RFID Entry Uses Homemade Electronic Strike

September 9, 2010 by Mike Szczys 22 Comments

[Fileark] built an RFID entry system that uses a pretty ingenious alternative to an electronic strike plate. An electronic strike is a rather expensive hinged plate that mounts in the door frame and catches the door latch. But this system opens a set of double doors. The door without the handle is fixed in place and has a normal strike plate. But it also has a deadbolt mounted in line with that plate. When the deadbolt is extended it is flush with the strike plate, pushing the latch from the door knob back and freeing the door to swing open. This is a bit hard to put into words so watch the video after the break to clear things up.

The system uses a cheap RFID package that provides a single signal line. This line connects to an old VCR motor which turns the deadbolt. Timing is provided by a 555 chip, and the deadbolt movement is limited by a couple of switches mounted along with the motor.

Now that the unlocking mechanism has been built it would be simple to use other authentication methods for unlocking the door, like a wristwatch-based proximity system.

Continue reading “RFID Entry Uses Homemade Electronic Strike” →

Password Exploitation Classes Online

September 9, 2010 by Caleb Kraft 9 Comments

open sesame

Irongeek.com is hosting an online class on password exploitation. The event was a fundraiser called ShoeCon, but they are hosting the entire series for everyone to share. Not only are the videos there, but you can download the powerpoint slides as well. There is a massive amount of information here on various topics like Hashcat, OCLHashcat, Cain, SAMDump2, Nir’s Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win. There’s so much info, they split it into 3 sections. The videos are fairly long, between 1 and 2.5 hours each. What might surprise people is the amount of time that google is actually one of the main tools.

These videos can be a fantastic resource for hobby hackers, IT admins, and security professionals.

Face-slapping Security Gaff In Stored-value Cards

September 7, 2010 by Mike Szczys 39 Comments

The laundry machines at [Hans Viksler’s] apartment were converted over from coin operation to stored value cards. We’ve all dealt with these cards before and [Hans] thought it would be fun to do a little sniffing around at how this particular company implements them. We’ve covered how to read these cards and there have been several stories regarding how to bypass the security that they use.

But [Hans] wasn’t interested in stealing value, just in seeing how things work. So he stuck the card in his reader and after looking around a bit he figured out that they use the Atmel AT88SC0404C chip. He downloaded the datasheet and started combing through the features and commands. The cards have a four-wrong-password lockout policy. He calculated that it would take an average of over two million cards to brute force the chip’s stored password. But further study showed that this is a moot point. He fed the default password from the datasheet to his card and it worked.

We know it takes quite a bit of knowledge for the average [Joe] to manipulate these cards at home, but changing the default password is literally the very least the company could have done to protect their system.

Barcode Infiltrator

September 2, 2010 by James Munns 25 Comments

Whenever someone manages to expose vulnerabilities in everyday devices, we love to root for them. [Adrian] over at Irongeek has been inspired to exploit barcodes as a means to attack a POS database. Based on an idea from a Pauldotcom episode, he set out to make a rapid attack device, using an LED to spoof the signals that would be received by scanning a barcode. By exposing the POS to a set of generic database attacks, including XSS, SQL Injection, and other errors easily solved by input sanitation, he has created the first version of an automated system penetration device. In this case the hardware is simple, but the concept is impressive.

With the hardware explained and the source code provided, as well as a basic un-sanitized input cheat sheet, the would-be barcode hackers have a great place to start if they feel compelled to provide a revision two.

[Thanks Robert W.]

Hacking A Code-protected Hard Disk

August 26, 2010 by Mike Szczys 26 Comments

Our friend [Sprite_TM] took a look at the security of a code-protected hard disk. The iStorage diskGenie is an encrypted USB hard drive that has a keypad for passcode entry. After cracking it open he found that the chip handling the keypad is a PIC 16F883 microcontroller. He poked and prodded at the internals and found some interesting stuff. Like the fact that there is an onboard LED that blinks differently based on the code entered; one way for the right code, another for the wrong code of the right number of digits, and a third for a wrong code with the wrong number of digits. This signal could be patched into for a brute force attacking but there’s a faster way. The microcontroller checks for the correct code one digit at a time. So by measuring the response time of the chip an attacker can determine when the leading digit is correct, and reduce the time needed to crack the code. There is brute force protection that watches for multiple incorrect passwords but [Sprite_TM] even found a way around that. He attached an AVR chip to monitor the PIC response time. If it was taking longer than it should for a correct password the AVR resets the PIC before it can write incorrect attempt data to its EEPROM. This can be a slow process, but he concluded it should work. We had fun watching the Flash_Destroyer hammer away and we’d like to see a setup working to acquire the the code from this device.

Burglar Alarm In A Zippo Lighter

August 26, 2010 by Caleb Kraft 10 Comments

surprisingly awesome

[Madmanmoe64] has really done a fantastic job with this burglar alarm built into a zippo. He crammed a picaxe microcontroller, some IR LEDs, an IR sensor, a battery and various switches in there quite well. It almost closes perfectly, something we think he could remedy if it really bugged him that much.

It has several modes, all initiated by a different sequence of button presses. There is the proximity alarm, which sounds when something moves very close. The reverse proximity alarm which sounds when you remove something from its immediate vicinity. A doorbell mode, and a silent alarm mode. Check out the video after the break to see it in action.

Continue reading “Burglar Alarm In A Zippo Lighter” →

Modem Used In An Alarm System

August 25, 2010 by Mike Szczys 22 Comments

This alarm system senses motion and then alerts you by phone. [Oscar] had an old external modem sitting around and, with some wise hardware choices, he came up with a simple circuit to use it. First up is the PIC 16F628A chosen because it doesn’t require an external crystal. This connects with the modem via a DS275 RS232 transceiver because it requires no external parts for connection. The final portion of the puzzle is a PIR sensor that triggers a pin interrupt in the sleeping PIC, which then dials your number to alert you. It doesn’t look like anything happens other than your phone ringing, but that’s enough for a simple system. We’re just happy to see how easy it was to use that modem… time to go hunting for one in dreaded junk trunk. Don’t miss the clip after the break.

Continue reading “Modem Used In An Alarm System” →