Home Energy Monitoring – Part 1: Babby’s first PCB

I’m a bit of a data nerd and have been gathering metrics from my local machines for sometime now. The ability to see trends is really powerful when diagnosing problems and tuning performance.

I’m using the TIG stack – Telegraf (data collection), InfluxDB (time series database), and Grafana (visuals and alerting).

Grafana dashboard – file server

I wanted to utilize these same tools for monitoring energy usage in my house. I set out a goal to be able to see energy usage in near real time, per circuit, using mostly free software and hardware.

I ran across an excellent post on boredman’s blog that describes the hardware side of a system that very closely matches my goal. I immediately went out and acquired the pieces to play with this for myself. It wasn’t long before I had something working on my bench.

Current transformer and AC-AC voltage inputs into Arduino Due

With a working proof of concept it was time to think about next steps. For me this was form factor, scaling. The Arduino Due supports 12 analog inputs. One will be consumed for Voltage measurements using an AC-AC transformer and the others will be for current measurements from current transformers on each circuit in my house. I have 22 circuits in my electrical panel — I will need two Arduinos or find better way to add analog inputs.

Input board 1.0

Fritzing is software for creating PCBs for newbies. Perfect. I was able to cobble together a board with CT (current transformer) and voltage inputs to a pin header thinking I could run a ribbon cable from the input board to Arduino. It wasn’t too hard to get going in Fritzing but I found it difficult to get something that looked nice and wasn’t even sure it would work. This board only has a burden resistor for each CT input.

Read more about CT burden resistors and home energy monitoring at the excellent Open Energy Monitor project
https://learn.openenergymonitor.org/

Fritzing – Input board 1.0

I was worried that I would be getting a lot of interference since I’m dealing with AC signals and overall felt I could do better. I iterated, this time using Eagle PCB design software. I extended to scope to capture the remaining components for each input and make it be able to plug directly into an Arduino Due.

There simple wasn’t enough room on the Arduino for 11 x 3.5mm TRS (audio jacks) inputs so I had to design the board with some margins to accommodate the inputs.

Version 1.1 was born

I followed this tutorial on Sparkfun for Eagle basics. You start by building your schematic in Eagle. You can pull in libraries of parts from places like Sparkfun which is really convenient. You then connect parts together using nets. Nets are like a virtual wire. Any wire/pin/whatever on Net1 will be connected.

After you’ve connected all your parts to nets, you then can switch to the PCB view. The PCB view will be a mess of parts all over but the important thing is that you can see how they’re connected by a yellow line. This is the virtual wire of the net. Organize your parts and click that ratnest button often. Don’t get too attached to one layout. I wish I had spent more time on one part of the board before moving on to duplicate my layout to the rest (ended up going back and changing all the things multiple times).

Here’s the most important thing I’ve learned when building boards: Take advantage of your copper layers!

I’m sure this is obvious to anyone but a newbie, but each layer of a PCB contains a copper plane. Most simple boards are dual layer, that means you have two planes of copper to work with. You will almost always need to connect many components to ground and power. Use one layer as a ground plane and another as power. Now components that need a ground or power connection get it almost for free, no need to route long traces!

In Eagle you choose the layer you want to work on and draw a polygon then click the ratnest button to connect components to that layer of copper. Note that for top layer components to connect to the bottom copper layer, you will need to use a via.

I submitted the board to OSH Park for fabrication and ordered all the parts off mouser. Excited to test out the board. Next post I will talk about how assembling the board using SMD components go (I have three boards on the way, bound to screw up :)). Fingers crossed.

January Meeting Recap

TENS Demo

To start us off, Vlad brought a special guest to do a demo for us.

Dr. Charles S. Tritt, Ph.D, from MSOE, did a presentation on Human-Human Interface, using a TENS (Transcutaneous electrical nerve stimulation) unit and simulation electrodes.  Taken from his document:

This device mimics a relatively common approach to controlling powered prosthetic limbs. Electromyogram signals are picked up from the surface of the skin, amplified, digitized, processed and used to effect the desired control. In this case, the control is via nerve stimulation using a TENS unit.

The ZIP file containing his handout from the meeting (which has the parts list), MSOE lab handouts, and Matlab and Arduino code, can be found here

The total cost of the build is $98

We have some media of the device being used.  More will be posted as it is processed.  If you have media, videos, or pictures, that’d you’d like to share, please let me know.

Bubbles controlling Belouve (do note that they are husband and wife)

Bubbles controlling Vlad

Vlad controlling Bubbles

Cyphercon

Korgo and Belouve presented on the upcoming Cyphercon.  DC414 can still get in, though it seems most of DC414 are already attending or volunteering.  If you still want to get in, contact Korgo or Belouve.

There will be a booth/space for DC414 and Milwaukee Hackers (basically anyone I recognize as a Milwaukee area hacker) at the Friday part of the convention.  We’ll keep it a corporate no-fly zone.

