brute force

23 Articles

Generating A Lost Password By Traveling Back In Time

May 31, 2024 by 5 Comments

It’s probable that some of you reading this will have been approached in the past by people who’ve lost the password to their crypto wallets. They hear that you’re involved in some kind of “hacking”, and they cling to the forlorn hope that you might just be able to recover their lost wealth. For most of us there’s little chance we can help, but in [Joe Grand]’s case he has made it something of a specialism. He’s given an account of how he and a friend recovered a particularly difficult password.

The password in question had been generated by RoboForm, a long random string that was impossible for its owner to remember. The only chance of finding it lay in discovering a flaw in RoboForm, and that seemed hopeless until the discovery of a changelog reference to improving the random number generation of the software.

The video below details some of the detective work required to find the password, first reverse engineering an old version of RoboForm to find the flaw, and then the discovery that the random seed was derived from the system time. A range of passwords could be created for a given time frame, reducing the odds of finding the password considerably. The story is not without its twists, but it ends with the wallet’s owner rather theatrically being presented with a giant fake Bitcoin check.

Continue reading “Generating A Lost Password By Traveling Back In Time”

Leaky SMD Electrolytics? Try These Brute Force Removal Methods

November 12, 2023 by 25 Comments

When you say “recapping” it conjures up an image of a dusty old chassis with point-to-point wiring with a bunch of dried-out old capacitors or dodgy-looking electrolytics that need replacement. But time marches on, and we’re now at the point where recapping just might mean removing SMD electrolytics from a densely packed PCB. What do you do then?

[This Does Not Compute]’s answer to that question is to try a bunch of different techniques and see what works best, and the results may surprise you. Removal of SMD electrolytic caps can be challenging; the big aluminum can sucks a lot of heat away, the leads are usually pretty far apart and partially obscured by the plastic base, and they’re usually stuffed in with a lot of other components, most of which you don’t want to bother. [TDNC] previously used a hot-air rework station and liberally applied Kapton tape and aluminum foil to direct the heat, but that’s tedious and time-consuming. Plus, electrolytics sometimes swell up when heated, expelling their corrosive contents on the PCB in the process.

As brutish as it sounds, the solution might just be as simple as ripping caps off with pliers. This seems extreme, and with agree that the risk of tearing off the pads is pretty high. But then again, both methods seemed to work pretty well, and on multiple boards too. There’s a catch, though — the pliers method works best on caps that have already leaked enough of their electrolyte to weaken the solder joints. Twisting healthier caps off a PCB is likely to end in misery. That’s where brutal method number two comes in: hacking the can off the base with a pair of flush cutters. Once the bulk of the cap is gone, getting the leads off the pad is a simple desoldering job; just don’t forget to clean any released schmoo off the board — and your cutters!

To be fair, [This Does Not Compute] never seems to have really warmed up to destructive removal, so he invested in a pair of hot tweezers for the job, which works really well. But perhaps you’re not sure that you should just reflexively replace old electrolytics on sight. If so, you’re in pretty good company.

Continue reading “Leaky SMD Electrolytics? Try These Brute Force Removal Methods”

Brute Forcing A Mobile’s PIN Over USB With A $3 Board

July 16, 2023 by 52 Comments

Mobile PINs are a lot like passwords in that there are a number of very common ones, and [Mobile Hacker] has a clever proof of concept that uses a tiny microcontroller development board to emulate a keyboard to test the 20 most common unlock PINs on an Android device.

Trying the twenty most common PINs doesn’t take long.

The project is based on research analyzing the security of 4- and 6-digit smartphone PINs which found some striking similarities between user-chosen unlock codes. While the research is a few years old, user behavior in terms of PIN choice has probably not changed much.

The hardware is not much more than a Digispark board, a small ATtiny85-based board with built-in USB connector, and an adapter. In fact, it has a lot in common with the DIY Rubber Ducky except for being focused on doing a single job.

Once connected to a mobile device, it performs a form of keystroke injection attack, automatically sending keyboard events to input the most common PINs with a delay between each attempt. Assuming the device accepts, trying all twenty codes takes about six minutes.

Disabling OTG connections for a device is one way to prevent this kind of attack, and not configuring a common PIN like ‘1111’ or ‘1234’ is even better. You can see the brute forcing in action in the video, embedded below.

Continue reading “Brute Forcing A Mobile’s PIN Over USB With A $3 Board”

Brute-Forced Copyrighting: Liberating All The Melodies

March 5, 2020 by 23 Comments

Bluntly stated, music is in the end just applied physics. Harmony follows — depending on the genre — a more or less fixed set of rules, and there  are a limited amount of variation possible within the space of music itself. So there are technically only so many melodies possible, making it essentially a question of time until a songwriter or composer would come up with a certain sequence of notes without knowing that they’re not the first one to do so until the cease and desist letters start rolling in.

