BSidesWLG 2017 - Peter Jakowetz - IoP: The Internet of Pancakes

g'day my name's Peter Jack was here to talk to you bout some pancakes today so I'm a senior security consultant quantum security I have a background of illogical engineering my spare time I like to break things most of it enjoyed cats cars and crappy electronics so about three or four months ago I was surfing trade me as I do trying to find a CNC machine to buy and I came across a pancake maker and was like I have to absolutely have this I have no idea what I want to do with it and sorry I just bought it immediately and then figured that I bought a pancake maker why not try and put on the

Internet because that sounds like a really great idea to do sorry I'm just gonna have a chat about kind of what what the pink egg butters how it used to work what I've done to it how it works now and what I still need to do to it cool so the pancake bot was some dudes a great idea - you're trying to automate pancake making because that's a really sweet thing to do he made it originally out of like Lego and technics and stuff for his kids a whole bunch people named Cecil that was pretty cool so he went and created the Kickstarter for it a couple hundred thousand bucks later a whole bunch of them were released onto

the market and I think now it's ended version two or three yeah so essentially what it is is just a two axis CNC machine so it's like a 3d printer without one of the excesses you feed it G code just like a 3d printer and it prints pancakes in any shape you want it also comes with a bit of a software that goes and you can design things as well so it makes the g-code for you so you don't have to go on right 2000 lines of G code so I guess going back what CNC so I'm commuting computer numerical control is just a way to go and control what's primarily been industrial machines so it's been around

since about the 50s and it's the way that um old machinist and stuff used to be able to go and try and automate things like CNC lathes and milling machines and stuff so rather than having to go and repeat the same process over and over again you can just go around to program it design it once and then let it go and then you don't have to sit there going and measuring and checking to make sure that everything looks the same that's kind of come reasonably far especially in the last 10-15 years where it's come from being an industry thing to being something that you have in your own home like laser cutters 3d printers

kind of CNC Mills and stuff and now within the price range of a average person I guess a 3d printer you can now pick up like 500 bucks and get a laser cutter for a couple grand versus 10 15 years ago that might have been like 20 or 30 grand cool so I got this working last night and in theory this should work but the web server just wasn't standing up a couple minutes ago so I will attempt to do a demo

and that's not going at the moment so I'll talk through it and then if it does start working so essentially you go and pick an image and portal into its software we it goes and Victor eise's it so rather than just being like a rasterized image that's a whole bunch of lines it tries to kind of take point A to point B so that lets each of these a set of coordinates that you're printing rather than Ike an image file that then changes into G codes so it becomes a whole bunch of line paths to go and follow and then the G code looks something like that so for like what's a pretty simple image as

seventeen hundred lines of code and yes mostly just kind of Peaks y-coordinates telling where to go G code so there's just the instructions see it essentially for CNC machines it's pretty standardized among all the things it's something that generally dudes and there are fifties or sixties no and no one else and so as part of doing this I am wanted to figure out what the so that I could reverse engineer this machine I wanted to kind of know what codes it was using and trigger they had only to use it about ten different ones so um the kind of main ones are the G commands we're at some by the G zero zero where it's Nick's my place to go I can see the

speed so it can go anywhere from hellishly slow to still not particularly fast because it's just on um pretty shaky bends rather than like eight or one rigid axis this enforce commands you can home the thing turn motors on and off and then the pump on and off is probably kind of one of the most important things with this so it's a receptacle of pancake mix and hopefully it's not like cooking itself India and inside there is just a pump with our two valves and so that can either suck it up and keep a vacuum or it can push it out and create sweet sweet designs because I can't get that webserver up at the

moment this is just like an example of it printing so it's reasonably quick for like a simple design it might take maybe three or four minutes for more complicated things I've had something running this morning for at 20 minutes which gets a bit tiresome and in this you can see that I did a really crappy consistency pancake mix and therefore it's like squiggly out if you do a better job then it kind of actually makes nice pretty designs

cool and then you get a pancake and it is apparently delicious cool so I bought this thing and then immediately I pulled it apart because that's what you do when you are an engineer and you get bored so I pulled it apart and found out that a head um so its main control board was a [ __ ] 24 25 60 micro on it which is the same as what a I'd we know 25 60 heads on it I had a controller board with the SD card and LCD support a pretty big chunky power supply has just got cheap like NEMA stiffer motors so exactly the same thing as you'd find in like a normal 3d

printer it's got its ear vacuum pump a couple micro valves so it's pretty basic kind of components and doing a bit of a google throw it figured out that actually that lines up perfectly with what kind of open source stuff is out there and that all that done was kind of essentially rapid design off kind of open source 3d printer and throw a pump in there instead they were very nicely and they've gone and thrown the firmware up online and what they've done there is they've just gotten ripped the what's called Marlin 3d printing firmware and so that's a will open source and on github it was really great that they throw it up but they didn't comment