We got a peek at one of the electronic badges for Cyphercon.

Puzzle Lock

Belouve brought a puzzle lock that he received from India.  It is claimed to be from the era of Shivaji Maharaj, who reigned from 1674 to 1680.  I’m investigating this claim to its age further.  Regardless, it’s a cool lock.

I have no video or images for my lock (yet), but I plan to make a video in English of its function and any more details I can find out.  However, I found a video of a similar lock here

Arduino Windows Attack Tool

A few meetings back I demoed my Arduino Windows attack tool. The Arduino and shield emulate a keyboard when plugged into a PC. Once triggered it opens the DOS edit program, writes some vbscript to a file called go.vbs, then runs it using wscript. The script downloads a payload from a web server. In the case of the demo it was a reverse shell that connects back to a nc listener from msf. I got the idea from the Social-Engineering Toolkit Teensy USB HID Attack but I dont have/want a teensy so I looked and looked for an Arduino version but all I could find was a USB keyboard lib, so my value add was porting it to the Arduino.

Here is the USB lib I used.

Here is the schematic for the shield: *I added a button on pin 12

Here is the code for the Arduino:

And there you have it, my Arduino Windows attack tool. Its a little messy and hacked together, but it works. Enjoy 🙂

Many thanx to SilkyPantsDan, Rancid Bacon, and Practical Arduino

3D Printer Fund

There has been a lot of buzz about 3D printers over the last year.  Prices are coming down and resolution has been increasing.  Klaiviel, our resident lockpicking guru, is attempting to start a business around it.  We feel that DC414 as a whole needs their hands on this technology.  We’re starting a 3D printer fund starting now.

There are many options to go with but we want to get the ball rolling while research is happening in parallel.  Price range we’re looking at is between $500 and $1,000 for quality printers.

This won’t happen without help from people like you.   Once purchases / assembled / hacked, our goal is to make the printer accept jobs from online. We’d queue up jobs and have a webcam feed to view progress when printing remotely.   Notifications would be sent out to the author upon start, completion, and possibly other metrics we can get out of the printer.

  • Donate $25+ gets you free stickers
  • Donate $50+ gets you a free shirt
  • Donate $100+ gets you free prints for 6 months
  • Donate $150+ gets you free prints and priority for 6 months

Any size donation gets you on the thank you list.

As of now we have $233 in the fund.  Make your donation now (look to the right) and lets get this ball rolling.

May meeting recap.

May’s meeting was off the hook, one of our best yet! Lots of new faces which is always nice, good demos, and good beer. Ngharo started it off by talking about the hackathon and THOTCON. Klaiviel did his lock master thing and said a few words about TOOOL. Darkwind gave a awesome demo on sniffing pagers. Its crazy to see all the pager traffic that is still out there. Then I showed off my Arduino windows attack tool and pwned a windows 7 box, There will a blog post about that later. Congrats to Genero for winning the dc414 free junk giveaway! I did take a bunch of pictures but my phone was full of fail and didn’t save any of them 🙁 so no pictures of the meeting this time, sorry. I promise to do better next time 😛 later.

March meeting madness!

March’s meeting was filled with all sorts of shenanigans. dw5304 started things off with a little demo of Windows Server 8 and some of its improved features and functions.

Ngharo kept the OS ball rolling by going over some Linux 101 and while he was showing us how grep can be used to find wanted data in Apache logs Castor pulled a little prank on Ngharo and left a message in the logs for him 😛 Every one got a big laugh out of it. Ngharo also has promised to give a new Linux demo every meeting!

Then I stepped in and gave a demo on how to use temp XSS attacks to gain access to user accounts on web sites, the target in this case was Daily Motion using a known vector. It was complete with a explanation of the attack string, the payload, how to use it, and how to fix it. I gave the room the opportunity to hack my Daily Motion account, using the cookie stolen during my demo which turned out to be a bad idea, Ngharo thought it was cute to replace my profile picture with the index picture from lemonparty2 😐 Yeah, ok I loled hard at that one 🙂

Then The Professor showed us how to use “The Social Engineering Tool Kit” to phish n00bs and pwn their passwords! He gave us a step by step of how to copy a website, how to access the phish page, and what happens when its used. Then we all talked about how to know when your being phished. It was a great first demo from The Professor.

A big congrats to The Professor for winning the dc414 Free Junk Giveaway “pic below”, Enjoy your new Launchpad 🙂 Here are some other pictures from the awesome Cmoney.

The big winner:

SIDE NOTE:
The next morning with a slight hangover I open my email and find this from Daily Motion:
Hello anarchyang31,

The avatar of your Dailymotion account “anarchyang31” has been deleted due to non respect of the General Terms Of Use (inappropriate content).
In any event, we ask that you observe those conditions. You can review them by clicking here: http://www.dailymotion.com/legal/terms

After 5 deleted avatars, you will no longer be able to change it and it will be replaced with a default avatar.