You might well argue that there is more to a song than just the melody — and you are absolutely right. However, current copyright laws and past court rulings may not care much about that. Aiming to point out these flaws in the laws, musician tech guy with a law degree [Damien Riehl] and musician software developer [Noah Rubin] got together to simply create every possible melody as MIDI files, releasing them under the Creative Commons Zero license. While their current list is limited to a few scales of fixed length, with the code available on GitHub, it’s really just a matter of brute-forcing literally every single possible melody.

Admittedly, such a list of melodies might not have too much practical use, but for [Damien] and [Noah] it’s anyway more about the legal and philosophical aspects: musicians shouldn’t worry about getting sued over a few overlapping notes. So while the list serves as a “safe set of melodies” they put in the public domain, their bigger goal is to mathematically point out the finite space of music that shouldn’t be copyrightable in the first place. And they definitely have a point — just imagine where music would be today if you could copyright and sue over chord progressions.
Continue reading “Brute-Forced Copyrighting: Liberating All The Melodies”

Infrared Brute Force Attack Unlocks TiVo

January 30, 2019 by 44 Comments

While the era of the TiVo (and frankly, the idea of recording TV broadcasts) has largely come to a close, there are still dedicated users out there who aren’t quite ready to give up on the world’s best known digital video recorder. One such TiVo fanatic is [Gavan McGregor], who recently tried to put a TiVo Series 3 recorder into service, only to find the device was stuck in the family-friendly “KidZone” mode.

Without the code to get it out of this mode, and with TiVo dropping support for this particular recorder years ago, he had to hack his way back into this beloved recorder on his own. The process was made easier by the simplistic nature of the passcode system, which only uses four digits and apparently doesn’t impose any kind of penalty for incorrect entries. With only 10,000 possible combinations for the code and nothing to stop him from trying each one of them in sequence, [Gavan] just needed a way to bang them out.

After doing some research on the TiVo remote control protocol, he came up with some code for the Arduino using the IRLib2 library that would brute force the KidZone passcode by sending the appropriate infrared codes for each digit. He fiddled around with the timing and the delay between sending each digit, and found that the most reliable speed would allow his device to run through all 10,000 combinations in around 12 hours.

The key thing to remember here is that [Gavan] didn’t actually care what the passcode was, he just needed it to be entered correctly to get the TiVo out of the KidZone mode. So he selected the “Exit KidZone” option on the TiVo’s menu, placed his Arduino a few inches away from the DVR, and walked away. When he came back the next day, the TiVo was back into its normal mode. If you actually wanted to recover the code, the easiest way (ironically) would be to record the TV as the gadget works its way through all the possible digits.

Back in 2004, there were so many TiVo hacks hitting the front page of Hackaday that we actually gave them a dedicated subdomain. But by the end of 2007, we were asking what hackers would do with the increasingly discarded Linux-powered devices. That people are still hacking on these gadgets over a decade later is truly a testament to how dedicated the TiVo fanbase really is.

[Thanks to Chris for the tip.]

IoT Security Is Hard: Here’s What You Need To Know

April 21, 2017 by 69 Comments

Security for anything you connect to the internet is important. Think of these devices as doorways. They either allow access to services or provides services for someone else. Doorways need to be secure — you wouldn’t leave your door unlocked if you lived in the bad part of a busy city, would you? Every internet connection is the bad part of a busy city. The thing is, building hardware that is connected to the internet is the new hotness these days. So let’s walk through the basics you need to know to start thinking security with your projects.

If you have ever run a server and checked your logs you have probably noticed that there is a lot of automated traffic trying to gain access to your server on a nearly constant basis. An insecure device on a network doesn’t just compromise itself, it presents a risk to all other networked devices too.

The easiest way to secure a device is to turn it off, but lets presume you want it on. There are many things you can do to protect your IoT device. It may seem daunting to begin with but as you start becoming more security conscious things begin to click together a bit like a jigsaw and it becomes a lot easier.

Continue reading “IoT Security Is Hard: Here’s What You Need To Know”

Python Solution To A Snake Cube Puzzle

January 5, 2017 by 11 Comments

Puzzles provide many hours of applied fun beyond any perfunctory tasks that occupy our days. When your son or daughter receives a snake cube puzzle as a Christmas gift — and it turns out to be deceptively complex — you can sit there for hours to try to figure out a solution, or use the power of Python to sort out the serpentine conundrum and use brute-force to solve it.

Continue reading “Python Solution To A Snake Cube Puzzle”