DEFCON 22: Hack All the Things

hack-all-the-things-defcon-22

This morning I went to a fantastic talk called Hack All the Things. It was presented by GTVHacker. If you don’t recognize the name, this is the group that hacked the GoogleTV. They haven’t stopped hacking since that success, and this talk is all about 20+ devices that they’ve recently pwned and are making the info public (that link still had oath when I checked but should soon be public).

The attacks they presented come in three flavors: UART, eMMC, and command injection bugs. I’m going to add the break now, but I’ll give a rundown of most of the device exploits they showed off. I found all amusing, and often comical.

[Read more...]

DEFCON 22: Badge Talk

LosT_giving-badge-talk_defcon22

I got a great seat on the main floor for the first big DEFCON 22 talk which is a welcome to the con and discussion of the badge hardware. [LosT], the creator of this year’s badge, started the discussion with a teaser about the badge… there’s a phone number hidden as part of the challenge. [LosT] took a call from someone chasing the puzzles. The guy was in the audience which was pretty fun.

The process of building a puzzle that can be solved at DEFCON is really tough. How do you make it just hard enough that it won’t get pwned right away but easy enough that a large number of attendees will be able to figure it out during the weekend? The answer is to build a secure system and introduce strategic flaws which will be the attack vectors for the attendees solving the badge challenge.

defcon22-badge-cut-traces-to-remove-components

Of course the badge can be used as a development platform. The populated electronics on the board all have these nice little footprints which can be cut to disconnect them from the chip. The breakout headers on either side of the board allow you to connect headers for your own uses. Great idea!

defcon-22_badge-lanyard-glyphs

The back of the lanyards have special characters on them too. This encourages community at the conference. To solve the puzzle you need to find others with different lanyards. Compare the glyphs and crack the code (so far I have no clue!!).

Know what I’m doing wrong? Have suggestions on where to go from here? I’ll be checking the comments!

Hands-On DEFCON 22 Badge

view of front and back

It took a measly 2-hours in line to score myself entry to DEFCON and this nifty badge. I spent the rest of the afternoon running into people, and I took in the RFIDler talk. But now I’m back in my room with a USB cord to see what might be done with this badge.

First the hardware; I need a magnifying glass but I’ll tell you what I can. Tere are huge images available after the break.

  • Parallax P8X32A-Q44
  • Crystal marked A050D4C
  • Looks like an EEPROM to the upper right of the processor? (412W8 K411)
  • Something interesting to the left. It’s a 4-pin package with a shiny black top that has a slightly smaller iridesent square to it. Light sensor?
  • Tiny dfn8 package next to that has numbers (3336 412)
  • Bottom left there is an FTDI chip (can’t read numbers)
  • The DEFCON letters are capacitive touch. They affect the four LEDs above the central letters.

I fired up minicom and played around with the settings. When I hit on 57600 8N1 I get “COME AND PLAY A GAME WITH ME”.

Not sure where I’m going from here. I don’t have a programmer with me so not sure how I can make a firmware dump. If you have suggestions please let me know in the comments!

[Read more...]

San Francisco Event: Hardware Developers Didactic Galactic

 

header2

It’s a mouthful to say, but an evening-ful of fun. San Franciscans who like to talk about all things hardware need to block this one out on their calendars:

Hardware Developers Didactic Galactic
Thursday, August 14th 2014 starting 6pm-9:30pm
500 3rd St., Suite 230 in San Francisco

The night will include a few talks on hardware; So far we know [Matt Berggren] is doing FPGA stuff, [Chris Gammell] will talk about KiCAD, and I’m going to talk about the community adventure that is Mooltipass. We’re also looking for others to make presentations so step up and share your hardware passion!

In addition to the formal talks there’ll be plenty of time for chewing the fat with all the other hardware-awesomes that will be there. See you a week from tomorrow, and don’t be shy about bringing your own hardware to show off!

Hit the Polls Before Friday

astronot Don’t forget to vote in the newest round of Astronaut or Not. In addition to deciding which projects should be recognized as “Too Cool for Kickstarter”, you will be eligible for the voter lottery.

What is this voter lottery we speak of? On Friday we’ll draw a random number and see if that hacker profile on Hackaday.io has voted at least once in this round, which started on Monday.

If they voted they’ll received a prize package packed with all kinds of prototyping hardware. This cycle offers several breakout boards, a bunch of programmers and debuggers, as well as a digital multimeter and a bench power supply (full list here). For the hackers who haven’t registered a vote? Nothing!

We’ll be drawing the number from a hotel room in Vegas since we’ll be there for DEFCON. If you’re also attending the conference track us down to show off your own hardware or just to grab some stickers.

Hardware “Security” and a DMCA Takedown Notice

tektronix-autoLast week we published a post about how it was discovered through trial and error that Tektronix application modules are designed with laughable security. We’ll get to that part of it in a minute. We received a DMCA Takedown Notice from Tektronix (which you can read after the break) demanding that we remove the post. We have altered the original post, but we believe our coverage of this story is valid and we don’t agree that the post should be completely removed.

First off, Tektronix sells the modules to unlock the features already present on the Oscilloscope in questions. We’re operating on the moral assumption that using these features without paying their asking price is wrong. If you want the features they’ve developed you should pay for them.

The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you’re ever designing a hardware key, don’t do it like this!

An EEPROM, a connector, and a plain text string of characters which is already published publicly on their website is all that is necessary to unlock these “crippled” features. Let’s just say that again: apparently every hardware key is the same and just uses a plain-text string found on their website which is not encrypted or obfuscated. If you were selling these keys for $2.99 perhaps this would be adequate, but Tek values these modules at $500 apiece.

If you were designing this system wouldn’t it be worth using an encryption key pair based on the serial number or some other piece of unique information? How do you think this should have been done? Leave your comment below.

[Read more...]

Your 15 Days to be Excellent

15-days-to-be-excellent

This is it. It’s time to step up and be a hardware hacker.

If you haven’t submitted your entry for The Hackaday Prize, get out that graph paper and mechanical pencil and start scribbling. The coming fortnight is your time to shine.

As of right now you have exactly fifteen days to tell us about your concept for an Open, Connected device. This doesn’t mean you have to finish the build, there’s time for that after the August 20th deadline. What you do need to do is describe your idea and explain how you plan to build a working prototype for the final deadline in early November.

I’ve appealed to your vanity — it’s hard to call yourself a hacker if you sit on the sidelines for this one! Now I’ll appeal to your want of recognition and the prizes that dreams are made of. Right now we haven’t quite crossed the 500 entry mark. When was the last time you had a chance as good as 1 in 500 for such a huge bag of booty?

Follow

Get every new post delivered to your Inbox.

Join 91,902 other followers