Othermachine Co. is not a big company. Their flagship product, the Othermill, is made in small, careful batches. As we’ve seen with other small hardware companies, the manufacturing process can make or break the company. While we toured their factory in Berkeley California, a few interesting things stood out to us about their process which showed their manufacturing competence.
It’s not often that small companies share the secrets of their shop floor. Many of us have dreams of selling kits, so any lessons that can be learned from those who have come before is valuable. The goal of any manufacturing process optimization is to reduce cost while simultaneously maintaining or increasing quality. Despite what cynics would like to believe, this is often entirely possible and often embarrassingly easy to accomplish.
Lean manufacturing defines seven wastes that can be optimized out of a process.
- Overproduction: Simply, making more than you currently have demand for. This is a really common mistake for first time producers.
- Inventory: Storing more than you need to meet production or demand. Nearly every company I’ve worked for has this problem. There is an art to having just enough. Don’t buy one bulk order of 3,000 screws for six months, order 500 screws every month as needed.
- Waiting: Having significant delays between processes. These are things ranging from running out of USB cables to simply having to wait too long for something to arrive on a conveyor belt. Do everything you can to make sure the process is always flowing from one step to another.
- Motion: If you have a person walking back and forth between the ends of the factory to complete one step of the manufacturing process, this is wasted motion.
- Transport: Different from motion, this is waste in moving the products of each individual process between sections of the assembly.
- Rework: Get it right the first time. If your process can’t produce a product that meets specifications, fix the process.
- Over-processing: Don’t do more work than is necessary. If your part specifies 1000 hours of runtime don’t buy a million dollar machine to get 2000 hours out of it. If you can find a way to do it with one step, don’t do it with three.
The first thing that stuck out to me upon entering Othermachine Co’s shop floor is their meticulous system for getting small batches through the factory in a timely manner. This allows them to scale their production as their demand fluctuates. CNCs and 3D printers are definitely seasonal purchases; with sales often increasing in the winter months when hackers are no longer lured away from their workstations by nice weather.
As the seven sins proclaim. It would be a bad move for Othermachine Co. to make too many mills. Let’s say they had made an extra 100 mills while demand was at a seasonal low. If they found a design or quality problem from customer feedback they’d have to commit to rework, potentially throwing away piles of defective parts. If they want to push a change to the machine or release a new model they’d either have to rework the machines, trash them, or wait till they all sold before improving their product. Even worse, they may find themselves twiddling their thumbs waiting for their supply to decrease enough to start manufacturing again. This deprives them of opportunities to improve their process and leads to a lax work environment.
One way to ensure that parts are properly handled and inventory is kept to a minimum is with proper visual controls. To this end, Othermachine Co has custom cardboard bins made that perfectly cradle all the precision parts for each process in their own color coded container. Since the shop floor is quite small, it lets them focus on making spindle assemblies one day and motion assemblies another without having to waste time between each step. Also, someone can rekit the parts for a recently completed step easily without interrupting work on the current process going on.
It’s hard to define what’s over processing and what isn’t. My favorite example of what isnt, and something I’ve fought for on nearly every factory floor I’ve worked on is proper torque limiting screwdrivers. They’re a little expensive, but they are a wonderful tool that helps to avoid costly rework and over processing. For example, let’s say you didn’t have a torque limiting screwdriver. Maybe your customers would complain that occasionally a screw came loose. Now, one way to solve this would be the liberal application of Loctite. Another way would be an additional inspection step. Both of these are additional and completely uneccessary steps as most screws will hold as long as they are torqued properly.
In one factory I worked in, it was often a problem that a recently hired worker would overtorque a screw, either stripping it or damaging the parts it was mating together. A torque limiting screwdriver takes the worker’s physical strength out of the equation, while reducing their fatigue throughout the day. It’s a win/win. Any time a crucial step can go from unknown to trusted with the application of a proper tool or test step it is worth it.
Another section where Othermachine Co. applied this principle is with the final machining step for the CNC bed. The step produces a large amount of waste chips. Rather than having an employee waste time vacuuming out every Othermill after it has gone through this process, they spent some time designing a custom vacuum attachment. This essentially removed an entire production step. Not bad!
With the proper management of waste it is entirely possible to save money and improve a process at the same time. It takes a bit of training to learn how to see it. It helps to have an experienced person around in order to learn how to properly respond to them, but with a bit of practice it becomes a skill that spreads to all areas of life. Have any of you had experience with this kind of problem solving? I’ve really enjoyed learning from the work stories posted in the comments.
Filed under: Curated, Engineering
“Which came first, the chicken or the egg?” Don’t bother us with stupid questions, they both co-evolved into the forms that we now serve up in tasty sandwiches or omelets, respectively. “Which came first, the HC-05 serial-flash-hack, or the wireless Bluetooth Gamepad?” Our guess is that [mitxela] wanted to play around with the dirt-cheap Bluetooth modules, and that building the wireless controller was an afterthought. But for that, it’s a well-done afterthought! (Video below the break.)
It all starts with the HC-05 Bluetooth module, which is meant to transfer serial data, but which can be converted into a general-purpose device costing ten times as much with a simple Flash ROM replacement. The usual way around this requires bit-banging over a parallel port, but hackers have worked out a way to do the same thing in bit-bang mode using a normal USB/Serial adapter. The first part of [mitxela]’s post describes this odyssey.
With his Bluetooth module now functioning as a gamepad, [mitxela] just needs a gamepad to play around with. After finding an exotic vintage SNES controller on eBay, he hot-airs the old logic off, adds magnet wires to the leads, tosses in an ATtiny2313 for good measure, and he’s done! It’s a beautiful controller, with custom firmware and a custom ROM in the Bluetooth. Beauty!
[mitxela] is no stranger to Hackaday: we’ve covered his tiny MIDI squarewave synths before. You should really go check out all the projects on his blog.
Filed under: ATtiny Hacks, Microcontrollers, peripherals hacks
[gocivici] threatened us with a tutorial on positional astronomy when we started reading his tutorial on a Arduino Powered Star Pointer and he delivered. We’d pick him to help us take the One Ring to Mordor; we’d never get lost and his threat-delivery-rate makes him less likely to pull a Boromir.
As we mentioned he starts off with a really succinct and well written tutorial on celestial coordinates that antiquity would have killed to have. If we were writing a bit of code to do our own positional astronomy system, this is the tab we’d have open. Incidentally, that’s exactly what he encourages those who have followed the tutorial to do.
The star pointer itself is a high powered green laser pointer (battery powered), 3D printed parts, and an amalgam of fourteen dollars of Chinese tech cruft. The project uses two Arduino clones to process serial commands and manage two 28byj-48 stepper motors. The 2nd Arduino clone was purely to supplement the digital pins of the first; we paused a bit at that, but then we realized that import arduinos have gotten so cheap they probably are more affordable than an I2C breakout board or stepper driver these days. The body was designed with a mixture of Tinkercad and something we’d not heard of, OpenJsCAD.
