Bluetooth Based Pseudorandom Number Generation

December 19, 2009 by Mike Szczys 19 Comments

[MS3FGX] has done an interesting study about using Bluetooth adapters as a source for Pseudorandom Number Generation (PRNG). As it turns out, the Bluez package has a function that calls a remote Bluetooth adapter to return a random number. He picked up 10 compatible adapters for about $30 from DealExtreme and set about assembling some numbers to see how this compares to an OS-based PRNG.

Because millions of samples are needed for an accurate comparison, time became a problem. The adapters are a little bit slow responding to a request, sending just 4800 numbers in the first 30-second test. This can be overcome with multiple adapters being accessed by multiple computers for hours at a time. What can this be used for? Your guess is as good as ours, but [MS3FGX] has done a great job of writing up his tests. He’s also made a set of 20.7 million randomly generated values available if you want to generate your own statistical analysis.

How To Root A Nook

December 17, 2009 by Mike Szczys 16 Comments

Here’s the latest in rooted consumer devices, nookdevs.com has rooted the Barnes & Noble Nook eBook reader. The process is extremely easy, as the operating system is stored on a 2GB SD card inside the device. In fact, once you have the case open the hard part is over. From there, the card should be backed up for safe keeping. Now mount the card, enable the Android Debug Bridge and reassemble. The Android SDK can then be used to log into a shell on the Nook wirelessly.

We’re not sure there’s much that can be done past this point yet. It’s up to you to get Doom running!

GSM Enabled Security Door

November 28, 2009 by Mike Szczys 14 Comments

The security door at the front of [Oliver’s] building uses an intercom system to let in guests remotely. Each unit has an intercom handset with a button that unlocks the door. [Oliver] wanted a way to enter without carrying any extra items so he built a system to unlock the door with his cell phone.

He patched into the intercom and attached a GSM module. The module runs python so he wrote a script that will monitor the entryway buzzer, then wait for an approved cell phone connection to unlock it. He went through a couple of different iterations for the final project. The first attempt used XBee modules to communicate between the intercom handset and the GSM module. For the final version, he snaked cable through his wall using rare-earth magnets (creative!) in order to forgo the use of a battery in the handset.

Who doesn’t carry a cell phone with them? Because of this, the use of GSM modules in automation is a trend we think will continue to gain popularity.

Recover Borked HDD After Xbox 360 Ban

November 25, 2009 by Mike Szczys 33 Comments

[Incudie] tipped us off about a method to fix a borked HDD in your Xbox 360. Many of the one million consoles banned earlier in the month also had the hard disks scrambled making off-line gaming impossible as well. It turns out that this is caused by having a ban flag in the NAND chip on the motherboard. It has been discovered that because of wear levelling, the NAND will have two copies of the “secdata.bin” file which stores the ban flag. Please note, this will NOT allow the console to use Xbox Live, it just re-enables the HDD.

The quick and dirty of the fix is as follows: First the NAND is dumped from your Xbox 360 to a computer. After verifying the file, it can be opened in a HEX editor and the two copies of “secdata.bin” located. Once identified by date, the older version is injected on top of the newer to overwrite the ban flag.

Looks like this is not for the faint of heart, but if you got banned for modding in the first place this should be easy to pull off.

Update: Looks like xbox-scene now has a collection of apps to help you with this process. [Thanks CollinstheClown]

Knock Detecting Lock

November 4, 2009 by Caleb Kraft 18 Comments

[youtube=http://www.youtube.com/watch?v=zE5PGeh2K9k]

[Steve] shows us his version of the knock detecting lock system. The idea is pretty simple, knock in a certain pattern and the door unlocks. We’ve seen it before several times. This solution is somewhat cleaner than the others, not only in physical design, but also in how you reprogram it. Simply push the reprogram button and enter your new knock. We’re a bit surprised that the suction cups actually hold it on the door. Maybe it’s just us, but we can never seem to get those things to hold very well. There are lots of great pictures as well as the source code available on his site.

[via HacknMod]

FreeBOOT Gives The Xbox 360 JTAG Hack New Life

October 20, 2009 by Mike Szczys 39 Comments

xbox360-freeBOOT-exploit

There has been another development in the never-ending battle that is Microsoft trying to keep its gaming system closed to unauthorized use. Xbox-scene reports that a new hack called freeBOOT v0.01 allows the Xbox 360 to upgrade to the newer kernels, but allows the option of rebooting to an older kernel in order use the JTAG exploit and gain access to the hardware.

In case you missed it, the JTAG hack is a way to run homebrew code on an Xbox 360. Exploiting this hack makes it possible to boot a Linux kernel in about five seconds. We’ve long been fans of the homebrew work done with XBMC on the original Xbox and hope that advances like this will lead to that end. We want this because the older hardware cannot handle high definition content at full resolution but the Xbox 360 certainly can.

This exploit is still far from perfect. It currently requires that the Cygnos360 mod chip be installed on the system. A resistor also needs to be removed from the board to prevent accidental kernel updating. That being said, this is still progress. If you’re interested in step-by-step details, take a look at the text file instructions provided.

[Thanks wdfowty]

Two-factor Authentication Using A Hardware Token

October 20, 2009 by Mike Szczys 106 Comments

RSA-SecurID-hardware-token

We ran into a friend a while back who was logging into her employer’s Virtual Private Network on the weekend. She caught our attention by whipping out her keys and typing in some information from a key-fob. It turns out that her work uses an additional layer of protection for logging into the network. They have implemented a username, pin number, as well as a hardware token system called SecurID.

The hardware consists of a key-fob with an LCD screen on it. A code is displayed on the screen and changes frequently, usually every 60 seconds. The device is generating keys based on a 128-bit encryption seed. When this number is fed to a server that has a copy of that seed, it is used as an additional verification to the other login data.

This seems like a tech trickle-down of the code generating device from GoldenEye. It does get us thinking: with the problems free email services have been having with account theft, why aren’t they offering a fee-based service that includes a security fob? With the right pricing structure this could be a nice stream of income for the provider. We’re also wondering if this can be implemented with a microcontroller and used in our home network. As always, leave comments below and let us know if you’ve already built your own system using these principles.

Update: Thanks to Andre for his comment that tells us this type of security is available for Apache servers. The distribution includes a server side authentication system and a Java based token generator that can run on any handheld that supports Java.