The Hardware

The TP-Link WR703N is a quite amazing and affordable piece of hardware and has received a lot of love from the hacking community. Once you take a look at the price tag and feature set you quickly notice why it’s so well received: it crosses the counter for just 25 EUR on Amazon or as low as 16 EUR if you look abroad! It’s been used as a pentesting aid, made even more hacker friendly, got turned into a webradio player, and made more awesome by adding a display.

So you think all that can be done has already been done. But no: shackspace hackers makefu and exco came up with another idea. And that idea was followed by another, and another, and they simply kept going. The project is called minikrebs and is part of the bigger experimental coding platform krebscode.

Here’s what they came up with so far.

NFC / RFID Login Terminal

The NFC-Gate is part of the User Suppository (sic) infrastructure. It polls the attached NFC-connector for new cards and uses the UID of the card for trying to either log in or log out the user at the shack-infrastructure.

The NFC-gate is a build for the MR3020, not the WR703 as it uses all the available LEDs to display the status of the login. The NFC-Reader used is the SCM SCL3711 as it is supported pretty well by libnfc and is quite small.

For more information check out the Github repository and the source code of this profile.

Instacam: Automatic Webcam Streaming

The aim of this little project is to reliably push a video stream directly out to the internets for everyone to see at a very low price.
It combines a webcam (could be a cheap China model or one of Logitech’s HD cams, as long as its supported by uvc or Gspca) with a TP-Link 703N. It automatically boots up and starts streaming. Use a battery pack and USB 3G stick for field connectivity. Drop to deploy!

This project is already in use in two places at shackspace. One is built into our lasercutter to allow safe monitoring and recordings of the cutting process. The AP can manage multiple clients at the same time and even stream HD video at acceptable frame rates.

Automatic Rick-Rolling

The purpose of the profile is to create an access point where every connection is rewritten to instead deliver a rick-roll. If you carry it with you when riding the train (remembert to get a battery pack!) you will have great fun giggling each time the LED blinks indicating another victim was served a piece of the 80’s.

Having videos autostart on a victim’s mobile brower is quite difficult and unreliable, so instead of an actual video, a short animated GIF with Rick dancing plus the first minute of its famous song will be served by the httpd.
Laptops and other clients with phat-browsers will probably honor both autostart loop tags in the new HTML5 standard.

Forwarding USB Interfaces over WiFi using USB/IP

In this configuration minikrebs will start up as USB-bridge with the USB/IP-stack. It will run usbipd and grab an IP-address via DHCP from the LAN interface.

Krebs Integration and Heckenkrebs

Of course minikrebs integrates seamlessly into the pile of code called krebscode/painload.

The krebs base profile for krebs nodes includes all the core feature to automatically connect to the retiolum darknet.

Adding Heckenkrebs functionality will give you an automatic internet-establish and gateway provider for the retiolum darknet (or any darknet that you want to set up). The Heckenkrebs will use a patched aap tool to connect randomly to wireless networks which are “unprotected in some ways”, meaning that it can also do slightly more advanced stuff like calculating default keys for EasyBox home-routers which are quite common in Germany (in case you forgot your default key that is). It also provides a blacklist feature and access-point password list for known networks.

Meta:

• makefu on twitter
• exco on twitter
• krebscode/painload on GitHub
• Project minikrebs documentation on the shackspace wiki

Am Samstag den 19.01.2013 um 18 Uhr lädt shackspace zu einem Vortrag / Workshop der etwas anderen Art.

shackspace Hacker reloc gibt eine Einführung / Crash-Kurs in Biologie bzw Biochemie von Lebewesen - genauer gesagt “Zellbiologie und Biochemische Vorgänge in Zellen“.

Es werden im Groben folgende Punkte behandelt:

1. Was ist eine Zelle
2. Woraus besteht sie
3. Was läuft da drin ab
   Der Schwerpunkt wird auf Punkt 3 liegen in dem näher auf die biochemischen Prozesse im Zellinneren eingengangen wird.
   Selbstverständlich ist auch ein Mikroskop vorhanden über welches sich die Teilnehmer direkt am Anschauungsobjekt echte Zellen in freier Wildbahn ansehen können.

_Zum Event:
_Teilnahmegebühr: 5 EUR (3 EUR für Mitglieder des shack e.V.)
Anmeldung: Doodle (bitte anmelden)
Datum: Samstag, 12. Januar 2013, 18:00 bis 22:00 **Uhr
**Anfahrt: U4/U9 Haltestelle “Im Degen”, Ulmer Straße 255, Stuttgart Wangen (gegenüber Kulturhaus Arena)

Bild: [NEUROtiker, public domain](http://de.wikipedia.org/w/index.php?title=Datei:L-Arginin-L-Arginine.svg&filetimestamp=20070629144449 “Datei:L-Arginin-L-Arginine.svg&filetimestamp=20070629144449”)

shackspace hacker samuirai is always on the prowl for something to break^W fix.

