Building The NSA’s Tools

Fake ANT Catalog Entry for HackRF

Back in 2013, the NSA ANT Catalog was leaked. This document contained a list of devices that are available to the NSA to carry out surveillance.

[Michael Ossmann] took a look at this, and realized that a lot of their tools were similar to devices the open source hardware community had built. Based on that, he gave a talk on The NSA Playset at Toorcamp 2014. This covered how one might implement these devices using open hardware.

The above image is a parody of an ANT Catalog page, which shows [Michael]’s HackRF, an open source software defined radio. In the talk, [Michael] and [Dean Pierce] go over the ANT Catalog devices one by one, discussing the hardware that would be needed to build your own.

Some of these tools already have open source counterparts. The NIGHTSTAND WiFi exploitation tools is essentially a WiFi Pineapple. SPARROW II is more or less a device running Kismet attached to a drone, which we’ve seen before.

A video of the Toorcamp talk is available on [Michael]’s blog. There will also be a variety of talks on this subject at DEFCON next week, which we’re looking forward to. For further reading, Wikipedia has a great summary of the ANT Catalog.

Homebrew NSA Bugs


Thanks to [Edward Snowden] we have a huge, publicly available catalog of the very, very interesting electronic eavesdropping tools the NSA uses. Everything from incredibly complex ARM/FPGA/Flash modules smaller than a penny to machines that can install backdoors in Windows systems from a distance of eight miles are available to the nation’s spooks, and now, the sufficiently equipped electronic hobbyist can build their own.

[GBPPR2] has been going through the NSA’s ANT catalog in recent months, building some of the simpler radio-based bugs. The bug linked to above goes by the codename LOUDAUTO, and it’s a relatively simple (and cheap) radar retro-reflector that allows anyone with the hardware to illuminate a simple circuit to get audio back.

Also on [GBPPR2]’s build list is RAGEMASTER, a device that fits inside a VGA cable and allows a single VGA color channel to be viewed remotely.

The basic principle behind both of these bugs is retroreflection, described by the NSA as a PHOTOANGLO device. The basic principle behind these devices is a FET in the bug, with an antenna connected to the drain. The PHOTOANGLO illuminates this antenna and the PWM signal sent to the gate of the FET modulates the returned signal. A bit of software defined radio on the receiving end, and you have your very own personal security administration.

It’s all very cool stuff, but there are some entries in the NSA catalog that don’t deal with radio at all. One device, IRATEMONK, installs a backdoor in hard drive controller chips. Interestingly, Hackaday favorite and current Hackaday Prize judge [Sprite_TM] did something extremely similar, only without, you know, being really sketchy about it.

While we don’t like the idea of anyone actually using these devices, the NSA ANT catalog is still fertile ground for project ideas.

Continue reading “Homebrew NSA Bugs”

NSA Technology Goes Open Hardware

When [Edward Snowden] smeared the internet with classified NSA documents, it brought to light the many spying capabilities our government has at its disposal. One the most interesting of these documents is known as the ANT catalog. This 50 page catalog, now available to the public, reads like a mail order form where agents can simply select the technology they want and order it. One of these technologies is called the Sparrow II, and a group of hackers at Hyperion Bristol has attempted to create their own version.

The Sparrow II is an aerial surveillance platform designed to map and catalog WiFi access points. Think wardriving from a UAV. Now, if you were an NSA agent, you could just order yourself one of these nifty devices from the ANT catalog for a measly 6 grand.  However, if you’re like most of us, you can use the guidance from Hyperion Bristol to make your own.

They start off with a Raspi, a run-of-the-mill USB WiFi adapter, a Ublox GY-NEO6MV2 GPS Module, and a 1200 mAh battery to power it all. Be sure to check out the link for full details.

Thanks to [Joe] for the tip!

Hackaday Celebrates 15 Years And Oh How The Hardware Has Changed

Today marks exactly 15 years since Hackaday began featuring one Hack a Day, and we’ve haven’t missed a day since. Over 5,477 days we’ve published 34,057 articles, and the Hackaday community has logged 903,114 comments. It’s an amazing body of work from our writers and editors, a humbling level of involvement from our readers, and an absolutely incredible contribution to open hardware by the project creators who have shared details of their work and given us all something to talk about and to strive for.

What began as a blog is now a global virtual hackerspace. That first 105-word article has grown far beyond project features to include spectacular long-form original content. From our community of readers has grown, launched in 2014 you’ll now find over 30,000 projects published by 350,000 members. The same year the Hackaday Prize was founded as a global engineering initiative seeking to promote open hardware, offering big prizes for big ideas (and the willingness to share them). Our virtual connections were also given the chance to come alive through the Hackaday Superconference, Hackaday Belgrade, numerous Hackaday Unconferences, and meetups all over the world.

All of this melts together into a huge support structure for anyone who wants to float an interesting idea with a proof of concept where “why” is the wrong question. Together we challenge the limits of what things are meant to do, and collectively we filter through the best ideas and hold them high as building blocks for the next iteration. The Hackaday community is the common link in the collective brain, a validation point for perpetuating great ideas of old, and cataloging the ones of new.

