Take a few minutes and watch [atlas of d00m], at Shmoocon 2012, presenting information about using the RF dongle from the Chronos to explore ISM bands. Admittedly, I’m not very familiar with many of the things he discusses, but the words make sense. The bits and pieces I am familiar enough with to comprehend are truly fascinating. He covers typical methods of RF modulation as well as some hardware specific information to that dongle.
We’ve been eagerly anticipating this, [Larry] has published the entire build of the Shmooball gun for 2009. This design is more compact and elegant than the one for 2008 and has a slightly more Ghost Buster’s aesthetic about it. The pictures are great and there’s lots of good tips along the way. We can’t wait to see what they make next year. How about a gattling version?
When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.
The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.
The first talk of ShmooCon was [Ethan O’Toole] and [Matt Davis] presenting their OpenVulture software for unmanned vehicles. In the initial stages, they had just planned on building software for Unmanned Aerial Vehicles, but realized that with the proper planning it could be used with any vehicle: airplanes, cars, boats, and subs (or more specifically, their Barbie PowerWheels). The software is in two parts. First is a library that lets you communicate with each of the vehicle’s modules. The second half is the actual navigation software.
They’ve spent a lot of time sourcing hardware modules. They are looking for items that work well, aren’t too expensive, and have a fairly plug and play implementation. For their main processor, they wanted something that wasn’t a microcontroller and could run a full Linux system. The ARM based NSLU2 NAS seems to be the current frontrunner. You can find the opensource software and descriptions of the supported modules on their site.
They’re building the first test UAVs now. One has a 12 foot wingspan for greater lift and stability. We’ve covered the Arduino based Ardupilot and other UAVs in the past.
The registration desk hasn’t opened yet at ShmooCon 2009, but we’re already running into old friends. We found [Larry Pesce] and [Paul Asadoorian] from the PaulDotCom Security Weekly podcast showing off their latest ShmooBall gun. ShmooBalls have been a staple of ShmooCon from the very beginning. They’re soft foam balls distributed to each of the attendees who can then use them to pelt the speakers when they disagree. It’s a semi-anonymous way of expressing your dismay physically. [Larry] has been building bigger and better ways to shoot the ShmooBalls for the last couple years. You may remember seeing the 2008 model. This year the goal was to make the gun part much lighter. The CO2 supply is mounted remotely with a solenoid valve and coiled air line. The pistol grip has a light up arming switch and trigger. The gun is fairly easy to transport: the air line has a quick disconnect and the power is connected using ethernet jacks.
The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.
Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.
November 1st means that registration for ShmooCon 2009 has opened. The DC hacker convention is entering the fifth year. They’re releasing the tickets in blocks; after today’s are gone the next won’t be available till December 1st. Today is also the closing of first round consideration for their call for papers, but you still have another month before the final deadline.