TEMPEST: A Signal Problem

January 25, 2009 by Eliot 12 Comments

TEMPEST is the covername used by the NSA and other agencies to talk about emissions from computing machinery that can divulge what the equipment is processing. We’ve covered a few projects in the past that specifically intercept EM radiation. TEMPEST for Eliza can transmit via AM using a CRT monitor, and just last Fall a group showed how to monitor USB keyboards remotely. Through the Freedom of Information Act, an interesting article from 1972 has been released. TEMPEST: A Signal Problem (PDF link dead, try Internet Archive version) covers the early history of how this phenomenon was discovered. Uncovered by Bell Labs in WWII, it affected a piece of encryption gear they were supplying to the military. The plaintext could be read over that air and also by monitoring spikes on the powerlines. Their new, heavily shielded and line filtered version of the device was rejected by the military who simply told commanders to monitor a 100 feet around their post to prevent eavesdropping. It’s an interesting read and also covers acoustic monitoring. This is just the US history of TEMPEST though, but from the anecdotes it sounds like their enemies were not just keeping pace but were also better informed.

[via Schneier]

Wattcher, Twittering Kill A Watt Plans Posted

January 24, 2009 by Eliot 20 Comments

You probably saw [Phillip Torrone] and [Limor Fried]’s twittering Kill A Watt earlier this week. It was an entry in the Core77/Greener Gadgets Design Competition. We saw a little bit about how it was assembled, but now they’ve posted a full guide to assembling the hardware. Each Kill A Watt gets an XBee radio that transmits back to a receiver that logs the power usage. The difficult part when putting this design together was the XBee required 50mA when transmitting. This is well above the Kill A Watt’s internal power supply. They remedied this by adding a 10,000uF supercap to act as a rechargeable battery. The daily twittering is just a side-effect of the project. The Kill A Watts transmit every 2 seconds, so you’ll get a very accurate report of your power usage. This is a great project for renters who can’t permanently modify their power infrastructure. Each Kill A Watt can support quite a few appliances since they’re rated for 15A, ~1800W.

Hands Free Point Of View Camera

January 24, 2009 by Eliot 31 Comments

handsfree

Here’s an odd little footnote we found while perusing the Comic Tools blog. [Matt Bernier]’s blog is dedicated to drawing and inking tutorials for comic artists. He uses a lot of example photographs that involve both hands. This week, at the bottom of his post on cleaning brushes, he included a photo to illustrate how he takes all of these point of view shots. The camera is strapped securely to his head using an old lanyard. He can see the display and access the controls on the back. After composing his shot, he just sets the timer, and you get a picture of what the process looks like from his perspective. Sure, it looks silly from this angle, but it really helps out the posts.

Manual Protocol Analysis

January 24, 2009 by Eliot 2 Comments

packetfu

As a followup to last week’s post on automated protocol analysis, [Tod Beardsley] has written up how to start analyzing a protocol manually. He walks through several examples to show how to pull out the interesting bits in binary protocols. His first step was sending 10 identical select statements and capturing the outbound packets. He used the Ruby library PacketFu to help with the identification. It compared the ten packets and highlighted one byte that was incrementing by four with each packet, probably a counter. Looking at the response indicated a few other bytes that were also incrementing at the same rate, but at different values. Running the same query on two different days turned up what could be a timestamp. Using two different queries helped identify which byte was responsible for the statement length. While you may not find yourself buried in HEX on a daily basis, the post provides good coverage of how to think critically about it.

MegaUpload Captcha Cracking In JavaScript

January 23, 2009 by Eliot 25 Comments

This was certainly the last thing we expected to see today. [ShaunF] has created a Greasemonkey script to bypass the captcha on filehosting site Megaupload. It uses a neural network in JavaScript to do all of the OCR work. It will auto submit and start downloading too. It’s quite a clever hack and is certainly helped by the simple 3 character captcha the site employs. Attempting to do the same thing with ReCAPTCHA has proven much more difficult.

UPDATE: [John Resig] explained of how it works.

[via Waxy]

WiFi Theremin

January 23, 2009 by Eliot 9 Comments

The fine folks at Midnight Research Labs have put together a new toy for you to play with. It’s a Python script that makes your WiFi hardware behave more like a theremin. Based on the pyaudio library it monitors the signal strength of the AP you’re connected to and changes the tone accordingly. There’s a sample embedded above (direct link). If you have a second interface, you can use it to modulate the volume. It’s an interesting trick, but they say that there’s enough latency that it would be hard to play actual music with it.

Hackit: DTV Converter Boxes?

January 21, 2009 by Eliot 63 Comments

zenith

An anonymous Slashdot reader asked today what was the best digital television to analog converter box. He was looking for one with the best hacking potential. We actually purchased a Zenith DTT900 HD converter box this summer specifically wondering about the hacking potential. We did a teardown and you can find a full gallery on Flickr. Our conclusion was this: there’s not much there. You’re talking about a box that takes a digital RF signal and turns it into a crappier looking analog signal over composite. There isn’t much you can do outside of its designed use. Do you have any ideas what else can be done with it?

Slashdot commenter [timeOday] did mention a Tivax brand box that features a serial port. You can use it to issue remote commands to the box.

Not much has been said about the actual coupons. We’ve got a scan of them embedded below. The $40 coupons are essentially credit cards. We ran ours through a magstripe reader confirming this. Even though the card isn’t stamped with the recipient’s name, it is stored on the magstripe.

Continue reading “Hackit: DTV Converter Boxes?” →