Sunday, June 12, 2011

Another hack: Wiretap picture frame

Hi all,

I enjoyed putting together the last write-up so much -- and got so much positive feedback -- that I'd like to follow up with another one. This is something I built a couple of years ago and has been gathering dust since then. Here it is:



Once again, completion of the hack depends upon a trip to a coffee shop, and once again that's the part I haven't finished yet. Booting this again after a long hiatus has gotten me motivated, so I promise I'll follow up. Eventually. Maybe.

The project: to make a digital picture frame to snatch pictures from a public wi-fi connection. Many coffee shops in Vancouver feature both local art and wi-fi, so why not combine the two? Imagine toting your laptop down for a latte, plugging in, and discovering that your Facebook pictures are on display on the wall. That's what this picture frame does.

Obviously this project a tremendous violation of privacy, which is kind of the point. Using a coffee shop wireless connection is a huge risk, unless you take care to use some kind of extra encryption; one project called Firesheep recently made the news for allowing tremendously simplistic theft of Facebook sessions, among other things. If you're logging into a website that doesn't use HTTPS encryption, and most don't, you're giving your credentials away. This is a nice visual demonstration of that.

The ingredients: I rescued a to-be-scrapped laptop from Free Geek Vancouver (a Pentium II-450mhz Dell, if I remember) to provide most of the guts. We get these machines in all the time, and unfortunately there's just no market for them -- we could run Damn Small Linux or Puppy Linux, but since we already stock faster laptops for < $100, there's not much point. We occasionally get someone's ancient purple Vaio in immaculate condition, complete with all software and accessories (external floppy drive anyone?), looking like it's just rolled out of the showroom. These were top of the heap subcompacts at the time, and all we can do is shake our heads over them -- what good are they now? Well, hobbyist weirdness to the rescue -- here's one old laptop rescued from destruction.

So I've done a few projects with old laptops, generally because it's easier to get my hands on an obsolete but working laptop than it is to do the same with an external LCD panel, and many of my projects require LCD displays. The trickiest part is always figuring out how to change the shape of the device so that the panel can be mounted the way I want it to be -- the ribbon cables connecting the laptop's motherboard to its display are always murderously short, fragile, and generally disagreeable.

I gutted the laptop totally -- there's not an inch of chassis left -- and measured the remaining parts in order to get a custom picture frame built by Artrageous, a local framing shop. Then I dremelled out part of the frame to allow for mounting and drilled a few holes for mounting screws.

Here's how the whole thing looks from the back, fully assembled:
The laptop guts are visible at the top, then the LCD duct-taped into place in the center of the frame, then at the bottom an old day-timer jammed into place to provide a little extra lumbar support for the LCD. There are a few wires scurrying around (in addition to the hanger wire), so let me explain those:
(Forgive the blurry photograph -- I'm using a vintage digital camera. But that's just an excuse, because the real problem is that I'm drinking too much coffee and not using a tripod.)

Luckily I was able to flip the computer guts above the LCD without too much fuss, but I did have to extend these two wires to get the proper reach. These probably supply the backlight, and I've done an ugly job of it and probably voided the warranty, but give me a break. I didn't think I was going to be showing this to anyone.
Here you can see the top corner of the frame. The red power button is the only control on the frame itself, and its two wires are soldered onto the power switch / LED daughter-board from the original laptop, tucked under its mainboard. You can see here the black power cable leading to the power brick, still plugging into the original DIN connector on the laptop mainboard. (I might eventually add another DIN jack to the frame itself, just for cosmetics.) You can also see two little white wires soldered to the board, diving behind the board to the top left; those are borrowed power to permanently supply the little laptop fan with enough voltage to run it steadily but quietly. (There's no ventilation in the frame and I felt better running it this way.) You can also see the PCMCIA wireless adapter sticking out. And the audio jack -- I might eventually mount a couple of speakers behind the matte.

Here on top of the frame you can see a little recessed hole I cut for USB -- when I'm working on it, I plug this into a USB hub and from there into a keyboard and mouse. (Naturally, the one photograph exhibiting my poor finishing skills is the one that came out clearly.)

