Building A Single-button Combination Lock

July 14, 2011 by Mike Nathan 15 Comments

single_button_arduino_combination_lock

[John Boxall] of Little Bird Electronics was thinking about combination locks, and how one might improve or at least change the way these locks work. Traditional combo locks can be implemented in a variety of ways, most of which we are all familiar with. Standard rotary padlock and keypad-based electronic safes work just fine, but he was interested to see how one might implement a single button combination lock.

[John] determined that the best, if not only way, to build this sort of lock would require him to measure button press intervals. In his case he decided to monitor the intervals between his button presses instead, but the concept is the same. He first tested himself to see how accurately he could press and release the button, leaving a one-second space between presses. After looking at the results he determined that he would need to incorporate at least a 10% margin for error into his code in order to compensate for human error.

He then created an Arduino sketch to test his idea, defining a set of key press intervals that could be used to ‘unlock’ his imaginary vault. It worked quite well, as you can see in the video demo below.

Now we’re not suggesting that you lock up your mint condition My Little Pony collection or your illegal arms stash with this type of lock, but it could be useful as an extra failsafe for certain projects/gadgets that you want to keep all to yourself.

Continue reading “Building A Single-button Combination Lock” →

Vodafone Femtocells Hacked, Root Password Revealed

July 14, 2011 by Mike Nathan 14 Comments

vodafone_femtocell_network_diagram

As phone systems have evolved over time, the desire to break them and exploit their usage continues to flourish. Just recently, [The Hacker’s Choice (THC)] announced that they had accessed secure data from Vodafone’s mobile phone network last year, via their femtocell product.

The purpose of the femtocell is to extend mobiile network coverage to locations where reception might not be ideal, routing calls to Vodafone’s network via IPSec tunnels. [THC] knew that this meant the femtocells required a high-level of interaction with the carrier’s traditional mobile network, so they started poking around to see what could be exploited.

After gaining administrative access to the femtocell itself using the root password “newsys”, they found that they were able to allow unauthorized users to utilize the service – a simple ToS violation. However, they also had the ability to force any nearby Vodafone subscriber’s phone to use their femtocell. This enabled them to request secret keys from Vodafone, which they could then use to spoof calls and SMS messages from the victim’s phone without their knowledge.

They have been kind enough to release all of the pertinent information about the hack on their wiki for any interested parties to peruse. Now we’re just wondering how long it takes before stateside carriers’ femtocells are exploited in the same fashion.

[Thanks, kresp0]

Shoulder Surfing With OpenCV

July 12, 2011 by Mike Nathan 14 Comments

shoulder_surfing_with_shoulder_pad

While it seems that many people are wise to shoulder surfing, keeping a lookout for anyone spying on their passwords, [Haroon] wrote in to remind us that the threat is just as real today as it ever was.

The subjects of his research are touch screen phones and tablets, which utilize on-screen keyboards for data entry. He says that while nearly all password entry boxes on these devices are obscured with the traditional line of asterisks, the keyboards themselves are quite an interesting vulnerability.

Since touch screen technology can be finicky at times, most vendors ship their devices with some sort of key press verification system. On the iPhone and iPad, for instance, each key is highlighted in blue following a button press. This functionality makes it quite easy for shoulder surfers to casually steal your password if you’re not paying attention.

But what if you are well aware of your surroundings? [Haroon] has developed a piece of software he calls shoulderPad, which is based on openCV that does the surfing for him. The application can monitor a video stream, live or recorded, extracting the user’s password from the highlighted button presses. His demonstrations show the recording taking place at a relatively close distance, but he says that it would be quite easy to use surveillance footage or zoom lenses to capture key presses from afar.

He does say that the button highlighting can be easily disabled in the iPhone’s options pane, which should negate this sort of attack for the most part.

Continue reading to see a quick video of shoulderPad in action.

