Feed aggregator

TeensyStep – Fast Stepper Library for Teensy

Hackaday - 3 hours 12 minก่อน

The Teensy platform is very popular with hackers — and rightly so. Teensys are available in 8-bit and 32-bit versions, the hardware has a bread-board friendly footprint, there are a ton of Teensy libraries available, and they can also run standard Arduino libraries. Want to blink a lot of LED’s? At very fast update rates? How about MIDI? Or USB-HID devices? The Teensy can handle just about anything you throw at it. Driving motors is easy using the standard Arduino libraries such as Stepper, AccelStepper or Arduino Stepper Library.

But if you want to move multiple motors at high micro-stepping speeds, either independently or synchronously and without step loss, these standard libraries become bottlenecks. [Lutz Niggl]’s new TeensyStep fast stepper control library offers a great improvement in performance when driving steppers at high speed. It works with all of the Teensy 3.x boards, and is able to handle accelerated synchronous and independent moves of multiple motors at the high pulse rates required for micro-stepping drivers.

The library can be used to turn motors at up to 300,000 steps/sec which works out to an incredible 5625 rpm at 1/16 th micro-stepping. In the demo video below, you can see him push two motors at 160,000 steps/sec — that’s 3000 rpm — without the two arms colliding. Motors can be moved either independently or synchronously. Synchronous movement uses Bresenham’s line algorithm to plan motor movements based on start and end positions. While doing a synchronous move, it can also run other motors independently. The TeensyStep library uses two class objects. The Stepper class does not require any system resources other than 56 bytes of memory. The StepControl class requires one IntervallTimer and two channels of a FTM  (FlexTimer Module) timer. Since all supported Teensys implement four PIT timers and a FTM0 module with eight timer channels, the usage is limited to four StepControl objects existing at the same time. Check out [Lutz]’s project page for some performance figures.

As a comparison, check out Better Stepping with 8-bit Micros — this approach uses DMA channels as high-speed counters, with each count sending a pulse to the motor.

Thanks to [Paul Stoffregen] for tipping us off about this new library.

Filed under: Microcontrollers

Snazzy Balun Lets Ham Use Off-The-Shelf Coax

Hackaday - 6 hours 12 minก่อน

It’s a dilemma many hams face: it’s easy to find yourself with a big spool of RG-11 coax cable, usually after a big cable TV wiring project. It can be tempting to use it in antenna projects, but the characteristic impedance of RG-11 is 75 Ω, whereas the ham world is geared to 50 Ω. Not willing to waste a bounty of free coax, one ham built a custom 1:1 current balun for a 75 Ω dipole.

Converting between balanced and unbalanced signals is the job of a balun, and it’s where the device derives its name. For hams, baluns are particularly useful to connect a dipole antenna, which is naturally balanced, to an unbalanced coax feedline. The balun [NV2K] built is a bifilar 1:1 design, with two parallel wires wound onto a ferrite core. To tweak the characteristic impedance to the 75 Ω needed for his antenna and feedline, [NV2K] added short lengths of Teflon insulation to one of the conductors, which is as fussy a bit of work as we’ve seen in a while. We appreciate the careful winding of the choke and the care taken to make this both mechanically and electrically sound, and not letting that RG-11 go to waste is a plus.

With as much effort as hams put into antenna design, there’s a surprising dearth of Hackaday articles on the subject. We’ve talked a bit about the Yagi-Uda antenna, and we’ve showcased a cool magnetic loop antenna, but there’s precious little about the humble dipole.

[via r/amateurradio]

Filed under: radio hacks

Dubai Police Test Quadcopter Motorcycle

Hackaday - 9 hours 11 minก่อน

If you ever wish you could be on your quadcopter when you fly it, you will really want to see the video showing the Dubai police department testing the Hoverbike. The Russian company Hoversurf that markets the device doesn’t provide a lot of technical details, but it looks fairly simple. It is basically a motorcycle seat along with a big quadcopter. From the videos about the device, you can deduce that the pilot can control it or you can fly it remotely. You can see one of the videos, below.

There are a few things that worry us here. Of course, the huge spinning propellers as the pilot’s knee level should give you sweaty palms. In the demo, they even show the removal of the propeller guards before the test flight but let’s be honest, those don’t look like they would keep a falling pilot out of the rotors at all anyway. When looking beyond the hype we find it curious that the demo doesn’t show many (if any) shots of the pilot making a turn. The benefit of a vehicle like this to police should be maneuverability and from what we saw the Hoversurf is still limited.

