Anyone can hack a radio, but that doesn’t mean it’s easy: there’s a lot of mechanics that go into formatting a signal before you can decode the ones and zeros.
At his Shmoocon talk, [Paul Clark] introduced a great new tool for RF Reverse Engineering. It’s called WaveConverter, and it is possibly the single most interesting tool we’ve seen in radio in a long time.
If you wanted to hack an RF system — read the data from a tire pressure monitor, a car’s key fob, a garage door opener, or a signal from a home security system’s sensor — you’ll be doing the same thing for each attack. The first is to capture the signal, probably with a software defined radio. Take this data into GNU Radio, and you’ll have to figure out the modulation, the framing, the encoding, extract the data, and finally figure out what the ones and zeros mean. Only that last part, figuring out what the ones and zeros actually do, is the real hack. Everything before that is just a highly advanced form of data entry and manipulation.
[Paul]’s WaveConverter is the tool built for this data manipulation. Take WaveConverter, input an IQ file of the relevant radio sample you’d like to reverse engineer, and you have all the tools to turn a radio signal into ones and zeros at your disposal. Everything from determining the preamble of a signal, figuring out the encoding, to determining CRC checksums is right there.
All of this is great for reverse engineering a single radio protocol, but it gets even better. Once you’re able to decode a signal in WaveConverter, it’s set up to decode every other signal from that device. You can save your settings, too, which means this might be the beginnings of an open source library of protocol analyzers. If someone on the Internet has already decoded the signals from the keyfob of a 1995 Ford Taurus, they could share those settings to allow you to decode the same keyfob. This is the very beginnings of something very, very cool.
The Github repo for WaveConverter includes a few sample IQ files, and you can try it out for yourself right now. [Paul] admits there are a few problems with the app, but most of those are UI changes he has in mind. If you know your way around programming GUIs, [Paul] would appreciate your input.
Far too much stuff is wireless these days. Home security systems have dozens of radios for door and window sensors, thermostats aren’t just a wire to the furnace anymore, and we are annoyed when we can’t start our cars from across a parking lot. This is a golden era for anyone who wants to hack RF. This year at Shmoocon, [Marc Newlin] and [Matt Knight] of Bastille Networks gave an overview of how to get into hacking RF. These are guys who know a few things about hacking RF; [Marc] is responsible for MouseJack and KeySniffer, and [Matt] reverse engineered the LoRa PHY.
In their talk, [Marc] and [Matt] outlined five steps to reverse engineering any RF signal. First, characterize the channel. Determine the modulation. Determine the symbol rate. Synchronize a receiver against the data. Finally, extract the symbols, or get the ones and zeros out of the analog soup.
From [Marc] and [Matt]’s experience, most of this process doesn’t require a radio, software or otherwise. Open source intelligence or information from regulatory databases can be a treasure trove of information regarding the operating frequency of the device, the modulation, and even the bit rate. The pertinent example from the talk was the FCC ID for a Z-wave module. A simple search revealed the frequency of the device. Since the stated symbol rate was twice the stated data rate, the device obviously used Manchester encoding. These sorts of insights become obvious once you know what you’re looking for.
In their demo, [Marc] and [Matt] went through the entire process of firing up GNU Radio, running a Z-wave decoder and receiving Z-wave frames. All of this was done with a minimum of hardware and required zero understanding of what radio actually is, imaginary numbers, or anything else a ham license will hopefully teach you. It’s a great introduction to RF hacking, and shows anyone how to do it.
Right now, I’m at Shmoocon, and it’s living up to all expectations. That’s a tall order — last year, the breakout talk was from [Travis Goodspeed] on his efforts to reverse engineer the firmware for a cheap Chinese radio. Four people in the room for that talk last year bought the radio on Amazon, and now there’s a legitimate open source project dedicated to building firmware and tools to support this radio.
