Hacking the Nike+ Fuelband

via Hackaday » hardware

[Simone] was trying to reverse-engineer the Bluetooth protocol of his Nike+ Fuelband and made some surprising discoveries. [Simone] found that the authentication system of the Fuelband can be easily bypassed and discovered that some low-level functions (such as arbitrarily reading and writing to memory) are completely exposed to the end user or anyone else who hacks past the authentication process.

[Simone] started with the official Nike app for the Fuelband. He converted the APK to a JAR and then used JD-Gui to read the Java source code of the app. After reading through the source, he discovered that the authentication method was completely ineffective. The authenticator requires the connecting device to know both a pin code and a nonce, but in reality the authentication algorithm just checks for a hard-coded token of 0xff 0xff 0xff 0xff 0xff 0xff rendering the whole authentication process ineffective.

After he authenticated with the Fuelband, [Simone] started trying various commands to see what he could control over the Bluetooth interface. He discovered that he could send the device into bootloader mode, configure the RTC, and even read/write the first 65k of memory over the Bluetooth interface–not something you typically want to expose, especially with a broken authentication mechanism. If you want to try the exploit yourself, [Simone] wrote an Android app which he posted up on GitHub.


Filed under: hardware, wearable hacks

New Product Friday: What’s with all the comMotion?

via SparkFun Electronics Blog Posts

Guess what? It’s Friday! As always we have some new products for you guys to check out. This week we have a new motor driver, robotics kit, and an LED flower. Let’s take a closer look!

How about that new video? Yup, Rob’s out but luckily we had Nick and Sarah to step up. It’s a big beard to fill but somebody has to do it.

ComMotion Motor Driver Shield

ROB-13257
$ 44.95

First up today we have the ComMotion Motor Driver Shield. This is an extremely durable little motor driver that can fit onto anything with an Arduino R3 layout. It sports TWO ATmega328P processors, it can drive up to 4 motors at once, it can communicate via I2C, and you can even add an XBee or WiFly transceiver to provide you with total wireless control! We’ve found this shield to work especially well with the Rover 5 platform, but it will be able to work with almost any other 4WD chassis.

Hobby Motor and Encoder Kit

ROB-13260
$ 19.95

Next up is the Hobby Motor and Encoder Kit. This kit of robotic goodies includes two 65mm wheels, two gearmotor assemblies, and an Encoder Kit that is already available à la carte. The Hobby Motor and Encoder Kit is perfect for providing beginners with a cheap and easy to use setup or if you just need a few extra parts for your next project.

Silk Flower LED

COM-13270
$ 12.95

The last new product we have for you today is the Silk Flower RGB LED. The beautiful piece of tech style can normally found inside of the 21st Century Fashion Kit, but because so many people were asking for it on its own, we had to release it by itself. Inside the petals of this flower is a simple 5mm common cathode RGB LED, and when powered, provides you with a great addition to an e-textile or clothing idea that you’ve been trying to make a reality.

That’s all we have for you this week, we hope you enjoyed all the new products! Special thanks to Nick and Sarah for standing in for Rob while he is out this week. We’ll see you back next Friday for some great new products! See you then!

comments | comment feed

Teaching literature with Raspberry Pi

via Raspberry Pi

Last week, checking out posts people had made on our Facebook page and the projects they were telling us about, one in particular caught my attention. Sarah Roman, a high school English teacher from New Jersey, had written:

Our English class is going to be using the Raspberry Pi in order to build book-based video games, incorporating Scratch, Sonic Pi, and Python. The students are incredibly excited […]

There was a link to an Indiegogo campaign; we love to see Raspberry Pi used creatively outside of computing lessons, so I clicked on it. A minute of video opened with the title “English Classroom”, but it didn’t look like my high school English lessons. Students work around computers, ignoring the camera as they concentrate intently on… wait, is that Minecraft?

We got in touch with Miss Roman to find out more. She intends (for starters) to get students in her Junior Honors class (15-16 years old) building Pi-based games consoles with games that draw on their reading of Dracula by Bram Stoker, and she is raising funds to kit out her classroom with Raspberry Pis and accessories. The students will use Scratch, working collaboratively to create their own graphics, sounds, and housing for the console. Older students will be using the Raspberry Pis in their study of William Faulkner’s As I Lay Dying. Of course, these plans are only the beginning of the road for the Pis, both within and beyond Miss Roman’s classroom; her project proposal notes that there could be an opportunity to work with other instructors to show them how they might use Raspberry Pi in their teaching.

