Buzzle: A Morse Code Puzzle Box

January 21, 2010 by Caleb Kraft 11 Comments

[lucasfragomeni] built the Buzzle after being inspired by the reverse geocache puzzle. The Buzzle was built as a gift to a friend. It’s a tricky gift too. His friend can’t open it until he decodes the words being displayed in morse code via an LED. A word is chosen at random, so you would have to decode it each time you want to open the box. That’s a pretty neat security feature. Sure it’s not the most secure, but it would keep casual peepers out. Unfortunately, the box was empty when his friend received it.

NES Console To Cartridge Security In Depth

January 20, 2010 by Mike Szczys 45 Comments

[Segher] has reverse engineered the hardware and command set for the NES CIC chips. These chips make up the security hardware that validates a cartridge to make sure it has been licensed by Nintendo. Only after authentication will the console’s CIC chip stop reseting the hardware at 1 Hz. The was no hardware information available for these chips (go figure) so [Segher] had to do some sleuthing with the tools at hand which include some rom dumps from the chip pairs. He was nice enough to share his findings with us. We’re betting they’re not of much use to you but we found it an interesting read.

[Thank ppcasm]

[Photo credit: Breaking Eggs and Making Omelets]

Russian Billboard Includes A “happy Ending”

January 16, 2010 by Mike Szczys 67 Comments

It seems someone hacked into one of LED billboards and added porn video clips to the rotation of advertisements. We caught a glimpse before YouTube yanked it. We’ve pixelated the shot above which already had some blackbox censorship from the OP but we assure you, it was hardcore porn.

The 9-by-6 meter billboard is in downtown Moscow. The AP is reporting that this caused something of a traffic jam and shocked passersby. We’ve seen porn before, but have to admit that even knowing what to expect in the video it was a bit shocking for us to see cars driving by a giant sex scene. This is certainly much more of a distraction than leaving clever messages on the side of the road.

Does anyone know what technology is used to update these billboards? We’re curious as to whether physical access to the unit is necessary for this kind of attack. Leave your insights in the comments.

[Thanks Sean]

Start The Car With A Wave Of Your Hand

January 14, 2010 by Mike Szczys 74 Comments

[Jair2K4] likes his RFID almost as much as he likes his chaw. Ever since his car was stolen he’s had to start it using a screwdriver. Obviously this is not a good way to leave things so he decided to convert his starter to read an RFID tag. He installed an RFID transponder he picked up on eBay, wiring it to the ignition switch. He’s removed the clutch-check sensor and wired a rocker switch to enable the RFID reader. We presume the rocker switch will eventually be used to shut the car off as well.

While most would have purchased a key-chain RFID tag, [Jair2k4] went far beyond that and had the tag implanted in his hand. This is an honor usually reserved for pets and until he adds RFID functionality to the door locks maybe a key fob would have been a better answer. But, to each his own. See his short demonstration video after the break.

Continue reading “Start The Car With A Wave Of Your Hand” →

Kodak Digital Frame Vulnerability

January 11, 2010 by Mike Szczys 17 Comments

Kodak managed to release a product with a big fat security vulnerability. [Casey] figured out that the Kodak W820 WiFi capable digital frame can be hijacked for dubious purposes. The frame can add Internet content as widgets; things like Facebook status, tweets, and pictures. The problem is that the widgets are based on a feed from a website that was publicly accessible. The only difference in the different feed addresses is the last two characters of the frame’s MAC address. Feeds that are already setup can be viewed, but by brute-forcing the RSS link an attacker can take control of the feeds that haven’t been set up yet and preload them with photos you might not want to see when you boot up your factory-fresh frame.

It seems the hole has been closed now, but that doesn’t diminish the delight we get from reading about this foible. There’s a pretty interesting discussion going on in the thread running at Slashdot.

[Photo credit]

Spy On Your Office

January 7, 2010 by Jakob Griffith 30 Comments

[Garagedeveloper] sent us his custom surveillance system, part 1, part 2, and part 3 after needing a way to find out why some cables at work were becoming unplugged (spoiler, the cleaners were messing up the wiring). At the base of the system is a web cam glued to a stepper motor. However, it gets much more in depth with a web front-end that allows the user to stream the feed and control the position of the stepper. We’re not particularly fond of how many different parts the project takes, while it all could be accomplished under C# with ASP.NET and parallel port library instead of including Arduino and excess code, but to each their own and the project turned out a success anyway.

Arduino Security With Frickin’ Laser

January 3, 2010 by Mike Szczys 15 Comments

[over9k] used his Arduino to set up a laser trip wire. The laser is mounted along side the Arduino, reflects off of a mirror, and shines on a photoresistor that interfaces via a voltage divider. The signal from the voltage divider is monitored for a change when the laser beam is broken. [over9k] set things up so that a webcam snaps a picture of the intruder and Twitters the event for easy notification. Video after the break walks through each of these steps.

This build is a bit rough around the edges but unlike other laser trip wires this keeps all the electronics in one place. The laser interface could be a bit more eloquent, and we’re wondering just how much current it is pulling off of the Arduino pins. But if you’re bored and have this stuff on hand it will be fun to play around with it. Continue reading “Arduino Security With Frickin’ Laser” →