Hacking SD Card & Flash Memory Controllers

We hope that some of our readers are currently at this year’s Chaos Communication Congress (schedule can be found here and live streams here), as many interesting talks are happening. One of them addressed hacking the memory controllers embedded in all memory cards that you may have. As memory storage density increases, it’s more likely that some sectors inside the embedded flash are defective. Therefore, all manufacturers add a small microcontroller to their cards (along with extra memory) to invisibly ‘replace’ the defective sectors to the operating system.

[Bunnie] and [xobs] went around buying many different microSD cards in order to find a hackable one. In their talk at 30C3 (slides here), they reported their findings on a particular microcontroller brand, Appotech, and its AX211/AX215. By reverse engineering the firmware code they found online, they discovered a simple “knock” sequence transmitted over manufacturer-reserved commands that dropped the controller into a firmware loading mode. From there, they were able to reverse engineer most of the 8051 microcontroller function-specific registers, allowing them to develop novel applications for it. Some of the initial work was done using a FPGA/i.MX6-based platform that the team developed named Novena, which we hope may be available for purchase some day. It was, among others, used to simulate the FLASH memory chip that the team had previously removed. A video of the talk is embedded below.

[Read more...]

Electromagnetic Field Camp

Emf Electromagnetic Field Camp is a three-day camping festival for people with an inquisitive mind or an interest in making things: hackers, geeks, scientists, engineers, artists, and crafters.

There will be people talking about everything from genetic modification to electronics, blacksmithing to high-energy physics, reverse engineering to lock picking, crocheting to carpentry, and quadcopters to beer brewing. If you want to talk, there’ll be space for you to do so, and plenty of people who will want to listen.

EMF is a volunteer effort by a non-profit group, inspired by European and US hacker camps like CCC, HAR, and toorcamp.  This year on Friday 31st August – Sunday 2nd September 2012 Will hold the first Uk meeting of its kind.

Events and activities will run throughout the day and into the evening, everything else (chats, debates, impromptu circus performances, orbital laser launches) will run as long as your collective energy lasts.

The Event is to be held at Pineham Park, Milton Keynes, UK.

As a Hackaday viewer you can get discounted tickets.

[thanks Jonty]

Klackerlaken gets the common man excited about electronics

The Klackerlaken is a combination of LED throwie and bristlebot. The bauble is easy to build and really has no other purpose than to delight the masses. The diminutive devices were first seen in the wild at the 2011 CCC (Chaos Communications Camp) as a hands-on workshop. Check out the clip after the break and you’ll see why this really sucks in the spectators.

We’ve seen a ton of Bristlebots before (this tiny steerable version is one of our favorites) and were intrigued to see bottle caps used as the feet instead of the traditional toothbrush head. In fact, that video clip shows off several different iterations including two caps acting as an enclosure for the button cell and vibrating motor. Googly eyes on the top really complete the look on that one.

Decorating the robots with LEDs, fake eyes, tails, and feathers helps to temper the technical aspects that kids are learning as they put together one of their own. We’re glad that [Martin] shared the link at the top which covers the creations seen at a workshop held by Dorkbot Berlin. This would be a great activity for your Hackerspace’s next open house! Perhaps its possible to have follow-up classes that improve on the design, using rechargeable cells instead of disposable buttons, or maybe supercaps would work.

[Read more...]

Watch all of the freshly published talks from 28c3

The 28th Annual Chaos Communications Congress just wrapped things up on December 31st and they’ve already published recordings of all the talks at the event. These talks were live-streamed, but if you didn’t find time in your schedule to see all that you wanted, you’ll be happy to find your way to the YouTube collection of the event.

The topics span a surprising range. We were surprised to see a panel discussion on depression and suicide among geeks (hosted by [Mitch Altman]) which joins another panel called Queer Geeks, to address some social issues rather than just hardcore security tech. But there’s plenty of that as well with topics on cryptography, security within web applications, and also a segment on electronic currencies like Bitcoins.

There really is something for everyone and they’ve been thoughtful enough to include playlists for all talks, just the lightning talks, and lightning talks categorized by the day they occurred. Get those links from their YouTube channel description, or find them after the break.

[Read more...]

GSM hacking with prepaid phones

Want to listen in on cellphone calls or intercept test messages? Well that’s a violation of someone else’s privacy so shame on you! But there are black-hats who want to do just that and it may not be quite as difficult as you think. This article sums up a method of using prepaid cellphones and some decryption technology to quickly gain access to all the communications on a cellular handset. Slides for the talk given at the Chaos Communications Congress by [Karsten Nohl] and [Sylvain Munaut] are available now, but here’s the gist. They reflashed some cheap phones with custom firmware to gain access to all of the data coming over the network. By sending carefully crafted ghost messages the target user doesn’t get notified that a text has been received, but the phone is indeed communicating with the network. That traffic is used to sniff out a general location and eventually to grab the session key. That key can be used to siphon off all network communications and then decrypt them quickly by using a 1 TB rainbow table. Not an easy process, but it’s a much simpler method than we would have suspected.

[Thanks Rob]

PS3 hacking start-to-finish – CCC

Well it looks like the Play Station 3 is finally and definitively cracked. FailOverflow’s Chaos Communications Congress talk on console security revealed that, thanks to a flaw on Sony’s part, they were able to acquire the private keys for the PS3. These keys can be used to sign your own code, making it every bit as valid (to the machine anyway) as a disk licensed by the media giant. We’ve embedded the three-part video of the talk, which we watched in its entirety with delight. We especially enjoy their reasoning that Sony brought this upon themselves by pulling OtherOS support.

We remember seeing a talk years back about how the original Xbox security was hacked. We looked and looked but couldn’t dig up the link. If you know what we’re talking about, leave the goods with your comment.

[Read more...]

Lightning Rod: keeps you safe from dirty Flashers

A new open source package called Lightning Rod will help to close security exploits in Adobe’s dirty Flash code. A presentation made at the 26th Chaos Communication Congress showed that the package does its job by reviewing incoming code before the browser executes it. Heise Online is reporting that this method can block over 20 different known attacks and can even be used to filter out malicious JPG attacks. As more vulnerabilities are discovered they can be added to Lightning Rod to close the breach. This amounts to a virus scanner for Flash code. It’s great to have this type of protection but why can’t Adobe handle its security problems?

[Photo Credit]

[Thanks das_coach]

Follow

Get every new post delivered to your Inbox.

Join 94,054 other followers