This Man Will Take Your Picture While Macing You

January 29, 2013 by Brian Benchoff 40 Comments

pepper

Odds are you don’t have a photographic memory, so if you ever have to mace someone, you probably won’t remember exactly what your attacker looks like. Compound that with talking to the police and looking at a few dozen mug shots, and it’s highly unlikely you’ll ever be able to identify the person you maced. This was the problem [John], [Cordelia], and [Adrian] chose to solve for [Bruce Land]’s microcontroller course at Cornell this semester.

The device they created, PepGuard, adds a microcontroller and a serial JPEG camera to a canister of pepper spray. When the button on top is pressed, the microcontroller flashes a LED, takes a picture with a camera, and sends that picture to a phone over a Bluetooth connection.

PepGuard is always connected to the user’s phone via Bluetooth, and this allows for some interesting possibilities. With their Android app, the team can set up the phone to call emergency services when the device is activated.

You can check out the demo of the device after the break, or read the team’s report here.

Continue reading “This Man Will Take Your Picture While Macing You” →

Breaking The MintEye CAPTCHA One More Time

January 29, 2013 by Brian Benchoff 20 Comments

minteye

A while back we saw the MintEye CAPTCHA system – an ‘are you human’ test that asks you to move a slider until an image is de-swirled and de-blurred – cracked wide open by exploiting the accessibility option. Later, and in a clever bit of image processing, the MintEye CAPTCHA was broken yet again by coming up with an algorithm to detect if an image is de-swirled and de-blurred.

It appears we’re not done with the MintEye CAPTCHA yet (Russian, translation). Now the MintEye CAPTCHA can be broken without any image processing or text-to-speech libraries. With 31 lines of Java, you too can crack MintEye wide open.

The idea behind the hack comes from the fact that blurred images will be much smaller than their non-blurred counterpart. This makes sense; the less detail in an image, the smaller the file size can be. Well, all the pictures MintEye delivers to your computer – 30 of them, one for each step of swirl and blurring – are the same size, meaning the ‘wrong answer’ images are padded with zeros at the end of the file.

There’s a 31 line program on the build page that shows how to look at thirty MintEye images and find the image with the fewest zeros at the end of the file. This is, by the way, the correct answer for the MintEye CAPTCHA, and has a reproducibility of 100%.

So, does anyone know if MintEye is a publicly traded company? Also, how exactly do you short a stock?

Extracting Data With USB HID

January 26, 2013 by Brian Benchoff 59 Comments

sd_adaptor

High security workstations have some pretty peculiar ways of securing data. One of these is disabling any USB flash drives that may find their way into a system’s USB port. Security is a cat and mouse game, so of course there’s a way around these measures. [d3ad0ne] came up with a way of dumping files onto an SD card by using the USB HID protocol.

We’ve seen this sort of thing before where a microcontroller carries an executable to extract data. Previously, the best method was to blink the Caps Lock LED on a keyboard, sending one bit at a time to a micocontroller. [d3ad0ne]’s build exploits the USB HID protocol, but instead of 1 bit per second, he’s getting about 10kBps.

To extract data from a system, [ d3ad0ne] connects a Teensy microcontroller to the USB port. After opening up Notepad, [ d3ad0ne] mashes the Caps Lock key to force the Teensy to type out a script that can be made into an executable. This executable is a bare-bones application that can send any file back over the USB cable to the Teensy where it’s stored on an SD card. Short of filling the USB ports in a workstation with epoxy, there’s really no way to prevent secure files from leaking out of a computer.

Improved Hourglass Entropy

January 25, 2013 by Mike Szczys 16 Comments

improved-hour-glass-entropy

[Wardy] built himself a high quality entropy source with parts he had lying around. It’s based on the hourglass entropy project we saw in a links post earlier this month. Just like that project, he is bouncing a laser off of the falling sand and reading the result. But he brings a few innovations to the party, and has test results to back up his work.

The first change is an obvious one; motorize the hourglass so that you don’t need to flip it by hand. We thought this might mess with the laser alignment but the clip after the break proved us wrong. He changed up the sensor, using an LED connected to the base of an NPN transistor. The next change was to mount the light sensor at an angle to the laser rather than straight on. This picks up reflections of the laser and not the direct beam itself, resulting in a wider range of readings.

He used an Ethernet shield to get the system on the network. It’s pushing 420k random numbers per second and was tested with the DieHarder suite. It didn’t get a very high score, but it did pass the test.

Continue reading “Improved Hourglass Entropy” →

An Attempt To Replace Multiple RFID Cards With A Single Hacked-together Tag

January 21, 2013 by Mike Szczys 31 Comments

It’s kind of a convoluted title, but [Hudson’s] attempt to replace multiple HID Prox cards with one AVR chip didn’t fully pan out. The project started when he wanted to reduce the number of RFID access cards he carries for work down to just one. The cards use the HID Proximity protocol which is just a bit different from the protocols used in most of the hobby RFID projects we see. He ended up taking an AVR assembly file that worked with a different protocol and edited it for his needs.

The device above is the complete replacement tag [Hudson] used. It’s just an AVR ATtiny85 and a coil made of enameled wire. The coil pics up current from the card reader’s magnetic field, and powers the chip through the leakage on the input pins (we’ve seen this trick a few times before). The idea he had was to store multiple codes on the device and send them all in a row. He was able to get the tag to work for just one code, but the particulars of the HID Prox reader make it difficult if not impossible to send multiple codes. The card must send the same code twice in a row, then be removed from the magnetic field before the reader will poll for another combination.

Brute Force Finds The Lost Password For An Electronic Safe

January 21, 2013 by Mike Szczys 24 Comments

brute-force-an-electronic-safe

[Teatree] tells a sad, sad story about the lost password for his fire safe. The electronic keypad comes with a manufacturer’s code as well as a user selected combination. Somehow he managed to lose both of them, despite storing the user manual safely and sending the passwords to himself via email. He didn’t want to destroy the safe to get it open, and turning to the manufacturer for help seemed like a cop-out. But he did manage to recover the password by brute forcing the electronic keypad.

There is built-in brute force protection, but it has one major flaw. The system works by enforcing a two-minute lockout if a password is entered incorrectly three times in a row. But you can get around this by cutting the power. [Teatree] soldered a relay to each set of keypad contacts, and another to the power line and got to work writing some code so that his Arduino could start trying every possible combination. He even coded a system to send him email updates. Just six days of constant attacking netted him the proper password.

Breaking The Minteye Captcha Again

January 19, 2013 by Brian Benchoff 16 Comments

cap

A few days ago we saw a post from [samuirai] at the Shackspace hackerspace in Stuttgart on breaking the minteye captcha system. Like most other captcha cracks, [samuirai] used the voice accessibility option that provides an audio captcha for blind users. Using the accessibility option is a wonderful piece of work, but [Jack] came up with an even more elegant way to defeat the minteye captcha.

For those unfamiliar, the minteye captcha provides a picture tossed through a swirl filter with a slider underneath. Move the slider left or right to eliminate the swirl and you’ve passed the, “are you human” test. Instead of looking for straight lines, [Jack] came up with a solution that easily defeats the minteye captcha in 23 lines of Python: just minimize the length of all the edges found in the pic.

The idea behind the crack is simply the more you swirl an image, the longer the edges in the image become. Edge detection is a well-studied problem, so the only thing the minteye cracking script needed to do was to move the slider for the captcha from the left to the right and measure the lengths of all the edges.

[Jack] included the code for image processing part of his crack, fortunately leaving out the part where he returns an answer to the minteye captcha. For that, and a very elegant way to crack a captcha, we thank him.