Mini Spy Bug Walkthrough

What we like most about [GreatScott’s] project videos is that he not only shows making them but also the calculations for selecting parts and the modifications along the way. This time he’s made a mini spy bug that records up to nine hours of audio.

His first task was to figure out if the ATmega328p’s ADC is suitable for audio sampling, but only after he explains how sampling works by periodically checking the input voltage from the microphone. Checking the datasheet he found that the ADC’s fastest conversion time is 13 microseconds, which works out to a sampling rate of 76.923 kHz. Good enough.

He then walks through why and how he decided to go with a pre-made amplifier circuit built around the MAX9814 IC. Spoiler alert. His electret’s amplifier output voltage was too low, using an off-the-shelf circuit instead of making his own kept things simple, and the circuit has automatic gain control.

At this point, he added the MicroSD card adapter. Why not just transmit the audio over FM as so many others have done with their hacks? Perhaps he’s worried about someone detecting the transmission and finding his bug.

His final optimization involved getting a good battery life. He measured the circuit’s current draw at 20 milliamps. With a 160 mAh battery capacity, that would be 8 hours of recording time. Removing the Arduino Pro Mini’s voltage regulator and two LEDs got the current down to 18 milliamps and a recording time of 9 hours. Better.

Those are the highlights. Enjoy his full walkthrough in the video below.

Continue reading “Mini Spy Bug Walkthrough”

Inside an Amateur Bugging Device

[Mitch] got interested in the S8 “data line locator” so he did the work to tear into its hardware and software. If you haven’t seen these, they appear to be a USB cable. However, inside the USB plug is a small GSM radio that allows you to query the device for its location, listen on a tiny microphone, or even have it call you back when it hears something. The idea is that you plug the cable into your car charger and a thief would never know it was a tracking device. Of course, you can probably think of less savory uses despite the warning on Banggood:

Please strictly abide by the relevant laws of the state, shall not be used for any illegal use of this product, the consequences of the use of self conceit.

We aren’t sure what the last part means, but we are pretty sure people can and will use these for no good, so it is interesting to see what they contain.

Continue reading “Inside an Amateur Bugging Device”

10 Year Old Bug Crushed By Hacker on a Mission

PCI pass through is the ability of a virtualized guest system to directly access PCI hardware. Pass through for dedicated GPUs has just recently been added to the Linux kernel-based virtual machine. Soon afterward, users began to find that switching on nested page tables (NPT), a technology intended to provide hardware acceleration for virtual machines, had the opposite effect on AMD platforms and slowed frame rate down to a crawl.

Annoyed by this [gnif] set out to to fix the problem. His first step was to run graphics benchmarks to isolate the source of the problem. Having identified the culprit in the GPU, [gnif] began to read up on the involved technology stack. Three days of wrapping his head around technical docs allowed [gnif] to find the single line of code that resulted in a faulty memory set up and to implement a basic fix. He then passed the work on to [Paolo Bonzini] at patchwork.kernel.org, who released a more refined patch.

The bug affecting PCI pass through had been around for ten years and had received little attention from the manufacturer. It gained prominence when graphics cards were affected. In the end it took one very dedicated user three days to fix it, and then another day to roll out a patch for Open Source operating systems. In his notes [gnif] points out how helpful AMDs documentation was. With the right to repair in debate, DRMed technical docs and standards locked behind paywalls, [gnif]’s story is a reminder of the importance of accessible quality documentation.

Spy Tech: Nonlinear Junction Detectors

If you ever watch a spy movie, you’ve doubtlessly seen some nameless tech character sweep a room for bugs using some kind of detector and either declare it clean or find the hidden microphone in the lamp. Of course, as a hacker, you have to start thinking about how that would work. If you had a bug that transmits all the time, that’s easy. The lamp probably shouldn’t be emitting RF energy all the time, so that’s easy to detect and a dead give away. But what if the bug were more sophisticated? Maybe it wakes up every hour and beams its data home. Or perhaps it records to memory and doesn’t transmit anything. What then?

High-end bug detectors have another technique they use that claims to be able to find active device junctions. These are called Nonlinear Junction Detectors (NLJD). Spy agencies in the United States, Russian and China have been known to use them and prisons employ them to find cell phones. Their claim to fame is the device doesn’t have to be turned on for detection to occur. You can see a video of a commercial NLJD, below

Continue reading “Spy Tech: Nonlinear Junction Detectors”

Broadpwn – All Your Mobiles are Belong to Us

Researchers from Exodus Intel recently published details on a flaw that exists on several Broadcom WiFi chipsets. It’s estimated to affect nearly 1 Billion devices, from Android to iPhone. Just to name a few in the top list:

  • Samsung Galaxy from S3 through S8, inclusive
  • All Samsung Notes3. Nexus 5, 6, 6X and 6P
  • All iPhones after iPhone 5

So how did this happen? And how does a bug affect so many different devices?

A smart phone nowadays is a very complicated mesh of interconnected chips. Besides the main processor, there are several other secondary processors handling specialized tasks which would otherwise clog up the main CPU. One of those is the WiFi chipset, which is responsible for WiFi radio communications — handling the PHY, MAC and MLME layers. When all the processing is complete, the radio chipset hands data packets over the kernel driver, which runs on the main CPU. This means that the radio chipset itself has to have some considerable data processing power to handle all this work. Alas, with great power comes great responsibility.

Continue reading “Broadpwn – All Your Mobiles are Belong to Us”

Fixing Bugs In Ancient BASIC Games

Before everyone learned programming on Stack Exchange, things were much different. Computer magazines had BASIC programs in them, which readers would type out, line by line, and hit RUN. In theory, this is a terrible way to learn programming; it’s simply rote recitation without any insight into what the code is actually doing. Of course, copying and pasting from Stack Exchange is exactly the same thing, so maybe these magazines were ahead of the curve.

[0xA000] recently came across one of his old computer magazines containing the type-in listing for Blindganger, a game where you wander a maze blindly. When [0xA000] typed this game into his C64 back in 1988, the game didn’t work. Thirty years later, he decided to give it another go and ended up fixing bugs in an old computer game.

When [0xA000] typed this game into his computer back in 1988, the map just didn’t work, and the final screen revealed a maze where the walls were where they shouldn’t be. A quick Google turned up a disk image of the same game that had the same problem. This bug was obviously in the section of code that draws the map at the end of the game, so [0xA000] started looking there. The offending typo in the code was an $F4 instead of an $F5, or 244 instead of 255. This shifted the colors of the map by 11 positions, meaning the locations marked as visited in the final screen were wrong. Whether this bug cropped up in development or was just a simple typo when typesetting the magazine doesn’t really matter now; after 29 years, this bug is fixed.

Build a Tiny (Unstable) Bugging Device

We don’t know who the [amgworkshop] wanted to listen in on, but they apparently went searching for a small FM wireless transmitter. There’s plenty of circuits around, but they wanted something smaller. The original circuit had a variable capacitor to tune the output frequency. The new design uses a fixed capacitor and a spring for an antenna. You can see the build steps in the video below, but don’t expect a lot of frequency stability or fidelity out of a single transistor transmitter.

The parts list is minimal. In addition to a coin cell holder (which serves as the construction base), you need a transistor, two resistors, three capacitors, a homemade inductor (very easy to make with some wire and a drill bit), and an electret microphone. Of course, you need a battery, too. The whole thing is potted with hot glue.

Continue reading “Build a Tiny (Unstable) Bugging Device”