King of the sidewalk – Pimping Chris Ride-on car Part 2

Quite some time has passed since my last real posts, and looking at the car it feels like not much has happened, but re-reading the blog i realized quite a lot did.

No, the massive motor, differential and chain-drive is not in place yet and as you could see in my last blog one of the old gearboxes died. I also mentioned i wanted to keep it rolling during the weekends when my little guy was here, so tearing it all down and start building the drive-chain on the car itself was a no-go for me.

The cat ate the led-lights

And what’s left of it was pulled away by my soon to be 2 years old little rebel :) They will be replaced with more rugged LED strips for actual cars to make sure they get to stay.

I made a few poor attempts to patch the old gearboxes, but ended up removing it all together while awaiting the somewhat beefier replacement 550’s.

 These are the RS-550 12VDC doing 23.000 rpm.

The search for wheels end

Wheels was an issue, and yes, i went the expensive way with a set of used DeCont gocart tyres.

Front: LeCont 10×4.50-5.

Rear: LeCont 11×6.50-5.

I ended up paying around 160 euros for the set. It looks pretty fancy, i must say and my son loves them.

There is no object so soft but it makes a hub for the wheeled universe. Walt Whitman

I now had wheels but no hubs for the rims to go on and while browsing ebay i didn’t find anything that was reasonably cheap or would just take too long to ship.

Being a responsible adult as i am, i have saved all scrap PLA from failed 3dprints, recycling this makes great sense. I decided to mold them so i measuring the inner diameter of the rim, then ran off to the local food-store and bought two canisters of corn that had just about the same diameter. The cans were emptied, cleaned and put on a the stow in a pan, heated to 210 degrees and the plastic was slowly added to make sure no large bubbles formed.

These chunks were milled flat to size. I drilled and tapped M8 holes and secured the wheel.

 

Art consists of limitation. The most beautiful part of every picture is the frame. Gilbert K Chesterton

I also started building the frame that once finished will replace much of the under-carriage of the current car. The game-plan is simple. Build a rolling frame with suspension, brakes, gears, differential, steering and motor and once ready transplant that frame to the car. Until now i started created 3 revisions of the back-end but stopped half way and reflected over decisions, scrapped it and started over again. This is most likely nothing what it will look like when “done”.

I have used aluminium as much as possible to keep the weight down. I got my hands on a 1300x60x40mm u-profile that shapes the base of the frame. The barrings housing holding the differential had to be milled down slightly, and 10x15mm strips add supports.

Initially flaky lower control arms moved me from cheap hollow tube, to solid square stock, to end up with 10mm thick aluminum blocks at the end.

I have been able to do most of the milling on my tiny Proxxon MF70 Micro-mill, but i REALLY need a bigger machine that eats more material, preferably CNC but for now this will have to do.

 Rear differential, bearings, chain, chain-tentioner, electric motor and the lower control arm mounted. Battery box will be mounted on the opposite side to the motor to balance out the weight.

All of this will be covered under the driver seat to avoid anyone losing a tiny finger. I am considering to add linear actuators to the suspension to be able to raise and lower it as i think it would make it look sleeker. Not sure yet, leave your comments.

The child supplies the power but the parents have to do the steering. Benjamin Spock

I bought a gokart front steering kit, including wheel-hubs. I welded a few nuts and bolts to them allowing the pocket-bike disc-brakes and calipers to be mounted, then gave them a splash of paint.

Life is made of ever so many partings welded together. Charles Dickens

I ended up buying a dirt-cheap 200 amp MMA/TIG. I burned a few boxes of rods and i am starting to get the feel of it. And yes, I even welded aluminium, but like everyone said, it’s hard to do with stick (however not impossible).

So far this project is moving a lot slower than i am wished for but it’s busy days and i have spent a fair amount of time picking up milling, using lathe and welding. With this mix of new trades i am reconsidering a lot of decisions made prior to posting here, so you have not seen half of it.

Anyway, just wanted to let you know i was making some progress.

[TEASER] King of the sidewalk – Pimping Chris Ride-on car Part 2

Just an update on parts, don’t get all excited yet :)

I have been sick as a dog the last 2 weeks back and forward, hit by 2 strains of flu that kept me in bed or begging to the porcelain god for most of the time, so not much has happen except the siren feature during the last days of being well, which is appended to part one of this series, if you missed it.

Beside that landing on the first page of HackerNews drove a lot interest, comments and feedback which i’ve only been partially able to respond to or look into to, will follow up. Just like the prior post, i will keep editing it as the build progresses and stuff i’ve done might become redundant, or included. In the meantime parts have kept arriving and i’ve felt well enough to take some pictures and blog a little so for now this post is mainly about the collection of parts.