So is it real? Hard to say. The short videos mostly show vertical or horizontal flight with no maneuvering. Is it hard to turn? Is the battery life really short? One other oddity: When we first saw a letter from the US Patent Office on their site, we thought they might have some new technology. However, that letter is simply showing they registered a trademark and doesn’t reference a patent. If there is a patent we want to know what is new and novel here.

Of course, we know it’s possible to build such a machine since we saw [Colin Furze] do it with two rotors instead of four. The US Department of Defense is working on something with a company called Malloy and there are other practical examples. There are also some less practical examples. What we’re really on the lookout for is a product that works so well it will actually be used. You know, like those Segways that airport police use, right?

We hope Hoversurf can bring this to market because we definitely want one. There’s no reason to think they can’t, but we do wish there were more details forthcoming.

Filed under: drone hacks, news

Echo Dot Finds Swanky New Home In Art Deco Speaker

Hackaday - 12 hours 12 minก่อน

The phrase “They don’t make them like they used to” is perhaps best exemplified by two types of products: cars and consumer electronics. Sure, the vehicles and gadgets we have now are so advanced that they may as well be classified as science-fiction when compared to their predecessors, but what about that style. Our modern hardware can rarely hold a candle to the kind of gear you used to be able to buy out of the “Sears, Roebuck and Company” catalog.

So when [Democracity] came into possession of a wickedly retro art deco speaker, it’s no surprise he saw it as a perfect opportunity to bring some of that old school style into the 21st century by rebuilding it with an Amazon Echo Dot at its core. The fact that the original device was a speaker and not a full radio made the conversion much easier, and will have everyone trolling yard sales for months trying to find a donor speaker to build their own.

To start the process, [Democracity] popped the panels off and ripped out what was left of the speaker’s paper cone and coil. In a stroke of luck, the opening where the driver used to go was nearly the perfect size to nestle in the Echo Dot. With a 3D printed cradle he found on Thingiverse and a liberal application of epoxy, the Dot could get snapped into the speaker like it was always meant to be there.

[Democracity] then picked up some absolutely gorgeous speaker cloth on eBay and hot glued it to the inside of the panels. What was presumably the volume knob was pulled out of the bottom and turned out to be a perfect place to run the Dot’s USB cable out of.

A lesser man would have called this project completed, but [Democracity] knows that no hack is truly complete without the addition of multicolored blinking LEDs. With the RGB LED strips installed inside, the light is diffused through the cloth panels and creates a pleasing subtle effect. You can almost imagine a couple of vacuum tubes glowing away inside there. Judging by the final product, it’s no surprise [Democracity] has a fair bit of experience dragging audio equipment kicking and screaming into the modern era.

This isn’t the first time we’ve seen an old piece of audio equipment get a high-tech transfusion, and isn’t even the first time we’ve seen the Dot used to do it. But it’s certainly the one we’d most like to see sitting on our shelf.

Filed under: classic hacks, home entertainment hacks, led hacks

Skyworld shows off convertible PC with Intel Gemini Lake processor a bit early

Liliputing - 12 hours 50 minก่อน

Intel hasn’t formally launched its upcoming Gemini Lake chip family yet, but it’s pretty much an open secret at this point that the next-gen low-power Celeron and Pentium chips are on their way. In fact, it’s such an open secret that a Chinese PC maker is already showing off a convertible tablet-style notebook powered by […]

Skyworld shows off convertible PC with Intel Gemini Lake processor a bit early is a post from: Liliputing

Google Pixel 2 can ID 17,000+ songs without an internet connection

Liliputing - 13 hours 55 minก่อน

One of the cooler/weirder features Google is introducing with the Pixel 2 and Pixel 2 smartphones is called Now Playing. At first glance, it seems like something phones have been able to do for years: recognize music that’s playing nearby and tell you the name of the artist and song. But unlike other song ID […]

Google Pixel 2 can ID 17,000+ songs without an internet connection is a post from: Liliputing

Aussies Propose Crackdown On Insecure IoT Devices

Hackaday - 15 hours 12 minก่อน

We’ve all seen the stories about IoT devices with laughably poor security. Both within our community as fresh vulnerabilities are exposed and ridiculed, and more recently in the wider world as stories of easily compromised baby monitors have surfaced in mass media outlets. It’s a problem with its roots in IoT device manufacturers treating their products as appliances rather than software, and in a drive to produce them at the lowest possible price.

The Australian government have announced that IoT security is now firmly in their sights, announcing a possible certification scheme with a logo that manufacturers would be able to use if their products meet a set of requirements. Such basic security features as changeable, non-guessable, and non-default passwords are being mentioned, though we’re guessing that would also include a requirement not to expose ports to the wider Internet. Most importantly it is said to include a requirement for software updates to fix known vulnerabilities. It is reported that they are also in talks with other countries to harmonize some of these standards internationally.

