Security Hacks

1522 Articles

Breaking The IClass Security

February 23, 2011 by 9 Comments

iClass is a popular format of RFID enabled access cards. These are issued to company employees to grant them access to parts of a building via a card reader at each security door. We’ve known for a long time that these access systems are rather weak when it comes to security. But now you can find out just how weak they are and how the security can be cracked. [Milosch Meriac] delved deep into the security protocol for HID iClass devices and has laid out the details in a white paper.

The most invasive part of the process was breaking the copy protection on PIC 18F family of chips in order to read out the firmware that controls card readers. This was done with a USB to serial cable and software that bit-bangs its own implementation of the ICSP protocol. After erasing and attacking several chips (one data block at a time) the original code was read off and patched together. Check out [Milosch’s] talk at 27C3 embedded after the break, and get the code for the ICSP bit banging attacks from the white paper (PDF).

Continue reading “Breaking The IClass Security”

Kindle 3.1 Jailbreak

February 23, 2011 by 15 Comments

kindle_3_1_jailbreak

In the constant battle of manufacturers vs. jailbreakers, the turnaround time between a new software release and a new jailbreak seems to be getting shorter and shorter. [Yifan] noticed that a recent Kindle update broke a previous method of running unsigned code and started the search for a new workaround.

He eventually found a way to force the Kindle to run unsigned code based upon how the software update checked for digitally signed files. With that knowledge in hand, he discovered that he could trick the updater to run any file he wanted by exploiting the standard functionality found in the Unix ‘cat’ command.

On his site, [Yifan] provides more details, source code, and a compiled update file that performs the jailbreak for you. Much like the previous jailbreaks we have featured, it is perfectly legal to do, but you do risk voiding your warranty during the process.

[Picture via Amazon.com]

DARPA’s Hummingbird Spybot

February 22, 2011 by 21 Comments

Nope, this isn’t some extravagant fishing lure, it’s the US Government’s newest way to spy on its people enemies. The hummingbird bot has no problems flying like an actual hummingbird while recording video. It was developed by a company called Aerovironment as part of a Defense Advanced Research Projects Agency (DARPA) contract. Of course details are scarce, but you can see the device flying around while broadcasting its video feed after the break. Sure, it’s making much more noise than you would expect from an actual hummingbird, but this is just the version that they’re shown off publicly, right?

It has certainly come a long way since the company was awarded the contract few years back. We assume that the hummingbird is the realization of research efforts pumped into their ornithopter project. Those proofs of concept from 2009 on what was called Project Mercury showed off a winged flyer in a controlled environment. To see this year’s model flying out in the open is pretty neat.

Continue reading “DARPA’s Hummingbird Spybot”

Hard Drive Password Recovery

February 18, 2011 by 23 Comments

Here’s a guide for recovering protection passwords from ATA hard drives (translated). These passwords are stored in a special area of the hard disk that also contains the firmware for the device. Normally you can’t get at them but [Supersonic] walks us through a method used to grab the data off of a Western Digital Scorpio drive. Booting into a program called MHDD you are able to bypass the BIOS (which won’t allow you to read protected data) and directly drive the SATA or PATA controller on your motherboard. Once you’ve dumped the data it can be viewed with a HEX editor, and if you know where to look you can grab the passwords that are locking the disk.

This reminds us of some of the original Xbox hacks which used a variety of methods to unlock the stock hard disk.

Sniff Ethernet With A Throwing Star

February 18, 2011 by 14 Comments

[Michael Ossmann] came up with a nifty little device that arranges RJ45 plugs into a plus shape for the intent of sniffing Ethernet packets, and named it the “Throwing Star LAN Tap”. While the original design worked fine it does suffer some limitations such as being limited to 10/100 base networks, and one way only. This new version of the “Throwing Star LAN Tap” fixes those and adds some much needed convenience.

Gone are the male plugs, which requires couplers and are prone to break, and fiddly splices in favor of a throwing star shaped pcb, and female sockets. 1000 base networks are supported, but due to the workings of 1000 base and wanting to keep the device passive, capacitors are added to filter out the signal and force the network to drop down to 100 base. Sure, it may be an ugly hack, but it’s an ugly hack that fits in your pocket.

Electronic Tolling System

February 17, 2011 by 8 Comments

For us the hardest part of any project is coming up with the seminal idea. Once in a while you just need to cheat by recreating an existing product. That’s what EngineersGarage did with this toll plaza project. If you take a look around the various tabs at the top of that article you’ll see that they’ve used an 8051 microcontroller to bring together a character LCD, RFID reader, and a keypad. From there it’s a slew of coding to add the functionality for reading multiple tags, looking up stored value, and creating a replenishment system. Sure, it’s not really of much use in this form, but it’ll give you something to do with those shiny parts you have sitting around, and it might just lead you down a path to something more meaningful. As usual, there’s a demonstration video of this after the break.

If this doesn’t float your boat, perhaps this other RFID access system is more your thing.

Continue reading “Electronic Tolling System”

WWII’s Top Cryptography Comes To A Child’s Toy

February 15, 2011 by 12 Comments

This toy has some upgraded internals that turn it into an Enigma machine. We absolutely love the idea, as it takes a toy that your child may have grown out of, and uses it to provide teachable moments dealing with both history and mathematics. But who are we kidding? We want to make one just because it’s a fun project.

[Sketch] grabbed this toy from a thrift store because it has a full keyboard that he can use to make his own machine. It’s powered by an Arduino, with a four-line character LCD display taking the place of the original. His post covers the methods he used to figure out the keyboard wiring, and also contains a cursory overview of how the Enigma Machine functions. See a video of the finished project after the break.

If this wet your appetite, also check out the paper Enigma Machine we covered during Hackaday’s first year.

Continue reading “WWII’s Top Cryptography Comes To A Child’s Toy”