[Navic] added a slew of abilities to his RFID reader. It’s now a full-featured RFID reader and smart card writer with extras. When we looked at it last time the unit was just an RFID and smart card reader in a project enclosure. You could see the RFID code of a tag displayed on the LCD screen, but there wasn’t a lot more to it than that.

The upgrade uses the same project enclosure but he’s added four buttons below the display. These allow him to access the different features that he’s implemented. The first one, which is shown in the video after the break, allows him to store up to six tags in the EEPROM of the Basic Stamp which drives the unit. He can dump these tag codes to a smart card (pictured above), but also has the option of interfacing with a PC to read from and write to that card.

We don’t think you can directly write RFID tags with the device, but we could be wrong.

Twenty three dollars. That’s all this tiny pen-testing device will set you back. And there really isn’t much to it. [Kevin Bong] came up with the idea to use a Wifi router as a bridge to test a wired network’s security remotely. He grabbed a TP-Link TL-WR703N router, a low-profile thumb drive, and a cellphone backup battery; all cheaply available products.

No hardware hacking is necessary to connect the three components. The only other preparation needed is to reflash the router firmware with OpenWRT and load it up with common pen-testing software packages like Netcrack and Airhack.

[Kevin] calls this a drop box, because you find an Ethernet jack, plug it in, and drop it there. You can then connect to the router via Wifi and begin testing the wired network security measures. We’re sure images of espionage pop into your head from that description, but we’re certain this can be useful in other ways as well. If you ever find yourself with an Ethernet connection but no access to Wifi this is a quick way to setup an AP.

[Roel] had read that people won the DARPA shredder challenge, but that their technology was kept a secret, interested in this concept he also remembered an episode of the X-Files where they had reconstructed shredded paper using a computer system. Unlike most computer based TV show BS this did not seem to be too far fetched so he went about trying it himself.

First a note is written, and then cut up into strips, the strips are then scanned into a computer where the magic happens. Next each strip outlined in polygons and then the software is to follow the polygon outline looking for a change in color at the pixel level. The software then goes into a pattern matching mode and reassembles the paper based on a scoring system.

While not many people use old fashioned strip shredders anymore, the basic idea works and if you really wanted to expand it could be applied to cross cut or particle shredders.

[Kubbur87] put together a guide to replacing the Non-touch Kindle 4 screensavers with your own images. We’ve already seen a way to remove the Special Offers banners from the newest version of Kindle Hardware, this hack lets you use your own 600×800 Portable Network Graphics (.png) file instead of the images pushed to the device by Amazon.

Frankly, we’re shocked at how easy this hack is. [Kubbur87] puts the device into developer mode, enables SSH, and then goes to work on the Linux shell within. It seems the only line of protection is the root password which he somehow acquired.

After the break you’ll find his videos which show how to enable developer mode and how to perform this hack. By putting a file named “ENABLE_DIAGS” with no extension on the device when it is recognized as a USB storage device you’ll gain access to the diagnostic menu system. From there it’s just a matter of cruising that menu to get SSH access. Like we said, you’ll need the root password, that that’s as easy as naming your favorite video game character from the 1980′s.

Getting into developer mode:

Replacing the screensavers:

Looks like your WiFi might not be quite as secure as you thought it was. A paper recently published by [Stefan Viehböck] details a security flaw in the supposedly robust WPA/WPA2 WiFi security protocol. It’s not actually that protocol which is the culprit, but an in-built feature called Wi-Fi Protected Setup. This is an additional security protocol that allows you to easily setup network devices like printers without the need to give them the WPA passphrase. [Stephan's] proof-of-concept allows him to get the WPS pin in 4-10 hours using brute force. Once an attacker has that pin, they can immediately get the WPA passphrase with it. This works even if the passphrase is frequently changed.

Apparently, most WiFi access points not only offer WPS, but have it enabled by default. To further muck up the situation, some hardware settings dashboards offer a disable switch that doesn’t actually do anything!

It looks like [Stephan] wasn’t the only one working on this exploit. [Craig] wrote in to let us know he’s already released software to exploit the hole.

[Chris'] family made the mistake of giving him a hackable Christmas gift. We’d bet they didn’t see much of him for the rest of the day as he set about rooting this Android wristwatch.

This thing has some pretty powerful hardware under the hood. It’s sporting an OMAP3 processor running at 600 MHz along with 256 MB of RAM. [Chris] needed to get his hands on a firmware image in order to look for security holes. He found a way to spoof the update application in order to intercept an upgrade image from the Internet.