It is difficult to see how any government could enforce such a scheme by technical means such as disallowing Internet connection to non-compliant devices, and if that was what was being proposed it would certainly cause us some significant worry. Therefore it’s likely that this will be a consumer certification scheme similar to for example the safety standards for toys, administered as devices are imported and through enforcement of trading standards legislation. The tone in which it’s being sold to the public is one of “Think of the children” in terms of compromised baby monitors, but as long-time followers of Hackaday will know, that’s only a small part of the wider problem.

Thanks [Bill Smith] for the tip.

Baby monitor picture: Binatoneglobal [CC BY-SA 3.0].

Filed under: security hacks

Hackaday Prize Entry: Giving Phones Their Tactile Buttons Back

Hackaday - 16 hours 42 minก่อน

In the before-times, we could send text messages without looking at our phones. It was glorious, and something 90s Kids™ wish we could bring to our gigantic glowing rectangles stuck in our pocket. For his Hackaday Prize Entry, [Kyle] is bringing just a little bit of this sightless functionality back to the modern smartphone. He’s building a tactile remote control for smartphones. With this device, you can navigate through icons, push buttons, and even zoom in on maps with real, physical controls.

This keyboard is built around a handful of Cherry MX mechanical key switches for a great tactile feel, and a single capacitive touch strip for zooming in and out on the screen. This is pretty much exactly what you want for real, mechanical buttons for a smartphone — a satisfying click and a zoomy strip. The microcontroller used in this device is the BGM111 Bluetooth LE module from Silicon Labs. It’s an extremely low-power module that is able to read a cap touch strip and a few button inputs. Power is provided by a 2032 coin cell, giving the entire device a low profile form factor (except for the MX switches, but whatever), and more than enough run time.

It should be noted that [Kyle] is building this as a solution to distracted driving. True, looking down to send a quick text while driving is the cause of thousands of deaths. However, while typing out a quick note with a T9 keyboard on your Nokia seems like it’s less dangerous, it’s really not. Doing anything while driving is distracted driving, and there are volumes of studies to back this up. Outside the intended use case, this is a fantastic project that uses a neat little Bluetooth module we don’t see much of, and there are some pretty cool applications of a tiny wireless mechanical keyboard with cap touch we can think of.

The HackadayPrize2017 is Sponsored by:
Filed under: The Hackaday Prize

Chrome for Windows gets new anti-malware tools

Liliputing - 16 hours 57 minก่อน

Odds are that if you’ve got malware on your PC, it came from something you accidentally downloaded through a web browser. Sometimes that means something you click installs a hidden application on your PC. Sometimes it can affect the browser itself. So while anti-virus and anti-spyware programs can help keep you safe, Google is updating […]

Chrome for Windows gets new anti-malware tools is a post from: Liliputing

Active Discussion About Passive Components

Hackaday - 18 hours 11 minก่อน

People talk about active and passive components like they are two distinct classes of electronic parts. When sourcing components on a BOM, you have the passives, which are the little things that are cheaper than a dime a dozen, and then the rest that make up the bulk of the cost. Diodes and transistors definitely fall into the cheap little things category, but aren’t necessarily passive components, so what IS the difference?

Resistors, Capacitors, Inductors, Transformers, Diodes*, and Memristors

That’s the list. Those are your passive components. Well, it’s not that easy. Also add in a bunch of types of sensors, because they are still passive. A photoresistor is a sensor but it’s still a resistor, even though its resistance changes based on an external influence. Any sensor whose measurement is a change in resistance, capacitance, or inductance still qualifies as a passive device. Also for fun let’s add a piezo buzzer.

The memristor is weird because it has only recently been proven to exist despite being theorized in the 70s, and is still not quite commercially available. There are now theories about meminductors and memcapacitors, which would also be passive devices, but they don’t exist yet.

It Depends on What Your Definition of Active Is

Part of the problem is it seems people have varying definitions of active. Rather than debunk all the wrong ones and spread bad ideas, here’s what’s correct. A device is active if any of these conditions are met:

  • It is a source of power
  • It amplifies power
  • It acts as a switch

Applying this to the obviously active devices, like microcontrollers, it makes sense. It does all of those things on a GPIO pin. A transistor can amplify or act as a switch. A battery is a source of power.

A circuit remains passive until a single active component is added, so an RC or LC network is still passive. A piezo buzzer has an equivalent circuit of entirely passive elements, so it is also a passive device.