Once it’s all assembled and tested the only thing left to do is go outside with your contraption. After making sure that you’ve followed all the local regulations for not pointing lasers at airplanes, point the laser at the north star. After that you can plug in any star coordinate and the laser will swing towards it and track its location in the sky. Pretty cool.
Filed under: Arduino Hacks, cnc hacks, news, solar hacks
Computational Fluid Dynamics, or CFD, and is applied to everything from aircraft design to how good of a wing a new skyscraper will be. Of course, the science of building airfoils is much older than CFD, leading to the question of how airfoil design was done before computers.
The answer, of course, is a wind tunnel. Walk around a few very good air museums, and you’ll find wind tunnels ranging from the long wooden boxes built by the Wright brothers to fantastic plywood contraptions that are exceptionally interesting to woodworkers.
[Joel] needed final project as an upcoming aeronautical engineer, but he wanted his project to be something physical, and a tool that could be used again. He decided to build a wind tunnel that’s also his entry for The Hackaday Prize.
This wind tunnel isn’t a gigantic device the size of a building. The very first wind tunnels were simple devices just a few meters long. With a fan at one end, a section to stabilize the wind, a chamber, and a place for the air to go, it’s also a very simple device. Just because something is simple doesn’t mean anyone has built one recently, though: [Joel] couldn’t find anyone who built a wind tunnel with step-by-step instructions. This project is just that – an Open Source wind tunnel.
The design of this wind tunnel is simple enough, built out of fiberglass with relatively simple molds. The design can be adapted to various electric fans, and the most fun part of the build – the smoke machine – is already complete.The HackadayPrize2016 is Sponsored by:
Filed under: The Hackaday Prize
Sometimes, a simple fix is the best solution. Lacking extra funds for a proper remote-controlled gate-opener after the recent purchase of their farm, redditor [amaurer3210] built one as a birthday gift for his wife.
Supported on pillow block housings, a 10″ wheel is connected to the motor by via a 3D printed pulley and a timing belt turned inside-out to allow for slippage — in case of obstacles or manual opening of the gate. If you’ve ever worked with belts in your builds, [amaurer3210] adds that during sizing he uses a few layers of fiberglass tape as a stand-in for the belt to avoid frustration over final belt size and tension.
The motor is a a cordless SKIL drill motor, perfectly suited to the purpose with its low-rpm, high-torque planetary drive. Making heavy use of his 3D printer, the motor, a homemade wire-wound resistor (to step down the 12V power supply to 3V for the motor), and an eMylo 12V wireless wireless relay cheaply acquired online are all mounted with printed parts — as well as the housings, pulleys and brackets — in ABS plastic to avoid softening in the day’s heat. Perimeter security is maintained via a gate latch controlled by a solenoid wired in parallel with the motor to unlock when the motor starts.
A bungee acts as a tensioner to keep the wheel pressed against the ground while also allowing it to roll over obstacles. The simple ‘hold open until the gate is open and vice-versa’ remote operation completes a build that needs no extra flair to be effective.
Looking to facilitate other outdoor activities around the homestead? How about a remote-controlled lawnmower.
Filed under: 3d Printer hacks, home hacks
Some people really enjoy the kind of computer mouse that would not be entirely out of place in a F-16 cockpit. The kind of mouse that can launch a browser with the gentle shifting of one of its thirty-eight buttons ever so slightly to the left and open their garage door with a shifting to the right of that same button. However, can this power be used for evil, and not just frustrating guest users of their computer?
We’ve heard of the trusted peripheral being repurposed for nefarious uses before. Sometimes they’ve even been modified for more benign purposes. All of these have a common trend. The mouse itself must be physically modified to add the vulnerability or feature. However, the advanced mice with macro support can be used as is for a vulnerability.
The example in this case is a Logitech G-series gaming mouse. The mouse has the ability to store multiple personal settings in its memory. That way someone could take the mouse to multiple computers and still have all their settings available. [Stefan Keisse] discovered that the 100 command limit on the macros for each button are more than enough to get a full reverse shell on the target computer.
Considering how frustratingly easy it can be to accidentally press an auxiliary button on these mice, all an attacker would need to do is wait after delivering the sabotaged mouse. Video of the exploit after the break.
Filed under: computer hacks, news, peripherals hacks
It doesn’t matter how many bits your password has, how proven your encryption is, or how many TrueCrypt volumes are on your computer. If someone wants data off your device, they can get it if they have physical access to your device. This is the ‘evil maid’ security scenario, named after hotel maids on the payroll of a three-letter agency. If someone has physical access to a laptop – even for an hour or two – the data on that laptop can be considered compromised. Until now, there has been no counter to this Evil Maid scenario, and for good reason. Preventing access to data even when it is in the possession of an Evil Maid is a very, very hard problem.
Today, Design Shift has released ORWL (as in George Orwell), the first computer designed with physical security in mind. This tiny disc of a computer is designed to defeat an Evil Maid through some very clever engineering on top of encryption tools we already use.
At its heart, ORWL is a relatively basic PC. The CPU is an Intel Skylake, graphics are integrated Intel 515 with 4K support over a micro HDMI connection, RAM is either 4 or 8GB, storage is a 120 or 480GB SSD with AES 256-bit encryption, and wireless is Bluetooth 4.1 and 802.11 a/b/g/n/AC. Power is delivered through one of the two USB 3.0 Type C connectors. The specs are sufficient, but are in no way the major selling point of this computer.
The reason ORWL exists is to be a physically secure computer, and this is where the fun happens. ORWL’s entire motherboard is surrounded by an ‘active secure mesh’ – an enclosure wrapped with electronic traces monitored by the MAX32550 DeepCover Secure Cortex-M3 microcontroller. If this microcontroller detects a break in this mesh, the SSD auto-encrypts, the CPU shuts down, and all data is lost. Even turning on the computer requires a secure key with NFC and Bluetooth LE. If ORWL is moved, or inertial sensors are tripped when the key is away, the secure MCU locks down the system. Of course, this microcontroller is powered by a small internal battery. If nothing else, the (eventual, but hopefully not soon) exploit that will open ORWL’s data up without the security key will be very, very cool.
We first heard of ORWL a few months ago from Black Hat Europe. Now this secure computer is up on Crowdsupply, with an ORWL available for $700, delivered later this year. The comments for our first post on this computer were unusually entertaining, beginning with the obvious question of why this was designed for Windows 10, and continuing to YAG lasers and cat’s whisker JTAG debuggers.