anything so you can actually tell what they're done to the base image so you just had to go and um I compared the two files and try and do a death that also based it on old version of Marlin that's like quite a few years old now so as part of what I did I throw it on the latest version and kind of the biggest issue that I found with it was that the USB port on the side of it didn't work which was really not that useful when you're trying to go and connect it to the Internet and you don't want to have to be plugging in and out to eke out all the time

so I flicked the message to the UM to the founder of the company and asked him if he had any idea why they had that limitation in there and he had no idea plugging it into a machine listening to the serial port you could see that it came up and then it just like killed it about three or four seconds into the connection and that was kind of all I thought about it at that point so the pros of it when I bought it was that it was tidy and small it was well supported it did stuff easy and it worked but there's no fun so I can only do a small volume of pancake

mixture that SD card thing really sucks you have to be right beside the printer to make anything from it it makes it really hard to automate when you're gonna like actually walk over to it and put stuff in and wireless SD cards only work the other way not putting stuff on to it it's not nearly complicated enough and you know it actually worked and that's no fun so the current ish state as of a couple days ago so I thought I was really so I figured as part of this I were gonna update the firmware I thought I'd found the line of code that was why it was limiting the USB port on it so I went and changed that plugged it

into my PC jumped in the Arduino IDE and went and tried to upload it to it it looked like it was going really well until it bricked the controller and I couldn't do anything and so then it wouldn't even respond it wouldn't respond to an SD card and I couldn't plug it the USB and also your condition seemed to die so that was really cool and I was like I've got to go and talk at bayside soon this is a bit [ __ ] so I'll just go and try and re-engineer it because it sounded like it was some pretty open source stuff and then I jumped on trade me and found a second one to say well sorry I bought that just

in case I screwed up again so this was kind of how I was playing on architect to get my really fancy UML with diagram so there's the on the right you got the pancake maker what the original controller was so the 2560 I just replaced it with an Arduino 25 mega 2560 which is just really nice and cheap onto the dice for something called a ramps board and there's essentially just the pen out on the top so that you can go and drive your motors and control your in stops and stuff there's a couple of motor drivers in there as well and that just went back to the original motors that came with it there's been

controlled by Raspberry Pi running something called Oh print and there's just like a essentially I've just stood that up as a web server that you can connect done and that talks out the serial through the Arduino and then controls motors there's just a tiny little um wireless access point in there and just add make it a bit more fun I threw in a couple Wi-Fi relays to go and control the power for it so these are just like I bought them previously for a different project but there's like $5 Wi-Fi relay is super cheap from China and you can just flash your own arm firmware on there to make them kind of play well with home kit and stuff and

now there's an API and all that jazz so now all you've got to do is navigate to a web UI upload some G code print the pancake you get a message on the select channel when the pancake prints and profit so the rent support I was talking about while it looks a little bit complicated up there that's not too bad in the middle there's like a Nick's my section and so that just holds a motor driver which are just little things control the power of the motor that then wires out to the two motors the top right of the picture is the in stock controls so that's just so that when it goes and hits the end it knows to go and

stop and not just keep charging on with the motor and giving them out kind of top left is the control for the pump so it's just a switch 12 volt supply and in adjust the power and put on the lift so I was saying before that it was that the film was based on this Marlin firmware and so it was created for a bunch of 3d printers and it's just a whole bunch of say card it runs on ml microcontroller so it runs on Arduino and it's kind of a fully-featured J code see it and as I said before there's only a she liked ng commands that this thing uses so that's more than enough it's a really big

community to it which is great in some cases and terrible and others so the forums for it are really useful when you're trying to figure some things out and in other ways they just point you in the totally wrong direction because no one knows what they're talking about so there's only two real files to go and that you're going to modify when you pull this down and so there's a config and a conflict advance file and these are to just essentially a big long C files a couple thousand lines each and it's just a case of I figured out what changes that made when they configured their version and I tried to copy that over to to my version of Marlin and then

also makes mixture changes we needed to attempt to make it a bit better the raspberry pi is just a stock standard raspberry pi running an october i roughly an image being a raspberry pi at this hated room for expansion so there's all the GPIO ports that you can use if you want and it allows for things like cameras to be plugged in so when I hit this at home I had like a webcam above it so that I can lie in bead and see my pancake cooking octo print is so I was thinking of like writing my own little fronting for it and just being kind of like a you drop the file in at prints