The equivalent circuit of a piezo buzzer is all passive elements.

As a side note, every circuit has at least one active device (a source of power). Also, an electromechanical device like a physical switch is considered passive.

The Diode

There is an exception with the diode. The vast majority of the time, it is a passive device, so it’s handy to just add it to the list of passive devices and mostly forget about it. It wouldn’t be interesting, though, unless we delve into what makes it sometimes active for that single, and rarely used exception, and to do that we have to get into quantum tunneling.

The tunnel diode is very fast (microwave frequencies), and is used in frequency converters and detectors, especially in space where its resistance to ionizing radiation, low voltage, high frequency, and longevity are desirable qualities. There is a specific condition of the tunnel diode in which it has negative resistance so that increasing voltage results in decreased current. Even the tunnel diode acts like a normal passive diode everywhere except this special region.

IV curve of a tunnel diode. The descending section is the area of negative resistance where increased voltage results in decreased current. By Mcguireatneuroticadotcom CC BY-SA 3.0

A charged particle moving across a barrier needs enough energy to get over the barrier or else it can’t cross. With a normal diode there is a PN junction that acts as the barrier. A power supply gives enough energy (called the forward voltage) for the electrons to get over that barrier, and the current flows through it. According to quantum mechanics, though, there is a non-zero probability that the electron will just jump to the other side of the barrier without going over it. This is quantum tunneling. In most diodes the barrier is high enough (controlled by the doping of the PN junction), that the tunneling is unlikely, so no current will flow until there is enough forward voltage to get the electrons over the barrier. In a tunnel diode, the PN junction has a lot more doping, increasing the likelihood of tunneling. These diodes work at much lower voltages than normal diodes because of the high doping.

At really low voltages, the electrons tunnel frequently and there is some current. As the voltage increases, tunneling increases to a peak and starts going down. It goes down because the electrons on one side of the barrier have more and more energy, but there are not the same holes on the other side of the barrier to accept them from tunneling. Once the forward voltage is high enough, the electrons have enough energy to get over the barrier without tunneling, and the tunnel diode acts like a normal diode again. This behavior allows the tunnel diode to act as an amplifier or as an oscillator, which puts it into the active category. We covered negative resistance in the tunnel diode a few months ago, and a post on diodes kicked off the active/passive debate in the comments.

Does it Matter?

Nah, not really. This is well into the realm of the esoteric, and has no practical use other than to annoy people at parties and probably below in the comments. Active and passive are generic terms for components and whether a particular component is classified as one or another doesn’t change how it is used. Quantum tunneling is neat, though, and the fact that we have harnessed it makes me wonder how close we are to warp speed and teleporters.

Filed under: Engineering, Hackaday Columns, parts

Deals of the Day (10-16-2017)

Liliputing - 18 hours 12 minก่อน

Today might seem like a strange day to be talking about deals on WiFi equipment. But once all your gadgets receive the latest security patches, it should be safe to connect to WiFi gear again… and when you do, you might be reminded that the WiFi router in your office has a hard time sending […]

Deals of the Day (10-16-2017) is a post from: Liliputing

AMD Ryzen chips for laptops coming soon, HP spills (some of) the beans

Liliputing - จันทร์, 10/16/2017 - 23:00

AMD has released a whole range of Ryzen chips for desktops this year. Based on the company’s new Zen architecture, the processors offer a big performance boost over previous-generation AMD chips, while also offering energy efficiency improvements. The chip maker is also expected to launch its first Ryzen chips for laptops by the end of […]

AMD Ryzen chips for laptops coming soon, HP spills (some of) the beans is a post from: Liliputing

The Fine Art of Heating And Cooling Your Beans

Hackaday - จันทร์, 10/16/2017 - 22:30

They say that if something is worth doing, it’s worth doing right. Those are good words to live by, but here at Hackaday we occasionally like to adhere to a slight variation of that saying: “If it’s worth doing, it’s worth overdoing”. So when we saw the incredible amount of work and careful research [Rob Linnaeus] was doing just to roast coffee beans, we knew he was onto something.

The heart of his coffee roaster is a vortex chamber with an opening on the side for a standard heat gun, and an aperture in the top where an eight cup flour sifter is to be placed. [Rob] modeled the chamber in Fusion 360 and verified its characteristics using RealFlow’s fluid simulation. He then created a negative of the chamber and printed it out on his Monoprice Maker Select 3D printer.