Mechanics

So. Motor, rear diff, axles, disc-brakes, chains, sprockets have arrived:

Motor:

MY1020 48V1000W 2800RPM at a rated current of 32Amp. I giggled a little while placing this order. This engine is a beast, but with that said i am running it on 12 volt on a very fine-grained ESC and controller. Following days i will figure out a nice way to measure the rpm’s i am getting out of it and make sure i gear it correctly. My aim is strength, not speed.

Differential:

General transmissions gt82005 Differential d16 This thing is beautiful, and the folks at General Transmissions are great. I had few questions, which was answered immediately, and shipment took 2 days from Germany.

Chain and sprocket:

Standard bicycle chain and sprocket, from the bike-store around the corner. As i am still not sure what kind of rpm i get out of the engine, i reserve to detail more before i know it will fit the bill.

Brakes:

I was looking for brakes for a while, looking mostly at disc-brakes for bicycles but these are not cheap and not the smallest either. Turns out pocket-bikes have mechanical brakes that could work for me. I ordered these brake-claws and these 120 mm discs. However to pull these brakes i also needed some heavy duty servos.

 

My creative process:

Not sure what other people do this process, but i tend place things on the floor, make a temporary placeholder or frame from anything i have around (cardboard, paper-molds, pvc plastics) for the parts i need, make measurements to make sure it will fit and at the point i am relatively sure the puzzle will go together with no issues, this is when i start raw cutting materials. Lastly the modifications is done to the car. This is just to make sure my son has his car during the weekends he spends with me, allowing me to keep progressing in the background. You will see this reflected in how i structure what gets done when.

Why not use CAD like normal persons?

Good question, i do realize the benefits of modern tools. I do model in Blend3r for 3d-printing, but am also trying to get into FreeCAD for these kind of jobs. It will come, i am not afraid of technology :)

In the meantime in Amish-land:

Measurement for the front disc brake holder is being made.

TIL: Not all aluminium is weldable

As my welding rig is slowly getting ready, my power supply is up to standard and i’m mentally ready to take on a new challenge i started reading up on welding processes with aluminium. Most people advise against welding aluminium because it’s notoriously hard. It turns out the challenge is that aluminium melts around 660 degree’s Celsius, while the slag forming on the weld has a considerably higher melting temperature. To avoid oxidation it seems the key is using AC, where one polarity melts the metal and a switch of polarities causes the weld to clean itself.

From the little i’we seen and read so far, most people who advise from welding this material, come from welding steel and try to apply their steel-welding skills to this alloy, and that shit does not fly well.

It also seems that depending on the grade of aluminium (i.e depending if it’s a alloy mixed with elements such as magnesium, silicon, manganese, tin or copper) will make it more or less weldable. There are 8 main series (1xxx,2xxx, and so on called Wrought alloys) that all have very different properties in terms of strength, weldability, welder settings and filler materials added while welding. I would be lying if i said this will not take a while to get my head wrapped around.

Problem now is that all the material i bought have been purchased at general warehouses, so asking their staff what grade of aluminium they are selling and what alloys it’s composed of would be as useful as asking a toddler about bending time space continuum. I might actually be better of going to a proper metal supplier and be sure i know what i am buying. This is a bit of a setback, but that’s what you get for shopping first and asking questions later.

At the moment i understand i should avoid 2xxx and 7xxx (with a handful of exceptions) as these are considered unweldable (please correct me if i am wrong).

As for fillers, different grades have corresponding filler materials that will give the best results.

Having read this i understand that if you come from welding MIG, TIG or MMA on carbon steel or stainless, to slabbing two unknown pieces of aluminium together, the learning curb gets steep very fast. Lucky for me, i never welded more than a little MIG when i was a kid, so it’s all new. Not sure how or if that will benefit me, but we will see.

For now it seems my first welding will be a little stainless steel stick welding to get the sprocket on an axle. This seems like a reasonable challenge until i know what the hell i am doing :)

T.B.C

Loooong time, no post.

2017 has been super eventful year for me, not leaving much time to write here. As usual, work dominated most of my time and i added quite a few products to my CV.

Most importantly this year: I had a son, which in terms will be my biggest and most important programming project many years to come. Needless to say a lot of the hacks now aims at toys intended for him.

I attended SHA2017, where i started playing with PyQT5, went to a range of good talks which sparked interests in a bunch of new concepts like machine learning, that i am looking into more in 2018.

I bought a Kossel mini 3dprinter which i systematically broke every part on, redesigned and rebuilt. Once i am done upgrading the 3d printer, i decided i will build a 3d scanner too, so stay tuned.

