Building The NSA’s Tools

Fake ANT Catalog Entry for HackRF

Back in 2013, the NSA ANT Catalog was leaked. This document contained a list of devices that are available to the NSA to carry out surveillance.

[Michael Ossmann] took a look at this, and realized that a lot of their tools were similar to devices the open source hardware community had built. Based on that, he gave a talk on The NSA Playset at Toorcamp 2014. This covered how one might implement these devices using open hardware.

The above image is a parody of an ANT Catalog page, which shows [Michael]’s HackRF, an open source software defined radio. In the talk, [Michael] and [Dean Pierce] go over the ANT Catalog devices one by one, discussing the hardware that would be needed to build your own.

Some of these tools already have open source counterparts. The NIGHTSTAND WiFi exploitation tools is essentially a WiFi Pineapple. SPARROW II is more or less a device running Kismet attached to a drone, which we’ve seen before.

A video of the Toorcamp talk is available on [Michael]’s blog. There will also be a variety of talks on this subject at DEFCON next week, which we’re looking forward to. For further reading, Wikipedia has a great summary of the ANT Catalog.

Homebrew NSA Bugs

NSA

Thanks to [Edward Snowden] we have a huge, publicly available catalog of the very, very interesting electronic eavesdropping tools the NSA uses. Everything from incredibly complex ARM/FPGA/Flash modules smaller than a penny to machines that can install backdoors in Windows systems from a distance of eight miles are available to the nation’s spooks, and now, the sufficiently equipped electronic hobbyist can build their own.

[GBPPR2] has been going through the NSA’s ANT catalog in recent months, building some of the simpler radio-based bugs. The bug linked to above goes by the codename LOUDAUTO, and it’s a relatively simple (and cheap) radar retro-reflector that allows anyone with the hardware to illuminate a simple circuit to get audio back.

Also on [GBPPR2]’s build list is RAGEMASTER, a device that fits inside a VGA cable and allows a single VGA color channel to be viewed remotely.

The basic principle behind both of these bugs is retroreflection, described by the NSA as a PHOTOANGLO device. The basic principle behind these devices is a FET in the bug, with an antenna connected to the drain. The PHOTOANGLO illuminates this antenna and the PWM signal sent to the gate of the FET modulates the returned signal. A bit of software defined radio on the receiving end, and you have your very own personal security administration.

It’s all very cool stuff, but there are some entries in the NSA catalog that don’t deal with radio at all. One device, IRATEMONK, installs a backdoor in hard drive controller chips. Interestingly, Hackaday favorite and current Hackaday Prize judge [Sprite_TM] did something extremely similar, only without, you know, being really sketchy about it.

While we don’t like the idea of anyone actually using these devices, the NSA ANT catalog is still fertile ground for project ideas.

Continue reading “Homebrew NSA Bugs”

Raspi, GPS, USB hub and battery hooked together

NSA Technology Goes Open Hardware

When [Edward Snowden] smeared the internet with classified NSA documents, it brought to light the many spying capabilities our government has at its disposal. One the most interesting of these documents is known as the ANT catalog. This 50 page catalog, now available to the public, reads like a mail order form where agents can simply select the technology they want and order it. One of these technologies is called the Sparrow II, and a group of hackers at Hyperion Bristol has attempted to create their own version.

The Sparrow II is an aerial surveillance platform designed to map and catalog WiFi access points. Think wardriving from a UAV. Now, if you were an NSA agent, you could just order yourself one of these nifty devices from the ANT catalog for a measly 6 grand.  However, if you’re like most of us, you can use the guidance from Hyperion Bristol to make your own.

They start off with a Raspi, a run-of-the-mill USB WiFi adapter, a Ublox GY-NEO6MV2 GPS Module, and a 1200 mAh battery to power it all. Be sure to check out the link for full details.

Thanks to [Joe] for the tip!

Java Ring: One Wearable To Rule All Authentications

Today, you likely often authenticate or pay for things with a tap, either using a chip in your card, or with your phone, or maybe even with your watch or a Yubikey. Now, imagine doing all these things way back in 1998 with a single wearable device that you could shower or swim with. Sound crazy?

These types of transactions and authentications were more than possible then. In fact, the Java ring and its iButton brethren were poised to take over all kinds of informational handshakes, from unlocking doors and computers to paying for things, sharing medical records, making coffee according to preference, and much more. So, what happened?

Continue reading “Java Ring: One Wearable To Rule All Authentications”

VCF East 2024 Was Bigger And Better Than Ever

I knew something had changed before I even paid for my ticket to this year’s Vintage Computer Festival East at the InfoAge Science and History Museum in Wall, New Jersey.