He filled the mold with a 1:1 mix of refractory cement and perlite, and used the back of a reciprocating saw to vibrate the mold as it set so any air bubbles would rise up to the surface. After curing for a day, [Rob] then removed the mold by heating it and peeling it away. Over the next several hours, the cast piece was fired in the oven at increasingly higher temperatures, from 200 degrees all the way up to 500. This part is critical, as trapped water could otherwise turn to steam and cause an explosion if the part was immediately subjected to high temperatures. If this sounds a lot like the process for making a small forge, that’s because it basically is.

With the physical aspect of this project largely complete, [Rob] next moved onto an experimentation phase so he could determine exactly how long the heat gun needed to be run. With a presentation that looks like it could be his thesis for the Juan Valdez Technical Institute, he was able to fine tune his process until he got his ideal roast time calculated down to the second.

Finally, because an elaborate way of roasting coffee beans needs an equally elaborate method of cooling them back down, [Rob] created a 3D printed adapter that could be bolted onto a 120mm fan. At first glance his cooler looks simple enough, but on closer inspection you can see a row of openings around the side which are there to help vent back pressure in the event that the amount of beans being cooled restricts the airflow. This prevents the fan from reaching a stall condition, which is a failure mode in axial compressors where the airflow can actually reverse.

[Rob] says he’s happy with the results of the experiments so far, and believes he can improve the finish quality of his cast by modifying his cement mixture. He’s also looking into replacing the 3D printed mold with a silicone one, which would be reusable and allow him to scale up production. As he hasn’t yet decided on if this is going to become a commercial product or not, [Rob] has decided to keep the STL files for his parts private for the time being, but the details he has shared so far should be enough to get you started if you want to try and duplicate his work.

This isn’t the first time someone’s used a heat gun to roast coffee beans, but it’s certainly one of the most polished attempts. We’d suggest he completes his collection with a 3D printed coffee grinder, but somebody’s already beaten him to the punch.

Filed under: 3d Printer hacks, cooking hacks

Huawei launches Mate 10, Mate 10 Pro phones with slim bezels, AI chips

Liliputing - จันทร์, 10/16/2017 - 21:57

Huawei’s latest flagship phones are here… and by here I mean Europe. THe Huawei  Mate 10 launches in Europe this month for €699, while the Mate 10 Pro is coming in November for €799. The company says US pricing and availability will be announced later. Both models feature slim bezels, but they have different display resolutions and […]

Huawei launches Mate 10, Mate 10 Pro phones with slim bezels, AI chips is a post from: Liliputing

PSOC – design and implementation of a 12 lead portable ECG

dangerous prototype - จันทร์, 10/16/2017 - 21:40

Alex Lao and his team at McMaster University have developed a compact, battery powered, 12-lead electro-cardiogram:

During the academic year of 2016-2017 at McMaster University, in conjunction with Dr. DeBruin, Christina Riczu, Thomas Phan and Emilie Corcoran, we developed a compact, battery powered, 12-lead electro-cardiogram. The project won 1st place in the biomedical category at the ECE Capstone Poster Day.

More details at Voltage Divide’s homepage.

Inside Two-Factor Authentication Apps

Hackaday - จันทร์, 10/16/2017 - 21:01

Passwords are in a pretty broken state of implementation for authentication. People pick horrible passwords and use the same password all over the place, firms fail to store them correctly and then their databases get leaked, and if anyone’s looking over your shoulder as you type it in (literally or metaphorically), you’re hosed. We’re told that two-factor authentication (2FA) is here to the rescue.

Well maybe. 2FA that actually implements a second factor is fantastic, but Google Authenticator, Facebook Code Generator, and any of the other app-based “second factors” are really just a second password. And worse, that second password cannot be stored hashed in the server’s database, which means that when the database is eventually compromised, your “second factor” blows away with the breeze.

Second factor apps can improve your overall security if you’re already following good password practices. We’ll demonstrate why and how below, but the punchline is that the most popular 2FA app implementations protect you against eavesdropping by creating a different, unpredictable, but verifiable, password every 30 seconds. This means that if someone overhears your login right now, they wouldn’t be able to use the same login info later on. What 2FA apps don’t protect you against, however, are database leaks.

And you should absolutely be concerned about database leaks. Did you have a Yahoo account in 2013? Well, they got hacked. In late 2016 they revealed (three years later!) that a password database with a jaw-dropping 500 million passwords was breached. In December 2016, they upped that figure to a mind-blowing 1 billion. Well, it was actually 3 billion. That’s every password they had, at Yahoo! and all of their subsidiary services.