I revamp the complete cooling system of my Honda CBR1000RR, crashed my Kawasaki Ninja 636, broke my hand, hacked the cast, ABS welded the fairing of the bike together again.

With all this 2017 have been packed with things to write about and the coming days i will start writing about these projects.

Here comes 2018, posts will follow soon!

 

Confessions of a abandoned server

<DISCLAIMER> I started writing this post in 2015 but never finished it, mostly because i enjoy riding a motorbike a lot more than i enjoy spending hours spell-checking something almost no-one will read. Sorry once more, will get some new more relevant stuff here soon, but for now feel free to read this..</DISCLAIMER>

In a sense this entry don’t really belong at this blog as no actual hacking was ever needed so I am sharing this as more of a security advisory for someone that never decommission a server.

After a wet night in the bar with the guys I found a computer sticking out of a waste container on my way home. I noticed the IBM X-series logo which made me disregard that it was covered in an inch of snow and I dragged it home.

It turned out to be a X3200 tower, running a Xeon E3400 cpu at 1.8 ghz, 4 gb of ddr2 memory, 2 sata-mirrors. 80gb for OS, one 500gb mirror for data, by the look of it.

The hardware

After a proper drying I plugged it in. Power icon was blinking green but pushing the button did nothing. I measured the button using a multimeter, but the switch itself worked. I found a “Power On” jumper on the motherboard and once shorted the machine rev’ed up its fans but never let ACPI kick in to lower the RPM of the fans, nor initiating BIOS. Monitor indicated no VGA signal either.

I was fiddling with jumpers for quite some time, I reset the CMOS and noticed that when i moved back the jumper to Disabled that the box twitched to life. The monitor flickered up and the blue iconic X-series logo filled the screen, with a few beeps and warnings about the CMOS battery having low voltage it came back to life. Unfortunately I had no disk connected to the system at this point and it would take another 45 minutes before I succeeded to do it again. After hours of trying to streamline the process of getting it booted the recipe for success seems to be:

Use the Power ON jumper for 20 seconds. Pull the power-cord to the server. Enable CMOS-reset with the jumper on the motherboard. Put the power-cord back in. Leave the server for 20 minutes with the CMOS-reset ON. Then…. pull out the CMOS reset jumper :) BOOM! The server boots Windows 2003: A real man-OS!:

Not being a huge fan of spending 20 minutes on booting any machine I kept looking for something simpler. Trickling pin 2 and 3 on the WOL-connector on the network adapter did make the power-led on the motherboard flicker but once more didn’t start the machine up.

I never mentioned how restless I am as a person in this blog, but for people who know me that is a fact. What I did mention was that both OS and Data disks where both in a mirrored configuration, once this was confirmed in the BIOS, it allowed me to snatch one disk of each mirror to be able to see what was lurking on the sectors while waiting for the server to get ready for it’s next boot.

“This is Windows.. I know windows!”

I hooked up the OS-drive with a SATA-to-USB-dongle and mounted the NTFS partition on my linux-laptop. The 80gb drive was divided into 2 partitions. 21gb for OS and a 55gb labeled EXCHANGE. I was happy to see no attempt at encrypting (or destroying the drives for that matter) were made but I guess if I saw such attempts I would be even more curios to see what they tried to hide from me. I am far from an expert on Windows these days but it didn’t take long to locate the the email data-directory belonging to the email exchange server, that the partion-name indicated would be there.

TIL that e-mails are stored in clear-text in Exchange 2010.

Curious about who owned the machine before me I started reading mail after mail. A picture slowly dawned on me. Some kind of medical related, pedicure, new age thing, something? I was intrigued.

Using standard un*x tools like cat, grep and more I could see every email sent and received from 2007 to 2011. Just for the fuck of it I greped out 20 lines surrounding the word “Password” and “Wachtwoord” and piped it to two files.

3200.ftp

Now, I understand a tiny non-IT company can mess up and send out clear-text password..

3200.kpn.hotspot

..but KPN is the stately owned phone-company in Holland, and should know better :)

3200.mijndomain.new.passwd

Hosting companies don’t seem to mind keeping it simple.3200.mijndomain

I guess it’s up to their customer not to keep the same 6 character-passwords year after year. I am however convinced mijndomain.nl has changed practices on this topic anno 2015?

I want to point out that I never tried to use any of the passwords to verify if they worked or not as that would be highly illegal. Additionally some logins were to patient care systems, making it utterly unethical to touch. I did however google the companies, visited their homepages to get a greater idea of exactly what they did and how they connected to the company who’s server I stumbled into. Needless to say i read up on the company itself, which still exists.

