NFC Ring Unlocks Your Phone

NFC Ring

This little ring packs the guts of an NFC keyfob, allowing [Joe] to unlock his phone with a touch of his finger.

The NFC Ring was inspired by a Kickstarter project for a similar device. [Joe] backed that project, but then decided to build his own version. He took apart an NFC keyfob and desoldered the coil used for communication and power. Next, he wrapped a new coil around a tube that was matched to his ring size. With this assembly completed, epoxy was used to cast the ring shape.

After cutting the ring to size, and quite a bit of polishing, [Joe] ended up with a geeky piece of jewelry that’s actually functional. To take care of NFC unlocking, he installed NFC LockScreenOff. It uses Xposed, so a rooted Android device is required.

We’ll have to wait to see how [Joe]‘s homemade solution compares to his Kickstarter ring. Until then, you can watch a quick video of unlocking a phone with the ring after the break.

[Read more...]

Hacking Rolling Code Keyfobs

 

hacking-rolling-code

Most keyfobs out there that open cars, garage doors, and gates use a rolling code for security. This works by transmitting a different key every time you press the button. If the keys line up, the signal is considered legitimate and the door opens.

[Spencer] took a look into hacking rolling code keyfobs using low cost software-defined radio equipment. There’s two pars of this attack. The first involves jamming the frequency the keyfob transmits on while recording using a RTL-SDR dongle. The jamming signal prevents the receiver from acknowledging the request, but it can be filtered out using GNU Radio to recover the key.

Since the receiver hasn’t seen this key yet, it will still be valid. By replaying the key, the receiver can be tricked. To pull off the replay, GNU Radio was used to demodulate the amplitude shift keying (ASK) signal used by the transmitter. This was played out of a computer sound card into a ASK transmitter module, which sent out a valid key.

A FPGA based Bus Pirate Clone

XC6BP

A necessary tool for embedded development is a device that can talk common protocols such as UART, SPI, and I2C. The XC6BP is an open source device that can work with a variety of protocols.

As the name suggests, the XC6BP is a clone of the Bus Pirate, but based on a Xilinx Spartan-6 FPGA. The AltOR32 soft CPU is loaded on the FPGA. This is a fully functional processor based on the OpenRISC architecture. While the FPGA is more expensive than a microcontroller, it can be fully reprogrammed. It’s also possible to build hardware on the FPGA to perform a variety of tasks.

A simple USB stack runs on the soft CPU, creating a virtual COM port. Combined with the USB transceiver, this provides communication with a host PC. The device is even compatible with the Bus Pirate case and probe connector. While it won’t replace the Bus Pirate as a low-cost tool, it is neat to see someone using an open source core to build a useful, open hardware device.

Hacking Radio Controlled Outlets

Decoding NRZ ASK

It’s no surprise that there’s a lot of devices out of there that use simple RF communication with minimal security. To explore this, [Gordon] took a look at attacking radio controlled outlets.

He started off with a CC1111 evaluation kit, which supports the RFCat RF attack tool set. RFCat lets you interact with the CC1111 using a Python interface. After flashing the CC1111 with the RFCat firmware, the device was ready to use. Next up, [Gordon] goes into detail about replaying amplitude shift keying messages using the RFCat. He used an Arduino and the rc-switch library to generate signals that are compatible with the outlets.

In order to work with the outlets, the signal had to be sniffed. This was done using RTL-SDR and a low-cost TV tuner dongle. By exporting the sniffed signal and analyzing it, the modulation could be determined. The final step was writing a Python script to replay the messages using the RFCat.

The hack is a good combination of software defined radio techniques, ending with a successful attack. Watch a video of the replay attack after the break.

[Read more...]

TI Launches “Connected LaunchPad”

Tiva C Series Connected Launchpad

TI’s LaunchPad boards have a history of being both low cost and fully featured. There’s a board for each of TI’s major processor lines, and all of them support the same “BoosterPack” interface for additional functionality. Today, TI has announced a new LaunchPad based on their new Tiva C ARM processors, which is designed for connectivity.

The Tiva C Series Connected LaunchPad is based on the TM4C129x processor family. These provide an ethernet MAC and PHY on chip, so the only external parts required are magnetics and a jack. This makes the Connected LaunchPad an easy way to hop onto ethernet and build designs that require internet connections.

This development board is focused on the “Internet of Things,” which it seems like every silicon manufacturer is focusing on nowadays. However, the real news here is a low cost board with tons of connectivity, including ethernet, two CANs, 8 UARTs, 10 I2Cs, and 4 QSPIs. This is enough IO to allow for two BoosterPack connectors that are fully independent.

Connected Launchpad Details

For the launch, TI has partnered with Exosite to provide easy access to the LaunchPad from the internet. A pre-loaded demo application will allow you to toggle LEDs, read button states, and measure temperature over the internet using Exosite. Unlike some past LaunchPads, this one is designed for easy breadboarding, with all MCU pins broken out to a breadboard compatible header.

Finally, the price is very right. The board will be release at $19.99 USD. This is less than half the price of other ethernet-ready development boards out there. This makes it an attractive solution for hackers who want to put a device on a wired network, or need a gateway between various devices and a network. 

Gritz: An Open Source Speed Reading Tool

Gritz

Here’s a hack to help you increase your reading speed. Gritz is an open source text file reader, which reduces the need to look around the screen. Words pop up one at a time, but at a configurable pace.

[Peter Feuerer] got the idea for Gritz from Spritz, a commercial product for speed reading. The creators of Spritz took three years to develop their software, and recently released a demo. They claim people can read at 1000 WPM using this technology. Spritz is taking applications for access to their APIs, which will allow developers to integrate the software into their own applications. However, a fully open source version with no restrictions would be even better.

Using Gritz, [Peter] claims to have read a book with a 75% improvement in his reading speed. He admits it’s not perfect, and there’s still much development to do. Gritz is written in Perl, uses Gtk2 for its GUI, and comes with instructions for running on Linux, OS X, and Windows. It’s released under the GPL, so you can clone the Github repo and start playing around with accelerated reading.

Hacking Dell Laptop Charger Identification

Dell Charger Spoofer

If you’ve ever had a laptop charger die, you know that they can be expensive to replace. Many laptops require you to use a ‘genuine’ charger, and refuse to boot when a knock off model is used. Genuine chargers communicate with the laptop and give information such as the power, current, and voltage ratings of the device. While this is a good safety measure, ensuring that a compatible charger is used, it also allows the manufacturers to increase the price of their chargers.

[Xuan] built a device that spoofs this identification information for Dell chargers. In the four-part series (1, 2, 3, 4), the details of reverse engineering the communications and building the spoofer are covered.

Dell uses the 1-Wire protocol to communicate with the charger, and [Xuan] sniffed the communication using a MSP430. After reading the data and verifying the CRC, it could be examined to find the fields that specify power, voltage, and current.

Next, a custom PCB was made with two Dell DC jacks and an MSP430. This passes power through the board, but uses the MSP430 to send fake data to the computer. The demo shows off a 90 W adapter pretending to run at 65 W. With this working, you could power the laptop from any supply that can meet the requirements for current and voltage.