It’s irresponsible to claim ORWL will never be compromised. There are ways around every type of security, even if that method is a rubber hose and a pipe wrench. The question ORWL presents is if a computer designed with physical security in mind can be a success in both the market place and against an Evil Maid. That’s a question we can’t wait to see answered.
Filed under: security hacks
When I start up a new project, one that’s going to be worth writing up later on, I find it’s useful to get myself into the right mindset. I’m not a big planner like some people are — sometimes I like to let the project find its own way. But there’s also the real risk of getting lost in the details unless I rein myself in a little bit. I’m not alone in this tendency, of course. In the geek world, this is known as “yak shaving“.
The phrase comes obliquely from a Ren and Stimpy episode, and refers to common phenomenon where to get one thing done you have to first solve another problem. The second problem, of course, involves solving a third, and so on. So through this (potentially long) chain of dependencies, what looks like shaving a yak is obliquely working on cracking some actually relevant problem.
Yak shaving has been interpreted by many folks as being always a distraction from the main task — necessarily a bad thing — and something to be avoided at all costs. Others have interpreted yak shaving as an annoyance that must be nevertheless be dealt with. But yak shaving can also be an enjoyable diversion that contributes to the end goal, or it can also be like the way that spending a year learning to string a bow was reported to work in Zen and the Art of Archery — as a meditation on the finest details that results in transcendent mastery of the whole. At least for me, yak shaving has been all of these things, which makes it tricky to know when to put down the razor and try to refocus on the main problem.
One thing that helps me to navigate these treacherous waters is to classify a project into one of a couple modalities before starting: is it a Hacker-mode project, or a Maker-mode project, or somewhere in between? Hacker and Maker projects require different tools, different degrees of certainty in planning the outcome, different working methods, and different approaches to yak shaving. Sorting this all out beforehand is at least worth the few minutes it takes to think it all through.Maker Mode
Some projects are started purely to get the project done. That sounds simple enough, and of course there are many steps along the way from idea to finished work, but the prototypical Maker-mode project can be planned out in detail from the start, accomplished with “normal” tools using skills that you’ve already got, and not a place for yak shaving. For these projects, the biggest obstacle to success is just doing it.
This is where tools like pre-canned software libraries and off-the-shelf parts or modules are great. The point of a Maker project is to get the thing made, and there’s no sense in reinventing (or even refining) the wheel. Maker mode projects are great to ship out to PCB houses as well. Plans can be made, parts ordered, and the relatively slow turnaround in external board fabrication just adds a delay rather than lengthening the amount of time it takes to get the project done. You might as well get started on the next project while waiting for delivery, because the board will “just work”.
The extreme Maker stance on yak shaving is that it’s always a waste of time. Spending too much time on tiny or inconsequential parts of the project risks delaying the whole. When you nonetheless find yourself down a yak-shaving dead-end, it’s a good time to think if that part of the project is essential, or if it can be approximated, allowing one to move on. Make everything as smooth as possible. Get it finished.
(Contrary to the “Cult of Done” folks’ assertions) Maker mode is not an excuse to be sloppy or avoid detail work. Indeed, because issues can be foreseen, it makes sense to plan things out and avoid uncertainty and mistakes upfront. In building an SD-card-based audio recorder, for instance, you know the frequency response you need, can figure out the data rates, and can select the right hardware and firmware from these data. Wire them up in the easiest way possible, and get it done.Hacker Mode
Hacker-mode projects are a lot fuzzier from the start. A hacker mode project often starts out with a new piece of gear, and a vague idea that it can be made to do something interesting. Maybe the SD-card audio recorder example above is actually a bat-call recorder, and the microphone is only spec’ed up to 20 kHz but it could probably be run a lot higher. Or maybe the project is looking into an IoT device to see what makes it tick, and if the firmware can be broken into. Only one way to find out!
The planning phase is often more about assembling a list of possibilities than making a list of sequential steps; hacking is dealing with uncertainties. Where planning a Maker-mode project answers “how do I make this?”, planning a hacker-mode project runs more along the lines of “I wonder if I can make it do this?”.
[Sprite_TM]’s hard drive hack from OHM2013The tools needed for a Hacker project are lower-level. A scope, a logic analyser, and other gear that can be programmed to inject signals into the system under study are all handy. In Hacker mode, it’s good to have a well-stuffed toolbox, because you don’t know what you’re going to need, and what you’re not. Still, you don’t always have all the tools on hand that you’re going to need, and some of them will need to be custom-built. In the context of a Maker project, tool-building exercises are often undesirable yak shaving. In a Hacker project, the right (low-level) tool or insight can often be the key to success.
Hacker mode projects are also a lot less conducive to waiting time between steps. If you know that you’re going to have to repeat a step over and over again, it makes sense to spend some time optimizing that step. If it’s re-running a test a million times, you’re going to be happier if it’s scripted than if it involves pull-down menus. If it’s a PCB design that’s going to need to be respun five times over, a two-week waiting time to order the cheapest fabrication is repeated five times — it’s worth doing it yourself or paying for a faster service. Knowing where a Hacker-mode project is uncertain helps to manage the uncertainty.The Real World Do they need shaving?
Any real project is going to share aspects of these two extremes, of course. Some “purely” Maker projects will involve jig-making and tool-building to get the job done efficiently or beautifully. Those are yaks that need to be shaved. Conversely, unless you need very specific timings for some esoteric timing attack, there’s very little to be gained by writing your own bit-banged JTAG library; almost any Hacker-mode project can get by using an off-the-shelf tool.
The Hacker/Maker distinction is further blurred when you’re building a concrete project, but your actual goal is learning a new programming language or SDK or chip family. Learning projects are basically Maker projects, but the goal is picking up some new skills rather than a physical artifact. In learning projects, there’s little uncertainty — you can probably learn anything — but diving deep into the tools may be part of the goal rather than a step along the way. When your goal is to deepen your knowledge, what would seem to be negative yak shaving is actually the work you need to do. Indeed, once you’ve learned what you came to learn, it might be time to abandon the physical thing even if it’s not done, which is anathema to a Maker project.
The point here is to be explicit about the goal upfront, because it should influence the amount of planning, choice of tools, and even what constitutes positive or negative yak shaving along the way. If you find yourself caught up in infinite regress on an Maker project, write it up as a Hacker project to figure out later, and sidestep the issue for now if possible. Conversely, don’t feel that you should never be allowed to fully investigate some arcane aspect of a problem, because that’s where good Hacker insights come from. Some yaks just need shaving!
Filed under: Curated, Original Art, rants
“Round up the usual suspects…”
[CNLohr] just can’t get enough of the ESP8266 these days — now he’s working on getting a version of V-USB software low-speed USB device emulation working on the thing. (GitHub link here, video also embedded below.) That’s not likely to be an afternoon project, and we should warn you that it’s still a project in progress, but he’s made some in-progress material available, and if you’re interested either in USB or the way the mind of [CNLohr] works, it’s worth a watch.
