Signal Sniffing Some Laundry Pay Cards

April 30, 2012 by Mike Szczys 19 Comments

It seems that [Limpkin] was up to no good this weekend. He decided to snoop around inside a smart-card laundry machine. He posted about his ~~larceny~~ adventure and shared the details about how card security works with this machine.

We’re shocked that the control hardware is not under lock and key. Two screws are all that secures the panel to which this PCB is mounted. We know that machines using coins have a key lock, but perhaps there isn’t much need for that if there’s no currency to steal. [Limpkin] made a pass-through connector for the ribbon cable coming in from the card reader. That’s the rainbow cable you can see above and it’s being fed to his logic sniffer. He used the ‘card detect’ signal as a trigger and captured enough data to take back to his lair for analysis. Using what he found and a Bus Pirate to test the smart card he laid bare all the data that’s being sent and received by the controller.

Time To Get Serious About Going To LayerOne

April 26, 2012 by Mike Szczys 2 Comments

This year’s LayerOne Hacking and Security Conference is right around the corner. But it’s not too late to attend. You can still get a block-rate hotel room if you register by the end of April, and registration for the two-day event only costs a hundred bucks. It’s scheduled for May 26th and 27th in Anaheim California.

As usual, the Speaker lineup is quite impressive. Everything from Android Malware to embedded exploits and botnet adventures will be discussed. And then there’s the perennial favorite lock picking and hardware hacking villages. Did we mention badges? We’d bet it was this pick-and-place machine which helped assemble this year’s pile of badges. We haven’t seen any word on what they might include, but there’s a hacking contest so plan to pack your tools.

Hacking The Chronos And Exploring The ISM Bands

April 24, 2012 by Caleb Kraft 3 Comments

Take a few minutes and watch [atlas of d00m], at Shmoocon 2012, presenting information about using the RF dongle from the Chronos to explore ISM bands. Admittedly, I’m not very familiar with many of the things he discusses, but the words make sense. The bits and pieces I am familiar enough with to comprehend are truly fascinating. He covers typical methods of RF modulation as well as some hardware specific information to that dongle.

If you have a few minutes, or want more security related stuff, check out all the coverage from Shmoocon 2012. Tons of great videos here.

Continue reading “Hacking The Chronos And Exploring The ISM Bands” →

Poking At The Femtocell Hardware In An AT&T Microcell

April 12, 2012 by Mike Szczys 52 Comments

Here’s a picture of the internals of an AT&T Microcell. This hardware extends the cellular network by acting as its own cell tower and connecting to the network via a broadband connection. So if you don’t get service in your home, you can get one of these and hook it up to your cable modem or DSL and poof, you’re cellphone works again. [C1de0x] decided to crack one open and see what secrets it holds.

On the board there are two System-0n-Chips, an FPGA, the radio chip, and a GPS module. There is some tamper detection circuitry which [C1de0x] got around, but he’s saving that info for a future post. In poking and prodding at the hardware he found the UART connections which let him tap into each of the SoCs which dump data as they boot. It’s running a Linux kernel with BusyBox and there are SSH and ROOT accounts which share the same password. About five days of automated cracking and the password was discovered.

But things really start to get interesting when he stumbles upon something he calls the “wizard”. It’s a backdoor which allow full access to the device. Now it looks like the developers must have missed something, because this is just sitting out there on the WAN waiting for someone to monkey with it. Responses are sent to a hard-coded IP address, but a bit of work with the iptables will fix that. Wondering what kind of mischief can be caused by this security flaw? Take a look at the Vodafone femtocell hacking to find out.

Adding An Electronic Lock To A DIY Book Safe

April 11, 2012 by Mike Nathan 10 Comments

electronic-book-safe

DIY book safes are well and good, but if you give someone enough time to peruse your book collection, the 3-inch thick “Case study on Animal Husbandry Techniques during the 14th Century” is likely to stand out among your collection of hand-bound “Twilight” fan fiction. In an attempt to teach his friend a bit about microcontrollers and circuits, [Jonathan] spent some time adding a bit more security to your run of the mill book safe.

The pair started out with the time-consuming process of gluing the book’s pages together and creating enough hollow space for both storage and the electronics. With that out of the way, they installed a latch and servo motor inside the cavity, the latter of which is controlled using an Atmega328p with the Arduino bootloader. To gain access to the goodies stashed away inside, Jonathan hooks up a small PS/2 keypad and enters a passcode. This triggers the servo motor, opening the latch.

While the latch likely only adds a nominal bit of security to the book safe, it’s a fun enough learning exercise to justify the time spent putting it together.

Continue reading to see a short video of [Jonathan’s] electronic latching book safe in action.

Continue reading “Adding An Electronic Lock To A DIY Book Safe” →

Wireless Door Alarms Protect Your Stuff From Afar

April 10, 2012 by Mike Nathan 20 Comments

wireless-shed-alarm

[Webby] had a friend named [Steve], and as the story goes [Steve] had a few storage sheds on his property that were prone to break-ins.

While the doors were all fitted with a lock, wooden doors are only so strong, and are easy fodder for intruders bearing crowbars and the like. [Steve] was looking for a good way to know when people were poking their heads where they don’t belong, so he rigged up a set of simple alarms that let him know when it’s time to break out the shotgun.

On each of the shed doors, he installed a small IR proximity sensor wired up to a PIC12F675 microcontroller. The PIC is is connected to the “call” button a medium range wireless radio, so that whenever the IR sensor detects that the door is ajar, the PIC triggers an alert on the base unit.

The solution is simple, which we figure also makes it pretty reliable – nice job!

Apartment Entry Morse-code Lock

April 9, 2012 by Mike Szczys 20 Comments

[Bozar88] lives in an apartment building that has a buzzer at the front security door. Guests find your name on the panel next to that door, and press a button to ring the phone just inside the entry of each apartment unit. He decided to extend the built-in capabilities by adding a morse-code entry password which unlocks the security entrance automatically (translated).

He designed a circuit and etched his own board which fits nicely inside of the wall-mounted phone. It uses an ATtiny2313 to implement the coding functions. The device attaches to the intercom line in order to detect incoming button presses from the entry panel. There’s some protection here to keep the signal at or below 5V. The output is two-fold. The microcontroller can drive the microphone line using a transistor, which gives the user audio feedback when the code is entered. To unlock the door an opt-isolated triac (all in one package) makes the connection to actuate the electronic strike on the entry door.

The video after the break is not in English, but it’s still quite easy to understand what is being demonstrated.

Continue reading “Apartment Entry Morse-code Lock” →