English Literature students

This isn’t the first time that Miss Roman has introduced video games to the English Literature classroom. Last year, Juniors reading William Golding’s Lord of the Flies worked in groups to build the island where the story is set from the imagery evidence they found in the text, adding significant quotes and moments to it via signposts and books; putting each student group into the same Minecraft world allowed them to explore each other’s work. Students were thrilled to use information from the book to build their own islands, and would sigh when the class came to an end. Miss Roman says,

Essentially, the Pi is helping me to integrate fiction and nonfiction, different literacies, and boost creative thinking […] I’m extremely happy with the Pi, and I’m sometimes staggered by the applicability it has for my classroom. I think that complex texts and ideas deserve projects that offer complexity as well, and by opening avenues of this kind for students, they have the ability to understand texts in ways that haven’t been previously accessed.

We’re excited to learn about Raspberry Pi being used in this way, and we hope that this crowdfunding campaign garners plenty of support – we’d love to hear more from New Jersey as this project takes off!

American Library Association Midwinter Meeting

via SparkFun Electronics Blog Posts

Twice a year ALA throws down big events to help librarians of all backgrounds to build better libraries and serve patrons in the most effective ways. SparkFun has been in attendance for the last few years as a vendor and presenter. This year is no exception!

alt text

We’ll be on the vendor floor at the ALA Midwinter Meeting and Exhibits, running a teaching space in collaboration with the staff of the Denver Public Library. This year we’re joined by Nate Stone and Cody Yantis, staffers from Denver Public library’s IdeaLab.

Cody and Nate have cooked up some great programming and we’ll be running hands-on teaching seminars throughout the meeting. Among the offerings, Nate will be running a SketchUp/Unity workshop.

Cody will be building Arduino powered Therimin, not the typical project you’d think of with a library, but super fun!

alt text

Angela Sheehan will be running Ardublock programming workshops and building eOrigami projects on the floor.

In addition we’ll be doing Intro to Scratch and 3D printing workshops. We’re really streching out this year because of the great response we’ve had at past events.

If you’re in attendance, our schedule is a s follows;

Saturday

  • 9:30 a.m. - Makey Makey and Unity

  • 11 a.m. - Scratch Literacy

  • 1 p.m. Arduino Light Theremin

  • 3 p.m. - How to use a 3D printer

Sunday

  • 9:30 a.m. - How to use a 3D printer

  • 11 a.m. - Intro to Arduino

  • 1 p.m. - Makey Makey and Unity

  • 3 p.m. - Programming with Ardublock

We have a great lineup and we hope to see some of you in Chicago.

comments | comment feed

Enginursday: InfoSec for Hardware Geeks

via SparkFun Electronics Blog Posts

The term “hacker” gets used and abused a good deal these days. So much so that those who used to label themselves “hackers” have taken to using other terms to distinguish themselves. Terms like “pentester,” “information security specialist,” “white hat,” etc. are now the common names for those involved in the information security world. The definition of “hacker” has been muddied to include anyone involved in DIY technology, beginners and seasoned veterans alike.

I’m not going to go into the standard diatribe about who is and who is not a hacker, or try to define a taxonomy of the different types of DIY technocrats. That’s been done to death. Instead, I’d like to explore how the current DIY electronics world meshes with “traditional” information security (and physical security). Why? Because “hacking” (in the context of breaching the security of information) is fun, and it’s a fun way to learn a technology. For example, I’d rather learn what a microprocessor stack is by executing a stack overflow exploit than by being taught the same subject in a classroom lecture. Both are valid ways to learn, but the former is certainly more thrilling. Plus, if one can understand how a piece of technology is vulnerable, one can apply that understanding to make the next iteration of that technology less vulnerable, making it better. What follows are some educational examples of hardware mingling with traditional information security.

Standard Disclaimer: The topics discussed in this post are not meant to encourage any kind of illegal behavior, nor does SparkFun condone any kind of illegal behavior. Hacking embedded electronics can and should be done legally and with the goals of learning, and above all, having fun.

HID Attacks

alt text

Image Credit: wikipedia.org

From a hardware standpoint, the computer keyboard is a pretty simple device. It takes user input and translates it into the protocol used by most Human Interface Devices, aptly named “HID.” However, from a security standpoint, the keyboard creates a huge vulnerability in the computer system as a whole. It doesn’t authenticate, any user has access to it, its protocol is simple and well known, and it can be used to control the entire system. For these reasons it’s an obvious attack vector.

The most well known example of a keyboard (HID) attack is a hardware keylogger.

alt text

Image Credit: keelog.com

This device is connected inline with the keyboard USB connection, and acts as a man-in-the-middle to intercept keystrokes. It then saves or transmits these keystrokes to an attacker. These devices are simple enough to build, and there are plenty build examples online. An Arduino Uno is capable of acting as a HID keyboard, so it can be made into a keylogger with a bit of specialized programming. All an attacker needs is physical access to a computer to use one, and the faith that the device will not be visually detected by the user.

