A Suitcase For All Your Wardriving Needs

June 12, 2011 by Brian Benchoff 39 Comments

[Corrosion] sent in a tip about the Weaponised Auditing Response System he built inside a suitcase that, “has all the tools (and then some) for a wireless assault”.

The WARS is equipped with two WiFi adapters and two bluetooth adapters for all the wardriving and bluejacking anyone could ever want. [Corrosion] also included a 4 channel, 2.4GHz video scanner for warviewing. Everything runs off of a 12 inch netbook that will eventually run linux, and we’re really liking the 1970s suitcase aesthetic the WARS has – it looks like [Corrosion] is about to step into the set of a Beastie Boys video.

We were wondering about including a long range RFID sniffing antenna (PDF warning) behind the monitor of the suitcase’s monitor and asked [Corrosion] about it. He said it sounded doable, but is out of funds at the moment, so if you know how to build a cheap RFID antenna with a 50 foot range, drop [Corrosion] a line.

There’s a video demo with some stills of the build included after the break.

Continue reading “A Suitcase For All Your Wardriving Needs” →

Ubuntu Laika – An Android Phone Pen Testing Platform

June 9, 2011 by Mike Nathan 11 Comments

laika_screenshot

Once [Ruan] over at AndroidClone heard that Android devices were capable of running a full Linux environment, he started contemplating all of the things he might be able to do with a full Linux OS in his pocket.

He decided that a portable penetration testing platform would be great to have on hand, so he got busy installing Ubuntu 10.10 on his Lenovo LePhone. Once he had it up and running, he stripped out all of the unnecessary fluff and added some common tools such as Wireshark, Nmap, and Kismet, among others. He says it easily runs side by side with Android, allowing you to switch between the Ubuntu install and your standard Android applications with ease.

While this all started out as a proof of concept, he has continued to refine the project, releasing several new versions along the way. If you are interested in giving it a try, he has installation instructions available in the AndroidClone forums.

[thanks Stephen]

Wifon Is Back And Better Than Ever

June 8, 2011 by Mike Nathan No comments

wifon_v2

Hackaday forum member [Emeryth] recently posted his newest creation, the Wifon 2.0, which is an update to a project we featured last year. The second iteration of the device looks to make several improvements on the already solid concept.

Ditching the simple 16×4 LCD, version 2 sports a full color 320×240 touch panel LCD. A faster STM32 micro controller replaces the Atmega88 he used the first time around, allowing him to create a much more advanced user interface. The micro runs the ChibiOS/RT real time operating system, which enables multitasking, making the entire project a lot easier. Like the first version, an original Fonera performs all of the pen testing, though this time around he has ditched the vanilla DD-WRT distro for Jasager, which is purpose-built for running the Karma attack.

The project is coming along nicely, and [Emeryth] says he has a few simple apps running on the device already. He has found that running several applications on the device simultaneously is testing the practical limits of the Foneras capabilities, though he may add more memory to the router in order to squeeze a little more life out of it.

[via Hackaday forums]

Stripping DRM From OverDrive Media Console EBooks

June 7, 2011 by Mike Nathan 18 Comments

stripping_drm_from_overdrive_media_center_ebooks

[Armin Tamzarian’s] local library recently started lending eBooks via the OverDrive Media Console system. He checked out a couple of books, which got him thinking about how the copy protection scheme was implemented. He wondered what recourse users had if they wanted to view a book they have already checked out on a different, or unsupported piece of hardware.

His research centers around Adobe’s ADEPT digital rights management scheme, which is used to protect the books offered on loan by OverDrive. The topic is broken down into three parts, starting with an introduction to the EPUB file structure, the OverDrive Media Console, as well as the aforementioned ADEPT DRM scheme.

The second part takes a close look at the OverDrive Media Console itself, where he uses the ineptkey and ineptepub utilities written by [I♥CABBAGES] to pull the RSA cipher keys from the EPUB data he uncovered. When he then tries to strip the ADEPT DRM layer from his books however, he discovers that OverDrive is using a non-compliant version of the ADEPT standard, which renders existing tools useless.

The final part of [Armin’s] discussion digs even deeper into the OverDrive Console’s inner workings, where he finds that the OverDrive Media Console stores quite a bit of information in an SQLite database. After a bit of digging, he finds all the data he needs to strip the DRM from his books. [Armin] also took the time to wrap all of his findings up into a neat little tool called OMCStrip, which as you may have guessed, strips the DRM from ADEPT-protected eBooks with ease.

GPU Password Cracking Made Easy

June 1, 2011 by Mike Szczys 37 Comments

The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine he pitted the Cain password recovery tool which uses the CPU for its calculations against ighashgpu which uses ATI or Nvidia graphics cards to do the deed. Hands down ighashgpu is the fastest; with Cain taking about one year to crack an eight character password while ighashgpu can do it in under nineteen hours.

We were very interested to see how easy it is to use this package. We looked in on GPU cracking in September but didn’t focus on the software packages that are out there. Now that you know how easily your password can be unearthed perhaps you will get some use out of this article discussing the usability and security of longer passwords which we ran across over on Reddit.

A Keygen For The Real World

May 31, 2011 by Mike Nathan 39 Comments

key_generator

[Nirav] found that he rarely printed anything useful with his RepRap, so to shake things up, he decided he needed to work on a project that didn’t involve printing yet more RepRap parts.

The goal of his project was to create working replicas of house keys by simply using the code imprinted at the factory. He purchased a handful of used lock sets from eBay, then carefully measured the keys with a ruler and calipers to get the blank dimensions just right. After that was done, he looked around online and was eventually able to create an OpenSCAD model using a chart of pin depth specifications he located. By changing the last line in the model’s code he can print any coded key. For keys lacking a code, he can manually measure the height of each bit and print replicas that way as well. Once printed, he says that they keys are strong enough to turn most locks he has come across, including deadbolts.

This is undoubtedly a neat project in its own right, though we would be interested to see if someone could get it paired with a program like SNEAKEY to generate bit measurements by sight alone.

Reverse Engineering Embedded Device Firmware

May 30, 2011 by Mike Nathan 17 Comments

While not necessarily an easy thing to learn, the ability to reverse engineer embedded device firmware is an incredibly useful skill. Reverse engineering firmware allows you to analyze a device for bugs and vulnerabilities, as well as gives you the opportunity to add features if you happen to be so inclined. When it comes to things such as jailbroken iPhones, Android phones, and Nooks, you can guarantee that a close look at the firmware helped to move the process along.

[Craig] works with embedded systems quite frequently and put together a detailed walkthrough demonstrating how he reverse engineers device firmware. The subject of his hacking was a new firmware package he obtained for a Linksys WWAG120 Wireless-N router.

His tutorial walks through some of the most common reverse engineering methods and tools, which allow him to slowly unravel the firmware’s secrets. When finished, he had a working copy of the router’s boot loader, kernel, and file system – all ready to be further analyzed. His writeup includes tons of additional details, so be sure to swing by his site if reverse engineering is something you are interested in.