THP Semifinalist: NSA Away

Back when we started The Hackaday Prize, security, big brother, and the NSA were making headlines every day. Since that time, there has been enough bread and circuses in the news to wipe the consequences of these leaks out of the public consciousness, but work is still being done by hackers and tinkerers the world over to give you the tools to protect your data.

NSA Away is one of these tools. The first part of the project is a standalone key generator that writes the same random bits to a pair of SD cards simultaneously. With their random number generator, this is perfect encryption. The only way to crack the one time pad the team is using for encryption is to 1) use parts of the pad more than once, 2) have a terrible RNG, or 3) do something really stupid like sell the one time pad in a store.

The other part of the build is an Android-based encryption device with a camera, keyboard, SD card reader, and a USB port. This device reads the ‘OTP SD cards’ and reads data with the camera using OCR and decrypts it on the screen. Provided the OTP doesn’t fall into the wrong hands, this is a perfectly secure way to transmit data to anyone.

As far as progress goes, the members of the team have a fully functional pad generator, writing random data to SD cards. This device can also output random bits to a computer as a USB HID device, should you want to transmit your pad over unsecured mediums.

It’s an impressive bit of work, especially in the RNG department. The team is using eight avalanche noise generators in the circuit description. This part of the build isn’t quite working yet, but that’s really not needed for a proof of concept.


SpaceWrencherThe project featured in this post is a quarterfinalist in The Hackaday Prize.

Hacklet #10 Cryptography and Reverse Engineering

10 In honor of DEFCON, this week we’re looking at some cryptography and reverse engineering projects over at Hackaday.io hardware reverse engineeringEvery hacker loves a hardware puzzle, and [Tom] has created a tool to make those puzzles. His Hardware Reverse Engineering Learning Platform consists of a shield with two ATmega328 chips and an I2C EEPROM. The two Atmel chips share a data bus and I2C lines. Right in the middle of all this is an ST Morpho connector, which allows an ST Nucleo board to act as a sniffer. The platform allows anyone to create a reverse engineering challenge! To successfully reversechip whisper engineer a board, it sure helps to have good tools. [coflynn] is giving that to us in spaces with The ChipWhisperer. ChipWhisperer is an open source security research platform. The heart of the system is a Xilinx Spartan 6 FPGA. The FPGA allows very high speed operations for things like VCC and clock glitching. ChipWhisperer is an entire ecosystem of boards – from LNA blocks to field probes. The entire system is controlled from an easy to use GUI. The end result is a powerful tool for hardware attacks. nsa-awayOn the Encryption side of the house, we start by keeping the Feds at bay. The [Sector67] hackerspace has collectively created NSA AWAY. NSA AWAY is a simple method of sending secure messages over an insecure medium – such as email. A one-time use pad is stored on two SD cards, which are used by two Android devices. The message sender uses an Android device to encrypt the message. On the receive side, the message can be decoded simply by pointing an android device’s camera at the encrypted data. So easy, even a grandparent could do it! buryitNext up is [Josh’s] Bury it under the noise floor. “Bury it” is an education for cryptography in general, and steganographic software in particular. [Josh] explains how to use AES-256 encryption, password hashing, and other common techniques. He then introduces steganography  by showing how to hide an encrypted message inside an image. Anyone who participated in Hackaday’s ARG build up to The Hackaday Prize will recognize this technique. zrtphardphone[yago] gives us encrypted voice communications with his ZRTP Hardphone. The hardphone implements the ZRTP, a protocol for encrypted voice over IP communications. The protocol is implemented by a Raspberry Pi using a couple of USB sound cards. User interface is a 16×2 Line character LCD, a membrane keypad, and of course a phone handset. Don’t forget that you need to build two units,or  whoever you’re trying to call will  be rather confused! moolti-3

Finally we have the Mooltipass. Developed right here on Hackaday by [Mathieu Stephan] and the community at large, Mooltipass is a secure password storage system. All your passwords can be stored fully AES-256 encrypted, with a Smart Card key. Under the hood, Mooltipass uses an Arduino compatible ATmega32U4 microcontroller. UI is through a OLED screen and touch controls.     That’s it for this week! Be sure to check out next week’s Hacklet, when we bring you more of the best from Hackaday.io!