Perhaps the most impressive thing about the last 15 years of Hackaday is how much the technological landscape has changed. Hackaday is still around because all of us have actively changed along with it — always looking for that cutting edge where the clever misuse of something becomes the base for the next transformative change. So we thought we’d take a look back 15 years in tech. Let’s dig into a time when there were no modules for electronics, you couldn’t just whip up a plastic part in an afternoon, designing your own silicon was unheard of, and your parts distributor was the horde of broken electronics in your back room.

Continue reading “Hackaday Celebrates 15 Years And Oh How The Hardware Has Changed”

Etching Large Brass Sheets Is Harder Than You Think

One of my favorite ways to think of engineering is that a glass is not half empty or half full, only twice as large as it needs to be. As useful as that idea is, it also means that I rarely put any effort into the aesthetics of my projects – I learn or accomplish what I need, desolder and recycle the components, then move on. Few of my projects are permanent, and custom cases tend to be non-reusable, so I skip the effort and expense.

Once in a while though, I need to make a gift. In that case form and function both become priorities. Thankfully, all that glitters is not gold – and over the last year I’ve been learning to etch the copper alloys commonly classified as ‘brass’. We’ve covered some truly excellent etched brass pieces previously, and I was inspired to try and etch larger pieces of metal (A4 and larger) without sacrificing resolution. I thought this would be just like etching circuits. In fact, I went through several months of failed attempts before I produced anything halfway decent!

Although I’m still working on perfecting my techniques, I’ve learned enough in the meantime to give a report. Read on if you’re feeling the need for more fancy brass signs in your life.

Continue reading “Etching Large Brass Sheets Is Harder Than You Think”

What Can The Blockchain Do For You?

Imagine you’re a general, camped outside a fortified city with your army. Your army isn’t strong enough to take the city without help. But you do have help: camped on other hills outside this city are a half dozen more generals, with their armies ready to attack. Attacking one army at a time will fail; taking this city will require at least three or four armies, and an uncoordinated attack will leave thousands dead outside the city gates. How do you coordinate an attack with the other generals? Now, how do you coordinate your attack if one of those other generals is Benedict Arnold? What happens when one of the generals is working with the enemy?

This situation is a slight rephrasing of the Byzantine Generals Problem, first presented in the ACM Transactions on Programming Languages and Systems in 1982. It’s related to the Two Generals Problem formulated a decade prior. These are the analogies we use when we talk about trust over a communications channel, how hard it is to transmit knowledge, and how to form a consensus around imperfect facts.

This problem was upended in late 2008 when Satoshi Nakamoto, a person or group of people, published a white paper on the ‘block chain’. This was the solution to double-spending in digital currency. Think of it as having a digital thing that only one person could own. As a test of this block chain technology, Bitcoin was launched at the beginning of 2009. Things got more annoying from there.

Now, blockchain is at the top of the hype cycle. Every industry is looking at blockchain tech to figure out how it will work for them. Kodak launched their own blockchain, there are proposals to use the blockchain in drones and 3D printers. Medical records could be stored on the blockchain, HIPAA be damned, and there’s a blockchain phone, for reasons. This doesn’t even cover the massive amount of speculation in Bitcoin itself; thousands of other cryptocurrencies have also sprung up, and people are losing money.

The blockchain is a confusing thing, with hashes and Merkle trees and timestamps. Everyone is left asking themselves, what does the blockchain actually do? Is there an independent body out there that will tell me what the blockchain is good for, and when I should use it? You’re in luck: NIST, the National Institute of Standards and Technology released their report on blockchain technology (PDF). Is blockchain magic? No, no it is not, and it probably shouldn’t be used for anything other than a currency.

Continue reading “What Can The Blockchain Do For You?”

Teardown Of USB Fan Reveals Journalists’ Lack Of Opsec

Last month, Singapore hosted a summit between the leaders of North Korea and the United States. Accredited journalists invited to the event were given a press kit containing a bottle of water, various paper goods, and a fan that plugs into a USB port.

Understandably, the computer security crowd on Twitter had a great laugh. You shouldn’t plug random USB devices into a computer, especially if you’re a journalist, especially if you’re in a foreign country, and especially if you’re reporting on the highest profile international summit in recent memory. Doing so is just foolhardy.

This is not a story about a USB fan, the teardown thereof, or of spy agencies around the world hacking journalists’ computers. This a story of the need for higher awareness on what we plug into our computers. In this case nothing came of it — the majority of USB devices are merely that and nothing more. One of the fans was recently torn down (PDF) and the data lines are not even connected. (I’ll dive into that later on in this article). But the anecdote provides an opportunity to talk about USB security and how the compulsion to plug every USB device into a computer should be interrupted by a few seconds of thoughtfulness first.

Continue reading “Teardown Of USB Fan Reveals Journalists’ Lack Of Opsec”