Remote Operated Security Gate Lets You Phone It In

March 2, 2011 by Mike Nathan 20 Comments

ring_detection_circuit

[Itay] has a friend who works in a rented office where the parking lot is secured by a remote-controlled gate. Unfortunately, while his friend shares an office with several people, they only received a single remote. To help his friends out, he built a small device that triggers the remote control whenever a phone call is received.

The remote modification was rather straightforward. He simply opened the device, adding a single wire to each button terminal. Rather than connect to the remote using wires, he decided to fit it with what looks like a scavenged DC power jack. The ring detector circuitry was constructed and stuffed in a small phone box, which is connected to the remote using a DC power plug. It’s a great solution to the problem, but let’s just hope no one gets a hold of the phone number they used for the trigger!

There are plenty of pictures on his site, as well as video of the ring detector being tested. Unfortunately [Itay] lost the original schematics for the circuit, so you will have to flesh that part out on your own if you wish to build a similar device.

Keep reading to see a few videos of the remote in testing and in use.

Continue reading “Remote Operated Security Gate Lets You Phone It In” →

Reverse Engineering Shopping Cart Security

February 28, 2011 by Mike Szczys 30 Comments

All this talk about 555 timers is causing projects to pop out of the woodwork like this one that reverse engineers a shopping cart security mechanism. The wheel seen above listens for a particular magnetic signal and when encountered it locks down the yellow cowl, preventing the wheel from touching the ground and making the cart very hard to move.

[Nolan Blender] acquired one of these wheels for testing purposes and he’s posted some details about the hardware inside. But the first thing he did was to put together some test equipment to help find out details about the signal that trips the mechanism. He connected a coil to an audio amplifier and walked around the market looking for strong signals. Once he found a few strong bursts with that equipment he grabbed an oscilloscope, hooked it to the coil, and made some measurements. He found an 8 kHz signal at a 50% duty cycle at 30 ms intervals (it would be hard to make a better case for why you need an oscilloscope).

With the specs in hand, [Nolan] grabbed two 555 timers, an audio amplifier, and a 200 turn antenna around a ferrite core to build his own locking mechanism. If you’re ever stopped short in the middle of the market, just look for the hacker at the end of the aisle holding the homemade electronics.

[Photo source]

[Thanks Colin]

Google Two-factor Authentication In A Wristwatch

February 27, 2011 by Mike Nathan 13 Comments

The Chronos watch from Texas Instruments is a handy little piece of hardware if placed in the right hands. If you are not familiar with the platform, it is marketed as a “wearable wireless development system that comes in a sports watch”. In plain English, it’s a wearable wireless MCU mated with a 96 segment LCD, that boasts an integrated pressure sensor and 3-axis accelerometer. It is capable of running custom firmware, which allows it to do just about anything you would like.

[Huan Trong] wanted to take advantage of Google’s new two-factor authentication, and decided his Chronos would make a great fob, since he would likely be wearing the watch most of the time anyhow. He put together some custom firmware that allows the watch to function as an authentication fob, providing the user with a valid Google passcode on command.

He does warn that the software is alpha code at best, stating that it doesn’t even allow the watch to keep time at the moment. We are definitely looking forward to seeing more code in the near future, keep up the great work!

Be sure to stick around to see a video of his watch in action.

Continue reading “Google Two-factor Authentication In A Wristwatch” →

Breaking The IClass Security

February 23, 2011 by Mike Szczys 9 Comments

iClass is a popular format of RFID enabled access cards. These are issued to company employees to grant them access to parts of a building via a card reader at each security door. We’ve known for a long time that these access systems are rather weak when it comes to security. But now you can find out just how weak they are and how the security can be cracked. [Milosch Meriac] delved deep into the security protocol for HID iClass devices and has laid out the details in a white paper.

The most invasive part of the process was breaking the copy protection on PIC 18F family of chips in order to read out the firmware that controls card readers. This was done with a USB to serial cable and software that bit-bangs its own implementation of the ICSP protocol. After erasing and attacking several chips (one data block at a time) the original code was read off and patched together. Check out [Milosch’s] talk at 27C3 embedded after the break, and get the code for the ICSP bit banging attacks from the white paper (PDF).

Continue reading “Breaking The IClass Security” →

Kindle 3.1 Jailbreak

February 23, 2011 by Mike Nathan 15 Comments

kindle_3_1_jailbreak

In the constant battle of manufacturers vs. jailbreakers, the turnaround time between a new software release and a new jailbreak seems to be getting shorter and shorter. [Yifan] noticed that a recent Kindle update broke a previous method of running unsigned code and started the search for a new workaround.

He eventually found a way to force the Kindle to run unsigned code based upon how the software update checked for digitally signed files. With that knowledge in hand, he discovered that he could trick the updater to run any file he wanted by exploiting the standard functionality found in the Unix ‘cat’ command.

On his site, [Yifan] provides more details, source code, and a compiled update file that performs the jailbreak for you. Much like the previous jailbreaks we have featured, it is perfectly legal to do, but you do risk voiding your warranty during the process.

[Picture via Amazon.com]

DARPA’s Hummingbird Spybot

February 22, 2011 by Mike Szczys 21 Comments

Nope, this isn’t some extravagant fishing lure, it’s the US Government’s newest way to spy on its ~~people~~ enemies. The hummingbird bot has no problems flying like an actual hummingbird while recording video. It was developed by a company called Aerovironment as part of a Defense Advanced Research Projects Agency (DARPA) contract. Of course details are scarce, but you can see the device flying around while broadcasting its video feed after the break. Sure, it’s making much more noise than you would expect from an actual hummingbird, but this is just the version that they’re shown off publicly, right?

It has certainly come a long way since the company was awarded the contract few years back. We assume that the hummingbird is the realization of research efforts pumped into their ornithopter project. Those proofs of concept from 2009 on what was called Project Mercury showed off a winged flyer in a controlled environment. To see this year’s model flying out in the open is pretty neat.

Continue reading “DARPA’s Hummingbird Spybot” →

Hard Drive Password Recovery

February 18, 2011 by Mike Szczys 23 Comments

Here’s a guide for recovering protection passwords from ATA hard drives (translated). These passwords are stored in a special area of the hard disk that also contains the firmware for the device. Normally you can’t get at them but [Supersonic] walks us through a method used to grab the data off of a Western Digital Scorpio drive. Booting into a program called MHDD you are able to bypass the BIOS (which won’t allow you to read protected data) and directly drive the SATA or PATA controller on your motherboard. Once you’ve dumped the data it can be viewed with a HEX editor, and if you know where to look you can grab the passwords that are locking the disk.

This reminds us of some of the original Xbox hacks which used a variety of methods to unlock the stock hard disk.