Another example of an HID attack is a device that acts as an automated keyboard. I made a video about this a while ago, where I programmed an Arduino Uno to automatically open a browser and navigate to a particular web page at the press of a button. If the Arduino can do that, then it can automate any set of keystrokes, to install malware, copy private files, etc. In fact, the hacker Linux distribution BackTrack (now Kali) comes with a set of Arduino sketches written for the Teensy that are specifically designed to install backdoors and copy files from the target computer by acting as an automated keyboard.

Vulnerable By Design

Vulnerable by Design, or “Capture the Flag” games, are pretty common in the infosec world. They are servers or other targets that are built with vulnerabilities in order to teach or practice hacking. My personal favorite is the site overthewire.org, which hosts a series of fun security challenges. Recently, my fellow SparkFunion Nick Poole alerted me to the existence of microcorruption.com, a vulnerable-by-design site where the target is an emulated door lock running on an MSP430 microcontroller.

alt text

The objective is to defeat the lock by exploiting an embedded device. The further one advances in the game, the harder the challenges become. This site is a fun way to learn the nitty-gritty of assembly and computer architecture, and, if you already understand those concepts, a great way to understand their vulnerabilities.

Wireless Electronics Hacking

With the popularity of the term “Internet of Things,” the security of wireless devices is becoming more of an issue to the general public. Many products are being hastily developed to cash in on IoT’s shiny marketing value, and many of these products are developed with no thought given to security.

alt text

Wardriving with Zigbee

Image Credit: http://travisgoodspeed.blogspot.com

At first, it may be hard to understand why security is important in this realm. Who cares if my IoT thermostat transmits the temperature of my house in plaintext? In that example, security seems less important. But what if we’re talking about your IoT door locks? Your security camera? Your car? The general rule is that if you can access it, a hacker can access it, especially if it has weak or no security. Because the proliferation of IoT is so new, there is not yet a lot of attention paid to security.

Embedded Linux

The release of the Raspberry Pi created some interesting avenues for hackers. The low price means that a hacker can have access to multiple low power, physical Linux machines without having to spend a lot of money. This makes it perfect for things like modeling a botnet, serving malicious web pages, and distributed password cracking. I personally have used my Raspberry Pi to host a metasploitable system, to mimic a vulnerable computer on my home network.

alt text

A Raspberry Pi Distributed Computing Setup

Image Credit: http://liliputing.com

Further Reading

I wish I had the time to go further in depth on the various ways DIY electronics can be relevant in the world of information security, but I think that’s a good start for the motivated beginner. I’d also like to go into detail about some of my favorite projects relevant to this subject, but that’s another blog post entirely. If you’re involved in the security field or just interested in this subject, here are some of my favorite people and projects that are worth taking a look at:

  • Josh Datko - creator of the CryptoCape, HOPE and DEFCON presenter
  • Travis Goodspeed - another HOPE presenter, with a long resume of interesting hacks
  • The NSA Playset - a civilian project to replicate some of the NSA’s Prism attack vectors
  • MicroCorruption - a capture the flag game for embedded electronics geeks
  • Over The Wire - hosts a series of hacking challenges that are great for sharpening your Linux skills

comments | comment feed

The Benton Park Live Coding Orchestra

via Raspberry Pi

We’re always really excited to see the resources and tools we make being used by kids in school. This video is from Benton Park School in Leeds, where a Sonic Pi orchestra put on a live coding performance recently. You can see setup, practice and some of the performance itself here.

I first watched this with Sam Aaron, who created Sonic Pi, looking over my shoulder, and we were both giggling with glee.

If you’re a teacher and you’d like to get something like this going in your own school, but don’t know where to start, why not apply for one of our free CPD sessions at Picademy?

And if you’d like to hear more from Sam, he’s going to be live-coding some of the music for the evening party at our upcoming Big Birthday Weekend – I hope you’ll be joining us!

Announcing the SparkFun-Actobotics Stairclimber Challenge

via SparkFun Electronics Blog Posts

Today we are excited to announce the SparkFun Actobotics Stairclimber Challenge! This new contest invites you to show off your robotic chops and win some pretty hefty prizes. Are you up to the challenge?

Here’s how it’s gonna go down. There are five basic rules:

  • Build a stairclimbing robot. How you interpret that is up to you, but it needs to climb stairs.
  • Use some (or all) Actobotics parts.
  • Use some (or all) SparkFun parts.
  • No commercial or off-the-shelf bots. It has to be an original build.
  • Clearly explain your robot in your video.