Now that [Travis] has a few compatriots working on firmware for this radio, he has the same challenges as any other team. The project needs unit tests, and this isn’t easy to do when all the code is locked up inside a radio. Instead of setting up an entire development platform based around a cheap radio, [Travis] came up with a toolchain that’s unlike anything I’ve ever seen. Instead of reverse engineering the firmware for this radio, he’s simply emulating the ARM firmware on the desktop. Development is quick and easy, and he has the live demos to prove it.
The heart of the Tytera radio in question is an STM32F405. This is a pretty common part, and thanks to [Travis]’ work last year, he has all the firmware that ships on this radio. This doesn’t mean he has access to all the radio’s capabilities, though; there’s a black box in the code somewhere that translates .wav files to radio packets and back again. Open sourcing this would usually mean reverse engineering, but [Travis] had a better idea.
Instead of reverse engineering the entire radio, [Travis] is using QEMU to emulate an ARM microcontroller on his desktop, run the relevant code, and completely ignore any actual reverse engineering. Since this radio is already jailbroken and the community has a pretty good idea of where all the functions and subroutines are in the firmware, the most difficult part of pulling this trick off is setting up QEMU.
As a proof of concept, [Travis] downloaded raw AMBE packets from the radio to his laptop. These were then sent through the emulated radio, producing raw audio that was then converted into a .wav file. Effectively, a black box in this radio was emulated, which means [Travis] doesn’t need to know how the black box works.
All the code for this weird emulation / unit test, as well as everything the community has released for this radio is available on the GitHub. A lot of work has gone into the jailbreaking, reverse engineering, and emulation efforts here, making this radio somewhat ironically one of the most open radios you can buy.
At the Hackaday SuperConference in November, Sophi Kravitz had the chance to look back on the past year of Hackaday.io, and what a great year it has been. Hackaday.io now has over 178k members who have published 12.6k projects with about 10% of those being collaborative team projects. But the numbers tell just a small story of the vibrant community Hackaday has.
The Hackaday crew made a trip to the desert to begin 2016. This resulted in the Hackaday Prize video which launched the engineering initiative which wrapped up with the awards ceremony at SuperCon. The video launched the 2016 Hackaday Prize, but not long after there were 80 different locations around the world that got together at the same time for World Create Day. Many of these meetups resulted in entries that joined the 550 projects submitted during the first challenge round of the contest. Of course the final number totaled more than 1000 projects!
The Hackaday Community grew its live meetups this year. The Hackaday MakeIt NYC meetup is a monthly gathering founded in 2016. The Hackaday LA meetup continues to flourish, with meetings now held at the freshly opened Supplyframe Design Lab every month.
The social interactions on Hackaday.io continue to grow. The Hacker Channel is the place to start. Interact with your fellow hackers any time you want, and join in the organized Hack Chats like this Friday’s Eagle chat. The Jobs Board is just one year old now and is a great place to find or advertise jobs. And there’s been a ton of community interaction around special projects like the Traveling Hacker Box.
Perhaps one of the most interesting surprises in 2016 was the Square-inch Project. This is a completely community organized contest started by [alpha_ninja]. But like any good idea on Hackaday.io, it didn’t take long to find help with the wildly-popular contest. The challenge was to lay out a meaningful circuit using one-square-inch of PCB. There were nearly 80 entries!
We’re not even halfway through January, and already the conference season is upon us. This weekend, Hackaday will be attending Shmoocon at the Hilton in Washington, DC. I’ll be there getting the full report on Russian hackers, reverse engineering, and what the beltway looks like with an ice storm during morning rush hour.
There are only a handful of people who can say they’ve built several successful electronic badges for conferences. Voja Antonic is not just on that list, he’s among the leaders in the field. There are a lot of pressures in this type of design challenge: aesthetics, functionality, and of course manufacturability. If you want to know how to make an exposed-PCB product that will be loved by the user, you need to study Voja’s work on the 2016 Hackaday SuperConference Badge. The badge is completely open, with all the design files, firmware, and a manual on the badge project page.
