Hacking An IButton


Maxim’s iButtons, which are small ICs in button-sized disks, are starting to show up in more and more places. They have a range of uses, from temperature loggers to identification, and all use the 1-wire protocol to communicate. Over a furrtek, they hacked an iButton used for buying things from vending machines and created an infinite money cheat. They built a small rig based on the ATmega8 to read and write data to the chip. The data was encrypted, so it wasn’t feasible to put an arbitrary amount on the card. Instead, they used a similar technique to the Boston subway hack and restored a previous state to the iButton after something was bought. They also created a hand-held device to backup and restore the contents of a button for portable hacking.

[Thanks furrtek]

36 thoughts on “Hacking An IButton

  1. As much as I like iButtons, this is the fault of whatever engineer decided that it was a good idea to use the NVRAM button instead of one of the secure buttons. The DS1961S or DS1991 would have been a much better choice.

    Otherwise, they may as well just use MMC cards.

  2. agreed, the secure buttons are more difficult to do anything with and i’ve noticed more and more companies using them instead. actually i’ve not even seen any nvram buttons for use with any security type situations around here. heck even arcade games use the secure ones, look at megatouch games, the use the secure buttons to determine which version of their software the machine is able to run.

  3. Remember that the person who has given you the iButton has most likely recorded your serial number and probably checks the audit records of who’s buying what and how much and how much money they actually pay in. You may just find yourself looking at something a lot more expensive if they figure out someone’s been messing with (read stealing from) their vending system.

  4. True that they may audit serial numbers and that stuff, but if there are self serve recharge machines, and you can just buy any DS1992 buttons from another source, and load $10 on one of them, then it would be a lot harder to track down.

    The epic fail is the replay attack working, because of no tracking whatsoever, between vending machines, or even on the one machine itself.

  5. As I remember each ibutton has a unique 64-bit id number so if the vending machine does log each transactions with the time and date then it would be only a waiting game before you were caught on CCTV once they realised what was going on!

  6. Nonsecure iButtons work great as a key (until they get skimmed of course).
    Anyway, You can buy an iButton-to-RJ11 cable off-the-shelf and hook up an emulator for more fun.

  7. They did not hack an iButton. The company that uses the damn thing were morons and used a cheap non protected ibutton. They “hacked” a moron system.

    it’s not hacking if the maker was a bag of retards and used a standard ibutton instead of a crypto one.

    Call me when they actually hack an ibutton instead of something that some idiot screwed up.

  8. Where are these ibuttons being used?

    And they probably arn’t monitoring the logs until after they notice a big difference in money/product. After all, they probably think these things are 100% secure, or not common knowledge like the coke soda trick.

  9. These are used as keys at my apartments, but I’m almost certain that they use the iButtons that only contain a fixed number. They claim that they’re unduplicatable. I want to prove them wrong, but I doubt they would appreciate my white-hat endeavors.

        1. I have a ds1971 f5 as a golf range key. If I did find a copier, does the ibutton only contain my profile, or does it also have my balance as well? Basically, would I be able to fill one button with $50 and then keep copying the filled button to other buttons and have the $50 balance on every key? Or is the driving range dispenser hooked up to a system that keeps track of my balance?

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.