Giving An Apartment Keyless Entry

November 12, 2012 by Brian Benchoff 16 Comments

The key for [rybitski]’s apartment is a copy of a copy of a copy, and the landlord lost the original key years ago. The lock itself still works, but opening it with [rybiski]’s key is a chore. He wanted to make it easier to get into his apartment, and with Arduinos and such he figured he could make a keyless entry device for his front door.

After figuring out how to open his deadbolt with an Arduino and a rather powerful servo, [rybiski] looked into wireless control options. He found a keyless entry remote, complete with receiver, that integrated perfectly to just about any microcontroller project.

After mounting the Arduino, receiver, and servo on a piece of plastic, he attached his contraption to the deadbolt. In the video after the break, you can see his key fob remote locking and unlocking the deadbolt, all without jamming an ill-fitting key into the lock.

Continue reading “Giving An Apartment Keyless Entry” →

Extracting Data With Keyboard Emulation

October 30, 2012 by Brian Benchoff 58 Comments

A common challenge for computer security specialists is getting data out of a very locked-down system. Of course all network traffic on these test machines is monitored, and burning a CD or writing to a USB Flash drive is out of the question. Where there’s a will there’s a way, so [András] figured out how to extract data from a computer by emulating a keyboard.

Emulating a USB HID device is nothing new; the newest Arduino can do it, as can any AVR with the help of V-USB. [András]’s build emulates a USB keyboard that can download data from a computer by listening to the NUM, CAPS and SCROLL lock LEDs.

Of course, [András] first needs an app to transmit data through these keyboard status LEDs. To do this, his build carries with it a Windows executable file on the AVR’s Flash memory. After plugging his device into the computer, it writes this program to disk and is then able to send data out through keyboard status LEDs.

It’s not very fast – just over one byte per second – but [András] did manage to extract data from a computer, circumventing just about every anti-leaking solution.

LV0 Encryption Key Cracks Current And Future PlayStation 3 Firmware

October 25, 2012 by Mike Szczys 33 Comments

It looks like the security of the PlayStation 3 has been cracked wide open. But then again we’ve thought the same thing in the past and Sony managed to patch those exploits. The latest in the cat and mouse game is the release of the LV0 encryption codes for the PS3 console. The guys who discovered the magic strings of characters supposedly intended to keep them a secret, but have gone public after there was a leak and some black-hats now intend to use them for profit.

The keys are the bottom layer of security when pushing firmware updates to the PS3. With keys in hand, current and future upgrades can be unencrypted, altered, and repackaged without the gaming rig putting up a fuss. Our only real beef with the tight security came when Sony removed the ability to install Linux on systems marketed with this option. The availability of these keys should let you install just about whatever you want on your hardware.

[Thanks Kris via Phys]

Rooting A NeoTV Set Top Box From The Couch

October 25, 2012 by Mike Szczys 19 Comments

The NeoTV is a set top box built by Netgear to compete with the likes of Roku. It streams video from the usual Internet sources like Netflix, Hulu Plus, and YouTube. [Craig] recently cracked his unit open, and in the process discovered that the NeoTV can be rooted using nothing but the remote control.

He starts with a hardware overview. The box houses a single-board ARM design with a 128MB of NAND and 256MB of RAM. The serial port is easy to find, but it does not provide a root shell (which often is one of the easiest ways to root a device). He next turns to poking around the unencrypted firmware update to see what he can learn. That’s how he discovered that the SSID value when connecting to WiFi is fed into a system() command. This glaring security hole lets you run just about anything you want on the device by issuing commands as fake SSID names. It’s just a matter of a little Linux know-how and [Craig] now has root access on his device.

Brute Force Used To Crack A Key Logger’s Security Code

October 23, 2012 by Mike Szczys 29 Comments

The USB device seen plugged in on the right of this image was found in between the keyboard and USB port of the company computer belonging to a Senior Executive. [Brad Antoniewicz] was hired by the company to figure out what it is and what kind of damage it may have done. He ended up brute forcing an unlock code to access the device, but not before taking some careful steps along the way.

From the design and placement the hardware was most likely a key logger and after some searching around the Internet [Brad] and his colleagues ordered what they thought was the same model of device. They wanted one to test with before taking on the actual target. The logger doesn’t enumerate when plugged in. Instead it acts as a pass-through, keeping track of the keystrokes but also listening for a three-key unlock code. [Brad] wrote a program for the Teensy microcontroller which would brute force all of the combinations. It’s a good thing he did, because one of the combinations is a device erase code hardwired by the manufacturer. After altering the program to avoid that wipe code he successfully unlocked the malicious device. An explanation of the process is found in the video after the break.

Continue reading “Brute Force Used To Crack A Key Logger’s Security Code” →

Exploiting DFU Mode To Snag A Copy Of Firmware Upgrades

October 9, 2012 by Mike Szczys 11 Comments

[Travis Goodspeed] continues his work at educating the masses on how to reverse engineer closed hardware devices. This time around he’s showing us how to exploit the Device Firmware Updates protocol in order to get your hands on firmware images. It’s a relatively easy technique that uses a man-in-the-middle attack to dump the firmware image directly to a terminal window. This way you can get down to the nitty-gritty of decompiling and hex editing as quickly as possible.

For this hack he used his Facedancer board. We first saw the hardware used to emulate a USB device, allowing the user to send USB commands via software. Now it’s being used to emulate your victim hardware’s DFU mode. This is done by supplying the vendorID and productID of the victim, then pushing the firmware update as supplied by the manufacturer. In most cases this shouldn’t even require you to have the victim hardware on hand.

Scary Putin Guards Your Stash

October 8, 2012 by Mike Szczys 26 Comments

If anyone tries to take anything from this coin bank they’re going to have to brave the creepy looks that [Vladimir Putin] gives them. That’s because [Overflo] rigged up the wall hanging to react when you approach it. It’s all in the eyes, which open and turn red based on your proximity to the picture frame.

The frame itself is the ugliest thing [Overflo] could find at Ikea. He spray painted it gold and added an image of [Putin] with a zany background. At rest [Vlad] has his eyes closed. But the lids are connected to a servo motor to pull against the spring that keeps them shut. An infrared proximity sensor is used to trigger the eyelids when you get relatively close, but if you reach out your hand it will even light up the red LEDs hidden in the pupils of the eyes. See a demonstration of the setup in the video after the break.

Continue reading “Scary Putin Guards Your Stash” →