You have until March 16th, 2015 to submit your entry. Submission works like this:

  • Take a video of your entry in action and be sure to clearly explain how both the mechanical and electronics bits work.
  • Post your video to YouTube and include a materials list in the description. Email the link to marketing@servocity.com.
  • Entries MUST be received no later than 11:59 p.m. MT on March 16th. Please don’t email it after this and then try to get your entry in - rules are rules!

Entries will be judged based on 1) adherence to the above rules, 2) creativity, and 3) video quality (did you explain the bot clearly and can we tell how it works).

alt text

Prizes will be $500 in SparkFun credit for first place, $250 in SparkFun credit for second place and $100 in SparkFun credit for third. Plus, of course, all the glory of having your bot features on the SparkFun homepage for all to see.

Questions? Comments? Leave ‘em below.

Otherwise get building - and may the best bot win!

comments | comment feed

Join us at the Boulder Mini Maker Faire!

via SparkFun Electronics Blog Posts

This weekend, January 31st and February 1st, is the first-ever Boulder Mini Maker Faire! It’s going to be an amazing event, with a huge focus on STEAM and education. If you’ve never been to a Maker Faire, this will be a great one to start with.

alt text

For our part, in addition to sponsoring the event, we’re partnering with Beverly Bell who teaches art, welding, and craft-technology at Denver Academy and runs the all-girls maker club, TinkerBelles. She will be using the SparkFun Digital Sandbox to teach a 90-minute workshop, where you can familiarize yourself with the basics of programming and work in the Digital Sandbox environment.

Beverly will also host a paper circuits workshop where she will combine conductive materials (copper tape, conductive thread and ink, foil) – with paper, cardboard, tissue, and other fibers to make learning electronics engaging and accessible.

alt text

It’s going to be a wonderful event and we’re really excited about it! You can learn more about what’s going on and buy your tickets here. Hope to see you there!

comments | comment feed

Handheld games console – for REAL dummies

via Raspberry Pi

Here is the most rubbery review presenter we’ve ever met. Bryan Lunduke is here to show you how even a complete beginner whose hands are made from foam can build a games console from scratch, using a Raspberry Pi.

A tip, Bryan. I know you do not have hands that work (or, presumably, fingernails); but you’ll find that Pibow you’re using looks EVEN BETTER if you peel the backing paper off each layer!

What have you built with Arduino? Interview 14&15 #MFRome14

via Arduino Blog

beeuno

Maker Faire Rome video interviews – “What have you built with Arduino?” – A couple of new protagonists for our short series:

  • Bee Uno – Arduino-controlled DJ midi controller, interview with the makers

 

  • ITIS-LS – F. Giordani students’ quad ambient controller

Explore playlist on Youtube >>

Design a LEGO-compatible servo holder and print it with Materia 101

via Arduino Blog

Materiatut7

This week we are presenting you a new tutorial on 3d printing of Lego-compatible pieces with Materia 101. Kristoffer designed a brick with the parametric 3d modeler FreeCAD that can hold a small servo. Following the 10-step instructions  you can easily add wheels to robots built in LEGO and  use specific servos with different sizes.


Check the previous tutorials on 3d printing with Material 101

Interested in getting in touch and showing your experiments? Join Kristoffer on the Arduino forum dedicated to Materia 101 and give us your feedback.

materiatut7-3

SparkFun Live: Valentine’s Day Crafts

via SparkFun Electronics Blog Posts

It’s that time again - the drugstore aisles are slowly turning red and pink, and folks are leaving their hibernation stations and becoming increasingly affectionate, or bitter, or maybe both. Whether you love or hate Valentine’s Day, there’s no better way to say “I love you,” or “I eschew this consumerist pseudo-holiday but I still love you” than by avoiding the drugstore entirely and whipping up a blinking, homemade, physical manifestation of your feelings. That’s where we come in.

If you’ll be joining us on the 10th, the wishlist of parts is below. See you then!

comments | comment feed

Big Birthday Weekend – what’s happening, where and when

via Raspberry Pi

More than 1000 of you have signed up already to come to our Big Birthday Weekend at the end of February. Tickets for Saturday are now sold out, but there are still about 80 left for the Sunday event.

We’ve had lots of excited email from people who are coming, who want to know more about what we’ll be getting up to. Mike Horne (who many of you know as Recantha) and Tim Richardson, who run the Cambridge Jams and who are doing the lion’s share of the organising for this event, have been kind enough to provide an update for everybody. 