Between travelling from Belgrade to Pasadena and guiding production of 300 badges across the finish line before the conference deadline Voja took ill. He made it to the conference but without a voice he asked me to give his badge design talk for him. You can check that talk out below but let’s touch briefly on why Voja’s design is so spectacular.
The point of a conference badge is for attendees to wear them around their necks. This makes aesthetics as important as any other aspect of the design. Every single person will interact with the badge in this manner.
Voja’s approach was to come up with a series of board outlines and major component placements (in wireframe). He then sought input from many different people to help narrow down a half dozen designs to a single idea. With a design chosen, Voja tweaked the color scheme, ran a batch of prototypes, and started populating boards.
His final refinements are what make the badges so beautiful. He moved from black glossy solder mask to black matte, matched the silk screen color to the color of the auxiliary buttons and the hue of the non-illuminated LEDs. The shape, the component placement (LEDs and buttons on a 45 degree angle) and the choice of edge-mounted battery holders made less bulky with a PCB cut-out are all iconic design elements.
Design has some effect on price (can it be manufactured?) but hardware choices are the biggest driver of this. The badge has three ICs on it, the PIC18F25KL50, an LED driver, and the accelerometer. The rest is fairly straight-forward, an IR receiver, mini-B USB jack, LEDs, buttons, and passives. The point is that there’s nothing truly exotic here. Used well, common components have no trouble creating a device people will love. Sticking within the BOM cost is another issue altogether. We kept it close to our goal, but that’s because a lot of labor from our team didn’t figure into the bottom line. Read more about our tale of manufacturing.
An electronic conference badge is a failure if it only hangs around an attendee’s neck. People need to interact with these badges and for that Voja added a Tetris game, scrolling messages that can can be customized with an IR kiosk at the con, and a gravity simulation using the accelerometer
The underpinnings are a USB bootloader that our friends as Microchip provided. This added USB mass storage support to the badge. Voja wrote a ‘kernel’ that runs in protected bootloader space which takes care of all the low-level hardware handling. This combination makes the badge perfect for all skill levels.
Everything is memory mapped — LEDs control buffer, debounced button reads, RX and TX on the IR bus, accelerometer data subroutine calls, timing, and random numbers. And Voja’s clever implementation throws interrupts to user space first. Most users will redirect this back to the bootloader but seasoned embedded programmers can get full access to the hardware simply by not giving control back to the kernel.
These features are a huge win for the firmware. But Voja wrote a second firmware. He didn’t reveal it until the con had already started. This alternative could be flashed to the badge by the users to take on the crypto challenge.
Voja Antonic is an amazing hardware creator. Looking though his back catalog of projects you will be amazed by his Dali clock and his FR4 enclosures. He sets an example for all to follow — you should be a great hardware engineer, a great designer, and include amazing documentation in your designs. This conference badge hits all of those benchmarks and then some.
CES is over, and now we can take a step back, distance ourselves from the trade show booths, and figure out where 3D printing will be going over the next year.
The Hype Cycle is a great way to explain trends in fads and technological advances. VR and autonomous cars are very early on the Hype Cycle right now. Smartphones are on the plateau of productivity. 3D printing is head-down in the trough of disillusionment.
For this year’s CES, 3D printing is not even a product category. In fact, the official documentation I found at Prusa’s booth listed their company in the ‘Assistive Technologies’ category. These are dark days for the public perception of 3D printing. The source of this perception can be brilliantly presented in a pair of graphs:
The perception of 3D printing has been tied inexorably to Makerbot. Makerbot presented the only 3D printer on The Colbert Report. Only Makerbot had their 3D printing storefronts featured on CNN. It’s been like this for half a decade, and hopefully things will get better.
This doesn’t mean 3D printing isn’t improving. In fact, it’s the best it’s ever been. CES had the most innovative printers I’ve seen in years. I caught a glimpse of this year’s top-selling printer (and it launches in April). Resin machines are going to be very popular soon. What did CES have to offer? Check it out below.
