tackle Terrain”

Hacking Hackaday.io from CircuitPython

If you’ve ever engaged in social media, you’re familiar with the little thrill you receive when your post, tweet, or project gets a like. But, if logging in feels like too much overhead to obtain your dopamine reward, [pt’s] CircuitPython Hackaday portal may be just what you’re looking for. This project creates a stand-alone counter to display the number of “skulls” (aka likes) received by a project on hackaday.io, and of course, it’s currently counting its own.

The code is running on a SAMD51 (Cortex M4) microcontroller and serving up the skulls on 240×320 TFT display. For WiFi connectivity, the project uses an ESP-32 controlled through the usual AT command set. All the gory details of this interaction are abstracted away by a CircuitPython library, which is great because that code really isn’t something you want to write for every project. The program accesses the hackaday.io API to retrieve the number of skulls for the project, but could be easily modified to interface with any service that returned a JSON result.

We’ve been seeing a lot of CircuitPython code lately. Just in case you’re not familiar with it, CircuitPython is Adafruit’s version of Micropython, a python language targeted at embedded processors. While it sounds like something concocted purely to make old-school embedded-C programmers grumble, it’s actually powerful and convenient for embedded prototyping and development. Fueled by the speed of the latest inexpensive microcontrollers and a rapidly growing set of libraries that take the sting out of using integrated peripherals and common hacker-friendly parts, it offers a solid alternative to older embedded frameworks. There are lots of examples around if you want to get started, and we’re maintaining our own list of CircuitPython projects over on hackaday.io that you can check out.

You can see a video of the display after the break. It’s not a live stream, so you won’t see your like appear on the display, but rest assured, [pt] will!

Continue reading “Hacking Hackaday.io from CircuitPython”

Smartphone App Uses AR to Visualize The RF Spectrum

Have you ever wished you could see in the RF part of the radio spectrum? While such a skill would probably make it hard to get a good night’s rest, it would at least allow you to instantly see dead spots in your WiFi coverage. Not a bad tradeoff.

Unwilling to go full [Geordi La Forge] to be able to visualize RF, [Ken Kawamoto] built the next best thing – an augmented-reality RF signal strength app for his smartphone. Built to aid in the repositioning of his router in the post-holiday cleanup, the app uses the Android ARCore framework to figure out where in the house the phone is and overlays a color-coded sphere representing sensor data onto the current camera image. The spheres persist in 3D space, leaving a trail of virtual breadcrumbs that map out the sensor data as you warwalk the house. The app also lets you map Bluetooth and LTE coverage, but RF isn’t its only input: if your phone is properly equipped, magnetic fields and barometric pressure can also be AR mapped. We found the Bluetooth demo in the video below particularly interesting; it’s amazing how much the signal is attenuated by a double layer of aluminum foil. [Ken] even came up with an Arduino with a gas sensor that talks to the phone and maps the atmosphere around the kitchen stove.

The app is called AR Sensor and is available on the Play Store, but you’ll need at least Android 8.0 to play. If your phone is behind the times like ours, you might have to settle for mapping your RF world the hard way.

Continue reading “Smartphone App Uses AR to Visualize The RF Spectrum”

Underclocking the ESP8266 Leads To WiFi Weirdness

Sometimes the best hacks come from the most basic of questions. In this case, [CNLohr] was wondering what would happen if he started to reduce the clock speed of the ESP8266’s Baseband PLL (BBPLL) while still trying to communicate with it. You know, as one does. The results ended up being fairly surprising, and while it’s not immediately clear if there’s a practical application for this particular trick, it’s certainly worth some additional research.

Code for stepping through clock speeds

The idea here is that the BBPLL is the reference clock for the entire system, including all of the peripherals. So underclocking it doesn’t just slow down code execution as you might expect, but it also slows down the chip’s interactions with the outside world. [CNLohr] demonstrates this concept in the video below, showing how the baud rate used to view the serial output from the ESP8266 needs to be adjusted to match the chip’s frequency or else you’ll only get garbage on the line.

But what happens to the WiFi? As [CNLohr] discovered, while the center frequency itself doesn’t change, the channel width gets narrower as the clock rate is lowered. When viewed on the waterfall display of a software defined radio (SDR), the transmission can be seen “compressing” in a step pattern as the clock rate is reduced. As one might expect, the 802.11 packets become indecipherable to a normal WiFi device running in monitor mode. The signal is still at the correct frequency, but the devices can no longer understand each other.

Now it was time for another of those basic questions. What would happen if you did the same thing to a second ESP8266? Much to his surprise, [CNLohr] discovered that the two devices could still communicate successfully as long as their BBPLL clock speed was the same. From an outsider’s perspective it looked like gibberish, but to the two ESPs which had been slowed by the same amount, everything worked as expected even though the 802.11 standards say it shouldn’t.

So what can you do with this? The most obvious application is a “stealth” WiFi connection between ESP8266s which wouldn’t show up to normal devices, a communications channel invisible to all but the most astute eavesdropper. [CNLohr] has made all the source code to pull this trick off public on GitHub, and it should be interesting to see what kind of applications (if any) hackers find for this standards-breaking behavior.

If your thing is devices being forced into operations they were never intended to by particularly twisted hackers, check out our recent coverage of the USB serial adapter turned SDR by [Ted Yapo].

Continue reading “Underclocking the ESP8266 Leads To WiFi Weirdness”