Exploiting DFU mode to snag a copy of firmware upgrades

October 9, 2012 By 11 Comments

[Travis Goodspeed] continues his work at educating the masses on how to reverse engineer closed hardware devices. This time around he’s showing us how to exploit the Device Firmware Updates protocol in order to get your hands on firmware images. It’s a relatively easy technique that uses a man-in-the-middle attack to dump the firmware image directly to a terminal … Read the rest

Filed Under: hardware, security hacks Tagged With: , , , ,

Facedancer board lets your Python programs pretend to be USB hardware

July 5, 2012 By 9 Comments

This is the prototype board for [Travis Goodspeed's] new USB development tool called the Facedancer. He took on the design with USB security exploits in mind, but we think it’s got a lot of potential for plain old development as well.

Kudos on the [Frank Herbert] reference when naming the project. Like the characters from the Dune mythology that … Read the rest

Filed Under: tool hacks Tagged With: , , ,

Wardriving for Zigbee

February 29, 2012 By 9 Comments

Wardriving started out as a search for unprotected WiFi access points before hot spots were prevalent. And so this ZigBee protocol wardriving hardware which [Travis Goodspeed] put together really gives us a sense of nostalgia for that time. Don’t get us wrong, we love our pervasive WiFi access and don’t wish to go back to simpler times. But if the … Read the rest

Filed Under: radio hacks Tagged With: , , , , , , ,

Reverse engineering Bluetooth using Android and SPOT as an example

December 5, 2011 By 3 Comments

[Travis Goodspeed] wrote in to tell us about his work reverse engineering the Bluetooth communications on this SPOT module. He’s targeted the post as a general guide to sniffing Bluetooth transmissions, but was inspired to use the SPOT as an example after seeing this other SPOT hack. We know he’s a fan of getting things to work with Read the rest

Filed Under: Android Hacks, wireless hacks Tagged With: , , , ,

RF sniffing on-the-go

October 8, 2011 By 2 Comments

It’s been a while since we checked in on [Travis Goodspeed]. His latest post makes RF sniffing with the Next HOPE badge more portable by ditching the need to display data on a computer. He’s built on the work he did at the beginning of the year, replacing the FTDI chip on the badge with a Bluetooth module. Now … Read the rest

Filed Under: security hacks, wireless hacks Tagged With: , , , , , ,

Project 25 Digital Radios (law enforcement grade) vulnerable to the IM-ME

August 18, 2011 By 61 Comments

Would you believe you can track, and even jam law enforcement radio communications using a pretty pink pager? It turns out the digital radios using the APCO-25 protocol can be jammed using the IM-ME hardware. We’ve seen this ‘toy’ so many times… yet it keeps on surprising us. Or rather, [Travis Goodspeed's] ability to do amazing stuff with the hardwareRead the rest

Filed Under: radio hacks, security hacks Tagged With: , , ,

Sniffing RF hardware communication packets

February 7, 2011 By 6 Comments

[Travis Goodspeed] put together a proof of concept hack that sniffs wireless keyboard data packets. He’s using the Next HOPE badge that he designed as the hardware platform for these tests. It has an nRF24L01+ radio on-board which can easily communicate with 2.4 GHz devices.

The real trick comes in getting that radio to listen for all traffic, then … Read the rest

Filed Under: radio hacks, security hacks Tagged With: , , , ,
« Older Posts