In this video, he leans heavily on the logic analyzer. He’s not a USB expert, and couldn’t find the right resources online to implement a USB driver, so he taught himself by looking at the signals coming across as he wiggled a mouse on his desk. Using the ever-popular Wireshark helped him out a lot with this task as well. Then it was time to dig into Xtensa assembly language, because timing was critical.
Speaking of timing, one of the first things that he did was write some profiling routines so that he could figure out how long everything was taking. And did we mention that [CNLohr] didn’t know Xtensa assembly? So he wrote routines in C, compiled them using the Xtensa GCC compiler, and backed out the assembly. The end result is a mix of the two: assembly when speed counts, and C when it’s more comfortable.
All in all, it’s a very iterative, experimental approach to coding, learning, and hacking. The video is a bit long and winding, but it gives you a great peek into the skull of [CNLohr]. You also can’t argue with his results. This is the guy who bit-banged Ethernet in an ESP8266, after all.
Thanks [Lucas] and [Uriel] for the nearly-simultaneous tips!
Filed under: wireless hacks
I wanted to point out a tool that I often use, but rarely see on other people’s workbenches: thermal strippers. They aren’t cheap, but once you’ve used them, it is hard to go back to stripping wires with an ordinary tool.
I know, I know. When I first heard of such a thing, I thought what you are probably thinking now: maybe for some exotic coated wire, but for regular wire, I just use a pair of diagonal cutters or a mechanical stripper or a razor blade. You can do that, of course, and for large solid wires, you can even get good results. But for handling any kind of wire, regardless of size, you just can’t beat a thermal stripper.
There are two minor issues. The first is they are pretty pricey, especially new. However, on sites like eBay, you can pick up used ones that are affordable. I have a Teledyne Stripall TW-1 and they are built like tanks. You can also easily get replacement parts for them, so there’s no reason you can’t keep them running for quite a while.
The second problem is that burning various insulation produces fumes. Not much, but probably some nasty stuff. You probably should have some forced air blowing the fumes away from you. I use a simple fan.How Do They Work?
As you probably expect, a thermal stripper has some sort of jaw that gets hot and melts the insulation. The TW-1 is like a scissor or pair of pliers so you bring two hot blades down until it firmly holds the wire. The blades get hot almost at once. There is an adjustable guide to keep the jaws from getting too close together. You close the jaws, give a twist as you pull the wire out and it is perfectly stripped. No nicks in the wire, no small strands damaged. Just bare wire.
There is another guide that lets you control how much insulation the tool removes along the length of the wire. The idea is you insert the wire until it hits the guide and then close the jaws and twist. Every wire will have exactly the same amount of bare conductor exposed. You can see a video about the TW-1, below.Other Vendors
Teledyne is not the only maker of this type of strippers. Patco has the PTS-10 that is not very expensive new. Hakko makes a version. There’s also a company called Eraser (see video, below) along with many other manufacturers.Hacked?
I was surprised that a quick search didn’t turn up any homebrew tools. After all, the device isn’t exactly high-tech. About the closest I found was [kl27x’s] “frankenclipper” (see video, below). I’m sure if I missed one, it will show up in the comments.
We’ve talked about improving mechanical strippers in the past. We’ve also seen a fully automated machine for cutting and stripping. However, shop around, get an inexpensive thermal stripper and a fan, and I think you’ll be highly pleased next time you need to strip wires.
Filed under: rants
Software defined radios are getting better and better all the time. The balaclava-wearing hackers know it, too. From what we saw at HOPE in New York a few weeks ago, we’re just months away from being able to put a femtocell in a desktop computer for under $3,000. In less than a year, evil, bad hackers could be tapping into your cell phone or reading your text message from the comfort of a van parked across the street. You should be scared, even though police departments everywhere and every government agency already has this capability.
These rogue cell sites have various capabilities, from being able to track an individual phone, gather metadata about who you have been calling and for how long, to much more invasive surveillance such as intercepting SMS messages and what websites you’re visiting on your phone. The EFF calls them cell-site simulators, and they’re an incredible violation of privacy. While there was most certinaly several of these devices at DEF CON, I only saw one in a hotel room (you catchin’ what I’m throwin here?).
No matter where the threat comes from, rogue cell towers still exist. Simply knowing they exist isn’t helpful – a proper defence against governments or balaclava wearing hackers requires some sort of detection system.. For the last few months [Eric Escobar] has been working on a simple device that allows anyone to detect when one of these Stingrays or IMSI catchers turns on. With several of these devices connected together, he can even tell where these rogue cell towers are.A Stingray / cell site simulator detector
Stingrays, IMSI catchers, cell site simulators, and real, legitimate cell towers all broadcast beacons containing information. This information includes the radio channel number, country code, network code, an ID number unique to a large area, and the transmit power. To make detecting rogue cell sites harder, some of this information may change; the transmit power may be reduced if a tech is working on the site, for instance.
To build his rogue-cell-site detector, [Eric] is logging this information to a device consisting of a Raspberry Pi, SIM900 GSM module, an Adafruit GPS module, and a TV-tuner Software Defined Radio dongle. Data received from a cell site is logged to a database along with GPS coordinates. After driving around the neighborhood with his rogue-cell-site detector sitting on his dashboard, [Eric] had a ton of data that included latitude, longitude, received power from a cell tower, and the data from the cell tower. This data was thrown at QGIS, an open source Geographic Information System package, revealing a heatmap with the probable locations of cell towers highlighted in red.
This device really isn’t a tool to detect only rogue cell towers – it finds all cell towers. Differentiating between a rogue and legitimate tower still takes a bit of work. If the heatmap shows a cell site on a fenced-off parcel of land with a big tower, it’s a pretty good bet that cell tower is legit. If, however, the heatmap shows a cell tower showing up on the corner of your street for only a week, that might be cause for alarm.
Future work on this cell site simulator detector will be focused on making it slightly more automatic – three or four of these devices sprinkled around your neighborhood would easily allow you to detect and locate any new cell phone tower. [Eric] might also tackle triangulation of cell sites with an RF-blocking dome with a slit in it revolving around the GSM900 antenna.
Filed under: security hacks, wireless hacks
The Scottish Consulate has stamped its last passport, the Dutch fire tower has belched its final flame, and the Gold Members Lounge has followed the Hacienda and the Marquee into clubland oblivion. EMF Camp 2016 is over, so all the 1500 or so attendees have left are the memories, photographs, and festival diarrhoea to remind them of their three days in the Surrey countryside.
Well, not quite all, there is the small matter of the badge.
