Security Hacks

1540 Articles

Barcode Infiltrator

September 2, 2010 by 25 Comments

Whenever someone manages to expose vulnerabilities in everyday devices, we love to root for them. [Adrian] over at Irongeek has been inspired to exploit barcodes as a means to attack a POS database. Based on an idea from a Pauldotcom episode, he set out to make a rapid attack device, using an LED to spoof the signals that would be received by scanning a barcode. By exposing the POS to a set of generic database attacks, including XSS, SQL Injection, and other errors easily solved by input sanitation, he has created the first version of an automated system penetration device. In this case the hardware is simple, but the concept is impressive.

With the hardware explained and the source code provided, as well as a basic un-sanitized input cheat sheet, the would-be barcode hackers have a great place to start if they feel compelled to provide a revision two.

[Thanks Robert W.]

Hacking A Code-protected Hard Disk

August 26, 2010 by 26 Comments

Our friend [Sprite_TM] took a look at the security of a code-protected hard disk. The iStorage diskGenie is an encrypted USB hard drive that has a keypad for passcode entry. After cracking it open he found that the chip handling the keypad is a PIC 16F883 microcontroller. He poked and prodded at the internals and found some interesting stuff. Like the fact that there is an onboard LED that blinks differently based on the code entered; one way for the right code, another for the wrong code of the right number of digits, and a third for a wrong code with the wrong number of digits. This signal could be patched into for a brute force attacking but there’s a faster way. The microcontroller checks for the correct code one digit at a time. So by measuring the response time of the chip an attacker can determine when the leading digit is correct, and reduce the time needed to crack the code. There is brute force protection that watches for multiple incorrect passwords but [Sprite_TM] even found a way around that. He attached an AVR chip to monitor the PIC response time. If it was taking longer than it should for a correct password the AVR resets the PIC before it can write incorrect attempt data to its EEPROM. This can be a slow process, but he concluded it should work. We had fun watching the Flash_Destroyer hammer away and we’d like to see a setup working to acquire the the code from this device.

Burglar Alarm In A Zippo Lighter

August 26, 2010 by 10 Comments

surprisingly awesome

[Madmanmoe64] has really done a fantastic job with this burglar alarm built into a zippo.  He crammed a picaxe microcontroller, some IR LEDs, an IR sensor, a battery and various switches in there quite well. It almost closes perfectly, something we think he could remedy if it really bugged him that much.

It has several modes, all initiated by a different sequence of button presses. There is the proximity alarm, which sounds when something moves very close. The reverse proximity alarm which sounds when you remove something from its immediate vicinity.  A doorbell mode, and a silent alarm mode. Check out the video after the break to see it in action.

Continue reading “Burglar Alarm In A Zippo Lighter”

Modem Used In An Alarm System

August 25, 2010 by 22 Comments

This alarm system senses motion and then alerts you by phone. [Oscar] had an old external modem sitting around and, with some wise hardware choices, he came up with a simple circuit to use it. First up is the PIC 16F628A chosen because it doesn’t require an external crystal. This connects with the modem via a DS275 RS232 transceiver because it requires no external parts for connection. The final portion of the puzzle is a PIR sensor that triggers a pin interrupt in the sleeping PIC, which then dials your number to alert you. It doesn’t look like anything happens other than your phone ringing, but that’s enough for a simple system. We’re just happy to see how easy it was to use that modem… time to go hunting for one in dreaded junk trunk. Don’t miss the clip after the break.

Continue reading “Modem Used In An Alarm System”

Make IPhone A Penetration Testing Tool

August 18, 2010 by 27 Comments

[Nicholas Petty] has posted a guide to setting up your iPhone as a penetration tester. You already carry it around with you and, although not too beefy, it does have the hardware you need to get the job done. So if you’re not interested in building a drone or carrying around a boxy access point try this out. The first step is to jailbreak your device and setup OpenSSH so that you can tunnel in for the rest of the setup. From there the rest of the setup is just acquiring build tools and compiling pentesting programs like Aircrack-ng, Ettercap, Nikto2, and the Social Engineering Toolkit. You’ll be up to no good testing your wireless security in no time.

Drone Cracks WiFi From On High

August 18, 2010 by 47 Comments

The WiFi Aerial Surveillance Platform, or WASP for short, is an autonomous drone aircraft that sniffs out WiFi networks. But it packs a much larger punch than that. Built into this US Army surplus target drone you’ll find an ITX form-factor computer with a Via C7 500 MHz processor that is running Backtrack 4, the popular penetration testing Linux suite. But what if you want to do some real heavy lifting that the onboard PC can’t handle quickly? They’ve thought of that too. There’s an integrated 3G modem which allows for control over the Internet and facilitates the outsourcing of load-intensive operations to the cloud. It’s not shooting fireworks from the wings, but this payload has the potential to cause way more trouble.

[Thanks Spore]

Portable WiFi Penetration Testing

August 14, 2010 by 25 Comments

Inside this box you’ll find a La Fonera wireless access point. [Emeryth] and his band of miscreants built this portable device for WiFi security testing. The AP is running OpenWRT and has been set up to use the 16×4 character display as a terminal. An ATmega88 connects the LCD as well as six buttons to the UART of the La Fonera. From there, a set of Ruby scripts takes care of the communication protocol. As you can see after the break, this setup allows you to scan the area for WiFi, showing channel, SSID, and MAC information. Although not specifically outlined in the video we suspect there’s some more devious tricks up its sleeve too.

Continue reading “Portable WiFi Penetration Testing”