Seeing many passwords never changed during the years and many were frequently reused between different systems, i feel safe to bet some of them still work. But I wasn’t really that curious about the passwords and continue exploring the rest of the emails. Who were these guys?

Slowly the picture of the prior residents cleared. They had their own little newsletter, were selling subscriptions, seemed to be holding courses, involved in Integrative medicine (Never heard of it before but I am a skeptic. A fast search through all mailboxes got me bored. Almost all of the emails in all the email-boxes was work-related, how boring of them. You can only read so many of someones emails before you need to do something else.

I started checking out the Data drive. It turns out this was not only the Exchange server in their tiny infrastructure. It also carried their Domain controller and roaming home folders. I searched the user home folders, starting with the Administrator account. I could not believe my eyes..

Someone already brute-forced the server and the result files were still there :)

3200.passwords

Worth to mention is that it took 7m24s to brute-force the computer-knowing layout guy’s password, while it took 2h35m35s to crack he person I assume works in accounting.

Almost all passwords followed the same standard: X123Y4, where _123_4 never changes between users and the letters did to a certain degree. I can only assume these passwords were set by whomever delivered the system and never changed.

One user seemed to have changed his password but instead of setting a better password he went with a 4 digit only password, which was cracked in 26 seconds.

Initially i assumed it was the Administrator’s own pen-tests but looking through the mail again, it seemed they had been hacked around the same time this password file was created:

3200.we.are.hacked

One guy seem to enjoy the peace it brought to the office and point out that it is Friday the 13th. Some external partner responds “Digi-missery”.

In the meantime the server booted up again

The server was finally booting up on two single disk mirrors. My eyes glittered in the LCD-light. I would finally get to hack something.. or.. well.. I had the passwords to all accounts already, so technically still no hacking. But i would at least get to enter a username and password and feel like a hacker. Nope, machine seemed to have a registry hack and automatically logged in as Administrator, but something hung it after that. As i didn’t want it to start connecting out on the internet i just hooked it in to a switch without uplink.

 

I have to say I was a bit surprised to find the brute-forced password file, but not as surprised as I was about to become. Turn out this machine also hosted several windows shares.

One was most likely used by their HR, as i could find ALL information about people working there, like digital copies of their contracts and dismissals.

Another share contained a lot of access databases. Their complete customer-database, sales records, lists of prospect customers and tons of PDF-material about their products.

With the data i had at this point, i could map the whole company up on a time-line, seeing who started when, what they got paid, when they left. I could build a visual picture of who emailed who, which seller caught the big fish and who was just complaining about work while slacking. With almost 10GB of email, 500GB of data and no real idea of where I wanted to go out of it, this blog-post got hanging mid-air. It would take a year to go through it all. And most of it way to fucking boring to plow through.

I kept looking and found pictures from a few events their company participated in. Some of the pictures were named after who they depicted, allowing me to put a face on most of the names from emails i had been reading. It almost felt like i knew the people at this point. I was about to get way closer than i wished for.

I explored the the data-drive and found a backup windows share. Turns out this server was also used by some of the people to back up their laptops, and some of them were very.. blunt.

One of the sales guys, which i recognized from pictures i found from a kickoff he went to was obviously gay. I don’t claim to be able to spot a gay guy, nor do i judge anyone being gay but this guy had tons of pictures of him and a friend fucking a tiny Asian man making me pretty sure this was the case with this guy. Among the data he traveled with (and cared enough to backup) was GB’s off piss-porn.

I wanted to finish up this post a while back, but as i mentioned, I had NO IDEA of what to do with this. Obviously i would never attempt to use it against the company or any of their employees, but the next guy to find this might not be as friendly as I am.

Bits of advise, anyone?

No matter what you Think is on a computer you are getting rid off, small pieces of your life’s puzzle are stored on that machine. May it be in your internet-cache, in your cookies or from RAM in a swapfile. Someone with the right motivation or amount of interest will be able to scavenge it and use it against you.

If you ever toss away anything with a NAND-circuit (like a broken cellphone that contained naked pictures of your gf), unscrew/drill out the screws and use the a car battery charge to short every circuit on the board, making sure who ever tries to retrieve the data, gets a run for his money.

If you ever toss a PC with a harddrive, remove the drive, smash it to pieces with a hammer or drill right through it a few time. It only takes a few minutes, and you know for sure you are safe from 99.9% of people as curious as me.

If you are decommissioning a combined mail-server, file-server, piss-porn-repository, containing all your financial statements, all your customer information, every edge you have on your competition: For the love of Science, make sure no-one can just pick it up and just power it on.