He dumped the firmware locations and got to work searching for a way to exploit the device. Details are a bit scarce about want exactly he did, but you can download his modified image, letting you root your own Motorola Actv using the Android Debug Bridge.

We’ve embedded a demo video after the break. The OS is pretty snappy on the tiny device. We’re not sure what will come of this functionality, but we assume [Chris] was really only interested in the challenge of rooting process itself.

The Electronic Frontier Foundation, long-time defenders of the common man’s rights in the electronic realm, has published a guide to keeping your digital devices private when entering the United States. It seems the defenders of freedom and liberty (ICE, DHS, TSA, and CBP) are able to take a few freedoms with your liberty at a border crossing by seizing your devices and copies of the data they store for up to five days. This requires no suspicion of wrongdoing, and copies of this data may be shared with other agencies thereby negating the five day limit.

Do you have a reason to protect your digital property? This is discussed in the paper. It may be confidential information, by way of a business contract or professional relationship (Doctors, Lawyers, Journalists, etc.). Or you may just want to keep your privacy on principle. No matter what your stance, the EFF has covered all the bases in this intriguing read. We think the best advice they give is to make an encrypted backup of your data on the internet, blank your computer before the border crossing, and restore it when you get to your destination. If you don’t have the data with you, it can’t be compromised. It that’s not an option, they have plenty of guidelines on cryptographic techniques.

[via Twitter]

In our digital age prying eyes are everywhere. The sad thing is that they may even belong to your own government. But no matter who it is, there are some things you can do to keep your private digital devices and content as secure as possible.

The link above goes to [Jerry Whiting's] discussion on the topic. He’s certainly an interesting speaker, but make sure you’re using headphones at work as the language can be a bit sultry once in a while. He aims the lesson at the Occupy movement, but it’s a fun listen for any conspiracy theorist out there. The topics run the gamut, starting with the specter of physical access, then moving on to protecting your network through traffic analysis and using key pairs. This Security 101 segment comes in two parts (the first one is embedded after the break), each a bit more than thirty minutes. He’s planning to post a second lesson covering hashes and encryption.

NSFW: Language

We figured it wouldn’t be long before someone figured out how to remove the ads from the ‘Special Offers’ versions of the Amazon Kindle hardware. There are two things that made this obvious to us, the huge flaw that lets code be easily run as root, and the MP3 tag forming that makes it possible to unlock the device.

[Pat Hartl] knows his way around a *nix shell, so once he gained SSH access to the device he started a search for the ad images that make up the special offers feature. He found them in a few different places, making backups of the files in an alternate location, then removing them with some simple commands. He even rolled the process into a one-click installer like the Jailbreak package. It makes us wonder if Amazon has a way to tell if your device is not longer pulling down content for these offers?

At risk of sounding preachy, Amazon does offer this hardware without ads for a one-time fee. Circumventing the unobtrusive ads may lead to higher hardware prices in the future, and [Pat] mentions that. He pulled off this hack to show the holes in Amazon’s security, and hitting them in the pocketbook is a powerful way to do it.

Hackaday itself is ad-supported. We run advertisements that do not use sound, popups, or flashing video effects. Remember to turn off your ad-block for our site in order to show your support. Thanks!

[Bill Porter] is helping a friend out by designing a simple security system for her home. It relies on Xbee modules to alert a base station when doors are opened, or a pressure mat is stepped on.

The door sensors are quite simple, and you’re probably already familiar with them. One part mounts to the door and has a magnet in it, the mating part mounts to the jamb and has a reed switch that closes a contact when the magnet is in place. The floor mat uses two sheets of conductive material separated by bits of foam. When it is stepped on a circuit is completed and can be sensed by the Xbee as a button press.

These sensors report back to an Arduino base station that has a buzzer and three 8×8 LED modules to scroll a message saying which sensor was tripped. [Bill] does a good job of showing what goes into configuring an Xbee network if you’ve never worked with the hardware before.

You’ll find his demo video after the break.

The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device.

The process begins by getting a dump of the firmware. If you remove the case it’s not hard to find the serial port on the board, which he did. But by that time someone else had already dumped the image and uploaded it. We guess you could say that [Yifan] was shocked by what he found in the disassembly. This a ground-up rewrite compared to past Kindle devices and it seems there’s a lot to be hacked. The bootloader is not locked, but messing around with that is a good way to brick the device. The Javascript, which is the language used for the UI, is not obfuscated and Amazon included many hooks for later plugins. Long story short, hacks for previous Kindles won’t work here, but it should be easy to reverse engineer the software and write new ones.

