USB And PS/2 Key Loggers And Mess With Your Grammar

November 2, 2011 by Mike Szczys 15 Comments

[Irongeek] is up to his old tricks once again with this new key logger prototype. It’s in the early stages, as attested by the breadboard built circuit, but [Adrian] still gives us a demo video after the break showing where he’s at right now. It comes in two flavors, the USB pass through seen above, or another that still connects to the computer via USB but functions with a PS/2 keyboard.

Aside from the obvious issue of a key logger stealing everything you type, there’s some prank value in this device too. The Teensy has more than enough processing power to watch what you typing and make changes as it goes. He shows off blatant rewrites, like changing “has” to “haz” or “you” to “U”. We think it would be better to change things like “they’re” to “their” or “it’s” to “its”. These would be very difficult to see happening and if you added randomness to how often the replacements occur, your victim would sooner come to the conclusion that they’re going crazy than that they’re the target of a little hazing. In fact, that’s probably the reason for our own grammar errors though the years; blast!

Continue reading “USB And PS/2 Key Loggers And Mess With Your Grammar” →

PocketStation As Two-factor Authentication

October 30, 2011 by Brian Benchoff 7 Comments

[DarkFader] sent in his build that implements two-factor authentication on a Sony PocketStation.

The PocketStation was a PS1 accessory intended to be a competitor to the Dreamcast VMU. [DarkFader] wrote an app for his PocketStation using a fabulous PocketStation emulator and uploaded it with the PS3 memory card adapter and MCRWwin.

The PocketStation app (available here) takes a key and hashes it with the current time to generate a six digit code. Combined with Google’s support for two-factor authentication, [DarkFader]‘s memory card provides access to his Google profile.

Two-factor authentication is also used in RSA SecurID key fobs that were compromised earlier this year. This lead to a huge number of companies being penetrated. For a single person, obscurity is a reasonable (but still ultimately futile) means of providing a little more security, but a PocketStation hack is still pretty cool.

Check out the video after the break that shows [DarkFader] using his PocketStation token.

Continue reading “PocketStation As Two-factor Authentication” →

Giving Siri The Keys To Your House

October 24, 2011 by Mike Szczys 30 Comments

We haven’t really covered many hacks having to do with Apple’s newest iPhone feature Siri. We’d bet you’ve already heard a bunch about the voice-activated AI assistant and here’s your chance to give it the keys to your house. This project uses Siri to actuate the deadbolt on an entry door in a roundabout sort of way.

This is really just a Siri frontend for an SMS entry system seen in several other hacks. The inside of the door (pictured above) has a servo motor mounted next to, and attached via connecting rod with, the lever-style deadbolt. An Arduino equipped with a WiFly shield controls that servo and is waiting for instructions from the Google app engine. But wait, they’re not done yet. The app engine connects to a Twilio account which gives it the ability to receive SMS messages. Long story short; Siri is sending a text message that opens the door… eventually. You can seen in the demo after the break that the whole process takes over twenty seconds from the time you first access Siri to the point the bolt is unlocked. Still, it’s a fine first prototype.

There’s a fair amount of expensive hardware on that door which we’d like to see converted to extra feaures. [CC Laan] has already added one other entry method, using a piezo element to listen for a secret knock. But we think there’s room for improvement. Since it’s Internet connected we’d love to see a sensor to monitor how often the door is opened, and perhaps a PIR sensor that would act as a motion-sensing burglar alert system.

Don’t need something this complicated? How about implementing just the secret knock portion of the hack?

Continue reading “Giving Siri The Keys To Your House” →

RF Sniffing On-the-go

October 8, 2011 by Mike Szczys 2 Comments

It’s been a while since we checked in on [Travis Goodspeed]. His latest post makes RF sniffing with the Next HOPE badge more portable by ditching the need to display data on a computer. He’s built on the work he did at the beginning of the year, replacing the FTDI chip on the badge with a Bluetooth module. Now he can use his Nokia N900 as a GoodFET terminal to not only display the packets pulled from the air, but the control the badge as well.

