Friday Night Double Cap Extra


[scott] sent along his lego ipod dock.

The letter [M] brings us the oscilloscope terminal (AVR based text displayed via oscope).

[Max] sent in his funky alarm clock mod.

[Chad] sent in a question, but I dig his custom camera housings.

[sprite_tm] sent in his new use for a cheap photo display.

UPDATE: Torrents for all the talks at the Chaos Communication Congress have been posted.

24C3 Hacking DNA

[Drew Endy]’s Programming DNA talk was by far the most interesting talk we saw at Chaos Communication Congress. No, DNA doesn’t have much to do with computers, but he points out that hacking principles can be applied just the same. Right now engineers are reversing genetic code and compiling building blocks for creating completely arbitrary organisms. This talk was designed to bootstrap the hacking community so that we can start using and contributing standard biological parts to an open source collection of genetic functions.

You should definitely watch the video to get a good idea of where biohacking is at today. You can find a higher quality version of the video in the archives.

24C3 Mifare Crypto1 RFID Completely Broken

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.

24C3 Toying With Barcodes

[FX] from Phenoelit gave an entertaining talk about barcode security. He covered both how the systems are implemented and how they’ve been exploited. The first example was a parking garage in Dresden that issues non unique barcodes for the unlimited passes that hotels give out. Anyone code print out an image of that particular code and park for free. German grocery stores have automated machines that refund you for your empty beer bottles. The barcode generated just states the refund amount (5 digits) that you’ll get at the register. Just stick the barcode under something like a six pack and it’ll scan even without the cashier seeing it.

Check out the video to find out more silliness involving DVD rentals, boarding passes, asset management, and SQL injection via the scanner. You can even find higher res versions in the 24C3 media archives.

24C3 Build Your Own UAV


The 24th annual Chaos Communications Congress in Berlin is already off to a great start. The first talk we attended was [Antoine Drouin] and [Martin Müller] presenting Paparazzi – The Free Autopilot. Paparazzi is an open source hardware and software project for building autonomous unmanned aerial vehicles. The main hardware board has an ARM processor and GPS. It uses inertial and infrared sensors to determine orientation and altitude. The four infrared thermopiles measure the air temperature. The ground is warmer than the sky and if you compare the temperature in the direction of each wing tip your can tell what angle the airplane is at. It’s really that simple.

They did a pretty amazing live demo. Using the network connection they controlled a UAV flying in France and another in Germany. Both planes were streaming live video from belly mounted cameras. One relaying through a home DSL connection and the other through a UMTS cellphone. They were able to change way-points on the fly and issue flight pattern commands. There is a ground crew at each location with a security pilot that will switch the controls to manual if things get out of hand.

OpenBeacon: Active RFID Platform

The OpenBeacon project is an open source hardware and software active RFID device. OpenBeacon tags consist of 2.4GHz transceivers and a PIC16F684. One use of the project was to create CCC Sputnik to show the downsides to information culled using data mining from large tracking systems. People who chose to participate and wear the Sputnik tags did so voluntarily to create a database of material for further study. The hardware schematics (PDF) for the first version tags as well as the firmware for all versions has been released. Further creative uses of the OpenBeacon project are strongly encouraged.

As a reminder, the 24C3, the 24th Chaos Communication Congress, call for participation ends on October 12th. The theme this year encompasses all hardware projects and more specifically, steampunk themed submissions. Check out the CCC events blog for more information.

22C3 Day 10 And 11 Round Up

bb
Now that the CCC is over, we finally dug ourselves out of a ginormous pile of cables (Kabelsalat ist gesund!) to bring you this round up post about the best stuff from the last two days of the con.

First up on day 10 was I See Airplanes!, Eric Blossom’s excellent speech on creating hardware for making homebrew radars and software using the GnuRadio project. He uses bistatic passive receivers in the 100 MHz range doing object detection using other peoples’ transmitters. The project has a lot yet to accomplish including the use of helical filters (if there are any antenna freaks reading this, contact Eric, he’s looking for a bit of help).

Next on the third day we attended Ilja van Sprundel‘s huge fuzzing  extravaganza. Fuzzers generate bad data that is designed to look like good data and will hopefully break something in an interesting way. Our fav part? When the list of irc clients broken by his ircfuzz tool was so long he had to use 10pt font to get it all on one slide (see slide 53)! His paper can be found here and the slides here.

We then wandered to Harald Welte‘s talk on hacking the Motorola EZX series phones (which we’ve reported on here before). In case you forgot, the EZX series has a linux kernel. Incidentally the phone runs lots of stuff it really doesn’t need (like glibc, 6 threads for just sound processes, and even inetd). He presented the project for the first time in an official context since we saw him at 0Sec in October. Apparently lots of kinks have been worked out and there’s an official code source tree here.

The clincher for day 11 was FX and FtR of Phenoelit‘s semi-controversial talk on Blackberry security (covering both handheld devices and server based RIM products). This talk was a bit of a wake up call for RIM and thus the slides are still not available online so keep a sharp eye out for the video when it’s released by the CCC.

Also available from the CCC are the full proceedings in a downloadable pdf (also available in paper format for you physical-space-doodle-in-the-margin freaks).

Continue reading “22C3 Day 10 And 11 Round Up”