Gaining access to the device is as easy as injecting some HTML code into the UI. It is then run by the device as root (no kidding!). [Yifan] grabbed an MP3 file, changed its tag information to the HTML attack code, then played the file on the device to exploit the flaw. How long before malicious data from illegally downloaded MP3 files ends up blanking the root file system on one of these?

[via Reddit]

It’s been a little while since we talked about HDCP around here, but recent developments in the area of digital content protection are proving very interesting.

You might remember that the Master Key for HDCP encryption was leaked last year, just a short while after Intel said that the protection had been cracked. While Intel admitted that HDCP had been broken, they shrugged off any suggestions that the information could be used to intercept HDCP data streams since they claimed a purpose-built processor would be required to do so. Citing that the process of creating such a component would be extremely cost-prohibitive, Intel hoped to quash interest in the subject, but things didn’t work out quite how they planned.

It seems that researchers in Germany have devised a way to build such a processor on an extremely reasonable budget. To achieve HDCP decryption on the fly, the researchers used a standard off the shelf Digilent Atlys Spartan-6 FPGA development board, which comes complete with HDMI input/output ports for easy access to the video stream in question. While not as cheap as this HDCP workaround we covered a few years ago, their solution should prove to be far more flexible than hard wiring an HDMI cable to your television’s mainboard.

The team claims that while their man-in-the-middle attack is effective and undetectable, it will be of little practical use to pirates. While we are aware that HDMI data streams generate a ton of data, this sort of talking in absolutes makes us laugh, as it often seems to backfire in the long run.

[via Tom's Hardware]

The news was abuzz yesterday with coverage of a study released by Columbia University researchers warning consumers that HP laser printers are wide open to remote tampering and hacking. The researchers claim that the vast majority of printers from HP’s LaserJet line accept firmware updates without checking for any sort of digital authentication, allowing malicious users to abuse the machines remotely. The researchers go so far as to claim that modified firmware can be used to overheat the printer’s fuser, causing fires, to send sensitive documents to criminals, and even force the printers to become part of a botnet.

Officials at HP were quick to counter the claims, stating that all models built in 2009 and beyond require firmware to be digitally signed. Additionally, they say that all of the brand’s laser printers are armed with a thermal cutoff switch which would mitigate the fuser attack vector before any real fire risk would present itself. Despite HP’s statements, the researchers stand by their claims, asserting that vulnerable printers are still available for purchase at major office supply stores.

While most external attacks can easily be prevented with the use of a firewall, the fact that these printers accept unsigned firmware is undoubtedly an interesting one. We are curious to see if these revelations inspire anyone to create their own homebrew LaserJet firmware with advanced capabilities (and low toner warning overrides), or if this all simply fizzles out after a few weeks.

[Arshad Pathan] let us know about his latest project, a modular code lock that can be adapted to many different situations.

The user interface is made up of a character LCD screen and a 3×4 keypad. For this example [Arshad] is using a stepper motor as the locking mechanism. When the board is first powered up it runs the stepper in one direction until receiving input from a limiting switch. In this way, the microcontroller calibrates itself to ensure the lock is in a known position. From there it waits for user input. An unlocked door can be locked at any time by pressing the * key. Unlocking requires entry of the correct password. And a password can be changed by entering 9999 (followed by the old password when prompted).

In the video after the break [Arshad] does a great job of demonstrating the various modes which he has programmed. This stands on its own, but we always love to have more details so we’ve asked if [Arshad] is willing to share a schematic and the source code. We’ll update this post if we hear back from him.

Update: [Arshad] sent in a couple of schematics which can be found after the break.

Schematics:

[Jerzmacow] got his hands on this Verifone Vx570 handheld payment terminal at a flea market. It’s got a thermal printer, a magnetic card reader, and then there’s the big LCD screen and buttons. In other words, lots of parts for his hacking amusement. But first, he decided to take a look at the parts that went into the design. He carefully disassembled the device, documenting what he found along the way. He mentions that there’s a switch pressing against the underside of the LCD which disables the hardware when disassembled. So it sounds like he won’t be able to get it to work again (there’s a Lithium battery inside which we’d guess powers some type of hardware kill switch circuit).

He posted an HD video of the tear down which we’ve embedded after the break. We find some of the design to be quite peculiar. Normally we have [Dave Jones] to walk us through design choices in his EEVblog hardware reviews. Since [Jerzmacow] wasn’t able to provide that level of insight, we’d love to hear what you think each piece of hardware is for. Leave your comments, along with time-stamps from the video. Specifically, what’s up with that strange board shown at 1:51?