Previously, the client running on the computer was communicating with the badge via a serial connection. To get it working on the N900 [Travis] transitioned from using py-serial over to using py-bluez. All of the code changes are available from the GoodFET repository.

He’s got a few other tricks planned for this concept. He put in a parts order to add Bluetooth to the Girltech IM-ME. The pretty pink pager has the same radio chip on board, so adding Bluetooth connectivity will allow it to be used in the same way. There are also plans in the works to add a couple other packet sniffing protocols to the bag of tricks, including ZigBee.

Hackerspace Competition Combines Drinking And Lock Picking – Need We Say More?

October 7, 2011 by Mike Nathan 8 Comments

rumble_challenge_lockpicking_contest

The guys from Bloomington’s Fraternal Order of Lock Sport (FOOLS) sure know how to throw a party! At this year’s DerbyCon event down in Louisville, the group put on an awesome event that combined lockpicking and drinking – what could be better?

The Rumble Challenge is lock picking game where six people compete head to head for the best time. Whenever a competitor masters his lock, the competition is paused so that each player has a chance to take a shot from their air-powered shot dispensing machine. Once everyone has imbibed, the next round starts with the competitors picking up where they left off, in an effort to be the next to successfully open his lock.

The game is controlled by an Arduino, which both times the competition and senses when the locks have been opened. The Arduino relays this data to a computer, which uses a projector to display the contestant’s scores on a big screen. As an added bonus, FOOLS member [dosman] added loud rumble motors to the locking mechanisms in order to throw competitors off their game.

The contest sounds like a ton of fun – we’re bummed that we missed it. If you want to see how the game was put together, check out [dosman’s] build log over at the Bloominglabs wiki.

WiFi Jamming Via Deauthentication Packets

October 4, 2011 by Mike Szczys 109 Comments

[Elliot] put together an intriguing proof-of-concept script that uses repeated deauthentication packet bursts to jam WiFi access points. From what we can tell it’s a new way to use an old tool. Aircrack-ng is a package often seen in WiFi hacking. It includes a deauthentication command which causes WiFi clients to stop using an access point and attempt to reauthenticate themselves. [Elliot’s] attack involves sending repeated deauthenitcation packets which in essence never allows a client to pass any data because they will always be tied up with authentication.

After the break you can see a video demonstration of how this works. The script detects access points in the area. The attacker selects which ones to jam and the script then calls the Aircrack-ng command. If you’ve got an idea on how to protect against this type of thing, we’d love to hear about. Leave your thoughts in the comments.

Continue reading “WiFi Jamming Via Deauthentication Packets” →

Fake PS3 Tracks Thieves All The Way Home

September 30, 2011 by Mike Nathan 73 Comments

ps3_tracking_system

One of [Wayne’s] relatives had their house robbed during a blizzard/extended power outage, and as is typically the case, none of the stolen items were recovered. His nephew’s PS3 was among the pilfered belongings, which didn’t sit well with him. Taking a cue from police “bait cars”, he thought it would be cool to fit a dummy game console with a tracking device, should anything similar happen in the future.

He bought a hollowed out PS3 shell on eBay, filling it with an Arduino, an accelerometer, a GPS sensor, a small GSM modem with a prepaid SIM card, and a reasonably sized LiPoly battery. The system usually sits in a sleeping state, but when the accelerometer senses motion, the Arduino powers up the GSM modem and sends an SMS security alert to his mobile phone. Using his phone to control the tracking system via SMS, he can request GPS coordinates and directional information, which can then be relayed to the police.

His tracking system is a great idea since hawking stolen game consoles are easy money for thieves. If there happens to be a string of robberies in your neighborhood, you could certainly rest a little bit easier knowing that your Playstation doppelganger will let you know if someone is looting your house.