You can upload a new avatar by clicking here: http://www.dailymotion.com/profile/avatar

Best regards,


The Dailymotion Team

LMAO thanx Ngharo. Ok thats it, later.

December meeting recap

Decembers meeting was awesome! Vlad gave a great in depth wi-spy demo. He showed us what a Bluetooth file transfer looks like, what microwaves look like and access points looks like, and gave good detail of just what exactly was going on. Before the meeting he asked people to bring in any wireless devices to see what they looked like in wi-spy while operating. dw5304 came packing with a some directional wireless access points, one so powerful it completely took over the entire spectrum that wi-spy displays.

Then i gave my presentation on using sql injections to bypass logins to sites and admin areas. I showed what should be sent to the sql server, how it looks in php and how to identify exploits. Then showed what a sql injection looks like when passed to the server. I didn’t stop there, we broke into gmtoday.com to take a look at the news paper, then used a google dork to pwn a few more logins. I also talked about dc414’s new badge program project, more on this later, and announced dc414’s new year eve party! More on this later as well.

dw5304 finished off the presentations with a killer demonstration of just how weak time warners security is. He showed us how to take complete control of one of their cable modems with just a few requests, even how to build your own private proxy network made out of time warner modems! Then to top it off demoed a never ending DoS on a modem, kicking this client off line for as long as he wished!

Other then the normal junk i bring to give away, ngharo donated a portable dvd player for cars and F4r4d4y donated a arduino “thanx guys”. All of which went to a good home. Here are some pics cmoney took at the meeting “thanx cmoney”, and a big congrats to Castor for winning the anti-M$ poster and pantsme on snagging the arduino!

Castor and his winnings:

dc414 November meeting’s awesomeness

Well Novembers meeting was one of our best for sure! Many thanks to James and Bucketworks for putting the safe opening event together and letting us play with your locks and junk, you are the best! It all started with everyone just fucking off enjoying some snacks, cold beers, and some tunes. Then Klaiviel and James got the party started.

Klaiviel gave us a little intro to the safe, its lock, and some of the history all the while James was playing the roll of Geraldo all too well and dropping the lulz like no one. Once the safe was open there was a mad dash to see what was inside!! Lots of brooms, paper and some beta tapes suspected to be vintage pron. Cmoney took lots of pictures and video “below” of the safe opening.

After the party died down a little bit we talked about a issue one of our members is having with china and how to resolve them. Then ngharo and I gave a small demo on physical security and some of the tools one might use. We focused on Switchblade and an Arduino USB keyboard emulator “this is a post for another day” to pwn the shit out of windows, man that was fun. Ok thats it, peace.

F4r4d4y jr won an IE6 admin pack
Winner of free dc414 junk

The following videos are just og the safe opening and viewing of the contents:
pt1

pt2

Full video of the party
http://www.ustream.tv/recorded/18313140

 

My lame IR copy toy pt2

Some of you might remember the first post on my lame IR copy toy. Well I have tweaked the code a little and put it all on a nice little PCB board that fits great over the Arduino, here is the “finished” project:

Heres some video of it working:

Heres it being used to control a helicopter:

Here is the code:

One thing I left out of my first post is in order for this to work you have to use this IR remote library from Ken Shirriff. Thats it, peace.

October meeting recap.

October’s meeting was awesome as always and we had a few new faces which is always a good thing! We all hacked away at Windows Server 8 for a bit and found a few bugs, but unfortunately for the n00bs the meeting didn’t really get popping until after they let :/

ngharo gave us all a great talk on the wall of sheep. How he coded it, what he coded it in, what other software was used, and all the challenges that came up along the way. Dark Wind brought a toy remote controlled helicopter that uses IR for control, we found out my IR copy toy could be used to copy codes from the remote and take control of the helicopter 🙂 I was excited to finally get to use my 1337 IR copy toy on something!!

After all the IR fun there was a little talk about making a arduino based safe cracker to get into the safe at Bucketworks, that should be a cool project once its all done. Then I showed everyone how to make their own resisters with little more the a piece of paper and a pencil. The DIY fun didn’t stop there, I also demo’ed how to make capacitors using just tin foil, cling wrap, tap and some wire! Then while trying to make the home made capacitor blow up we did found out that if you expose it to high voltage, like the kind coming out of a wall outlet, it will start buzzing and expanding 🙂

A congrats to Dark Wind on winning the dc414 free junk give away, he got Red Hat Linux 6.1 enterprise with the extended support package 😛 Here is some pictures courtesy of cmoney “tyvm cmoney”, I didn’t get a pic of Dark Wind with his winning because, idk, I failed. Ok thats it see you next time.