But Yahoo! is not alone, even if the scale makes it unique. Name a large company, and they’ve probably been hit. It’s to the point that responsible services protect their passwords in ways that are designed assuming the database is eventually compromised. Assuming that all databases will eventually be compromised is equivalent to assuming that 2FA as it’s implemented at Google, Facebook, Dropbox, Microsoft, Twitter, Amazon Web Services, and almost all the rest, will eventually be broken.

But this is Hackaday, and we understand things best by taking them apart. So I’m going to step quickly through how 2FA apps work, and then show you how you can implement it yourself if you want in a few lines of Python. Along the way, you’ll see for yourself why 2FA app secrets can’t be stored as securely as passwords can, and why a good strong password is still important. None of this is news, and this is not a hack, but taking a look inside the black box helps you assess security claims for yourself.

2FA and TOTP

Two-factor is great in theory. Instead of just relying on a password, “something you know” in the jargon, you combine another factor for authentication: “something you have” or “something you are”. Ideally, this means requiring possession of a cellphone or security token, or presenting your fingerprint to be scanned. In theory, there’s no difference between theory and practice.

In practice, because of cost and convenience, most 2FA implementations use an app that authenticates using the time-based one-time password (TOTP) algorithm. That is, it’s just another password. In particular, Google’s Authenticator app and the WordPress interface which I’m currently using implement “something I have” by storing this one-time password on my cellphone.

Remember that QR code on the screen when you enrolled your phone? That was the password. You could tell me this secret password, and then I’d know your account token too. With access to this initial password and a little code, I can log in without having a cell phone at all, much less yours. This is “something you know” rather than “something you have”. If you think this is semantics, let’s compare the security properties of SMS-based 2FA (which is 2FA) and app-based “2FA” which isn’t.

To fake an SMS-based 2FA query, someone has to have access to your phone number and receive a six-digit code, or at least overhear it along the way. Unless you’re being targeted by hackers with very significant resources, they’re not going to redirect phone traffic to hack you. And in the event that the SMS-number database gets compromised, the worst that happens is that the hackers can call you up. (At least in theory. In practice, the few SMS systems I’ve tested simply contain the current value of my TOTP password, which means that it’s just as vulnerable as the application. They could do much better: by sending a random number, for instance.)

To fake an app-based 2FA query, someone has to know your TOTP password. That’s all, and that’s relatively easy. And in the event that the TOTP-key database gets compromised, the bad hackers will know everyone’s TOTP keys.

How did this come to pass? In the old days, there was a physical dongle made by RSA that generated pseudorandom numbers in hardware. The secret key was stored in the dongle’s flash memory, and the device was shipped with it installed. This was pretty plausibly “something you had” even though it was based on a secret number embedded in silicon. (More like “something you don’t know?”) The app authenticators are doing something very similar, even though it’s all on your computer and the secret is stored somewhere on your hard drive or in your cell phone. The ease of finding this secret pushes it across the plausibility border into “something I know”, at least for me.

TOTP algorithms are far from worthless, however. The beauty of these algorithms is that the one-time secret password is hashed with some other number that’s common knowledge to me and the server — sometimes it’s a simple counter. This generates a different “password” for every value of the counter. Because the hash function is one-way, you can’t figure out what my secret was even if you intercept the hashed value and know the counter. Contrast this with a regular password; if it’s overheard in transmission, the attacker knows it forever.

In most TOTP implementations, the counter is the number of 30 second intervals that have elapsed since Jan 1, 1970 — the Unix epoch. This gives you a different, strong, password every 30 seconds. Practically, servers will accept either the previous, current, or next values to allow for clocks to go a little out of sync, but after a minute or so, that old hashed value is useless to an attacker. That’s pretty cool.

But it’s not “something you have” or “something you are” and it’s not safe against database compromises. Want proof? Let’s make our own.


To make your own Authenticator, all you need is the password. Usually this is conveyed to your cell phone in the form of a QR code. You download their app, point your phone at the screen, and it converts the QR code into the 80-bit password. But you don’t want the QR code, so refuse it. Click “can’t use the QR code” or “manual entry” or whatever until you get to a code that you could write down. Some sites give you hexadecimal, others give you base-32, but you’ll soon be looking at 16-20 letters and numbers. That is the TOTP key that’s going to be hashed with the time counter to generate the session passwords.

As for the secret one-time password itself, the standard that almost all websites adhere to is pretty good at 80 bits — presumably of full entropy. If you’re using a good human-chosen password right now, you’re probably around 30 bits. “Correct horse battery staple” only gets you 44 bits. So 80 bits is looking pretty good, and you won’t be re-using the same secret across different web domains either.