In the case of EMF 2016 it was called TiLDA MKπ, and since there was a point earlier in the year when it seemed the badge might never see the light of day it represents a significant achievement from the EMF badge team.
The badge features an STM32L486VGT6 ARM Cortex M4 running at 80MHz, a 320×240 pixel colour LCD, magnetometer and accelerometer, and a CC3100 WiFi processor. The firmware provides a simple interface to an app store containing an expanding array of micropython apps from both the EMF Camp team and submitted by event attendees. As shipped the badge connects to one of the site networks, but this can be adjusted to your own network after the event. It’s been designed for ease of hacking, requiring only a USB connection and mounting as a disk drive without need for special software or IDE. A comprehensive array of I/O lines are brought out to both 0.1″ pitch pins and 4mm edge-mounted holes. At the EMF Camp closing speeches there was an announcement of a competition with a range of prizes for the best hardware and software uses for the badge.The TiLDA causes a sticky moment for our colleague, Tindie scribe Shane.
As is so often the case the badge was not without its teething troubles, as the network coped with so many devices connecting at once and the on-board Neopixel turned out to have been mounted upside down. Our badge seemed to have a bit of trouble maintaining a steady network connection and apps frequently crashed with miscellaneous Python errors, though a succession of firmware updates have resulted in a more stable experience. But these moments are part of the badge experience; this is after all an event whose attendees are likely to have the means to cope with such problems.
All the relevant files and software for the badge are fully open-source, and can be found in the EMF Camp GitHub repositories. We’ve put a set of images of the board in a gallery below if you are curious. The pinout images are courtesy of the EMF badge wiki.
We’ve featured EMF badges before, here’s our look at the EMF 2014 device.
Filed under: hardware, wearable hacks
[TK] has a stretch goal for his RC car project — enabling it to recharge on solar power during the day and roam around under remote Internet control at night. It’s like a miniature, backyard version of NASA’s Curiosity rover.
Right now, he’s gotten a Raspberry Pi Zero and a camera on board, and has them controlling the robot over WiFi. He looks like he’s having a great time piloting it around his house. Check out the video down below for (crashy) remote-controlled operation.
We can’t wait to see if solar power is remotely possible (tee-hee!) as an option for this vehicle. The eventual plan to connect it via 3G cellular modem is still off in the future, and will probably demand more of the smarts of the Raspberry Pi than at present. But we love the idea of a long-running autonomous vehicle, so we’re pulling for you, [TK]!The HackadayPrize2016 is Sponsored by:
Filed under: robots hacks, The Hackaday Prize
We’re not sure if [Derek Lieber] is messing with us or proving a point. Why are you doing this [Derek]? We know there’s technically enough information to build the clock. You even included the code. Couldn’t you have at least thrown in a couple of words? Do we have to skip straight to mediaglyphics?
Anyway, if we follow the equation. The equation… If you take a gps module, a 7 segment display with an HT16K33 backpack, a digital potentiometer, a piezo, and a boarduino we suppose we could grudgingly admit that these would all fit together to make a clock. We still don’t like it though, but we’ll admit that the nice handmade case was a nice touch, and that the pictures do give us enough details to do it ourselves.
It was also pretty cool when you added the Zelda theme song as an alarm sound. Also pretty neat that, being GPS corrected, there’s no need to ever set the time. We may also like the simplicity of the only inputs being the potentiometer, which is used to set the alarm time. It’s just. Dangit [Derek]. Nice clock build, we like it.
Filed under: clock hacks
Here at the Vintage Computer Festival, we’ve found oodles of odds and ends from the past. Some, however, have gotten a modern twist like [bitfixer’s] recent Commodore PET project upgrades.
First off is [bitfixer’s] Augmented Reality upgrade. By the power of two iPhones and one raspberry Pi, the user dons a Google-Cardboard-esque heads-up-display and can visualize a 3D, ASCII rendering of the world before them. Not only does this view show up in the HUD, however, it’s also streamed to a Raspberry Pi whch then serializes it info a video display on the Commodore PET.TRON Legacy, can you tell??
This hack builds on some of [bitfixer’s] prior work getting ASCII video streaming up-and running. Of course, the memory on the Commodore PET is nowhere near capable of being able to process these images. In fact, streaming and storing the video data onto the PET’s memory would fill it up in under one second! Instead, [bitfixer] relies on some preprocessing thanks to the far-more-powerful (by comparison) Raspberry Pi and iPhone processors that are capturing the images.
Next off is [bitfixer’s] full-color video display on the same Commodore PET. Again, leveraging another RaspPi to encode and reduce the video to bitmap images, the Commodore PET simple grabs these images and streams them to the screen as fast as possible–at a beloved 5.8 frames per second.
Filed under: classic hacks, news
If you don’t have root, you don’t own a device, despite what hundreds of Internet of Things manufacturers would tell you. Being able to access and write to that embedded Linux system in your new flashy gadget is what you need to truly own a device, and unfortunately this is a relatively uncommon feature. At this year’s DEF CON, [Brad Dixon] unveiled a technique that pwns a device using only a sewing needle, multimeter probe, or a paperclip. No, it won’t work on every device, and the devices this technique will work with are poorly designed. That doesn’t mean it doesn’t work, and that doesn’t mean the Pin2Pwn technique isn’t useful, though.
The attack relies on how an embedded Linux device boots. All the software needed to load Linux and the rest of the peripheral magic is usually stored on a bit of Flash somewhere on the board. By using a pin, probe, or paperclip to short two data pins, or two of the latch pins on this memory chip, the bootloader will fail, and when that happens, it may fall back to a uboot prompt. This pwns the device.
There are a few qualifications for this Pwn using a pin. If the device has JTAG, it doesn’t matter – you can already own the device. If, however, a device has a locked-down JTAG, unresponsive serial ports, or even their own secure boot solution, this technique might work.Two data pins on a TSSOP Flash shorted by a multimeter probe
This exploit works on the property of the bootloader. This bit of code first looks at a piece of Flash or other memory separate from the CPU and loads whatever is there. [Brad] found a few devices (mostly LTE routers) that would try to load Linux from the Flash, fail, try to load Linux again, fail, and finally drop to a uboot prompt.
As with any successful exploit, an equally effective mitigation strategy must be devised. There are two ways to go about this, and in this case, the software side is much better at getting rid of this attack than the hardware side.
Since this attack relies on the software falling back to uboot after an unsuccessful attempt at whatever it should be booting, the simplest and most effective mitigation technique is simply rebooting the device if the proper firmware can’t be found. Having a silent serial console is great, but if the attack relies on falling back to uboot, simply not doing that will effectively prevent this attack.
