Getting a Shell on any Android Device

If you’re an Evil Customs Agent or other nefarious Three Letter Agency Person, you’re probably very interesting in getting data off people’s phones. Even if the screen is locked, there’s a way around this problem: just use the Android Debug Bridge (ADB), a handy way to get a shell on any Android device with just a USB cable. The ADB can be turned off, though, so what is the Stasi to do if they can’t access your phone over ADB? [Michael Ossmann] and [Kyle Osborn] have the answer that involves a little-known property of USB devices.

USB mini and micro plugs have five pins – power, ground, D+, D-, and an oft-overlooked ID pin. With a particular resistance between this ID pin and ground, the USB multiplexor inside your phone can allow anyone with the proper hardware to access the state of the charger, get an audio signal, mess around with the MP3s on your device, or even get a shell. To test their theory, [Michael] and [Kyle] rigged up a simple USB plug to UART adapter (seen above) that included a specific value of resistor to enable a shell on their test phone. Amazingly, it worked and the thought of having a secure phone was never had again.

The guys went farther with some proprietary Samsung hardware that could, if they had the service manual, unlock any samsung phone made in the last 15 years. They’re working on building a device that will automagically get a shell on any phone and have built some rather interesting hardware. If you’re interested in helping them out with their project, they have a project site up with all the information to get up to speed on this very ingenious hack.

read the rest of article...

Project Lucidity Wants YOU!

Do you lucid dream? Do you want to? [Dinesh Seemakurty] has just started something called Project Lucidity, which is the first(?) open source, developer friendly, fully featured, lucid dreaming sleep mask. And he’s looking for hackers to help! We’ve covered lots of projects on lucid dreaming before, like making your own homemade lucid dreaming goggles, or modifying a commercial EEG headset for lucid dreaming. We also can’t forget the LucidScribe project either, the one that seeks to communicate from within dream state!

Anyway, what’s different about Project Lucidity? Well, first of all, it’s open source. Second of all, it’s based on an ATMEGA328P, meaning it’s fully compatible with the Arduino IDE. It looks like a great start, and [Dinesh] is planning on taking everything open source very soon — but before then he wants you to try it out!
If this sounds like a project you want to get behind and help develop, check out his site and sign up. Or ask away in the comments section!

read the rest of article...

Elinchrom EL-Skyport Triggered by Arduino

[Toby] has an Elinchrom EL-Skyport, which is a wireless flash trigger. He decided to see if he could trigger it using an Arduino, and came up with a nice proof of concept. This little device was not meant to be user serviceable, as can be seen in what [Toby] uncovered while taking it apart. But once he had it disassembled, he cataloged everything inside, and then he awesomely went to the trouble of drawing up a schematic. With that knowledge, he began reverse engineering the SPI protocol used, which almost deserves an article by itself.

It was a long road to get there, but in the end [Toby] built a prototype Arduino shield that houses an nRF24L01+ module. These are very cheap to pick up on eBay. He gives us the details on hooking up the module, though he had to go through extra hoops since he was using the Arduino Leonardo. Still, once you’re up and running, you can make use of one of the existing libraries specifically for this module.

read the rest of article...