The basic idea of TOTP works under the hood are actually pretty straightforward.  It’s a hash-based message authentication code (HMAC) with the time-dependent counter as the message. A HMAC essentially appends a message to your secret key and hashes them together, the idea being that anyone with the password can verify the integrity of the message, and verifying the HMAC signature confirms that the other person has the same secret key.

The details to both HMAC and TOTP are the killer.  HMAC actually hashes the secret and message twice, with different padded versions of the secret. This prevents length-extension attacks by using different keys on the first and second hashing rounds. The final value that comes out of a TOTP routine is the value of four bytes, the location of which depends on the value of the nineteenth byte. This is called dynamic truncation, and implementing this correctly in Python cost me some gray hairs.

Anyway, there are TOTP libraries out there, and for production work you should probably use them. The Linux program oathtool can implement a TOTP nearly every way possible, and was an invaluable benchmark during development. (Call it with the -v flag for verbose debugging output.) But if you want to see how TOTP works, here’s some code:

import time, hmac, base64, hashlib, struct def dynamic_truncate(raw_bytes, length): """Per https://tools.ietf.org/html/rfc4226#section-5.3""" offset = ord(raw_bytes[19]) & 0x0f decimal_value = ( ord(raw_bytes[offset]) & 0x7f) << 24 | ord(raw_bytes[offset+1]) << 16 | ord(raw_bytes[offset+2]) << 8 | ord(raw_bytes[offset+3]) return str(decimal_value)[-length:] def pack_time(counter): """Converts integer time into bytes""" return struct.pack(">Q", counter) secret32='abcdefghijklmnop' secret_bytes = base64.b32decode(secret32.upper()) counter = int(time.time())/30 counter = pack_time(counter) raw_hmac = hmac.new(secret_bytes, counter, hashlib.sha1).digest() print dynamic_truncate(raw_hmac, 6) ## Verify, if you have oathtool installed import os os.system("oathtool --totp -b '%s'" % secret32) Implications

We can generate the TOTP password with just the time and the secret key. So how does the server authenticate us? By following the exact same procedure. And this means that the server must have access to the secret key as well, which means that it can’t be stored hashed because hashes are one-way. Think about that: the server knows your secret.

This is not the case for a regular password, which should never be known by the server at all! Once you’ve entered your password for the first time, the server hashes your password and stores that hash, forgetting the original password forevermore. When you enter a password the next time, it hashes what you’ve typed and checks to see if it matches the stored hash. Because the server only keeps a hashed version of your password, because it’s a good one-way hash with a salt, and because you chose a strong password, it’s virtually impossible to get your password back out of the database even when it’s publicly available.

The practical upshot of all of this is that, although some websites still don’t, all should be able to store normal passwords hashed, and will thus be relatively safe even if their password database gets hacked. If you’ve used a good password, that’ll buy you some time, even if the breach is discovered a while after the fact. On the other hand, if your password gets snooped in transit, you’re done for.

TOTP keys simply can’t be stored hashed, because the authentication algorithm requires them in raw form. When the TOTP key database gets compromised, all of the TOTP / 2FA protection becomes worthless and you’re relying on the strength of your password to save you. Until the database gets breached, however, the ever-changing TOTP password is a great protection against eavesdroppers.

Getting the best of both worlds is easy enough: use TOTP / 2FA when it’s available, but make sure that your passwords are unique across websites and that each one is long and strong. But don’t fool yourself into thinking that 2FA is a substitute for good password practices — you’ll be living just one database breach away from the edge.

Filed under: Featured, Interest, Original Art, security hacks

Break out the Ethernet cables, because WiFi is insecure (for now)

Liliputing - จันทร์, 10/16/2017 - 20:22

Most modern devices that use WiFi make use of a security protocol called WPA2. Basically you enter a password and you can connect to the network. But what you don’t see is how that password is just the first step in securing your connection. Once it’s entered, your phone, tablet, laptop, or other device negotiates […]

Break out the Ethernet cables, because WiFi is insecure (for now) is a post from: Liliputing

Oh Great, WPA2 Is Broken

Hackaday - จันทร์, 10/16/2017 - 18:00

WPA2, the standard security for Wi-Fi networks these days, has been cracked due to a flaw in the protocol. Implications stemming from this crack range from decrypting Wi-Fi, hijacking connections, and injecting content. It’s fair to say, WPA2 is now Considered Harmful. The paper is available here (PDF).

This is a proof-of-concept exploit, and like all headline-making network security stories, it has a name. It’s called KRACK, for Key Reinstallation Attack. The key insight to this exploit is a vulnerability in the handshaking between routers and devices to establish a secure connection.