Over the last couple of years, attendance has been growing to the point that parking in the lot directly next to the main entrance has been reserved for only the earliest of risers. That hasn’t described yours truly since the days when I still had what my wife refers to as a “real job”, so that’s meant parking in the overflow lot down the road and walking the half a mile or so back to the main gate. Penance for working on the Internet, let’s call it.

But this time, while walking along the fence that surrounds the sprawling InfoAge campus, I came across an open gate and a volunteer selling tickets. When commenting to her that this was a pleasant surprise compared to the march I’d anticipated, she responded that there had been so many people trying to get into the main entrance that morning that they decided to station her out here to handle the overflow.

I was a few steps past her table and into InfoAge before the implications of this interaction really hit me. Two entrances. How many attendees does there need to be before you setup a secondary ticket booth out by the reserve parking lot just to keep things moving smoothly? Well, I can’t tell you what the exact number is. But after spending the rest of the day walking between all the buildings it took to contain all of the exhibits, talks, and activities this year, I can tell you it’s however many people came to VCF East 2024.

Compared to its relatively humble beginnings, it’s incredible to see what this event has grown into. InfoAge was packed to the rafters, and despite what you might think about a festival celebrating decades old computing hardware, there were plenty of young faces in the crowd. I’m not sure exactly what’s changed, but the whole place was positively jumping. Perhaps it’s partially the generational nostalgia that’s kept Netflix cranking out new seasons of the 1980’s set Stranger Things. I’m sure attention (and attendance) from several well known YouTube personalities have played a big part as well.

Whatever the magic formula that’s turned what was once a somewhat somber retrospective on early desktop computers into a major destination for tech lovers, I’m all for it. Love Live the Vintage Computer Festival!

Continue reading “VCF East 2024 Was Bigger And Better Than Ever”

Hackaday Podcast 242: Mechanical Math, KaboomBox, And Racing The Beam

This week, Editor-in-Chief Elliot Williams and Kristina Panos met up from their separate but equally pin drop-quiet offices to discuss the best hacks of the previous week. Well, we liked these one, anyway.

First up in the news, it’s finally time for Supercon! So we’ll see you there? If not, be sure to check out the talks as we live-stream them on our YouTube channel!

Don’t forget — this is your last weekend to enter the 2023 Halloween Hackfest contest, which runs until 9 AM PDT on October 31st. Arduino are joining the fun this year and are offering some spooky treats in addition to the $150 DigiKey gift cards for the top three entrants.

It’s time for a new What’s That Sound, and Kristina was able to stump Elliot with this one. She’ll have to think of some more weirdo sounds, it seems.

Then it’s on to the hacks, beginning with an insanely complex mechanical central air data computer super-teardown from [Ken Shirriff]. We also learned that you can 3D-print springs and things by using a rod as your bed, and we learned whole lot about rolling your own electrolytic capacitors from someone who got to visit a factory.

From there we take a look at a Commodore Datassette drive that sings barbershop, customizing printf, and a really cool dress made of Polymer-dispersed Liquid Crystal (PDLC) panels. Finally we talk about racing the beam when it comes to game graphics, and say goodbye to Kristina’s series on USPS technology.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download and savor at your leisure.

Continue reading “Hackaday Podcast 242: Mechanical Math, KaboomBox, And Racing The Beam”

Hackaday Links Column Banner

Hackaday Links: October 8, 2023

Too much of a good thing is generally a bad thing, but a surfeit of asteroid material is probably a valid exception to that rule. Such was NASA’s plight as it started to unpack the sample return capsule recently dropped off by the OSIRIS-REx spacecraft as it flew by Earth, only to discover it was packed to overflowing with samples of asteroid Bennu. The spacecraft, which arrived at Bennu in 2018 and spent a good long time mapping the near-Earth asteroid, apparently approached its carefully selected landing site a bit too energetically and really packed the sample container full of BennuBits™ — so much so that they could actually see sample shedding off into space before stowing it for the long trip back to Earth. The container is now safely in the hands of the sample analysis team, who noted that everything in the TAGSAM (Touch and Go Sample Acquisition Module), even the avionics deck, is covered with black particles, each precious one of which needs to be collected and cataloged. The black stuff is especially interesting to planetary scientists, as it might be exactly what they were after when they selected Bennu, which may have broken off a much larger carbon-rich asteroid a billion or so years ago. It’ll be interesting to see if these interplanetary hitchhikers have anything to tell us about the origin of life in the solar system.

Continue reading “Hackaday Links: October 8, 2023”