The hardware side is a little simpler than writing good firmware. Instead of using TSSOP and SOIC packages for storing the device firmware, use BGAs. Hide the pins and traces on an inner layer of the board. While this isn’t a foolproof way of preventing the attack – there will always be someone with a hot air gun, magnet wire, and a steadier hand than you – it’s hard to glitch a data line with a sewing needle if you can’t see the data line.
Filed under: linux hacks, security hacks
Rarely on these pages have I read such a fluff piece! Al Williams’ coverage of Emacs versus Vim was an affront to the type of in-depth coverage our Hackaday readers deserve. While attempting to be “impartial” he gave a seven-sentence summary of Vim, the Ultimate Editor. Seven sentences! Steam is pouring out of my ears like Yosemite Sam.
Al, like a lot of you out there, thinks that he “knows how to use vi”. I’m here to tell you that he doesn’t. And unless you’ve spent the last few years alone in a cave high in the Himalayas, with only food, drink, a laptop, and Vim Golf, you probably don’t either. Heck, I don’t consider myself a Vim master, but I’m going to write this overwrought essay praising it (using Vim, naturally).
The reason I’m writing this is not to perpetuate the vi-versus-Emacs war. That idea is silly anyway, and was probably invented by Emacs folks to steal some of vi’s limelight. You see, vi-versus-Emacs is a red herring. Vi and Vim are so strange, so different from any other editor you might use, that it makes Emacs look simply boring in comparison: it’s just a normal editor with decent extensibility (if you can stand Lisp), horrible key combinations that may or may not cause carpal tunnel syndrome, and code bloat that rivals Microsoft Word. If you’re comfortable using Pico or Nano or Joe or Notepad++ or Gedit or Kate, or anything else for that matter, you can be comfortable using Emacs in a month or so. It’s really just another editor. Yawn.
Vi is something else. It’s a programming language for editing text that’s disguised as an editor. If you try to use it like a normal text editor, you will suffer. If you approach your text editing chores like factoring code into functions, you’re starting to understand Vi.Modes and Movements
As Al pointed out, vi and Vim (henceforth Vim, because it’s got some neat extras that I really miss in plain-old vi) use the concept of modes. There’s “insert mode” where you type text. In a normal editor, you’re always in insert mode. When editing in Vim, most of your time is spent in “normal mode” where your keystrokes are like commands, moving the cursor around, cutting, pasting, finding, replacing, crafting macros, changing one HTML tag to another, and generally editing. This distinction between typing and editing is central to Vim’s philosophy, and they’re fundamentally different activities.
When you start up Vim, it tells you to type :help and work through a tutorial telling you how to move the cursor around. You should go do that — that’s what it’s there for. It’s not going to make you a master, but you’re going to learn the basics. Do not go around saying that you “know how to use Vim” at this point. You’ll just look silly. You will know how to move the cursor around, cut and paste, and enter and edit text. In short, you’ll be editing like a monkey you would in Emacs.Programming Text Editing
The real secret of Vim is that normal-mode usage is a language somewhere between a human language and a programming language. It’s got verbs, adjectives, and nouns (or functions, modifiers, and objects). Your job is to figure out how to express your text editing desires in terms of these, mostly single character, commands.
Let’s take c, the command that “changes” some text. By itself it does nothing — it needs an object. But if you type caw (“change a word”), the word under your cursor gets deleted and Vim enters insert mode, waiting for you to type the word’s replacement and hit Escape to go back to normal mode. If you want to change a whole sentence, cas deletes it and you’re typing anew. Want to change all arguments of a C function inside parentheses? ci) “changes inside parentheses”. (ca) deletes the entire thing, parentheses and all.) Numbers fit in as well. If you want to change the next five words, c5w does what you want. The syntax is modular and extensible. In this sense, it’s easy to learn.
Cute trick. But here’s the punchline: .. Period repeats the last editing action as a whole unit. So if you just changed a word to “Hackaday” and returned to normal mode, cawHackaday<Esc>, and you have the cursor over another word, typing . turns it into “Hackaday” as well. Tossing a movement command into the mix, w will move the cursor to the start of the next word. Now, alternating . and w will change every word in your document to “Hackaday”. Using only two keys. Think about how much more efficiently Jack Nicholson could have appeared crazy in “The Shining” if he had Vim and the . command.
That doesn’t sound useful, but think about how many times you refactor code by changing all functions named “foo()” to “getFooInstantanceMethod()”. Of course there’s a “normal” search and replace functionality in Vim, but most of the time you don’t actually need it. Why? Because /foo searches for “foo” andcaw will then change the word under the cursor. And the search, being a movement, is repeatable with ;. Alternating ; and . becomes the same as a search and replace, only both the search and replace parts are (nearly) arbitrary editing actions. Instead of typing “y” and “n” to change or not change each match, you just hit ; until you get where you want to be, and then type ..
There’s so much to say on this topic that it’s the classic off-topic question at StackOverflow. The point of Vim is that text writing (in insert mode) is just typing and there’s not much that the editor can do for you there. Text editing, on the other hand (in normal mode), often consists of repetitive actions. Vim is built around treating these actions as single units and making it easy to repeat them and link them together. If you’re a programmer, this sounds a lot like the activity that we call programming — breaking a big task down into functions and running them. If you understand coding, you can learn to understand Vim.Visual and Command Modes
There are actually a few more modes that you’ll want to know on your path to Vim mastery. Visual mode lets you select a region of text first and then apply a command to it second. It’s useful for one-offs, but visual-mode selections are hard to translate into generalizable functions, so I don’t use it as much as I used to when I was learning. There are some useful plugins that make good use of visual mode, however.
Command mode is where the real Vim heads geek out. It’s essentially ed, the ancient line editor. :17,25d deletes lines 17 through 25 without moving the cursor. :-3t. copies the line three above the current one. :v/foobar/s/thang/thing/g changes “thang” to “thing” in all lines of the document that don’t contain “foobar”. This is also where you can use all that regular expression juju you’ve got stored in your grey matter.
On the other hand, simple things like global search and replace, and deleting or copying whole lines are also simple on the command line. %s/one/two/gc changes all occurrences of “one” to “two”, with confirmation — your standard search and replace. (% specifies the whole document. You can use line-number ranges here too.) And of course there’s :e which opens a file for editing, and :wq which saves the current file and quits. You don’t need to know much of the command line mode commands, but a few are fantastically useful.Registers and Macros
After a while, you’ll want to understand the registers. Vim stores text (or commands) in registers — like variables in a programming language. You can cut and paste into or out of the registers, and the first ten of them are essentially a cut buffer. The registers make a great place to store text that you’re cutting out now, but not sure that you want to throw away yet. "zdi} will delete all the code inside function brackets but save it in register “z”. You can paste it back at any time with "zp. Want to paste that thing you deleted five deletions ago? Type :reg to see all the registers and their values.
