Dice Rolls From The Beginning Of Time

January 5, 2022 by Bryan Cockfield 30 Comments

Generating random numbers might seem like a trivial task, that is until the numbers need to be truly random for cryptography or security reasons. When that’s the case, it turns out that these numbers are really “pseudo-random” and follow a predictable pattern. Devices that can produce truly random numbers often do it by sampling random events in the real world rather than relying on a computer to do it directly, like this machine which simulates a dice roll by looking at the cosmic microwave background radiation.

The cosmic microwave background radiation exists in the infrared at the farthest edges of the observable universe as a remnant of the big bang. It’s an excellent source of randomness, but tapping into it poses a bit of a challenge. For this build, [iSax] is using an old Soviet-era Geiger tube to detect the appropriate signal, and a Nixie tube to display the dice roll. After the device detects two particles from the Big Bang, the device measures the amount of time that passed between the detection of both particles and uses this number to calculate the dice roll.

While it takes a little bit longer to roll this dice than a traditional one since it has to wait to detect the right kind of particles, if you really need the randomness it can’t be beat. It certainly works as dice, but we can also see some use for generating truly random numbers for other applications as well. For some other sources of random inspiration be sure to check out our own [Voja Antonic]’s deep dive into truly random number generation.

Continue reading “Dice Rolls From The Beginning Of Time” →

USB Armory MkII: A USB-C Thumb Drive Based Linux Computer For Pentesters

September 29, 2019 by Tom Nardi 16 Comments

While it might look like a disrobed flash drive or RTL-SDR dongle, the USB Armory Mk II is actually a full-fledged open hardware computer built into the ubiquitous USB “stick” format. But more than just that, it’s optimized for security research and boasts a list of features that are sure to get the attention of any pentesters in the audience. Fine tuned thanks to the feedback developer [Inverse Path] received about the original version of the hardware, the Mk II promises to be the last word in secure mobile computing.

Compared to the original hardware, the most obvious change is the switch to USB-C. The previous USB Armory used traces on the PCB to plug directly into a USB Type-A port, but this time around [Inverse Path] has put a proper male connector on the front of the board. Nominally, the USB Armory is plugged into a host computer to provide it with power and a network connection, though it also has the ability to disguise itself as a storage or input device for more stealthy applications. There’s also a female USB-C port on the Mk II, which can be used to connect additional devices, a feature the previous version lacked.

The USB Armory Mk II is powered by an upgraded 900 MHz ARM Cortex-A7 processor, though it retains the same 512 MB of RAM from the previous version. Like the original, there’s a micro SD slot to hold the Linux operating system, but this time it’s supplemented with an onboard 16 GB eMMC chip. There’s even a physical switch that allows the user to choose which storage device they want to boot from. Other additions for the Mk II include Bluetooth connectivity, and a hardware true random number generator (TRNG).

We first brought you word of the original USB Armory back in 2014, and it’s always good to see an open hardware project thriving and iterating years later. While the $149 price tag arguably puts the MKII out of the tinkering budget for many of us, there’s clearly a market for niche devices like this and we can’t wait to see what [Inverse Path] comes up with next.

True Random Number Generator For A True Hacker

June 29, 2015 by Voja Antonic 103 Comments

How can you generate random bits? Some people think it’s not easy, others will tell you that it’s pretty damn hard, and then there are those who wonder if it is possible at all. Of course, it is easy to create a very long pseudorandom sequence in software, but even the best PRNG (Pseudorandom Number Generator) needs a good random seed, as we don’t want to get the same sequence each time we switch on the unit, do we? That’s why we need a TRNG (True Random Number Generator), but that requires special hardware.

Some high-end microprocessors are equipped with an internal hardware TRNG, but it is, unfortunately, not true for most low-cost microcontrollers. There are a couple of tricks hackers use to compensate. They usually start the internal free running counter and fetch its contents when some external event occurs (user presses a button, or so). This works, but not without disadvantages. First, there is the danger of “locking” those two events, as a timer period may be some derivative of input scan routine timing. Second, the free running time (between switching on and the moment the unit requests a random number) is often too short, resulting in the seed being too close to the sequence start, and thus predictable. In some cases even, there is no external input before the unit needs a random seed!

Despite what has already been discussed, microcontrollers do have a source of true randomness inside them. While it might not be good enough for crypto applications, it still generates high enough entropy for amusement games, simulations, art gadgets, etc.

Continue reading “True Random Number Generator For A True Hacker” →