Brute Forcing The Password On A Terribly Insecure Hard Drive

June 13, 2012 by Brian Benchoff 13 Comments

While at work one day, [Marco] was approached by a colleague holding a portable USB hard drive. This hard drive – a Freecom ToughDrive – has a built-in security system requiring a password every time the drive is mounted. Somewhat predictably, the password on this hard drive had been lost, so [Marco] brute forced the password out of this drive.

The Freecom ToughDrive requires a password whenever the drive is plugged in, but only allows 5 attempts before it needs to be power cycled. Entering the passwords was easy to automate, but there was still the issue of unplugging the drive after five failed attempts. [Marco] called upon his friend [Alex] to build a small USB extension cable with a relay inserted into the 5 V line. An easy enough solution after which the only thing needed was the time to crack the password.

The rig successfully guessed the password after 500 attempts, or after cycling the power 100 times. This number is incredibly low for getting a password via brute force, but then again the owner of the hard drive was somewhat predictable as to what passwords they used.

Brute Force A Password Protected PDF Using The BeagleBone

March 26, 2012 by Mike Szczys 19 Comments

The biggest benefit to using the BeagleBone is it’s 700 MHz ARM processor. If you’re just messing around with basic I/O that power is going unused, but [Nuno Alves] is taking advantage of its power. He built a PDF password cracker based on the $85 development board.

We recently saw how easy it is to perform basic I/O using the BeagleBone. Those techniques are in play here, used to drive a character LCD and sample a button input from the breadboard circuit. [Nuno] even published separate posts for each of these peripheral features.

The password protected PDF file is passed to the device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second. This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware. You can see his video demo of the device after the break.

Continue reading “Brute Force A Password Protected PDF Using The BeagleBone” →

A Chink In The Armor Of WPA/WPA2 WiFi Security

December 29, 2011 by Mike Szczys 59 Comments

Looks like your WiFi might not be quite as secure as you thought it was. A paper recently published by [Stefan Viehböck] details a security flaw in the supposedly robust WPA/WPA2 WiFi security protocol. It’s not actually that protocol which is the culprit, but an in-built feature called Wi-Fi Protected Setup. This is an additional security protocol that allows you to easily setup network devices like printers without the need to give them the WPA passphrase. [Stephan’s] proof-of-concept allows him to get the WPS pin in 4-10 hours using brute force. Once an attacker has that pin, they can immediately get the WPA passphrase with it. This works even if the passphrase is frequently changed.

Apparently, most WiFi access points not only offer WPS, but have it enabled by default. To further muck up the situation, some hardware settings dashboards offer a disable switch that doesn’t actually do anything!

It looks like [Stephan] wasn’t the only one working on this exploit. [Craig] wrote in to let us know he’s already released software to exploit the hole.

Brute Force BIOS Hacking Using The Arduino

November 16, 2011 by Jeremy Cook 37 Comments

This clever hack uses an Arduino to do a brute force attack on a computer’s BIOS. In theory, this technique could be used for other programs, but it’s use would be limited since there’s no way to account for too many wrong passwords.

The Arduino generates and outputs the possible password emulating a USB keyboard. When this is done, the pixel in the middle of the screen is read. This is done by reading the analog red signal synced up with the corresponding horizontal and vertical pulses. As with any hack, there were some programming issues that had to be overcome (including one that locked up the keyboard emulator), but this was resolved, and the code is available if you wan to build your own.

Hardware for this build is simple, involving a LCD output, a button to stop everything, and a couple diodes to get the USB keyboard working correctly. This hack turned out quite nicely, and the code and schematics are included!

Cracking A Manipulation-proof, Million Combination Safe

January 19, 2011 by Mike Szczys 54 Comments

So you spent the big bucks and got that fancy safe but if these guys can build a robot to brute-force the combination you can bet there are thieves out there who can pull it off too. [Kyle Vogt] mentioned that we featured the first iteration of his build back in 2006 but we can’t find that article. So read through his build log linked above and then check out the video of the new version after the break. It’s cracking the combination on a Sargent and Greenleaf 8500 lock. There’s an interesting set of motions necessary to open the safe. Turn the dial four revolutions to the first number, three revolutions to the second, two revolutions to the final number, then one revolution to zero the dial. After that you need to press the dial inward to activate the lever assembly. Finally, rotate the dial to 85 to retract the bolt which unlocks the safe.

The propaganda on this lock says it stood up to 20-hours of manual manipulation. But [Kyle] thinks his hardware can get it open in a few hours. His hardware looks extremely well-engineered and we’d bet some creative math can narrow down the time it takes to brute force the combo by not going in sequence.

Continue reading “Cracking A Manipulation-proof, Million Combination Safe” →

How To Crack A Master Lock

October 6, 2009 by Mike Szczys 68 Comments

Long, long ago we covered a method to crack a Master lock in about 30 minutes or less. Here’s a revival of the same method but now the instructions to retrieve the combination are in info-graphic format created by [Mark Edward Campos].

If you didn’t get to try this the first time around, here’s how it works: A combination of a physical vulnerability, math, and brute force is used. First, the final number of the code can be obtained by pulling up on the latch while the dial is rotated. Because of the way the lock is built the correct number can be extrapolated using this trick. Secondly, a table of all possible first and second number combinations has been calculated for you. Third, it’s your job to brute force the correct table of possibilities which includes only about one hundred combinations.

We’re not really into felony theft and hopefully you’re not either. But, we have a nasty habit of needing to use a combination lock that’s been in a drawer for a few years and having no idea of what the correct code might be.

Update: We’ve had a lot of comments about shimming as a better method. For your enjoyment we’ve embedded a video after the break that details how to shim a Master lock using a beer can. Just remember: friends don’t let friends drink and shim.

Continue reading “How To Crack A Master Lock” →

Firefox Master Password Recovery Tool

September 1, 2009 by Matt Schulz 13 Comments

firemaster

It’s great in this day and age that browsers can remember our passwords for us, allowing us cross-site security without the hassle of memorizing a million different random passwords. It’s great, that is, until we forget our master password. Fret not, though; there is a solution. The folks over at Lifehacker show us how to use FireMaster to recover forgotten or misplaced Firefox master passwords. Perhaps a better solution is to just store those tricky passwords where nobody will find them.