Time-based One-Time Passwords with an Arduino

Get your feet wet with Time-based One-Time Password (TOTP) security by building your own Arduino OATH system. OATH is an open standard authentication system that provides a platform to generate tokens, making your login more secure than a password alone would.

The TOTP approach is what is used with many companies that issue hardware-based dongles for logging in remotely. This security may have been compromised but it’s still better than passwords alone. Plus, if you’re building it around an Arduino we’d bet you’re just trying to learn and not actually responsible for protecting industrial or state secrets.

The hardware setup requires nothing more than the Arduino board with one button and a screen as a user interface. Since the board has a crystal oscillator it keeps fairly accurate time (as long as it remains powered). It will push out a new token every thirty seconds. The video after the break shows that the Arduino-calculated value does indeed match what the test box is displaying.

[Read more...]

Brute forcing the password on a terribly insecure hard drive

While at work one day, [Marco] was approached by a colleague holding a portable USB hard drive. This hard drive – a Freecom ToughDrive – has a built-in security system requiring a password every time the drive is mounted. Somewhat predictably, the password on this hard drive had been lost, so [Marco] brute forced the password out of this drive.

The Freecom ToughDrive requires a password whenever the drive is plugged in, but only allows 5 attempts before it needs to be power cycled. Entering the passwords was easy to automate, but there was still the issue of unplugging the drive after five failed attempts. [Marco] called upon his friend [Alex] to build a small USB extension cable with a relay inserted into the 5 V line. An easy enough solution after which the only thing needed was the time to crack the password.

The rig successfully guessed the password after 500 attempts, or after cycling the power 100 times. This number is incredibly low for getting a password via brute force, but then again the owner of the hard drive was somewhat predictable as to what passwords they used.

Brute force a password protected PDF using the BeagleBone

The biggest benefit to using the BeagleBone is it’s 700 MHz ARM processor. If you’re just messing around with basic I/O that power is going unused, but [Nuno Alves] is taking advantage of its power. He built a PDF password cracker based on the $85 development board.

We recently saw how easy it is to perform basic I/O using the BeagleBone. Those techniques are in play here, used to drive a character LCD and sample a button input from the breadboard circuit. [Nuno] even published separate posts for each of these peripheral features.

The password protected PDF file is passed to the device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second.  This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware. You can see his video demo of the device after the break.

[Read more...]

USB dongle generates and enters your passwords so you don’t have to


Like many businesses out there, [Joonas Pihlajamaa’s] employer requires him to change his password every few months. Instead of coming up with a complex, yet easy to remember password again and again, he built a small USB device to do the work for him.

He dismantled an old USB memory stick, fitting it with an ATtiny85 with its required components on a small piece of perfboard. Using the knowledge he gleaned from his previous USB HID tinkering, he programmed the ATtiny to act as a USB keyboard which enters his password for him whenever he plugs it in.

The USB dongle not only types his password in for him, it can generate a new password with a few simple keystrokes whenever he desires. Obviously it merely takes someone getting their hands on his USB stick to compromise security, but it does beat a Post-It under the keyboard any day.

Continue reading to see a short video of his USB password dongle in action, and be sure to swing by his site for more details on how it was all put together.

[Read more...]

GPU password cracking made easy

The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine he pitted the Cain password recovery tool which uses the CPU for its calculations against ighashgpu which uses ATI or Nvidia graphics cards to do the deed. Hands down ighashgpu is the fastest; with Cain taking about one year to crack an eight character password while ighashgpu can do it in under nineteen hours.

We were very interested to see how easy it is to use this package. We looked in on GPU cracking in September but didn’t focus on the software packages that are out there. Now that you know how easily your password can be unearthed perhaps you will get some use out of this article discussing the usability and security of longer passwords which we ran across over on Reddit.

HDD unlocking on the Mitsubishi Multi-Communication System

It’s a few years old, but [Brian360's] method of unlocking the hard drive on his Mitsubishi Multi-Communication System is quite interesting. Mitsubishi describes their MMCS as a human-vehicle communication tool. It’s basically an in-dash screen and controls to display navigation maps and play music. [Brian] found that the hard drive for the MMCS in his 2008 Lancer was locked, and could not be cloned and swapped out for a larger drive. Sound familiar to anyone? Hard drive locking has been used in many systems, including the original Xbox, which we’ll get back to in a minute.

The setup seen above was used to grab the hard drive password from the system itself. A custom adapter card was built and plugged in between the hard drive and the MMCS hardware, with test points for each of the data line. [Brian] attached a digital storage oscilloscope, and after a bit of poking around, found a way to trigger the scope when the password was requested. He explains the process of converting the captured data into an ASCII string password.

With that in hand how would you unlock the drive? The favorite tool for this is hdparm, a tool which was used with early Xbox unlocking but which is still in use with other hardware today. Now brian has a disk image backup and the ability to swap out for larger hardware.

[Thanks Traitorous8]

IDE bus sniffing and hard drive password recovery


shackspace member [@dop3j0e] found himself in a real bind when trying to recover some data after his ThinkPad’s fingerprint scanner died. You see, he stored his hard drive password in the scanner, and over time completely forgot what it was. Once the scanner stopped working, he had no way to get at his data.

He brainstormed, trying to figure out the best way to recover his data. He considered reverse engineering the BIOS, which was an interesting exercise, but it did not yield any password data. He also thought about swapping the hard drive’s logic board with that of a similar drive, but it turns out that the password is stored on the platters, not the PCB.

With his options quickly running out, he turned to a piece of open-source hardware we’ve covered here in the past, the OpenBench Logic Sniffer. The IDE bus contains 16 data pins, and lucky for [@dop3j0e] the OpenBench has 16 5v pins as well – a perfect match. He wired the sniffer up to the laptop and booted the computer, watching SUMP for the unlock command to be issued. Sure enough he captured the password with ease, after which he unlocked and permanently removed it using hdparm.

Be sure to check out [@dop3j0e's] presentation on the subject if you are interested in learning more about how the recovery was done.