Keystroke Sniffer Hides as a Wall Wart, is Scary

For those of us who worry about the security of our wireless devices, every now and then something comes along that scares even the already-paranoid. The latest is a device from [Samy] that is able to log the keystrokes from Microsoft keyboards by sniffing and decrypting the RF signals used in the keyboard’s wireless protocol. Oh, and the entire device is camouflaged as a USB wall wart-style power adapter.

The device is made possible by an Arduino or Teensy hooked up to an NRF24L01+ 2.4GHz RF chip that does the sniffing. Once the firmware for the Arduino is loaded, the two chips plus a USB charging circuit (for charging USB devices and maintaining the camouflage) are stuffed with a lithium battery into a plastic shell from a larger USB charger. The options for retrieving the sniffed data are either an SPI Serial Flash chip or a GSM module for sending the data automatically via SMS.

The scary thing here isn’t so much that this device exists, but that encryption for Microsoft keyboards was less than stellar and provides little more than a false sense of security. This also serves as a wake-up call that the things we don’t even give a passing glance at might be exactly where a less-honorable person might look to exploit whatever information they can get their hands on. Continue past the break for a video of this device in action, and be sure to check out the project in more detail, including source code and schematics, on [Samy]’s webpage.

Thanks to [Juddy] for the tip!

Continue reading “Keystroke Sniffer Hides as a Wall Wart, is Scary”

Everyone’s Favorite Energy Meter Hack, Now Wireless

[Kalle] is at it again with more hacks on electricity use meters. This time, the meter has been hacked to stream their data over the aether wirelessly. Now, data can be grabbed from multiple devices simultaneously, making the possibilities for home energy monitoring limitless

The first project [Kalle] did involved finding a meter from China with capabilities similar to (and cheaper than) the Kill-a-Watt meters. Unlike the Kill-a-Watt which spits out analog values, the Chinese meter sent digital information out on a ribbon cable with the bus lines labeled. Since the meter was so hackable, [Kalle] took it even further in this hack.

With those pesky wires out of the way, the device now uses an Arduino Pro Mini to sniff the energy meter’s data stream. Then it transmits the data wirelessly with a nRF34L01+ transceiver. As a perk, all of these chips fit inside the case of the energy meter, making this a very tidy hack indeed. The project code an incredible amount of detail is available on the project site, so be sure to check this one out for all of your energy monitoring needs!

Christmas Lights And Ships In A Bottle

Thanksgiving was last week, and Christmas has been invading department stores for two or three months now, and that can only mean one thing: it’s time to kill a tree, set it up in your living room, and put a few hundred watts of lights on it. All those lights, though; it’s as if Christmas lights were specifically invented as fodder for standup comedians for two months out of the year. Why can’t someone invent wireless Christmas lights?

We don’t know if it’s been invented, but here’s a Kickstarter campaign that’s selling that same idea. It’s called Aura, and it’s exactly what it says on the tin: wireless Christmas lights, controllable with a smartphone. If it works, it’s a brilliant idea.

Continue reading “Christmas Lights And Ships In A Bottle”

Test Your Signal with the WiFi Cup

[CNLohr] wanted to test the WiFi range in his house. One look at his roommate’s cup and an unorthodox idea was born. The WiFi Cup used an ESP8266 to connect to his home network. For output, [CNLohr] also added a WS2812 LED strip to the cup. The ESP8266 was programmed to send UDP packets to [CNLohr’s] laptop. When the laptop responded back, the ESP8266 turned on the LEDs, lighting up the cup. The cup’s response to signal strength was very quick – about a second.

[CNLohr] took the WiFi Cup around the house. He was surprised to detect the connection in corners he didn’t expect; in fact, the signal wasn’t weakening at all! He proceeded to walk outside with it, hoping to see the signal strength decrease. As a testament to his roommate’s robust router, the cup merely flickered. Hoping for a better test, [CNLohr] switched out the router for a cheaper TP-Link with shorter antennas. While the initial ping test showed a slower response time, the cup detected WiFi around the house just fine. It only wavered for a couple of moments when it was placed inside a metal bucket. We have to wonder how thin [CNLohr’s] walls are. WiFi never works that well in our house!

