As we’ve mentioned previously, the integrity of your vehicle in an era where even your car can have a data connection could be a dubious bet at best. Speaking to these concerns, a soon-to-be published paper (PDF) out of the University of Birmingham in the UK, states that virtually every Volkswagen sold since 1995 can be hacked and unlocked by cloning the vehicle’s keyfob via an Arduino and software defined radio (SDR).
The research team, led by [Flavio Garcia], have described two main vulnerabilities: the first requires combining a cyrptographic key from the vehicle with the signal from the owner’s fob to grant access, while the second takes advantage of the virtually ancient HiTag2 security system that was implemented in the 1990s. The former affects up to 100 million vehicles across the Volkswagen line, while the latter will work on models from Citroen, Peugeot, Opel, Nissan, Alfa Romero, Fiat, Mitsubishi and Ford.
The process isn’t exactly as simple as putting together $40 of electronics and walking away with a vehicle. The would-be thief must be close in order to detect the fob’s unique key — although they only need to do so once for that vehicle! — as well as reverse-engineer the other half of the code from the vehicle’s internal network. Exploiting HiTag2’s vulnerabilities to unlock the vehicle can be achieved within a minute by a well-prepared thief. [Garcia] and his team note that only the VW Golf 7 has been spared from this exploit.
If thievery is not your thing and you’re looking to white-hat hack your vehicle, Volkswagen still has the best option in the form of the loveable Beetle.
The folks at Swindon Makerspace took possession of a new space a few months ago after a long time in temporary accommodation. They’ve made impressive progress making it their own, and are the envy of their neighbours.
A small part of the new space is a temperature logger, and it’s one whose construction they’ve detailed on their website. It’s a simple piece of hardware based around a Dallas DS18B20 1-wire temperature sensor and an ESP8266 module, powered by 3 AA batteries and passing its data to data.sparkfun.com. The PCB was created using the space’s CNC router, and the surface-mount components were hand-soldered. The whole thing is dwarfed by its battery box, and will eventually be housed in its own 3D printed case. Sadly they’ve not posted the files, though it’s a simple enough circuit that’s widely used, it looks similar to this one with the addition of a voltage regulator.
The device itself isn’t really the point here though, instead it serves here to highlight the role of a typical small hackspace in bringing simple custom electronic and other prototyping services to the grass roots of our community. Large city hackspaces with hundreds of members will have had the resources to create the space program of a small country for years, but makers in provincial towns like Swindon – even with their strong engineering heritage – have faced an uphill struggle to accumulate the members and resources to get under way.
So to the wider world it’s a simple temperature logger but it really represents more than that — another town now has a thriving and sustainable makerspace. Could your town do the same?
Step one was to make sure that the thing works. Normally, you’d hook up a wired serial terminal and start hacking. [Ncrmnt] took it one step further and wired in a HC-05 Bluetooth serial module, so he can pull up the debug terminal wirelessly. The rest of the hackery was just crafting a bootable SD card and poking around in the Android system that was still resident in the flash memory of the system.
Once the board was proven workable, [Ncrmnt] designed and printed a sweet custom case using Solvespace, a constraint-based 3D CAD modeler that was new to us until recently. The case (after three prints) was a perfect fit for the irregularly shaped system board, a 3.7 V LiIon battery, and a speaker. He then added some nice mounting tabs. All in all, this is a nice-looking and functional mini-computer made out of stuff that was destined for the trash. It’s fast, it’s open-source, and it’s powerful. Best of all, it’s not in the dumpster.
One of the installations that consistently drew a large crowd after dark at EMF Camp 2016 was a game. This wasn’t a conventional computer game though, instead it was a line of gas jets along which a pair of players had to bat a jet of flame between them at ever-increasing speed until one player missed the return. This was the Fire Pong game created by members of Nottingham Hackspace, and though there seems to have been no online write-up of it as yet they have posted enough pictures of its build for us to deduce something of its construction.
If you will excuse the quality constraints of a mobile phone camera in a darkened field, a video of the game in action is below the break. There was a significant queue for a turn at the bat, this was one of the event’s more popular night-time attractions.
The Scottish Consulate has stamped its last passport, the Dutch fire tower has belched its final flame, and the Gold Members Lounge has followed the Hacienda and the Marquee into clubland oblivion. EMF Camp 2016 is over, so all the 1500 or so attendees have left are the memories, photographs, and festival diarrhoea to remind them of their three days in the Surrey countryside.
Well, not quite all, there is the small matter of the badge.
The badge features an STM32L486VGT6 ARM Cortex M4 running at 80MHz, a 320×240 pixel colour LCD, magnetometer and accelerometer, and a CC3100 WiFi processor. The firmware provides a simple interface to an app store containing an expanding array of micropython apps from both the EMF Camp team and submitted by event attendees. As shipped the badge connects to one of the site networks, but this can be adjusted to your own network after the event. It’s been designed for ease of hacking, requiring only a USB connection and mounting as a disk drive without need for special software or IDE. A comprehensive array of I/O lines are brought out to both 0.1″ pitch pins and 4mm edge-mounted holes. At the EMF Camp closing speeches there was an announcement of a competition with a range of prizes for the best hardware and software uses for the badge.
As is so often the case the badge was not without its teething troubles, as the network coped with so many devices connecting at once and the on-board Neopixel turned out to have been mounted upside down. Our badge seemed to have a bit of trouble maintaining a steady network connection and apps frequently crashed with miscellaneous Python errors, though a succession of firmware updates have resulted in a more stable experience. But these moments are part of the badge experience; this is after all an event whose attendees are likely to have the means to cope with such problems.
All the relevant files and software for the badge are fully open-source, and can be found in the EMF Camp GitHub repositories. We’ve put a set of images of the board in a gallery below if you are curious. The pinout images are courtesy of the EMF badge wiki.
In order to help his friend prepare for a talk at DEFCON this weekend, [Craig] built an IR photodiode amplifier circuit. The circuit extended the detection range of the hack from a few inches to a few feet. We’re suckers for some well-designed analog circuitry, and if you are too, be sure to check out the video embedded below.
The talk concerns fingerprinting cellphones by the IR emissions that their proximity sensors emit. These sensors are there to tell the phone whether the phone is being held up to your ear, for instance. Of course, if the IR emitter in the proximity sensor were running all the time, it would be a battery drain, so the manufacturers turn them on only intermittently. If different manufacturers use different patterns, you can fingerprint the phones — if you can detect the IR from a long enough distance to be useful.
And that brings us to IR photodetector amplifiers. The circuit is “almost” a simple op-amp current-to-voltage (transimpedance) amplifier. But there are complications. To get very high gain, the circuit becomes prone to oscillating due to the inherent capacitance of the photodiode, so there’s a damping capacitor in the feedback loop. To avoid slamming rail to rail, [Craig] biases the positive input and adds some diodes in the feedback loop to reduce the output range. Since the output is going into a microcontroller, it’s run through a comparator to make it nice and digital. Finally, [Craig] used a nice big photodiode with good sensitivity.
We wonder why [Craig] spent so much effort keeping the first-stage op-amp out of saturation when he’s following it with a comparator anyway. Anyone?
Anyway, being able to detect IR pulses from far away is cool. And did you know that you can use photodiodes to detect (beta and gamma) radiation? The same caveats about oscillation and signal conditioning apply!