The latest thing he fixed is the minteye CAPTCHA system. The CAPTCHA works by having the user move a slider left and right which directy affects a distorted image. There’s one setting of the slider where the image is no longer distorted which is the correct solution to the CAPTCHA.

This works quite well if you can see but not if you’re blind. To ensure accessibility there’s also a voice output feature which comes with three handy messages allowing you to solve the test and identify yourself as a human: 1) move slider to the left, 2) move slider to the right, 3) slider is in correct position.

The thing that was missing (and is now fixed) was an easy way to do this annoying task automatically so your friendly computer can login in your stead ;)

To solve this samuirai didn’t actually attack the system via the images it displays but instead used Google’s speech2text API to have the messages for blind users translated into text which can then easily be evaluated automatically by a script that tries to find the right position for the slider iteratively.

He’s got a write-up of his hack available online on Github and there’s also a short YouTube video showing the automatic CAPTCHA solver script doing its magic.

 

2012 is over and 2012 had been a blast. We’d like to wish all you hackers out there a Happy New Year and plenty of awesome hacks.

New Year’s Eve at shackspace was celebrated with a Raclette-session bordering on gluttony as you can see in the photo below.

Hackerspace Global Grid (HGG) is a community driven project aiming to build a distributed measurement platform with space applications. Would there be a better place than space unconferences to present it? We, the team behind HGG who are mostly shackspace members, thought “nay!” and presented our distributed ground station network project for tracking satellites on even two of those SpaceUps in a row.

SpaceUp is a barcamp kind of gathering where virtually everyone with enthusiasm for space can attend, present and discuss space topics. And the best thing about those unconferences is that the time schedule is formed directly during the event itself by the participants themselves. So when you’re quick you can just block a slot and have your space related talk. It’s an unconventional conference, thus unconference.

SpaceUp Stuttgart

The first one had been in our hometown at SpaceUp Stuttgart in the Space Center Baden-Württemberg of the Institute of Space Systems at the University of Stuttgart on 27th October 2012. Germany’s first space unconference used this exquisite location to bring together experts from the European Space Agency (ESA), German Aerospace Center (DLR) and further faculties and ordinary people just like us. As stated being part of the comic relief part of the event we shared our enthusiasm for space science. And it turned out very well and we received some great feedback and also inspired the audience that a community based space project can have it’s place between advanced mammothian space projects.

SpaceUp Bangalore

After the Stuttgart event we had been contacted and kindly asked by the organizers of India’s first SpaceUp if we would like to send a video “Message from abroad” and we gratefully replied “yea” and rushed in a video for their unconference in 1st December. India’s efforts in furthering space technology is increasing for the last several years and there are a lot of universities involved in nano and small satellite projects. The SpaceUp India organizers wanted us as an additional point of view for them that you can start small and still achieve goals. And open-source and especially open-data and education approaches are important objectives for India’s space missions. So we share similar attitudes. Unluckily we couldn’t attend ourselves and so had to send in a pre-recorded video for failsafe reasons (Internet connections tend to hate live conferences, you know!) but we received flattering reactions to our video and the organizers told us the audience liked it.

So we say a big THANK YOU to both SpaceUp Stuttgart and SpaceUp Bangalore. It had been a pleasure being part of it and we’re eagerly looking forward for the next iterations. We also kindly invite you to follow our HGG efforts on twitter, our mailinglist or at hgg.aero and help our grassroots space program to achieve its goals.

You can buy bath melts with a significant price-tag attached at your local or online cosmetics and beauty shop but you can just as easily make your own with a few simple ingredients available at a far more reasonable price. They also make very nice presents so if you’re still looking for something to give for the holidays, stop looking right now.

A week ago shackspace member Bine gave a bath melts workshop at shackspace and it left us with a very nice smelling space and lots of presents to give away. Here’s the recipe if you want to make your own.

Ingredients

• 60g Cocoa butter
  get this from an online shop or last minute at your local pharmacy at a slightly higher price.
• 50g Sodium hydrogen carbonate
  also known as baking soda and sold as Kaiser Natron in German supermarkets.
• 40g Citric acid (powder)
  the cheapest source for this is the big packs you get in the cleaning supply section of the supermarket where it’s sold as a descaling agent (Entkalker), make sure to only buy 100% citric acid. There’s also 5 gram packages in the baking supply isle but those are much more expensive than the cleaning supplies ;)
• 100g Powdered milk
  most commonly found in the baby food section of your supermarket.