This is not the first time the researchers behind this exploit have found holes in WPA2. In a paper published by the KRACK researchers at the USENIX Symposium last August (PDF), they showed that the Random Number Generator used in 802.11 is flawed, ill-defined, and insecure. The researchers have also spoken at 33c3 on predicting WPA2 Group Keys.

The practical consequences of a poor definition and implementation of an RNG can be found in consumer hardware. The researchers found that in MediaTek-based routers, the only source of randomness is the current time. Meanwhile Broadcom-based routers do not use the RNG proposed by the 802.11 spec, but instead take the MD5 of the current time in microseconds. The researchers do not mention if the current time is a secret.

So what do we do now?

This has happened before. In 2001, WEP, the Wi-Fi security protocol many security-ignorant people are still running, was cracked in much the same was as KRACK. This quickly led to the development of Aircrack, and in 2003, the Wi-Fi Alliance rolled out WPA and WPA2. Sure, you can still select a deprecated security protocol for your router, but the problem of WEP hacking is as solved as it’s ever going to be.

The early 2000s were a different time when it came to wireless networks, though here in 2017 Wi-Fi permeates every cubic inch of our lives. Everything and everyone has Wi-Fi now. This is going to be a bit bigger than cracking WEP, but it remains possible to patch devices to ensure that this exploit is rendered useless. Install those security updates, people! Of course there will still be millions of unpatched devices in a year’s time, and for those routers, IoT baubles, and other wireless devices, turning on WPA2 will be akin to having no security at all.

That said, this isn’t a world-ending Armageddon in the way the botnet of webcams was. You will only be vulnerable if an attacker is within range of your router, and you will still be secure if you’re accessing secure websites. However, turning off Wi-Fi on your phone, relying on mobile data, not ignoring HTTPS cert warnings, and plugging into an Ethernet port might not be a bad idea.

Filed under: security hacks, slider

Why Not Expose Your PCBs Through An LCD?

Hackaday - จันทร์, 10/16/2017 - 15:01

Most people who have dabbled in the world of electronic construction will be familiar in some form with the process of producing a printed circuit board by exposing a UV sensitive coating through a transparent mask, before moving on to etching. Older readers will have created their masks by hand with crêpe paper tape on acetate, while perhaps younger ones started by laser-printing from their CAD package.

How about a refinement of the process, one which does away with the acetate mask entirely? [Ionel Ciobanuc] may have the answer, in the form of an exposure through an LCD screen. The video below the break shows how it’s done, starting with a (probably a bit too lengthy) sequence on applying the photo-resist coating to the board, and then sitting LCD on top of UV lamp with the board positioned at the top of the pile.

It’s an interesting demonstration, and one that certainly removes a step in the process of PCB creation as it brings the pattern direct from computer to board without an intermediate. Whether or not it’s worth the expenditure on an LCD is up to you, after all a sheet of acetate is pretty cheap and if you already have a laser printer you’re good to go. We’re curious to know whether or not any plastic components in the LCD itself might be damaged by long-term exposure to intense UV light.

If you haven’t yet made a PCB using toner transfer, take a look at our handy guide.

Thanks [Setvir] for the tip.

Filed under: hardware

LEGO Row Boat Is The Poolside Companion You Didn’t Know You Needed

Hackaday - จันทร์, 10/16/2017 - 12:01

Maybe it’s the upbeat music, or the views of a placid lake at sunset, or perhaps it’s just seeing those little plastic rods pumping away with all their might. Whatever the reason may be, the video [Vimal Patel] posted of his little remote controlled LEGO row boat cruising around on the open water is sure to put a smile on the face of even the most jaded hacker.

[Vimal] tells us that his creation is made up of over 140 unmodified LEGO parts, and is controlled over Bluetooth which connects to an app on his phone. While we would like to see some more detail on the reciprocating module he came up with to drive the boat’s paddles, we have to admit that the images he provided in his flickr album for the project are impeccable overall. If the toy boat game doesn’t work out for [Vimal], we think he definitely has what it takes to get into the advertising department for a car manufacturer.

[Vimal] was even kind enough to provide a LEGO Digital Designer file for the project, which in the world of little rainbow colored blocks is akin to releasing the source code, so you can build up your own fleet before next summer.

It’s worth noting that [Vimal] is something of a virtuoso in the world of modular building blocks, and no stranger here at Hackaday. His self lacing shoe impressed earlier this year, and this isn’t even his first LEGO watercraft.

All he has to do now to reach the true pinnacle of LEGO construction is to start building with giant versions of everyone’s favorite block.

Filed under: robots hacks, toy hacks
Syndicate content