Day: July 30, 2018

Video Review: AND!XOR DEF CON 26 Badge

July 30, 2018 by 9 Comments

The AND!XOR team have somehow managed to outdo themselves once again this year. Their newest unofficial hardware badge for DEF CON 26 just arrived. It’s a delightful creation in hardware, software, and the interactive challenges built into both.

They call this the “Wild West of IoT”, a name that draws from the aesthetic as well as the badge-to-badge communications features. Built on the ESP32-WROVER module which brings both WiFi and Bluetooth to the party, the badges are designed to form a wireless botnet at the conference. Anyone with a badge can work to advance their level and take more and more control of the botnet as they do.

Check out the video overview and then join me below for a deeper dive into all this badge has to offer.

Continue reading “Video Review: AND!XOR DEF CON 26 Badge”

Side Channel Attacks Against Mixed Signal Microcontrollers

July 30, 2018 by 7 Comments

You shouldn’t transmit encryption keys over Bluetooth, but that’s exactly what some popular wireless-enabled microcontrollers are already doing. This is the idea behind Screaming Channels, an exploit published by researchers at EUERCOM, and will be a talk at Black Hat next week. So far, the researchers have investigated side-channel attacks on Bluetooth-enabled microcontrollers, allowing them to extract tinyAES keys from up to 10 meters away in controlled environments. A PDF of the paper is available and all the relevant code is available on GitHub.

The experimental setup for this exploit consisted of a BLE Nano, a breakout board for a Nordic nRF52832 Bluetooth microcontroller, a Hack RF, a USRB N210 software defined radio from Ettus, and a few high-gain antennas and LNAs. The example attack relies on installing firmware on the BLE Nano that runs through a few loops and encrypts something with tinyAES. Through very careful analysis of the RF spectrum, the AES keys can be extracted from the ether.

Side channel attacks have received a bit more popularity over recent years. What was once limited to Three Letter Agency-level Van Eck phreaking can now be done inexpensively and in a system with devices like the ChipWhisperer.

Of course, this is only a demonstration of what is possible with side-channel attacks in a highly controlled environment with a significant amount of work gone into the firmware running on the microcontroller. This isn’t evidence that balaclava-wearing hackers are sniffing your phone from across the parking lot to get the password to your Instagram account, but it does show what is possible with relatively cheap, off-the-shelf hardware.

Amiga Repairs Put One Tough Little Machine Back In Service

July 30, 2018 by 8 Comments

Returning a piece of retro hardware to factory condition is generally a labor of love for the restorationist. A repair, on the other hand, is more about getting a piece of equipment back into service. But the line between repair and restoration is sometimes a fine one, with the goals of one bleeding over into the other, like in this effort to save an otherwise like-new Amiga 2000 with a leaky backup battery.

Having previously effected emergency repairs to staunch the flow of electrolyte from the old batteries and prevent further damage, [Retromat] entered the restoration phase of the project. The creeping ooze claimed several caps and the CPU socket as it spread across the PCB, but the main damage was to the solder resist film itself. In the video below you can clearly see flaky, bubbly areas in the mask where the schmoo did its damage.

Using a fiberglass eraser, some isopropyl alcohol, and far more patience than we have, [Retromat] was able to remove the damaged resist to reveal the true extent of the damage below. Thankfully, most of the traces were still intact; only a pair of lines under the CPU socket peeled off as he was removing it. After replacing them with fine pieces of wire, replacing the corroded caps and socket, and adding a coin-cell battery holder to replace the old battery, the exposed traces were coated with a varnish to protect them and the machine was almost as good as new.

Amigas were great machines in their day and launched more than one business. They’ve proved their staying power too, some even in mission-critical roles.

Continue reading “Amiga Repairs Put One Tough Little Machine Back In Service”