Continue reading “Test Your Signal with the WiFi Cup”

RFToy Makes Wireless Projects Easier

[Ray] has created RFToy, a simple gadget to aid in setting up wireless systems with a variety of common radio modules. RFToy is an open source microcontroller board running on an ATmega328. While RFToy is Arduino code compatible, [Ray] chose to ditch the familiar Arduino shield layout for one that makes it easier to install RF modules, and is more handheld friendly.

[RFToy] includes headers for the popular nRF24L01 2.4 GHz transceiver, as well as 433/315 transmitters and receivers found in many low-cost wireless electronic devices. The 128×64 pixel OLED screen and 3 button interface make it easy to set up simple user interfaces for testing new designs.

[Ray] hasn’t broken any new ground here. What he has done is create a simple tool for wireless projects. Anyone who’s worked on a wireless system can tell you that tools like this are invaluable for debugging why your circuit isn’t talking. Is it the transmitter? The receiver? Something else in the power supply circuit?

Check out [Ray’s] demo video after the break. In it, he sniffs, records, and plays back signals from several remote-controlled outlets. [Ray] also has a great demo of sending temperature data back and forth using an nRF24L01.

Continue reading “RFToy Makes Wireless Projects Easier”

Using Router SoCs as WiFi Modules (Yet Again)

8-bit AVRs and 32-bit ARMs do one thing, and one thing well: controlling other electronics and sensors while sipping power. The Internet of Things is upon us and with that comes the need for connecting to WiFi networks. Already, a lot of chips are using repackaged System on Chips to provide an easy way to connect to WiFi, and the USR-WIFI232-T is the latest of the bunch. It’s yet another UART to WiFi bridge, and as [2XOD], it’s pretty easy to connect to an AVR.

The module in question can be had through the usual channels for about $11, shipped straight from China, and the only purpose of this device is to provide a bridge between a serial port and a wireless network. They’re not that powerful, and are only meant for simple tasks,

[2XOD] got his hands on one of these modules and tested them out. They’re actually somewhat interesting, with all the configuration happening over a webpage served from the device. Of course the standard AT commands are available for setting everything up, just like the ESP8266.

With a month of testing, [2XOD] has found this to be a very reliable device, logging temperatures every minute for two weeks. There’s also a breakout board available to make connection easy, and depending on what project you’re building, these could be a reasonable stand-in for some other popular UART -> WiFi chips.

Reverse Engineering the D-Link WPS Pin Algorithm


A router with WPS requires a PIN to allow other devices to connect, and this PIN should be unique to every router and not derived from other easily accessible data found on the router. When [Craig] took a look at the firmware of a D-Link DIR-810L 802.11ac router, he found exactly the opposite; the WPS PIN was easily decipherable because it was generated entirely from the router’s MAC address and could be reverse engineered by sniffing WiFi.

When [Craig] was taking a look at the disassembled firmware from his router, he noticed a bit of code that accessed the NVRAM used for storing device-specific information like a serial number. This bit of code wasn’t retrieving a WPS pin, but the WAN MAC address instead. Instead of being unique to each device and opaque to every other bit of data on the router, the WPS pin was simply generated (with a bit of math) from the MAC address. This means anyone upstream of the router can easily derive the WPS pin of the router, and essentially gives everyone the keys to the castle of this router.

A few years ago, it was discovered the WPS pin was extremely insecure anyway, able to be brute-forced in a matter of minutes. There are patches router manufacturers could apply to detect these brute force attacks, closing that vulnerability. [Craig]’s code, though, demonstrates that a very large number of D-Link routers effectively broadcast their WPS PIN to the world. To make things even worse, the BSSID found in every wireless frame is also derived from the WAN MAC address. [Craig] has literally broken WPS on a huge number of D-Link routers, thanks to a single engineer that decided to generate the WPS PIN from the MAC address.

[Craig] has an incomplete list of routers that are confirmed affected on his site, along with a list of confirmed unaffected routers.