• 2-4 tablespoons of olive oil
  To customize the bath melts you can add a lot of stuff, here’s some ideas

• Essential oils
  Vanilla, Orange, Cherry, Apple, Cinnamon, … or baking extracts

• Food coloring
  Make sure it’s not water-based or see the tip below on how to make suitable colors using easter egg dye
• Dried flowers Rose blossoms? In my bath melts? More likely than you think.
• Glitter
  Because everything is more awesome with glitter (except for that horrible vampire thing)
  To mold the melts into shape use silicone ice cube trays or other silicone molds. There’s a wide array of patters to choose from.

Making the bath melts

1. Carefully dissolve cocoa butter in a water bath
   Note: cocoa butter begins to melt at 30C, do not overheat the butter.
2. Mix up powdered milk, olive oil, baking soda and citric acid
3. If you want to add food coloring, now’s the time
4. Add the molten cocoa butter and mix well
5. If you like you can add essentials oils. Use between 15 to 50 drops.
6. If you want to decorate your melts, add glitter or dried flowers to the ice cube tray now
7. Use a teaspoon to press the mixture into the ice cube tray or silicone molds
8. Let the tray rest in your freezer for half an hour so the melts can harden
   Carefully remove the finished melts from the ice cube tray. This is easier if you’re using silicone trays.

Pack everything up and store in a dry place.
Use three to four melts for a single bath.

Tips

You can make your own (relatively) water free food coloring using easter egg dye (they either come pulverized or as small pellets).
Simply add a tiny amount of water to help dissolve the powder. Once its dissolved use olive oil to thin the color before adding it to your mix.

Also pay close attention during making and later storing of the bath melts to ensure that everything is kept dry and no water is introduced since otherwise your bath melts will begin fizzing and bubbling away prematurely ;)

How does it work?

The cocoa butter begins to dissolve at around 30C and is a common ingredient in a wide array of cosmetics and food products. It’s commonly used as a skin care product to aid dry and chapped skin. Together with the olive oil and milk powder it’ll leave a smooth oily film on your skin when dissolved in water.

The baking soda and citric acid when introduced to water will start to fizz and bubble resulting in a fresh bubbly feeling on your skin and soften the water. Do not use too much citric acid since it might irritate your skin.

Here at shackspace we’ve had a Brother Innovis 90e embroidery machine for a while now. We’ve decided to go for this model because the colleagues of Mannheim’s hackerspace RaumZeitLabor are using the same and had a great experience with theirs.

For 29C3 the folks behind hgg decided they wanted their logo embroidered onto the collar of black business shirts.
However, we only have a medium size frame to hold fabric to be embroidered. This frame is too big to properly hold and support something as small as a shirt collar.
Of course there’s also very small frames made just for this but they come at a price: you cannot place your motive close to the edge of the collar because the edge has to be clamped into the frame.

So shackspace member ttb developed a technique explained in minute detail in the shackspace Wiki that enables us to embroider a shirt collar right to the edge using a medium size frame. He’s fixing the collar inside the frame to a piece of support fabric using a special water soluble glue. The glue will wash out easily and can be obtained from your local sewing supply store.

Here’s a video (German) where ttb is demonstrating the technique:

hgg und Constellation waren bereits im Mai zu Gast bei der Vortragsreihe des CCC Stuttgart. Jetzt gibt es auch die Videoaufzeichnung des Vortrags.
Vorgestellt wurde das geplante verteilte Bodenstationsnetz zum Tracken und zur Kommunikation mit Satelliten von hgg und das verteilte Rechensystem von Constellation.
Mit dabei waren @andreashornig, @rel0c8 und @hdznrrd.

Und jetzt eine kleine runde Boulevard bitte. Thomas und @hdznrrd waren für shackspace beim Kellerkanal und erzählten Dinge über Hacker, Sicherheit im Netz und den shackspace.

At shackspace we’re employing several labeling systems to identify ownership and/or access policies. One system we’ve rolled out not too long ago and that’s been working very well so far is a five-stage access policy marker with color-coded stickers.

Each sticker comes with a short explanation of the policy, a unique color scheme, and enough space to write your name.

Red: Owner Only

Gear labeled with this sticker is only to be used by the owner. We mostly use this for a few expensive and member-owned machines as well as private project storage boxes.

Red/Yellow: Instructed

You can use items labeled so once the owner showed you how to properly use them. This is used on items that are not really cheap but generally useful to your fellow hackers (e.g. the big drill press and the stereo microscope).

Yellow: Documented

This is Red/Yellow’s smaller sibling. It’s enough to actually read the documentation before starting to hack away at it.

Green: Public

This is something everyone can use without explicitly asking. As always the general rule “you break it, you buy it” applies.

White/Green: Give Away

Yes, there are a few items at the space that somehow ended up here and are free for the taking ;)