An Open Source Hardware Modchip

September 17, 2013 by Eric Evenchick 12 Comments

Many Hackaday readers might remember the days of buying modchips from somewhat questionable sources. These little devices connect to a gaming system to circumvent security measures, allowing you to run homebrew games (and pirated games, but lets not focus on that). [Guillermo] built an open source hardware Gamecube modchip based on the XenoGC.

The XenoGC was a popular modchip back in the Gamecube days, and its source was released in a forum post. A Wiki page explains how to build a clone of the device based on an ATtiny2313. Most modchips were closed source, but this project lets you look at how they work. You can browse the XenoGC source on Google Code to learn more about the exploit itself. You’ll find the AVR code, which manipulates the DVD drive over a serial interface, in the XenoAT folder.

[Guillermo]’s hardware is available from OSHPark, so you can easily order boards. He’s also hosted the design files on Github. With one in hand, you can start building homebrew for the Gamecube, which can probably be picked up for around $25 nowadays.

Modified E-ZPass Detects Reads Far From Toll Booths

September 16, 2013 by Adam Fabio 54 Comments

Def Con speaker [pukingmonkey] has spent quite a bit of time studying methods government and law enforcement use to track private citizens’ vehicles on the roads. One of the major tracking methods is E-ZPass, an electronic toll collection system used in several states around the country. [pukingmonkey] cracked open his E-ZPass tag to find a relatively basic circuit. In his DEF CON presentation (PDF), he notes you shouldn’t do this to your own tag, as tags are legally not the property of the user.

The tag uses a 3.6 volt long life battery to operate. When idle, the tag only draws 8 microamps. During reads, current draw jumps to 0.3 mA. Armed with this information, it was relatively simple to add a current detecting circuit that outputs a pulse on tag reads. Pulses are then fed into a toy cow, which lights up and “Moos” on each read.

Continue reading “Modified E-ZPass Detects Reads Far From Toll Booths” →

Cloning An Infrared Disarming Remote Of A $8 Home Security System

September 15, 2013 by Mathieu Stephan 4 Comments

[Sylvio] decided to buy one of the cheap alarm systems you can find on the internet to have a look at its insides. The kit he bought was composed of one main motion sensor and two remote controls to arm/disarm it.

Communication between the remotes and the sensor is done by using infrared, requiring a direct line of sight for a signal to be received. Modern alarm systems typically use RF remotes with a typical frequency of 434MHz or 868MHz. In his write-up, [Sylvio] first tries to replicate the IR signal with one of his ‘learning remote controls’ without success and then proceed to reverse engineering the remote circuit shown in the above picture. Hackaday readers may figure out just by looking at it that it is a simple astable multivibrator (read ‘oscillator’). Its main frequency is 38.5kHz, which is typical for IR applications. Therefore, if one of your neighbours had this ‘security system’ one could just disarm it with any of the same remotes…

[Sylvio] then explains different ways to replicate the simple IR signal, first with an Arduino then with a frequency generator and finally using the USB Infrared Toy from Dangerous Prototypes. We agree with his conclusion: “you get what you pay for”.

Using Google Authenticator With An Arduino

September 14, 2013 by Eric Evenchick 5 Comments

Google Authenticator is an app that generates one time passwords (OTPs). These passwords are often used as a second factor of authentication, along with your normal password. OTPs work by having a shared secret and a synchronized clock on two devices. When you generate the password, a hash based on the secret and timestamp is created. This proves that you have access to the secret, and can only be used once.

To secure his Lego mini-figures, [Luca] built an authentication system using Google Authenticator and Arduino. A web app is used to generate a secret that can be configured into the Arduino using an array, and into Google Authenticator using a QR code. The Arduino is using a library that implements Time-based One Time Password authentication (TOTP).

There are some challenges, including keeping a good clock source on the Arduino, but this look like an interesting way to do authentication. After the break, watch a quick video overview of the project (for English captions, hit the CC button).

Continue reading “Using Google Authenticator With An Arduino” →

Stripping Kindle DRM With Lego

September 9, 2013 by Brian Benchoff 75 Comments

DRM

Consider a book sitting on a shelf. You can lend it out to a friend, you don’t need a special device to read it, and if you are so inclined, you can photocopy it. This isn’t true with Kindle eBooks that place severe restrictions on what you can do with a book via DRM. Although it is possible to strip eBook DRM with a few programs on your computer, [Peter] came up with a fool-proof way that’s an amateur engineering marvel. He’s turning Kindle eBooks into plain text using Lego.

[Peter] is using a few bits of a Lego NTX system to press the, ‘next page’ button on his Kindle, then smash the space bar on his Mac to take a picture. These pictures are then sent to a cloud-based text recognition service. After a few hours of listening to plastic gears grinding, [Peter] has a copy of his eBook in plain text format sitting in his computer.

As impractical as it looks, using a robot, camera, and OCR is actually a really, really good way to turn eBooks plagued with DRM into a text file. Even if Amazon updates their DRM to make the current software cracking methods break, [Peter] will always have his Lego robot ready to scan a few hundred pages of text at a time.

Continue reading “Stripping Kindle DRM With Lego” →

Hidden RFID Reader Locks Workstation Unless Keys Are Present

September 7, 2013 by Mike Szczys 39 Comments

We don’t know how [Kristoffer Marshall] found himself with free time at work, but he used it to beef up his computer security. Above is the finished project. There is literally nothing to see here. He’s rigged up a hidden RFID reader which locks and unlocks his workstation.

The security of the system depends on xscreensaver, which has a password protected lock feature already built into it. When the tag is removed from the reader’s field it fires up the screensaver using a Perl script.

But waking up from the screensaver is a bit more tricky. The package doesn’t allow you to wake it from the command line — most likely for security. He found the xdotool to be of great use here. It is a command line tool which simulates keyboard and mouse entry. His script detects when the xscreensaver password prompt is on the screen and uses the xdotool to fill in [Kristoffer’s] password. Since the script knows what has focus it won’t give away your password by accident.

See the complete setup in the clip after the break.

Continue reading “Hidden RFID Reader Locks Workstation Unless Keys Are Present” →

Spoofing WiFi AP Based Geolocation

August 27, 2013 by Mike Szczys 39 Comments

[Pierre Dandumont] just finished up a little project that will give Google Maps’ location feature a run for its money. It’s a technique that spoofs WiFi networks in order to relocate the positional data reported via WiFi networks.

He starts with an explanation of the different ways modern devices acquire location data. GPS is the obvious, and mobile network triangulation is pretty well know. But using WiFi networks may be a new trick for you. We’re not 100% certain but we think Google is able to look up location data based on known IP addresses for WiFi access points (this would be a good comments discussion). To trick the system all you have to do is feed some captured AP data into the computer before Google Maps tried to lock onto a location. The video after the break shows Maps with the legit location displayed. After running a quick script whose output is shown above the map position is changed to the spoofed location.

Continue reading “Spoofing WiFi AP Based Geolocation” →