and then in five minutes you go and wander through and check it out I mean thinking back oh this is actually pretty much a 3d printer so unless have done this before as these guys head so um octo prints like a essentially a fully-featured like 3d printing controller over the web it's quite extendable there's heaps of plug-ins for it you can do great things like seen yourself messages to you select channel or text you when it completes and you can also like there's gonna be a weird get stream and you can do time lapses of your prints as well because that is completely necessary while I was prototyping it I also used this bit of

software called pronterface and it was just a nice easy way just to go to a plugin with the USB into the controller and kind of be able to get and stuff where I knew that I wasn't having issues because of the the web side of it these are the wireless relays that I was talking about the real cheapest chips the based on the ESP chip and there's just a 4 pin 0 heater on it so you plug that unplug it into your laptop and flash some decent firmware on there I haven't really actually done a whole lot with them but that kind of India in 4th through the expansion and playing cool so just couple pictures of the build

that I did over a few weeks so top right of the picture is um there's just little Wi-Fi access point the Arduino with the shield ons the kind of bottom right there's the Raspberry Pi beside that the unpowered supply and then there on the far left and then um relays just above those and actually look pretty decent once you got it all together so kind of my I guess my process of reverse engineering it was figure out what kind of controls they actually needed and that was going to the g-code and finding what what codes were used the internet kind of relay those back to what IV needed to go and do on the ramps board I

had to go and pull out all the wiring looms and pin them out to figure out what went we're and make sure I wasn't trying to showed anything out which I did quite a few times ripped out the old controller flesh the modified um firmware onto the Arduino I did it all just on my desk first just to try and eliminate some of the issues of the glooming and get frustrated that you everything keep breaking all the time those kind of the cost of it so this thing off the shelf was a couple hundred bucks raspberry PI's are pretty cheap and so there's kinda like the whole thing you can give like under three hundred bucks which is pretty sweet for

something there there's probably good now gonna sit in the cupboard for the next two years but I got most the stuff from Aliexpress just cuz it's cheap but it just takes ages to come I'm building a laser cutter at the same time so I had a lot of the components already so that kind of cut out the fact of him to wait for things trade me for stuff that I wanted a bit quicker but it's always a bit more expensive and then I try and avoid at all costs go to electronic shops because they are expensive so some of the things they still want to do with it is customize the web UI that further do some custom G

code for like Spira graphs and like fractals and stuff because anything formulaic makes it really easy to create you cope or throw on a temperature sensor so that you can tell when the hot plates up to temperature without having to be right beside it do some pressure sensors and controllers so one of the hardest things to control on this is the pressure for the better because if it's too much then it kind of just splits out everywhere and you kind of see do we need designs and if it's not enough then it doesn't come out of the doesn't come out of bottle I reckon having like a third axis on it there's just like a big arm that just

like wax pancakes off the end when they're done would be pretty sweet and you could do that pretty easily by just using the UM z-axis and then like a self filling pancake better receptacle so you don't actually have to fill it up again just comes out of a bigger tank but yeah this is probably the worst but I just keep blowing stuff up throughout the whole thing so like I bricked the controller within the first couple days of owning it I went through a whole handful of motor drivers because I forgot to put a fan in there and it just kept overheating I didn't know you could blow out SD cards but you can we went through a couple ramps

Paul's been through a couple of arduino x' and a lot of that was just kind of shorting 240 volts over things that shouldn't had 240 volts shorted over them and a lot of kind of small issues like that just by whenever you're tinkering in things like that happen so yeah it needs a cooling fan installed pretty bad there's also lots of variables with pancake bed is really hard to get can every time you make it but it is possible there's also like the heat is quite a big variable to how things turn out pressure and time reverse engineering stuff just kind of bias nature sucks a bit and it always takes longer than you'd expect help for open

source saw software in hardware is super inconsistent so I found for some of these components forums and stuff were really useful and like people were more than willing to help and you got really good information back for some of it it was complete garbage and people just like don't wish to help at all or they want to help and they just give you rough chances the chinese components pretty super and consistent so like the motor drivers you can buy a pack of teen and like three of them just don't work which makes it really hard to problem-solve why something isn't working and i've really don't like pancakes the messes it's eaten every single pancake off it so like are there

any useful applications for this probably not so much but um i reckon you could put some other stuff in there like chalk blurred or and make like cool chocolate designs or wax and make candle designs or something I was searching geek zone I was searching the internet just for ideas of what people wanted to do with them with a pancake maker and some guy wants to make like heat gaskets with it which sounded pretty stupid but um I'm sure you could there's a dude on YouTube who Weiner made like a laser-cut Vin Diesel word of like ham and cheese so that's kind of in the process of doing a pancake Vin Diesel but I just