You can also record and play back series of Vim commands into the registers like macros; Vim commands are mostly just letters, after all. q starts and ends a macro recording, so qw will record a macro into register “w”. You can play it back later with @w. Macros are, of course, as powerful as the person writing them. (And yes, the registers plus the text buffer is Turing complete. Don’t go overboard.) I only use a few macros, but those that I do use, I use all the time.
For instance, here’s a macro I use a million times a day. I write Hackaday posts in Markdown and then compile them into HTML for posting. A link in Markdown looks like this: [link text](https://www.example.com). S]f]a(<Esc>"+pa)<Esc> surrounds the currently selected text in a “” pair, finds the closing “]”, adds an open parenthesis, leaves insert mode, pastes the contents of the clipboard, adds a closing parenthesis, and goes back to normal mode. (Yeah, that took me a while to get working.) But now, I copy a link in the browser, select text and type @l in Vim, and I’ve got a Markdown link to that website.Plugins
Like any editor worth its bits, Vim is also incredibly extensible, and if there’s any feature that can’t be macroed, one can always write a plugin for it. In my opinion, Vimscript is even more unpleasant to write in than Lisp, so I leave extension writing to other folks. Someone’s written a module already for nearly everything you’d want anyway. But don’t go hog-wild with plugins in the beginning. You’ve already got your work cut out for you just learning Vim.
When you do succumb to install a bunch of plugins, my advice is to add them one at a time and use it until you understand each intimitely. Here’s what I run, in a reasonable order to install and learn them: vim-sensible, vim-airline, vim-abolish, ctrlp.vim, UltiSnips, vim-surround, vim-easy-align.The Best Vim Commands
If you already use Vim, but don’t use the following commands to their fullest, you’re not living right.
- I and A insert and append text to the front of the line or the end, respectively.
- m and “` set marks and jump back to them. This is invaluable for leaping around a long document with ease.
- g; goes back to the location of the last edit. This is “pick up where I left off before going somewhere else”. It’s gold. But that’s not all — it keeps track of your edit history so that you can go back five edits ago. And g, moves you back forward in the edit history.
- CTRL-] jumps to the location of the definition of the function under the cursor, and CTRL-t gets you back. Go as deep as you want — hitting CTRL-t until it doesn’t work anymore will get you back where you started. (You’ll need a tags file to make this work.) This is fully 1/2 of the value of an IDE like Eclipse for me, built in, with less screen clutter.
- The other half of an IDE is tab-completion of long variable or function names. This is done in Vim with CTRL-n and CTRL-p to scroll up and down the possible list. If you are using a tags file, or if you have the file with the other definitions open in Vim, it will complete the name for you.
- gg=G jumps to the top of the document (gg) and auto-indents it (=) until the end of the document (G). This makes all your open and close braces line up, and makes it very easy to spot the one that you forgot.
- u undoes the last command. CTRL-r redoes. :earlier 2m reverts to the state that it was two minutes ago. If you end up undoing, editing, and then want to undo some previous changes, you can. g+ and g- will step up and down the undo tree. It gets complicated.
- / and f, the search commands, are vital as a motion in a compound command. df, deletes everything up to the first comma. d/foo lets you delete until the first (interactive) match on “foo”. This can replace many other movements if you’re so inclined.
- :r reads in a file. :! runs a command in the shell. :r! pastes the output of a command into your document. :r!ls whatever* is often faster than typing in a filename. I’m not going to get started on how UNIXy the ability to run your text through arbitrary shell scripts is.
Once you get used to Vim’s movement commands, you’re pretty much spoiled forever. You can of course use the mouse, but when you get good, you’ll only do so rarely. It’s so much faster to keep your hands on the keys. Most every hardcore Vim user remaps the Escape key (which returns to normal mode) to something convenient. Mine is where Caps Lock used to be, right under my left pinkie. (I actually multiplex it with Control using xcape.) Yeah, that’s extreme, but it’s so much better than what people do to avoid getting carpal tunnel from Emacs which was designed to work on a keyboard that doesn’t really exist anymore.
If you use Bash shell on a Unix, set -o vi will make readline behave almost like vi. Your browser can be Vimmified: Vimperator and Pentadactyl for Firefox or cVim, vimium, and ViChrome for Chrome should do the trick. If you want to go all-out, qutebrowser is the best native Vim-style browser out there at the moment, and it’s going to get much better soon.
Search “vi keybindings” and you’ll find that they’re supported in everything from Visual Studio to Eclipse to Emacs. Why does Emacs have a Vi-emulation mode, but Vim doesn’t have an Emacs emulation mode? Think about that for a while, and you’ll realize that the editor wars have been won.
Getting used to Vim takes a while. Getting really good takes a programmer’s mindset and some active practice. I used Emacs from 1994 to 2011 for code, my dissertation, overheads for classes I taught, and academic papers. Since 2011, I’ve used Vim for yet more code, a book, e-mail, and all my writing for Hackaday. I can still improve, and I add new tricks to my repertoire monthly despite five years of using it for six to eight hours per day. Vim is deep, like anything that’s really worth diving into, but it’s rewarding because there’s always more. Don’t believe anyone who tells you that they “know” Vim. :wq.Resources
There’s really too much to say about Vim. Here’s a short list of great resources:
- :help tutor if you’re just starting out
- Vim FAQ
- Vim Tips Wiki
- One of many good tutorials on the web
- Some cheat-sheets: (One, Two, Three, and Four)
- A video to push intermediate Vimmers over the edge
Filed under: news
Here at VCF, we stumbled across a gigantic contraption that spanned several tables. Rube Goldberg machine this was not. Instead, this device actually does something useful! [Tim Robinson’s] differential analyzer can solve differential equations through several stages of mechanical integrators. The result is a pen-plot graph of the solution to the input equation, input by displacing a rod as a function of time.
Differential analyzers have been around for over a century. [Tim’s] claim to fame is that this particular DA is constructed entirely from Meccano-branded parts. We’re thrilled to see Meccano, over 100 years old at this point, continue to find new uses outside the toy box.The Torque Amplifier
The differential analyzer is riddled with mechanisms that are bound to swing some heads for a double-take. Since the input shaft that transmits the input function f(x), has very little friction, the result can only be carried through the remainder of the machine with some means of torque amplification. To do so, [Tim], and most other DA designers implement a torque analyzer. For [Tim], though, this feat proved to be more difficult (and more triumphant) than other solutions, since he’s using a set of parts that are entirely from Meccano. In fact, this feature took [Tim] through about 20 iterations before he was finally satisfied.
VCF West continues to run through the end of the weekend at the Computer History Museum in Mountain View, CA. If you haven’t already packed your bags for DEF CON, stop by for a few more bewildering brain teasers.
