Dead drop concept inspired by [Ender Wiggin] family

encrypted-dead-drop-concept

[Tyler Spilker's] DDD project is a Digital Dead Drop system based on Python and a Raspberry Pi as a server. It’s pretty rough around the edges at this point — which he freely admits. But we like the concept and figure it might spark an interesting conversation in the comments section.

Now by far our favorite dead drop concept is this USB drive lewdly sticking out of a brick wall. But you actually need to be on-site where this drive is mortared into the wall in order to access it. [Tyler] instead developed a webpage that gives him a text box to enter his messages. These are encrypted using key pairs and pushed to his remote RPi server. This way he can write down his thoughts knowing they’re stored securely and never in danger of being accessed from a lost or stolen cellphone.

If free thought isn’t what you’re trying to transfer from one place to another you probably want something like a Pirate Box.

Ask Hackaday: How are these thieves exploiting automotive keyless entry?

A new attack on automotive keyless entry systems is making headlines and we want to know how you think it’s being done. The Today Show reports that vehicles of different makes and models are being broken into using keyless entry on the passenger’s side of the car. It sounds like thieves steal items found inside rather than the vehicles themselves which makes these crimes distinctly different from the keyless ignition thefts of a year ago.

So how are they doing this? Here are the clues: The thieves have been filmed entering only the passenger side of the car. They hold a small device in their hand to unlock the doors and disable the alarm. And there is evidence that it doesn’t work on 100% of vehicles they try. Could it be some hidden manufacturer code reset? Has an encryption algorithm been hacked to sniff the keyfob identifier at a previous time? Or do you think we’re completely off track? Let us know your opinion by leaving a comment.

[Thanks Mom]

Freezing Android to crack the encryption

frozen-phone-encryption-hacking

Build a better lock and someone will make a tool to open it without the key. Or in this case they’ve made a tool to discover the key using a trip to through the deep freeze. The Forensic Recovery of Scrambled Telephones — or FROST — uses cold temperatures and a custom recovery image to crack Android encryption keys.

Cold boot hacks go way back. They leverage use of low temperatures to slow down the RAM in a device. In this case, the target phone must already be powered on. Booting a phone that uses the encryption offered by Android 4.0 and newer requires the owner’s pass code to decrypt the user partition. But it then remains usable until the next power cycle. By freezing the phone, then very quickly disconnecting and reconnecting the battery, researchers were able to flash their own recovery image without having the encryption key cleared from RAM. As you can see above, that recovery package can snoop for the key in several different ways.

[Thanks Rob]

Reading bar codes with Arduino and unaltered CueCat

[Damcave] decided to try out some bar code reader projects. He got his hands on a CueCat years ago. The problem is that it outputs encrypted character sets instead of a clear text string. To get around this he used his Arduino to decrypt the CueCat’s data output.

Originally you could get you hands on a CueCat for free. It was meant to work like QR codes do now — you see a bar code, you scan it to get to a web address. It never really took off but you can still get your hands on one for about twelve clams. We’ve seen projects that clip a pin on the processor to disable to encryption. But [Damcave] didn’t want to mess with the hardware. Instead he connected the Arduino via the PS/2 connector and used software to translate the data. The encryption format has long been know so it was just a matter of translating the steps into an Arduino function.

Encrypted drive attack hints at original Xbox hacking

[Thice] discovered a vulnerability in encrypted portable storage a few years ago. He’s just pointing about the exploit now. He mentions that he notified manufacturers long ago and we’d guess the wait to publish is to give them a chance to patch the exploit.

He calls it the Plug-Over Attack and for those who were involved with original Xbox hacking, this technique will sound very familiar. The Xbox used hard drive keys to lock the device when not in use. When you booted up the console it checked the hardware signature to make sure it was talking to the right motherboard. But if you booted up the device, then swapped the IDE cable over to a computer without cutting the power you could access the drive without having the password.

This attack is pretty much the same thing. Plug in a drive, unlock it on the victim system the normal way, then replug into the attacking system. In the image above you can see that a USB hub will work for this, but you can also use a hacked USB cable that patches a second jack into the power rail. For some reason the encryption system isn’t able to lock itself when the USB enumerates on the new system, only when power is cycled. Some of them have a timer which watches for drive idle but that still doesn’t protect from this exploit.

Hackaday Links: July 24, 2011

Plasma speakers

Apparently if you run AC and DC currents through a welding torch flame you can use the resulting plasma as a loudspeaker. [Thanks Cody]

Power metering

The Google Power Meter API is no longer in development but that didn’t stop [Pyrofer] from finishing his metering hardware. It uses a reflectance sensor to read the meter instead of using clamp-based current sensing.

Music videos from inside the instrument

Filming from inside of a guitar creates the camera effect seen above which looks like the waveform you’d see on an oscilloscope. [Thanks Philleb]

Hidden messages in audio files

GhostCoder lets you encrypt and hide audio files within other audio files. The thought is, you can piggyback your own data into Torrents that are circling the interwebs.

2×4 Chair

If you’re skilled with a Skill saw you can make a chair out of one 2 by 4. You can see the pattern you’ll have to cut out from the board in the image above, wow!

Hacking a code-protected hard disk

Our friend [Sprite_TM] took a look at the security of a code-protected hard disk. The iStorage diskGenie is an encrypted USB hard drive that has a keypad for passcode entry. After cracking it open he found that the chip handling the keypad is a PIC 16F883 microcontroller. He poked and prodded at the internals and found some interesting stuff. Like the fact that there is an onboard LED that blinks differently based on the code entered; one way for the right code, another for the wrong code of the right number of digits, and a third for a wrong code with the wrong number of digits. This signal could be patched into for a brute force attacking but there’s a faster way. The microcontroller checks for the correct code one digit at a time. So by measuring the response time of the chip an attacker can determine when the leading digit is correct, and reduce the time needed to crack the code. There is brute force protection that watches for multiple incorrect passwords but [Sprite_TM] even found a way around that. He attached an AVR chip to monitor the PIC response time. If it was taking longer than it should for a correct password the AVR resets the PIC before it can write incorrect attempt data to its EEPROM. This can be a slow process, but he concluded it should work. We had fun watching the Flash_Destroyer hammer away and we’d like to see a setup working to acquire the the code from this device.