We’d like to say a HUGE thank you to Mike, Tim and Lisa Mather, who are all members of our wonderful community who have volunteered to do the massive bulk of the organisational work on this event for us for free – we’re a very small team and we simply couldn’t have managed this without them all. Thanks guys!

Hello everyone. Mike Horne and Tim Richardson here to update you on the Raspberry Pi Big Birthday Weekend.

What has been happening?

It has been quite a couple of weeks. On the 13th of January, we visited the University of Cambridge Computer Laboratory in the hope that it would act as the venue for the Raspberry Pi Big Birthday Weekend. We were incredibly impressed with the place and we would like to thank Professor Jon Crowcroft for making us feel so welcome and showing us around. It is a brilliant venue and we are very lucky to be able to hold it there.

University of Cambridge Computer Laboratory

Since that visit, it would be fair to say that we haven’t stopped! We opened up booking on the 14th January and since then we have sold over 1000 tickets across the two days and the party. The party sold out first, closely followed by the Saturday day event. There are still tickets available for the Sunday, and we are now running a waiting list for the Saturday. If you’d like to join us on the Sunday or join the waiting list, please register.

What will be happening at the Big Birthday Weekend?

Each person who has registered has been asked how they would like to be involved with the weekend, and we have been absolutely inundated with offers of talks, requests to join discussion panels, offers to help run workshops and to take part in show and tell. Mike has been collating all these different offers and requests and the timetables are now being worked on with Liz and the team at the Raspberry Pi Foundation. We hope to be able to release a firm programme within the next week after we’ve contacted everyone involved again. What we can say so far is the following:

  • We will have two lecture theatres and two workshop rooms.
  • Talks include: Andy Proctor, talking about his Raspberry Pi-enabled truck; Jonathan Pallant from Cambridge Consultants talking
    about their penguin and rhino monitoring stations; and a healthy education element (we’ve had loads of offers of education talks). There will be LOTS more – we’re just trying to sort through everything now!
  • Panels will include: a group of youngsters talking about how the Raspberry Pi has changed their lives; advice on running crowdfunding campaigns; a Foundation Education Team panel; a technical panel including Raspberry Pi engineers; and Q&As with all the people you know from the Foundation from social media and this blog.
  • Workshops will include: an introduction to integrating the Pi with electronics; a session for beginner Pi users which will  help them get set up; basic Minecraft programming skills; advanced Minecraft hacking with GPIO interfacing; a Scratch hackathon.

Party time!

On the Saturday evening there is, of course, a birthday party. We have had to limit this to 275 people, due to catering arrangements. Logistics for the party are being spearheaded by Lisa Mather and Tim. Lisa has been an absolute star for agreeing to help with the party, especially as she’s way up in Manchester. From there, she has been organising goodie bags and decorations and generally being brilliant, coming up with ideas to make the Lab look welcoming and exciting, as well as lending her party planning experience to help us not to miss anything! Tim and Lisa are also working out what Pi-powered party games we will be having, as well as organising Pi-powered music for the occasion.

Marketplace

Tim has also been organising the Marketplace for the event. The Marketplace will feature many well-known names in the Pi community including The Pi Hut, PiBorg, 4Tronix, Pimoroni and also a newcomer to the Pi arena: IQaudio who specialise in GPIO audio boards. We are hoping that there will be another couple of vendors joining us, but they need to confirm with us.

Robots!

We’re inviting anyone who has their own Raspberry Pi-based robot to bring it along to show it off. At Pi Wars we had a highly popular obstacle course. This course will be making an appearance at the Birthday Weekend (after Tim has carefully put it all back together again!) and you are invited to bring your own robot to try it out!

Picture from  www.pi-tutorials.co.uk

Picture from www.pi-tutorials.co.uk

Further information

One of the other things we have been working on with the Foundation team is an information page for the event. On this page you will find information on the venue, parking and where to stay in Cambridge if you require accommodation. We hope you’ll find the information there useful. If you have any questions about the event, please mail mike.horne@raspberrypi.org and we’ll attempt to answer them as best we can and then add that information, if appropriate, to the information page.

That’s it for now – we are aiming to keep you up-to-date with what has been happening every week, so don’t forget to keep on checking back!

Fifty speakers for an interactive sound sculpture

via Arduino Blog

hive_2_cu

Hive (2.0) is the second iteration of an interactive sound sculpture consisting of fifty speakers and seven audio channels. The sensors detect the proximity of people and Arduino manipulates audio according to it.

hive_2_ls-e1418336047882

It was created by Hopkins Duffield, a Toronto-based collaborative duo exploring ways to combine both new and familiar mediums with artistically technological practices. In this work they used Arduino Uno together with Max 6 / Max For Live.
Check the video to listen to the sculpture: