Wireless Hacks

1047 Articles

GPL Vs. Skype Back In Court

May 7, 2008 by 18 Comments


UPDATE: Skype has withdrawn their appeal and accepted the original judgment.

Tomorrow the High District Court of Munich will hear Skype argue against the validity of the GPL. Last June, the court issued an injunction against Skype for selling the SMC WSKP 100, a Linux-based WiFi VoIP phone. After the initial GPL violation, a flier with the URL for the source was added to the package. The GPL wasn’t provided and the court found this insufficient for fulfilling the requirements of the GPL. Skype is appealing and claims that the GPL as a whole violates anti-trust regulation. The case against Skype was brought by OpenMoko‘s original system architect, Harald Welte, as part of his work for gpl-violations.org.

DIY 2.4ghz Spectrum Analyser

February 14, 2008 by 10 Comments


This project got some blog love last year, but it slipped past my radar. [jhecker] built a parallel port interfaced device based on a Cypress 2.4ghz transceiver module. The module is pretty complete, so as long as you can wield a soldering iron, you can pull this one off. The module is pretty cheap, so it could be just the thing for building your own signal detector.

[Ed Note, Stardate 2018: There seems to be some linkrot.  Try this link instead.]

24C3 Mifare Crypto1 RFID Completely Broken

January 1, 2008 by 22 Comments

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.

ToorCon 9: Retrieving WEP Keys From Road Warriors

October 23, 2007 by No comments


[Vivek Ramachandran]’s Cafe Latte attack was one of the last talks we caught at ToorCon. I’ve found quite a few articles about it, but none really get it right. It’s fairly simple and deals with cracking WEP keys from unassociated laptops. First your WEP honeypot tells the client that it has successfully associated. The next thing the client does is broadcast a WEP encrypted ARP packet. By flipping the bits in the ARP packet you can replay the WEP packet and it will appear to the client to be coming from an IP MAC combo of another host on the network. All of the replies will have unique IVs and once you get ~60K you can crack it using PTW. The bit flipping is the same technique used in the fragmentation attack we covered earlier, but Cafe Latte requires generation of far fewer packets. You can read about the Cafe Latte attack on AirTight Networks.

Build Your Own GPS And GLONASS Receiver

October 4, 2007 by 17 Comments

[superlopez] sent in this detailed article (mirrored here and here) which describes how to build a GPS and GLONASS (the Russian version of GPS) receiver. The resulting device is gigantic compared to one of those tiny bluetooth USB GPS units, but the ability to build one’s own receiver is one of those post-apocalyptic skills I sure would like to have. The creator of the article [Matjaz Vidmar] aka [S53MV] also has pages on Packet-Radio (PKT) transceiver improvements (PKT gets my vote for the best post-apocalyptic technology, and the only believable technology featured in the Transformers movie), and a more sophisticated homemade frequency counter than the one featured earlier this summer.

In 2005 we featured a from-scratch GPS receiver as well, thought the project site seems to be down. If your GPS unit just needs a better antenna, check out [Will]’s how-to from last year.