A Clever Solution For Constantly Locking Workstations

March 12, 2013 by Brian Benchoff 57 Comments

ROBOT

[Vasilis] works at CERN, and like any large organization that invented the World Wide Web, they take computer security pretty seriously. One ‘feature’ the IT staff implemented is locking the desktop whenever the screen saver runs. When [Vasilis] is in his office but not at his battlestation, the screen saver invariably runs, locking the desktop, and greatly annoying [Vasilis].

The usual Hackaday solution to this problem would be a complex arrangement of RFID tags, webcams, and hundreds, if not thousands of lines of code. [Vasilis] came up with a much better solution: have the computer ping his phone over Bluetooth. If the phone is detected by the computer, kill the screen saver.

The code is up on Github. It’s not much – just 20 lines of a Bash script – but it’s just enough to prevent the aggravation of typing in a password dozens of times a day.

Quick Wallet Hack Adds Pickpocket Alarm

March 8, 2013 by Caleb Kraft 60 Comments

Recently there were a bunch of videos going around the net about some of the greatest pickpockets in the world. Simply put, if they wanted something you had, they were going to take it and you probably wouldn’t notice. I’ve always kept my wallet in my front pocket, and usually with my hand on it, but they even showed them getting around that in the video (you can’t always be vigilant).

I had the idea to make some kind of alarm that would go off if anyone but me removed the wallet from my pocket. A quick google search revealed tons of wallet alarms, but I noticed that they all had a credit card form factor(that’s good) and would make noise when exposed to light(that’s bad). This represents a problem since the pickpockets in the videos tended not to open the wallets till later at another location. I needed something that would make noise as it was removed from my pocket. Most importantly, I needed the alarm to be located inside the wallet. This immediately makes the wallet undesirable and will hopefully make someone drop it like hot coals.

Continue reading “Quick Wallet Hack Adds Pickpocket Alarm” →

PwnPad, The Pentesting Tablet

March 1, 2013 by Brian Benchoff 46 Comments

pwnpad3_1024x1024

Over the last few months, we’ve seen our fair share of pentesting appliances. Whether they’re in the form of a Raspberry Pi with a custom distro, or an innocuous looking Internet-connected wall wart, they’re all great tools for investigating potential security vulnerabilites at home, in the workplace, or in someone else’s workplace. Pwnie Express, manufacturers of pentesting equipment, are now releasing one of the best looking and potentially most useful piece of pentesting equipment we’ve ever seen. It’s called the PwnPad, and it allows you to get your pentesting on while still looking stylish.

Based on Google’s Nexus 7 tablet, the PwnPad combines all the goodies of a really great tablet – the ability to read NFC tags and multiband radios – with open source tools and a USB OTG cable with USB Ethernet, Bluetooth, and WiFi adapters. Everything in the PwnPad is designed for maximum utility for pentesting applications.

Of course, for those of us that already have a $200 Nexus 7, Pwnie Express says they’ll be giving away the source for their software, enabling anyone with knowledge of make to have the same functionality of the PwnPad. Of course you’ll need to get yourself a USB OTG cable and the WiFi, Bluetooth, and Ethernet adapters, but that should only add up to about $100; combined with a $200 Nexus 7, building your own is more than just a bit cheaper than Pwnie Express’ asking pre-order price of $795.

Hacking A Radio Controlled Spy Device For Overly Attached Girlfriend.

February 27, 2013 by Caleb Kraft 47 Comments

This is the first in our series of videos meant to spread the hacking goodness far and wide on the net. As you can see, it is a pretty silly video, hopefully you enjoyed the humor. This wouldn’t be hackaday without an appropriate writeup though!

Initially the idea was to make this as a device that my boss could deploy from his Tesla Model S. Ultimately, we missed the release of SkyFall, so the whole 007 theme seemed a little flat. However, we did just happen to have a wonderful woman in the office that agreed to be an “overly attached girlfriend”. Here’s a link to the meme for those who are unfamiliar. Even though we made her look like a crazy person, she was a great sport about it (Thanks [Stephanie]!).

The Goal was to have a radio controlled device that would send live video and audio to someone and had the ability to plant a small GPS tracker on the undercarriage of a car.

Continue reading “Hacking A Radio Controlled Spy Device For Overly Attached Girlfriend.” →

Mac EFI PIN Lock Brute Force Attack (unsuccessful)

February 26, 2013 by Mike Szczys 82 Comments

[Oliver] wiped the hard drive from a Macbook Pro using the ‘dd’ command on another machine. This does a great job of getting everything off the drive, but he was still faced with the EFI PIN lock protection when he tried to put it back into the Mac. You used to be able to clear the NVRAM to get around this issue, but that exploit has now been patched. So [Oliver] set out to use a microcontroller to brute-force the EFI PIN.

You can read his back story at the link above. He had the chance to enter a 4-digit pin before the format process. Now that he’s wiped the drive the code is at least 6 characters long, which is a lot more possibilities (at least it’s numeric characters only!). To automate the process he programmed this Teensy board to try every possible combination. It worked great on a text editor but sometimes the characters, or the enter command wouldn’t register. He guesses this was some type of protection against automated attackers. To get around the issue he added different delays between the key presses, and between entering each code. This fixed the issue, as you can see in the clip after the break. Unfortunately after two 48-hour runs that tried every code he still hasn’t gained access!

Continue reading “Mac EFI PIN Lock Brute Force Attack (unsuccessful)” →

Dissecting A Firmware Image

February 22, 2013 by Mike Szczys 18 Comments

dissecting-a-firmware-image

[Leland Flynn] did a great job of picking apart the firmware image for a Westell 9100EM FiOS router. Unfortunately he didn’t actually find the information he was looking for. But he’s not quite done poking around yet either. If you have never tried to make sense of an embedded Linux firmware image this serves as a great beginner’s example of how it’s done.

He was turned on to the project after port scanning his external IP and finding a random login prompt which he certainly didn’t set up. Some searching led him to believe this is some kind of back door for Verizon to push automatic firmware updates to his router. He figured why not see if he could yank the credentials and poke around inside of the machine?

He started by downloading the latest firmware upgrade. Running ‘hexdump’ and ‘strings’ gives him confirmation that the image is based on Linux. He’s then able to pick apart the package, getting at just the filesystem portion. His persistence takes him through extracting and decompressing three different filesystems. Even though he now has access to all of those files, broken symlinks meant a dead-end on his login search.

Freezing Android To Crack The Encryption

February 20, 2013 by Mike Szczys 40 Comments

frozen-phone-encryption-hacking

Build a better lock and someone will make a tool to open it without the key. Or in this case they’ve made a tool to discover the key using a trip to through the deep freeze. The Forensic Recovery of Scrambled Telephones — or FROST — uses cold temperatures and a custom recovery image to crack Android encryption keys.

Cold boot hacks go way back. They leverage use of low temperatures to slow down the RAM in a device. In this case, the target phone must already be powered on. Booting a phone that uses the encryption offered by Android 4.0 and newer requires the owner’s pass code to decrypt the user partition. But it then remains usable until the next power cycle. By freezing the phone, then very quickly disconnecting and reconnecting the battery, researchers were able to flash their own recovery image without having the encryption key cleared from RAM. As you can see above, that recovery package can snoop for the key in several different ways.

[Thanks Rob]