Large 3D printers have been around for years now. That’s not to say building a large form factor 3D printer is easy – the strength of materials doesn’t scale linearly, and all that stuff Galileo figured out 400 years ago and whatnot. I need only to point at the Part Daddy as evidence of how hard it is to make a truly huge printer.
However, this year we’re seeing some interesting approaches to building bigger printers. The Cronus from Titan Robotics is a five-toolhead machine using very advanced slicing algorithms to print large objects faster. The Cronus is based on Autodesk’s work on Project Escher (and there’s a Cronus at Pier 9), to use multiple extruders and nozzles to print a single object. It’s very, very heady stuff and it’s awesome to see this in the wild.
The zSLTV is a resin printer, but unlike every other resin printer that either pulls a part up or sinks a part down into a pool, this thing prints sideways. Basically, it’s a giant tub with a Z (X? or Y?) platform submerged in resin. On one side of the tub is an LCD and a few UV LEDs. It’s huge, fast, and very high resolution. Yes, you’ll need 60 or 70 gallons of resin, but if you need this capability you probably don’t care much about cost.
This year, Monoprice is doubling down on inexpensive machines with a $150 delta printer, and what might be the least expensive resin printer we’ve seen. There’s going to be a second version of the MP Mini Select, with improvements taken directly from the community’s tinkerers. Next month, Monoprice will release their top-of-the-line resin printer, at a price comparable to the Form1s and other high-end STL printers on the market. Also of note in the Monoprice suite is the MP 3Series Commercial Printer, referred to by the Monoprice team as the ‘3Mill’. This will be available for $800 in a few months.
A year or two ago, it seemed every company was presenting a 3D printer at CES. This year? Not so much. The Bosch booth didn’t have a Dremel printer on display, but Polaroid did have this tiny cube of a printer:
Hardware isn’t any good without the software to drive it, and this year Lulzbot is taking the lead with some great announcements. The software stack has always been the weak point of resin printing, and now Lulzbot is working with Monkeyprint to improve the state of SLA printing. They’re working on their own edition of Cura, and the Blender Foundation is getting some help from Lulzbot.
The MarkForged booth was showing off some impressive parts printed in metal. Their system uses powdered metal contained in a filament. After printing is complete, this plastic is dissolved and the part is sintered. It’s an expensive machine at around $100k, but it’s still a very interesting technology.
All filament 3D printers have a basic problem with the strength of the parts they produce. Parts are strong on the X and Y axis, but not on the Z axis because inter-layer bonding is the weak link. Essentium Materials has the solution. They’re producing a line of filament clad in a very thin layer of carbon. Once the part is printed, it’s heated with RF, bonding the individual layers to each other. It’s a clever solution, and relatively simple to implement on existing printers.
Looking forward to 2018
What does the future hold for 3D printing? It’s going to take a while for the general public to realize that you can do more than print low-poly Pokemon. Until that time, we’re happy to sit back and enjoy the best 3D printing has to offer. The technology has never been better, and it’s only going to improve from here.
CES 2017 is finally over, but one question has yet to be answered: which Internet of Thing is Best Internet of Thing?
Astonishing new devices
CES is the Mecca for new, interesting, and innovative hardware. Every year, one device amazes the crowds with incredible engineering. This year it was something phenomenal: a laptop with multiple displays. The Thinkpad W701ds is a work of art. It’s a mobile workstation with two independent displays. Oh, yeah, the Razer thing.
Razer, manufacturer of computer peripherals that break far too easily, introduced a concept 3-screen laptop. Is it very, very cool? Yes. Is it practical? Those displays will suck down a lot of power and will introduce ‘nerdspreading’ to the lexicon.
Drones are now a commodity. I found dozens of Phantom clones, ready to fly FPV quads, and even some big hex- and octocopters that will lift a cinema camera. They’re all cheap, they’re all pretty much the same. What’s missing? Fixed wings.
