Misc Hacks

4181 Articles

Back From Vegas Extra

August 6, 2007 by 47 Comments


I made it home after a long day of travel. Airport security let me through with my new home server – a 1U dual P3 800Mhz Compaq rackmount that I scored from the guys at UNIX surplus. Yes, it was my carry-on personal item.

Somehow I missed the MIDI tesla coil last month. Thanks to [skuhl] for sending it in. It’s a solid state coil that’s modulated to create one bad-ass midi box. The videos are worth checking out.

[martin] tells me that the Pentax k10d firmware has been hacked for polish menus. I’ll let you guys sort through it, I’m honestly too tired to deal with translating it right now.

[Alex] re-cased a macbook power supply to repair a slightly ripped out power cable. Those power supplies aren’t cheap, so it’s worth noting.

By the way, I’ve got one of the midnight research wicrawl CDs, so ask nice if you want me to put up a torrent.

Defcon 15: Exploiting Authentication Systems

August 4, 2007 by 34 Comments


[Zac Franken] gave a good talk on authentication systems. (Card readers, biometric systems, etc). After a good introduction to various access control systems, he demoed an excellent exploit tool. Rather than focus on the access mechanism, he exploited the lack of reader installation security. Most card readers are secured by a plastic cover and a pair of screws. Inside, the reader wires are vulnerable. [Zac] put together the equivalent of a keyboard sniffer for the reader wiring. With this little device in place, he was able to collect access codes and use them to exploit the reader authentication system.

The operation goes like this: Install the sniffer. Let it collect some codes. On return, [Zac] is able to use his own card to become a pseudo authenticated card owner, restrict and allow access to other cards. That’s it. No sneaking up behind people to read their cards, just a few minutes with a screwdriver.

He’s not releasing the design, simply because measures to prevent this type of intercept/control mechanism would be extremely costly.

Black Hat 2007 Premature AJAX-ulation

August 2, 2007 by 5 Comments


Billy Hoffman and Bryan Sullivan from SPI Dynamics gave one of the more entertaining talks today. The title is an allusion to peoples willingness to apply new technology before they fully understand it. Instead of laughing at silly web 2.0 developers they decided to build their own AJAXified website by consulting the resources that any programmer would: AJAX books, blogs, and forums. What they ended up with was hackervactations.com… a security hole riddled gem built on good intentions.

Continue reading “Black Hat 2007 Premature AJAX-ulation”

Black Hat 2007 No-Tech Hacking With Johnny Long

August 2, 2007 by 9 Comments


[J0hnny]’s at Blackhat and Defcon this year with his talk on “No-Tech Hacking”. It’s a fun talk that boils down to this: loads of information can be gathered using low tech methods. A small digital (or film) camera is ideal for shoulder surfing, identifying weaknesses, and assessing strengths.

The talk is pretty amusing – the commentary on the example shots is priceless. The concept has gone over so well at the cons that [J0hnny] has contributed a chapter to a book on risk management. You can grab a sample chapter here. It looks like he’ll be running his talk at 8pm on Friday at Defcon. From the sample chapter, I’d say that the book should be pretty good. It looks like a good introduction to social engineering and using your wits to defeat obstacles (like corporate security).

How To Overclock A Casio Fx-9750G Plus

August 1, 2007 by 13 Comments


[Visceroid] could only find overclocking resources online for TI calcs. He spent some time under the hood of his casio fx-9750G plus and sent in a write-up for us. I gave it a quick edit, but here it goes:

I opened up the calculator, which reveals the board with the processor on it,
with the RAM, ROM, CPU and a few other surface mounts visible.
The graphics are underneath and the buttons are also underneath on an underlying board.
The main batteries, backup battery and serial port are connected on the underlying board, and I also have access to them.

Continue reading “How To Overclock A Casio Fx-9750G Plus”

SIP For The SMC WSKP100

July 31, 2007 by 2 Comments


[sprite_tm] made my morning by sending in his latest work. After opening up his new SMC WSKP100 (Skype wifi phone) to identify the hardware differences, he managed to shrink a flash image from the SMCWSP100 to fit on his new toy. Then he spent some time hacking the kernel from the former to work on his phone. The result? A SIP operational phone that’ll connect to his asterix server at half the price of SMC’s official SIP phone.