HOPE X: Wireless Tor Proxies And Sharing TrueCrypt Volumes

When you’re at HOPE, of course you’re going to see a few Tor proxies, but [Jose]’s is top-notch. It’s a completely portable Tor proxy (.br, Google translation), battery-powered, with a connection for 4G networks.

[Jose]’s OnionPi setup is based on the Adafruit version, but adds a few interesting features that make it even more useful. It’s battery-powered with about a day of charge time, has a built-in battery charger, Ethernet pass through, external 4G and WiFi antennas, all in a sealed case that makes the entire build impervious to the elements.

While this isn’t much of a hack per se, the amount of integration is impressive. There are switches to turn off each individual networking port, and all the relevant plugs are broken out to the front panel, with the AC input and USB serial connection using screw connectors that are supposedly very popular in Brazil.

[Jose] also brought along a new device that isn’t documented anywhere else on the web. It’s called NNCFA, or Nothing New Crypto For All. Using a Cubieboard, an interesting ARM single board computer with a SATA connector, [Jose] created a device that will mount TrueCrypt volumes on a hard drive and share them via Samba.

The CryptoCape For BeagleBone

[Josh Datko] was wandering around HOPE X showing off some of his wares and was kind enough to show off his CryptoCape to us. It’s an add on board for the BeagleBone that breaks out some common crypto hardware to an easily interfaced package.

On board the CryptoCape is an Atmel Trusted Platform Module, an elliptic curve chip, a SHA-256 authenticator, an encrypted EEPROM, a real time clock, and an ATMega328p for interfacing to other components and modules on the huge prototyping area on the cape.

[Josh] built the CryptoCape in cooperation with Sparkfun, so if you’re not encumbered with a bunch of export restrictions, you can pick one up there. Pic of the board below.

Continue reading “The CryptoCape For BeagleBone”

Hackaday Space: Transmission 3 Puzzles Explained

transmission-3-puzzles-explained

Yesterday we did a run down of Transmission 2 as part of a series of posts covering the ARG that we ran throughout April. Today I’m going to reveal all the details in Transmission 3, how we put it together and what the answers were.

In classic Hackaday fashion we hadn’t planned any of this, so by this point all our initial ideas we already used up and we were now running out of creativity so it was a real slog to get Transmission 3 out the gate. However we somehow managed it and opened Transmission 3 by posting a series of 5 images of space telescopes:

Continue reading “Hackaday Space: Transmission 3 Puzzles Explained”

Developed on Hackaday: the Current Project State

It has been quite a while since we updated our readers with the current state of the Mooltipass, the offline password keeper project developed by the Hackaday staff and community.

A few weeks ago we presented you the designs that our mechanical contributors had thought of. We organized a poll to get a feeling of what the favorite designs may be and around one thousand people expressed their opinions. The first three favorite designs with their corresponding votes were:

Continue reading “Developed on Hackaday: the Current Project State”

Developed on Hackaday: The Designs

We know that many of our readers have been impatiently waiting to discover what the Hackaday community-developed offline password keeper project will look like. Today we present you several designs that our mechanical contributors came up with and we will ask you to give your opinion about them. Obviously these are just preliminary cases that may evolve along the way, but we will only produce the electronics for the designs you prefer.

All the designs are embedded after the break, with a multiple-choices poll to express your interest. You may also want to join the Mooltipass Google Group in case you’d want to talk about the designs in more depth or meet their creators. On the firmware side, I just finished soldering many mooltipass prototypes that will be shipped in the coming days to our firmware developers. As you may have noticed, this project is gaining speed!

Continue reading “Developed on Hackaday: The Designs”