Underwater ROVs outnumbered autonomous fixed wing aircraft at CES this year. This is conclusive evidence that the pendulum has swung too far to the multicopter side of aviation. Sooner or later, someone is going to figure out fixed wing aircraft can carry more payload a longer distance. If you’re looking for a startup idea, there you go: build fixed wing drones because physics doesn’t change when the aircraft is autonomous.
With that said, here are some pics of the aircraft I found interesting
The Yuneec is not a drone. This is a two seat, single engine, LSA (easy and cheap to get a license, although the LSA market is crap) electric aircraft. It has a v-tail, which means it’s cool. This thing actually flies, and if you want to fly this plane, the FAA will let you.
The Ehang 184 is a single-seat aircraft, but there is no pilot. It’s a self-flying car, and will never be certified by the FAA. The red navigation lights are in the front, and the green navigation lights are on the back. This makes sense if it always flies sideways.
The Ehang 184 is so supremely idiotic it’s only value to the world is to people watch the gawkers at the Ehang CES booth. Even then, you become terrified by the fact that the general population thinks a pilotless, manned aircraft is a good idea.
‘Home Robots’ made a big showing at this year’s CES, and it looks like this is the future:
[David Krum] is associate lab director at the Mixed Reality Lab at the Institute for Creative Technologies at USC. That puts him at the intersection of science and engineering: building cool virtual reality (VR) devices, and using science to figure out what works and what doesn’t. He’s been doing VR since 1998, so he’s seen many cool ideas come and go. His lab was at the center of the modern virtual reality explosion. Come watch his talk and see why!
What is Virtual Reality, Really?
We all know what VR is, right? It’s that trope in sci-fi where you’re stuck in the Matrix, unable to tell that you’re not actually in the real world. All of your senses are simulated so well that you’re fooled into generating power for the hive mind. [David] has slightly more realistic goals.
For [David], it’s about immersion. And the gold standard for him is that immersive VR makes you act as if the VR world were real. It’s not that you can’t tell the difference between the real and the virtual, but that you behave in and react to the VR world in the same ways that you would to the real. If you’re engaged, the VR experience is a success.
If the goal is a VR world that helps train military or pilots to operate their machines and work in teams, does it matter that they can’t actually tell what the inside of a tank smells like? Instead, what’s important is that the “sensorimotor contingencies” are right — that what you’re doing affects the world in the right ways. In the earliest Oculus Rift headsets, for instance, they only tracked motion with a gyro, so you could look around the world as if you were in a fishbowl. But when you strafed (moved your head side to side) it wouldn’t react. Later versions fixed that, and became significantly more immersive.
But VR is not all about the hardware. How the scenarios are crafted and even the quality of the art matter a lot. In one of the more poetic moments of the talk, [David] insisted that you should be able to leave footprints in the sand. He was talking about how the user changes the virtual world, but he’s equally interested in how the VR world changes the user.
In all of these metrics, VR has made tremendous progress in the last decade, and [David] thinks it’s going to continue. What made this all possible? Affordable VR headsets. When a VR headset cost $60,000 per unit, no matter how immersive the experience was, nobody was going to use it for teaching children, or as therapy for stroke patients. With cell-phone-based units as cheap as $10, the landscape is dramatically different.
For [David], the Oculus Rift was the breakthrough device, because it demonstrated that there was market demand for a “cheap” VR device and encouraged other companies to make competing products.
The Myth(ology) of the Garage
So where did the Oculus Rift come from? If you believe their marketing hype, it was created by a genius gamer kid alone in his parents’ basement, who overcame all of the stumbling blocks that had plagued VR for decades. This plays into the Silicon Valley mythos of the company that starts off in the garage and goes on to change the world, and [David] gives the story a refreshing debunking.
