Steganography In Xkcd Comics Without The Img Alt Tag

March 10, 2012 by Brian Benchoff 28 Comments

Inspired by a recent Hackaday post [austin] decided to try his hand at steganography. Steganography, or ‘concealed writing’ has come a long way from ancient Greek slaves/couriers shaving their head, tattooing a message on their scalp, and regrowing their hair. We recently saw a music file masquerading as a picture of a kitten, but that method of hiding data required running a Ruby script. [austin] thought steganography would be a great way to hone his JavaScript skills, so he made an image encoder and decoder purely in JS and HTML.

Like the previous incarnation, [austin]’s work takes a regular .PNG image file and hides stuff in the pixel data. A few of the lower bits for each pixel are modified (three bits from the red and blue, two bits from the green – a good choice, the human eye is very sensitive to green) and a file is embedded inside the .PNG image.

For an example, [austin] embedded some stuff inside the xkcd comic underneath this post’s title. Even though the image is mostly white, we can’t see anything wrong with the colors. If you’d like to decode the message, [austin] put his encoder and decoder up on github. Feel free to take a shot at it.

USB Dongle Generates And Enters Your Passwords So You Don’t Have To

March 5, 2012 by Mike Nathan 45 Comments

usb-password-dongle

Like many businesses out there, [Joonas Pihlajamaa’s] employer requires him to change his password every few months. Instead of coming up with a complex, yet easy to remember password again and again, he built a small USB device to do the work for him.

He dismantled an old USB memory stick, fitting it with an ATtiny85 with its required components on a small piece of perfboard. Using the knowledge he gleaned from his previous USB HID tinkering, he programmed the ATtiny to act as a USB keyboard which enters his password for him whenever he plugs it in.

The USB dongle not only types his password in for him, it can generate a new password with a few simple keystrokes whenever he desires. Obviously it merely takes someone getting their hands on his USB stick to compromise security, but it does beat a Post-It under the keyboard any day.

Continue reading to see a short video of his USB password dongle in action, and be sure to swing by his site for more details on how it was all put together.

Continue reading “USB Dongle Generates And Enters Your Passwords So You Don’t Have To” →

This Image Contains A Hidden Audio Track

February 27, 2012 by Mike Szczys 60 Comments

This image contains a hidden audio track which you’re very familiar with. Well, it used to. We’d bet we messed up the careful encoding that [Chris McKenzie] used to hide data within an image when we resized the original.

He’s using a method called Steganography to hide a message in plain sight. Since digital images use millions of colors, you can mess with that color data just a bit and the eye will not really be able to pick up any difference. Each pixel has had the eight least significant bits swapped out for the data [Chris] is hiding. Since the image uses 24-bit color, the largest possible change (going from 0 to 255) in those bottom eight bits will only result in a color change of about 0.15%. And that’s only for one pixel; in most cases the change will be much less.

He shows his work, both decoding and encoding using Ruby, and even provides a one-liner which lets you playback the audio without downloading anything (just make sure you’ve got all of the dependencies installed). Never gonna give, you, up…

[via Reddit]

Sony Google TV Devices Running Unsigned Kernels

February 20, 2012 by Mike Szczys 18 Comments

The proud cry of “I am root” rings true once again, this time on Sony Google TV devices. Although a low-level exploit was found on previous firmware versions, a downgrade process lets you run unsigned kernels on updated TV or Bluray models of the Internet streaming devices.

These systems are Android-based, which currently run version 3.1 Honeycomb. This version patches the previous exploit, but with three different USB sticks you can downgrade, exploit, and upgrade to an altered and unsigned hack of the most recent kernel. This gives you the root access you may have been longing for, but other than the features discussed in the forum thread there’s not a whole lot of changes rolled into the exploit yet.

We’re always looking out for open source projects running on living-room devices and hope that someday we’ll see a branch of XBMC for the GTV. Until then we’ll just have to keep our fingers crossed for the viability of a RaspberryPI XBMC.

RFID Reader Gets User Inputs And Smart Card Write Capability

February 9, 2012 by Mike Szczys 4 Comments

[Navic] added a slew of abilities to his RFID reader. It’s now a full-featured RFID reader and smart card writer with extras. When we looked at it last time the unit was just an RFID and smart card reader in a project enclosure. You could see the RFID code of a tag displayed on the LCD screen, but there wasn’t a lot more to it than that.

The upgrade uses the same project enclosure but he’s added four buttons below the display. These allow him to access the different features that he’s implemented. The first one, which is shown in the video after the break, allows him to store up to six tags in the EEPROM of the Basic Stamp which drives the unit. He can dump these tag codes to a smart card (pictured above), but also has the option of interfacing with a PC to read from and write to that card.

We don’t think you can directly write RFID tags with the device, but we could be wrong.

Continue reading “RFID Reader Gets User Inputs And Smart Card Write Capability” →

Cheap WiFi Bridge For Pen Testing Or Otherwise

January 12, 2012 by Mike Szczys 18 Comments

Twenty three dollars. That’s all this tiny pen-testing device will set you back. And there really isn’t much to it. [Kevin Bong] came up with the idea to use a Wifi router as a bridge to test a wired network’s security remotely. He grabbed a TP-Link TL-WR703N router, a low-profile thumb drive, and a cellphone backup battery; all cheaply available products.

No hardware hacking is necessary to connect the three components. The only other preparation needed is to reflash the router firmware with OpenWRT and load it up with common pen-testing software packages like Netcrack and Airhack.

[Kevin] calls this a drop box, because you find an Ethernet jack, plug it in, and drop it there. You can then connect to the router via Wifi and begin testing the wired network security measures. We’re sure images of espionage pop into your head from that description, but we’re certain this can be useful in other ways as well. If you ever find yourself with an Ethernet connection but no access to Wifi this is a quick way to setup an AP.

Unshredding Paper

January 10, 2012 by Kevin Dady 50 Comments

[Roel] had read that people won the DARPA shredder challenge, but that their technology was kept a secret, interested in this concept he also remembered an episode of the X-Files where they had reconstructed shredded paper using a computer system. Unlike most computer based TV show BS this did not seem to be too far fetched so he went about trying it himself.

First a note is written, and then cut up into strips, the strips are then scanned into a computer where the magic happens. Next each strip outlined in polygons and then the software is to follow the polygon outline looking for a change in color at the pixel level. The software then goes into a pattern matching mode and reassembles the paper based on a scoring system.

While not many people use old fashioned strip shredders anymore, the basic idea works and if you really wanted to expand it could be applied to cross cut or particle shredders.