didn't have the time to actually finish it and probably the useful one it's just a really like easy way to actually teach kids about CNC and electronics hopefully I'll be able to give it to my nieces and they can play around with it yeah it's just a it's a bit more of a practical way to learn than just like playing with a 3d printer that you make a little widget worth and then you throw it under your bed and you never use it again I found the open-source of the guy who made the Vin Diesel bust went through them online so yeah there's a bit of Safa called slicer and essentially you just tell it how thick your

is it gonna be so in this case like that much and then it just divides it up spreads it out over a few pages and then I can just feed that into the pancake printer software I'm just gonna test again to see if that web service come up

that decided to race it itself which is cool

cool sorry I'm just going to exit out of this and

that's not going to help

cool so in theory if I go and push that and there it might connect

fingers crossed

Dumpty do

awesome if you can throw the slide or the laptop back up so I can actually do a run-through which is cool so this is just a bit of software you can just import a image into it and then it just traces it

cool so you can either like doodle on here or you can import images it's conversions a bit rough but if you play around with it long enough you can make it work even if you export that for printing

cool so this is just creating that g-code out of those images so it's just trying to essentially Victor eyes the image on the previous page that might turn out okay now if I go export file now I can just drag and drop that into the that web GUI and if all things are going well

yeah oh that's awesome I was convinced this wasn't gonna work cool so currently the like the pressures just controlled but like a little knob on there I need to kind of automate that in some way but um I just haven't quite figured it out yet cool so while that goes I can skip through a whole bunch of slides again

cool so I figured like saying as I do contesting during the day I should probably actually have some idea of like what the security of the octa-pie software was like so I did I just had a look at it the other night so there's a few hundred leads online so not not a whole lot but that is still a few hundred people's houses that can kind of go on fire so and just looking through that showdown unless there's a whole bunch that just didn't have that were just available by just browsing to them

but yeah like so it doesn't really matter that people were throwing these up online like 3d printers do kind of catch catch on fire so maybe you should be a little worried about it so I had a look at it and there's a few bits of a few things I could do with the octa-pie software I could just do things like download other whose g-code files from what I found I could watch them print things because they were streaming their webcams online on their printers was just a bit odd really I could restart their 3d printers and possibly burn them down there were a bunch of like vulnerabilities in the software though there's like arbitrary code execution

there's a bunch of stored cross-site there's previous I had a look at the issue tracker on they get hub because they have no other way of disclosing anything and anytime anyone mentions a security problem they just start shouting at them so um I don't think I'm gonna get much luckier actually telling them about and get anything fixed so in the meantime it's just not going to go online but yeah there's got really fun functions like you can restart your printer but rather than just having a button that says restart you can actually just true what code it runs and there's just out of the box so yeah it's got full route on the box so yeah up until late last night I still

hadn't got this working properly again so I used to work and then I broke it a few times and I was trying to get it going and this morning I was trying to figure out how to get it going again and I've been yelling defend him last night on the boat about how like the firmware thing happened over USB and that seemed to work but I just couldn't connect to it over USB and maybe that was sharing it with like the SD card or something and so this morning I was like maybe I should just go and like read the firmware update procedure that I never actually read the first time which is why I bricked it and it's just like oh

if you hold the power button for a few seconds then it all works so I kind of realized this morning that I didn't actually need to replace anything inside it and then it worked out of the box if you just hold your finger on the power button for three seconds so that was yeah a good couple months of work wasted but you know it's now much simple design there's literally just a webserver with a 3d printer plugged into it yeah so I built this up this morning like five or six in the morning and now just all sits inside that box was just a web server those relays and a little bit of power stuff to make it work so in theory well

know I can actually now lie in bed and turn on the hot plate and the printer independently the web server and the Wi-Fi controllers stay on anyway and yeah I can have delicious delicious pancakes really for me without him to even get out of bed so yeah one of the reasons I'm wanting to do this was I've been to building a laser cutter and I've been doing a ramps conversion on that so not all the works wasted and I can still use all those parts and there but yeah it's just a cheap Chinese laser because I'm I don't like spending a lot of money on stuff like this I've scored it on trade me again and it was really broken

so someone had already blown up that controller before I got to it and use like a co2 laser you can burn through like three or four mil material used to print raster images which is pretty rough and it just takes ages so now it'll just be victus I'll do that before Luke's and yeah so that's pretty much working now and that's what I'm going to get onto once I've kind of this weekend's over getting that going again but yeah this is the suite software that that came with with its original controller that's the English version of the software it's a bit rough but yeah there's kind of its state at the moment yeah so thank you

for listening to me ramble about pancakes for a while follow me on Twitter or I've thrown the after on the firmware that I've done just up on github it's not very current at the moment but I'll sort that out and yeah and reflect back to this it may or may not look any good

[Applause]

you