HP “started” out of a garage. Well, kinda. The early prototyping and R&D actually took place in a lab at Stanford University. Apple started in Steve Jobs’ garage, right? There was no design or manufacture done there, but they did use it for testing and temporary warehousing before shipping computers to stores. Most of the conceptual work was done in a space at the Stanford Linear Accelerator, and of course in the community of the Homebrew Computer Club. Google had a garage — that they rented out after they had a few million dollars in seed investment. But of course, the initial work on Page Rank was already done by then. And when was that work undertaken? While Sergey and Larry were graduate students at Stanford.
The point is, the Silicon Valley garage mythos is a myth. The idea of the special whiz kids working along in their garage or basement just doesn’t stand up. In all of these cases, the founders were actually part of a larger community that was working on the problem. And in all of these cases, the community was also an academic one, but there’s no reason to think that the next big ideas won’t be coming out of well-equipped hackerspaces or anywhere that there’s a “community and a culture that creates and shares ideas”. (We’ll take that as an unintended compliment!)
[David]’s lab has been interested in making low-cost VR a possibility since 2010. In 2012, for instance, they built a cardboard VR device with lenses that you could slip your cell phone into. They were able to make them so inexpensively, using a laser cutter, that they gave them out for free at a conference. In 2014, we’d see this idea hit the mainstream as the Google Cardboard.
They’d been doing smartphone-based VR work since 2011. Some people at Samsung actually wrote them an e-mail thanking them for open-sourcing their work and inspiring the development path for the Samsung Gear VR headset. And, of course, [David]’s lab hired and trained a young kid as a technician, who would later go on to found Oculus VR. “In his garage.”
Now that VR headsets are ubiquitous and cheap, what’s next on the horizon? It’s no secret that VR is going to be dominated by gaming for the next decade. But [David] has hopes for other uses as well: using VR to make us better artists, engineers, builders, and makers. VR will also have a role in education, as people can take tours and interact with machines that they never could in real life.
[David]’s fear about the future of VR is that, as the major gaming companies fight to segment up the industry, it will lead to walled gardens. If you want to play Sony’s games, you need to buy their headset, pay for the games in their store, and essentially confine yourself to their world — and contributing to their bottom line. But if we can avoid falling into that trap, [David] sees a lot of new and interesting opportunities for VR. You know how sometimes you have to walk back downstairs to remember what you were thinking about when you were in the kitchen? That “context-dependent memory” is an interesting area of VR research. There’s a lot to learn about people in VR: how people interact with virtual characters, and what that says about our ideas of personal space. And there are opportunities for therapy. [David]’s lab does work with stroke victims, testing if moving their arms in a VR world can help them to regain control over their own real limbs.
Then there are open avenues in making VR itself better. [David]’s lab did some especially neat work integrating stop-motion animation into a VR context. It turns out that the real-world textures, lighting, and other cues can help make objects seem more real than just a collage of polygons would. And one of the coolest applications was actually an extension of the cardboard viewer: a 3D printed overlay for a tablet computer that allows the top third of the screen to function as a shareable VR platform, while the lower part is visible by everyone in a small group. This “casual VR”, where people can pass the tablet around without having to strap on invasive headsets, promises to make the technology a much better fit for ad-hoc group collaboration.
The Final Lesson
The new boom in VR didn’t come out of nowhere — it came out of work done across research labs like [David]’s, working in the open and sharing their innovations. These are folks who’ve been working on VR since the 1960’s, and the ideas behind the new crop of headsets are nearly that old. The technology has caught up, with higher resolution screens and better graphic processing, of course. But what really drove companies to invest, compete with each other, and eventually drive the revolution forward, is that prototypes were built that demonstrated the possibilities of a less-expensive VR experience. How’s that for a moral to warm the hacker’s heart?
Lulzbot is the poster child of the RepRap project. Everything they do is big-O Open. At CES, Lulzbot launched the MOARstruder, a tool head with a 1.2mm nozzle diameter. That pushes a lot of plastic out, allowing for faster print times. This is the same nozzle diameter as the largest E3D Volcano, and from the big prints sitting around the booth, the results are similar: you get faster prints at larger layer heights, and the layer lines become a design feature.