Unlocking Wireless PC Locks

[Mr.Pantz] pointed us to a web page  we thought you would find interesting. It deals with hacking PC lock using a Universal Software Radio Peripheral (USRP) . Following the good practice of logging off or locking your workstation while your not at it, it is darn hard to get users to actually do it. These little gadgets are a 2 piece setup one being a usb dongle, and the other being a badge like device. If the badge is turned off or is a distance greater than ~30 feet, the signal is lost and the pc is locked.

From there all you really need to do is figure out what frequency the 2 are running at and what codes are flying around the air. Some careful eyeballing suggests that this operates in the 434MHz region much like remote lock dongles for your car, and once the device is apart some research of 2 of the IC’s on board confirms it. Using the GNU Radio spectrum analyzer a signal is quickly captured, dumped, and a script is created to send the signal back out, provided you have the correct hardware to do so.

Comments

  1. I have one exactly like this, and I can’t live without it in school when I need to go away for a second or a friend is trying to see through my private pictures xD

    BUT the standard software sucks BIG time… I saw an article over at Coding4Fun on how to write better software for this. However I think there have been a slight hardware revision because it didn’t work for my device.

    I DID however manage to hack the device (appears as a HID) device and make my own lock. My lock is actually locking windows itself instead of that on screen shit which can hardly be called a lock.

    – By the way, anybody knows a way to automaticly unlock Windows from software, .NET prefered? Using Win7 ^^

  2. CC_DKP says:

    @Henrik Pedersen
    Under XP you do this through MSGina.dll (or a replacement of it). I don’t know if it is the same for Win Vista/7 or not.

    Here is a good MS whitepaper to at least get you started: http://support.microsoft.com/kb/810756

  3. XiuiX says:

    I had one of these locks and like [Henrik] states the software sucks BIG time. after being annoyed with the software I finally gave up and chucked it.

  4. @CC_DKP
    Yeah I have looked at MSGina.dll before. It is not the same for win7, I remember reading something about some crazy API shit which is needed. A much easier alternative is to just freeze the screen by blocking mouse and keyboard input but it’s incredibly hard to do “right” as CTRL-ALT-DELETE always seem to work. I have even tried some of the stuff from the more “dark” sides of the internet and some of it seems to block it all in XP but Win7 is actually having to good security against this. LOL.

    I know that some facial recogniton programs overlay their own stuff on the logon screen and unlocks from there so it’s definitly possible. Just hard as hell.

  5. Reggie says:

    Could you guys not employ the same technique as malware and disable ctrl-alt-delete through security policies?

  6. Pedro says:

    You need to hook a custom behaviour into LogonUI. Create a COM object that implements ICredentialProvider and register it with the system. Your component can then tell LogonUI to tell WinLogon to unlock a session.

    http://blogs.msdn.com/b/securitytools/archive/2009/07/30/how-to-build-custom-logon-ui-s-in-windows-vista.aspx
    http://msdn.microsoft.com/en-us/magazine/cc163489.aspx

  7. @Reggie
    Possibly yes. But would require the program to be run as admin and also CTRL-ALT-DELETE is there for a reason. I don’t like (even my own) software playing around with it.
    The windows logon screen is the safest I’ve seen so far as it’s designed for that purpose.

    @Pedro
    Thanks dude, I will look in to it!

  8. truthspew says:

    434MHz? That falls smack into the U.S. amateur radio 70cm band. Enjoy the interference! Because those little radio devices are more likely than not Part 15 devices.

  9. Dosx says:

    wow i saw this and an idea came to me i cant really do it but would be nice if someone tries it in future………..
    What if someone employed this PC Proximity lock on say a door but not for an automobile door am thinking on something more like a room door but its really just an idea that i got when i saw the post

  10. Brianmanden says:

    FYI

    BlueProximity does the same under Ubuntu except it uses Bluetooth and your mobile phone.

  11. Hack Cell says:

    Nice burn notice type hack! Can’t wait to try BlueProximity. Thanks pedro for that info.

  12. @Dosx already considered it… But I personally think the system distance is a little to long (unless you mod it of course)… I already have RFID, magnetic card and soon fingerprint scanner on my door so it would just be overkill to the overkill if I made another unlocking system LOL ! xD

    But yeah I own one of these and I can confirm that they send out a unique code for each unit comparing to others sources and that the software that comes with it seems to be able to identify different units, so it would actually make a cheap “powered RFID” system.

  13. TMX:OD says:

    @Pedro

    Your Google-fu is strong… I’ve been lazily looking for this for a few months now to no avail.
    THANKS!

  14. jordan says:

    for those looking for better software to lock windows, couldn’t you just fire a SendKeys “windows key” + L? that’s a shortcut to lock the workstation…
    I don’t know if sendkeys-ing windows hotkeys would even work, but it might be worth a shot if nobody’s tried

  15. jordan says:

    oh hurp de derp, unlocking it afterward would be another story…

  16. f6itu says:

    I Looooove this kind of stuff. DoSsing such a device with a local transmitter(a 5 W ham radio UHF rig for eg.) is easy. Any user who has his “security wireless key” blocking his computer without any visible reason will immediately “disengage” the security device. And… voilà ! you’ll just have to follow the opened yellow brick road.
    By the way, you don’t need a USRP to locate a frequency, a scanner, a grid-dip will do the job for less than a few bucks. The USRP is a great hacking device, but it’s an overkill to do such a simple “evil twin attack”. And it’s not the only SDR on the block (try to google “UHFSDR” or “SSRP”).
    Marc

  17. jaded says:

    I’ve always wanted to see someone use the USRP to start demonstrating just how bad most wireless security is. I like this hack!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 92,260 other followers