Continue reading “Shoulder Surfing With OpenCV” →

Live CD For RFID Hacking On The Go

July 9, 2011 by Mike Nathan 12 Comments

live_rfid_sniffing_distro

[Milosch] wrote in to tell us that he has recently released a bootable RFID live hacking system – something he has been diligently working on for quite some time. The live distro can be used for breaking and analyzing MIFARE RFID cards, as well as a reasonable selection of other well-known card formats. The release is based off the Fedora 15 live desktop system, and includes a long list of RFID hacking tools, as well as some applications that allow for NFC tag emulation.

His toolkit also contains a baudline-based LF RFID sniffer package, allowing for a real-time waveform display of low frequency RFID tags. The LF sniffer makes use of a cheap USB sound card, as well as a relatively simple reader constructed from a handful of easy to find components.

We have seen some of [Milosch’s] handiwork before, so we are fairly confident that his toolkit contains just about everything you need to start sniffing and hacking RFID tags. If you’re interested in grabbing a copy of the ISO, just be aware that the live CD is only compatible with 64-bit systems, so older laptops need not apply.

Reverse Engineering VxWorks (which Replaces Linux On Newer Routers)

July 8, 2011 by Mike Szczys 25 Comments

The Linksys router seen about is a WRT54G version 1. It famously runs Linux and was the source of much hacking back in the heyday, leading to popular alternative firmware packages such as DD-WRT and Tomato. But the company went away from a Linux-based firmware starting with version 8 of the hardware. Now they are using a proprietary Real Time Operating System called VxWorks.

[Craig] recently put together a reverse engineering guide for WRT54Gv8 and newer routers. His approach is purely firmware based since he doesn’t actually own a router that runs VxWorks. A bit of poking around in the hex dump lets him identify different parts of the files, leading to an ELF header that really starts to unlock the secrets within. From there he carries out a rather lengthy process of accurately disassembling the code into something that makes sense. The tool of choice used for this is IDA Pro diassembler and debugger. We weren’t previously familiar with it, but having seen what it can do we’re quite impressed.

[Image via Wikimedia Commons]

Tweeting Home Alarm System

June 30, 2011 by Mike Nathan 9 Comments

Instructables user [willnue] wanted to build a DIY Tweeting alarm system from the ground up, but reconsidered after taking a close look at the scope of such a project. He settled on using an off the shelf security system, taking care of the Twitter interface on his own. He bought a GE 45142 Wireless alarm and promptly disassembled it to see how he might retrieve status messages from the unit.

He figured that monitoring the alarm’s LEDs would make the most sense, so he used a bit of Ethernet cable and wired all of the system’s indicators to his Arduino board. He hooked up an Ethernet shield to the Arduino, then wrapped the pair up in a plastic project box that closely matched the look of the security system. Once that was done, he wrote some simple code for the Arduino that monitors each of the alarm system’s six status lights, sending updates to Twitter via the ThingTweet service.

With this system you might not get your status messages in time to foil whoever is carrying off your plasma TV, but at least you will know what to expect once you get home!

If you want to keep tabs on [Will’s] security system to ~~find out the best time to rob him~~ see how things are going, check out his Twitter feed here.

DIY Servo Activated Door Lock With Capacitive Touch Keypad

June 30, 2011 by Mike Nathan 13 Comments

diy_servo_activated_door_lock_capacitive_touch

Since he was a kid [Giorgos Lazaridis] has always loved the idea of having an electronic door locking mechanism, and now that he has the means, he’s decided to construct one for securing the door to his apartment. He calls the project “simple and cheap”, though we’re not sure about the first part. Taking a look at his very detailed build log, you can see that he has invested quite a bit of time and effort into this impressive project.

Buying an off the shelf product was expensive and not a whole lot of fun, so [Giorgos] disassembled his door’s locking mechanism to see how he might be able to actuate the lock electronically himself. With minimal modifications to the lock, he was able to add a servo which reliably opens the it when triggered.

With the mechanical portion of the project out of the way, he spent a great deal of time working on the door’s electronic components, including the PIC-based controller and capacitive keypad. The keypad proved to be a bit of a problem, but after a few revisions he found a design that was both reliable and pleasing to the eye.

The locking mechanism works pretty well, as you can see in the video below, and [Giorgos] is quite pleased with the results.

Continue reading “DIY Servo Activated Door Lock With Capacitive Touch Keypad” →