Filed under: news, toy hacks
As many of the members of the Brian Benchoff hate/fan club know, the life of a Hackaday writer is nomadic and filled with exciting adventures. Jenny List is actually crime fighting cyborg (think Bond); it’s why she knows so much about electronics. James Hobson is Iron Man. The list goes on. There are lots of unnecessary details, but to summarize: Last month I was living in Washington State, this month I am in Paris, France. It’s really nice here, the buildings are beautiful, the cathedrals stunning, and the food significantly tastier.
However, as a contracting engineer with a project involving a deadline; I found myself in dire need of a significant amount of quick turn-around 3D printing during my working vacation to France. Through a lot of trial and tribulation, I eventually discovered that the most cost-effective way to get the prints done… was to just buy a cheap 3D printer and run it into the ground.Appropriately, LVL1 is also home to the world’s largest 3D printed trashcan (full of failed 3D prints).
I was spoiled by my hackerspace in Louisville, KY. They had enough 3D printers to go around and the pricing was fixed at 10 cents a gram. For the amount of printing I needed, this would be a perfectly economical arrangement. So, I set out to find a hackerspace in Paris. Whereupon I reached my first and obvious problem; I speak very little French.
Most of the hackerspaces listed in Paris are, as far as I can tell, illegally squatting in a scary part of town, exclusive to a university, exclusive to a business, or closed down.
So, I googled a bit harder. Wow! Apparently a Techshop opened up in Paris. It’s about an hour away from where I live, but having toured a Techshop before, I knew they would have the nice version of the tool I need. So, one morning bright and early I got on the metro and headed over to get a tour of the place.
What I’ve discovered is this: If you need things like a water jet cutter, welding station, or a 50 grand CNC machine, Techshop is a really economical way to get access to and play with tools like that. However, if all you want is access to a laser cutter and a 3D printer, it will set you back five-hundred dollars and you’ll have to jump through some incredibly annoying hoops just to get access to them.Only a small fee of 400 euros to used these bad boys.
See, most pieces of equipment at a Techshop need to be reserved. Only the 150 euro and 300 euro a month membership tiers can reserve equipment. The 150 tier can reserve something for two hours, the 300, four. If you’ve ever 3D printed you can immediately spot the problem with that. For small prints this could be workable, but if you have a lot of large prints four hours is just not enough. However, there is a work around. If you’re willing to take a metro ride late at night, arriving at the Techshop at 10:00pm, you can, of course, run a print overnight.
There were two more glitches in the Techshop plan. To be able to touch the printers required a two-hour course with a 100 euros fee. The filament also ran 65 euro per 500 g. My printing needs would easily cost me tens of hours in travel and had a starting fee of 400 euros to be workable.The entrance to Usine.io is terrifying. It’s this massive pitch black hallway. I had no idea if I was in the right place until I got to the desk.
Now, I’m not saying Techshop isn’t absolutely wonderful when it comes to more advanced tools. It’s probably the only Hackerspace in the world where you’re entitled to expect that the CNC machine is in working order, properly trammed, and there are actually cutting bits for it. However, if all you need is a 3D printer, don’t bother.
Now, I asked around some more and found that there was a competing space in Paris called Usine.io. It had a flat fee of 180 euros a month and the training was free. I actually did end up getting a membership here for access to a CNC and basic tools, but for 3D printing it was a bust. They only had three printers serving a sizable membership base. This left the printers with a 48 hour line to get your print started and a maximum of 40 hours of printing a month. A die-hard user of 3D printing can easily use 40 hours in 3 days. Because I had to test many iterations for my project, my need the next month was easily triple that number.However, the shop itself is really nicely outfitted.
The last avenue available to me aside from 3D printer ownership was contracting someone with a 3D printer to run my prints for me. However, after asking around I found the service to be quite expensive. Rent isn’t cheap in Paris after all. If I just needed a single small print it would be worth it, but if I needed lots of printing it would quickly add up to be more money than I had.
That left me with one option. Which, honestly, sounded absolutely insane for someone visiting a country for a few months. Buy a printer. It’s an indication of the state of 3D printing that the price has come down so far that buying a printer is more economical than having someone do it for you. Even a few years ago this was not possible. However, European Amazon Prime had a workable enough import printer to my doorstep faster than any commercially available service could even process my order. We’ve come a long way since the Darwin. That’s for sure.
Featured Photo From Famous Paris buildings by LeFabShop
Filed under: Hackaday Columns, rants
Bluetooth devices are everywhere these days, and nothing compromises your opsec more than a bevy of smartphones, smart watches, fitbits, strange electronic conference badges, and other electronic ephemera we adorn ourselves with to make us better people, happier, and more productive members of society.
Bluetooth isn’t limited to wearables, either; deadbolts, garage door openers, and security systems are shipping with Bluetooth modules. Manufacturers of physical security paraphernalia are wont to add the Internet of Things label to their packaging, it seems. Although these devices should be designed with security in mind, most aren’t, making the state of Bluetooth smart locks one of the most inexplicable trends in recent memory.
At this year’s DEF CON, [Anthony Rose] have given a talk on compromising BTLE locks from a quarter-mile away. Actually, that ‘quarter mile’ qualifier is a bit of a misnomer – some of these Bluetooth locks are terrible locks, period. The Kwikset Kevo Doorlock – a $200 deadbolt – can be opened with a flathead screwdriver. Other Bluetooth ‘smart locks’ are made of plastic.
The tools [Anthony] used for these wireless lockpicking investigations included the Ubertooth One, a Bluetooth device for receive-only promiscuous sniffing, a cantenna, a Bluetooth USB dongle, and a Raspberry Pi. This entire setup can be powered by a single battery, making it very stealthy.
The attacks on these Bluetooth locks varied, from sniffing the password sent in plain text to the lock (!), replay attacks, to more advanced techniques such as decompiling the APK used to unlock these smart locks. When all else fails, brute forcing locks works surprisingly well, with quite a few models of smart lock using eight digit pins. Even locks with ‘patented security’ (read: custom crypto, bad) were terrible; this patented security was just an XOR with a hardcoded key.
What was the takeaway from this talk? Secure Bluetooth locks can be made. These locks use proper AES encryption, a truly random nonce, two factor authentication, no hard-coded keys, allow the use of long passwords, and cannot be opened with a screwdriver. These locks are rare. Twelve of the sixteen locks tested could be easily broken. The majority of Bluetooth smart locks are not built with security in mind, which, by the way, is the entire point of a lock.
[Anthony]’s work going forward will concentrate expanding his library of scripts to exploit these locks, and evaluate the Bluetooth locks on ATMs. Yes, ATMs also use Bluetooth locks. The mind reels.
Filed under: security hacks