Here it is, booting up:
I wrote a "Splashy" boot logo theme using a picture of an F-21 KGB spy camera -- it seemed appropriate. And now that I think about it, I probably stole the picture without giving credit.

It's running Debian, with most of the boot scripts neutered and a custom script dropped in to start X, run Driftnet, and hide the mouse. I'm not even running a window manager.

Here it is in action:
This is from the building I used to live in -- there was an open wireless connection I could grab onto and it made for some interesting dinner conversation. One evening I watched an entire arc of narrative: first random web browsing (news sites), then some kind of hot-or-not website, then online dating, and finally, inevitably, pornography.

Around this time one of the neighbouring buildings had a proposal to add some cellular towers to the roof, and several residents distributed petitions warning of the dangers of RF radiation, starting with "You probably aren't aware that radio frequency radiation is passing through your body all the time." I felt like responding: "Yes, and much of it is pornography."

So the next step is to find a brave local coffee shop with a wireless connection, and put it up on the wall. Oh, and to insure it first -- I predict a prompt smashing.

18 comments:

  1. In case I didn't make it clear enough: "Driftnet" is the program that does almost all the work here. Kudos/threats/exclamations of shock should be directed to those guys.

    I have lots more projects to document, and will start including them on this blog, but only as they're relevant to the greater goal of the blog -- writing about Free Geek Vancouver. Drop me into your RSS reader!

    ReplyDelete
  2. I love it.

    I'm tempted to make one for my office wall :o)

    ReplyDelete
  3. Like this alot, maybe theres a use for my old Thinkpad yet. Very inspiring :)

    ReplyDelete
  4. I love the idea of modding out old hardware to give it a new life. I am planning on turning my Lenovo Laptop into a picture display/family calendar, when I upgrade to a new one next year.

    ReplyDelete
  5. Hi, I'd love to know a bit more detail about what does and doesn't run and start up and those scripts that do this.

    Thanks

    ReplyDelete
  6. Be careful using this if someone knows you've got it, you could find yourself goatsee'd

    ReplyDelete
  7. @Luke: IIRC I left the networking startup scripts but took out any daemons that weren't necessary (and may have even gotten the whole thing to mount the hard disk read-only, but I can't recall for sure if I managed that). I wrote two scripts: one in /etc/init.d to start X (I'm not using GDM or similar) and another xinit script to launch driftnet, fullscreen it, and hide the mouse (e.g. with xsetroot). Otherwise, I just followed the documentation for setting up a splashy boot screen. Let me know if there are any particular details you want.

    @Robin, that would serve me right. I'm thinking about pairing this with a dedicated wireless router the OpenDNS content filtering.

    ReplyDelete
  8. Are you running some kind of arp spoofing or can you capture data on a open wlan without that?

    ReplyDelete
  9. Andreas, as far as I know, it's passive data capture. Driftnet does all the hard work.

    ReplyDelete
  10. Wouldn't it be easier to use a normal screen and a computer that is hidden somewhere near this screen?

    ReplyDelete
  11. A screen could also like like this picture frame.

    ReplyDelete
  12. True, James -- I could also have nailed the laptop directly to the wall, no modification required.

    ReplyDelete
  13. Ha, great idea man, I love it! I'm going to do it when I get the time.
    Question, if you authenticate against the network, could this work on WEP / WPA cyphered traffic?
    Would it work with several networks at the same time?

    ReplyDelete
  14. I think WEP can work, since it hasn't got end-to-end security, but unfortunately WPA is off-limits, as far as I know.

    The trick with multiple networks is that channel-hopping on most network cards is pretty slow, so you'll likely miss a lot of traffic; you might be able to figure out a way to dump all traffic on a single channel, but that cuts your odds considerably. Or you could get a stack of wireless adapters...

    ReplyDelete
  15. Hi can someone help me set this up step by step as im not that good, this would be very useful at my work.
    thanks
    amy

    ReplyDelete
  16. I have pretty much everything down, im just stuck on how you made driftnet full screen?

    ReplyDelete
  17. Cole, I used the wmctrl utility in a shell script. Once the driftnet window was open, wmctrl made it fullscreen and then another utility hid the mouse cursor.

    ReplyDelete

Note: Only a member of this blog may post a comment.