Sparkfun’s Alternate Reality Hardware

SparkFun has a new wing of hardware mischief. It’s SparkX, the brainchild of SparkFun’s founder [Nate Seidle]. Over the past few months, SparkX has released breakout boards for weird sensors, and built a safe cracking robot that got all the hacker cred at DEF CON. Now, SparkX is going off on an even weirder tangent: they have released The Prototype. That’s actually the name of the product. What is it? It’s a HARP, a hardware alternate reality game. It’s gaming, puzzlecraft, and crypto all wrapped up in a weird electronic board.

The product page for The Prototype is exactly as illuminating as you would expect for a piece of puzzle electronics. There is literally zero information on the product page, but from the one clear picture, we can see a few bits and bobs that might be relevant. The Prototype features a microSD card socket, an LED that might be a WS2812, a DIP-8 socket, a USB port, what could be a power switch, a PCB antenna, and a strange black cylinder. Mysteries abound. There is good news: the only thing you need to decrypt The Prototype is a computer and an open mind. We’re assuming that means a serial terminal.

The Prototype hasn’t been out for long, and very few people have one in hand. That said, the idea of a piece of hardware sold as a puzzle is something we haven’t seen outside of conference badges. The more relaxed distribution of The Prototype is rather appealing, and we’re looking forward to a few communities popping up around HARP games.

Friday Hack Chat: Crypto Challenge

It’s the middle of August, and that means all the hackers are back from DEF CON, safe in their hoodies, with memories of smoke-filled casinos, interesting talks, and, most importantly, crypto challenges.

This year was an ‘off’ year for DEF CON. There was an official badge, but it wasn’t electronic (which no one expected), and there was no crypto challenge (which no one saw coming). Nevertheless, there was already a vibrant community of badge builders, and the crypto nerds of DEF CON were satisfied by PCB locks from the Crypto and Privacy village, Benders, and Darknet phone dials this year.

How were these crypto challenges constructed? That’s the subject of this week’s Hack Chat. This Friday, we’re going to be sitting down with a member of DEF CON’s Crypto and Privacy village on how these curious codes are constructed, how a winner is determined, and the techniques used to solve these challenges.

This week, we’ll be talking about how crypto challenges actually work, how to put crypto in firmware, on laser-engraved acrylic plates, and in silkscreen on a PCB. We’ll be talking about how crypto challenges are created, and how you solve them. Special attention will be paid to testing a crypto challenge; that is, how do you make sure it’s solvable when you already know how to solve it?

Although this Hack Chat is only going to last an hour, there’s no possible way we could cover all the tips, tricks, and techniques of creating a crypto challenge in that time. If you’d like some further reading, [L0sT] showed up at our 10th anniversary party to tell us he created the puzzles for DEF CON over the last few years.

Here’s How To Take Part:

join-hack-chatOur Hack Chats are live community events on the Hack Chat group messaging. This Hack Chat will take place at noon Pacific time on Friday, August 11th. Don’t know when the Earth’s sun will be directly overhead? Here’s a time and date converter!

Log into, visit that page, and look for the ‘Join this Project’ Button. Once you’re part of the project, the button will change to ‘Team Messaging’, which takes you directly to the Hack Chat.

You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.

NIST Helps You With Cryptography

Getting cryptography right isn’t easy, and it’s a lot worse on constrained devices like microcontrollers. RAM is usually the bottleneck — you will smash your stack computing a SHA-2 hash on an AVR — but other resources like computing power and flash code storage space are also at a premium. Trimming down a standard algorithm to work within these constraints opens up the Pandora’s box of implementation-specific flaws.

NIST stepped up to the plate, starting a lightweight cryptography project in 2013 which has now come out with a first report, and here it is as a PDF. The project is ongoing, so don’t expect a how-to guide. Indeed, most of the report is a description of the problems with crypto on small devices. Given the state of IoT security, just defining the problem is a huge contribution.

Still, there are some concrete recommendations. Here are some spoilers. For encryption, they recommend a trimmed-down version of AES-128, which is a well-tested block cipher on the big machines. For message authentication, they’re happy with Galois/Counter Mode and AES-128.

I was most interested in hashing, and came away disappointed; the conclusion is that the SHA-2 and SHA-3 families simply require too much state (and RAM) and they make no recommendation, leaving you to pick among less-known functions: check out PHOTON or SPONGENT, and they’re still being actively researched.

If you think small-device security is easy, read through the 22-question checklist that starts on page twelve. And if you’re looking for a good starting point to read up on the state of the art, the bibliography is extensive.

Your tax dollars at work. Thanks, NIST!

And thanks [acs] for the tip!

Hackaday Prize Entry: Secure Storage on SD Cards

Here’s a puzzler for you: how do you securely send data from one airgapped computer to another? Sending it over a network is right out, because that’s the entire point of an airgap. A sneakernet is inherently insecure, and you shouldn’t overestimate the security of a station wagon filled with tapes. For his Hackaday Prize entry, [Nick Sayer] has a possible solution. It’s the Sankara Stones from Indiana Jones and the Temple of Doom, or a USB card reader that requires two cards. Either way, it’s an interesting experiment in physical security for data.

The idea behind the Orthrus, a secure RAID USB storage device for two SD cards, is to pair two SD cards. With both cards, you can read and write to this RAID drive without restriction. With only one, the data is irretrievable so they are safe during transit if shipped separately.

The design for this device is based around the ATXMega32A4U. It’s pretty much what you would expect from an ATMega, but this has a built-in full speed USB interface and hardware AES support. The USB is great for presenting two SD cards as a single drive, and the AES port is used to encrypt the data with a key that is stored in a key storage block on each card.

For the intended use case, it’s a good design. You can only get the data off of these SD cards if you have both of them. However, [Nick] is well aware of Schneier’s Law — anyone can design a cryptosystem that they themselves can’t break. That’s why he’s looking for volunteers to crack the Orthrus. It’s an interesting challenge, and one we’d love to see broken.

33C3: How Can You Trust Your Random Numbers?

One of the standout talks at the 33rd Chaos Communications Congress concerned pseudo-random-number generators (PRNGs). [Vladimir Klebanov] (right) and [Felix Dörre] (left) provided a framework for making sure that PRNGs are doing what they should. Along the way, they discovered a flaw in Libgcrypt/GNUPG, which they got fixed. Woot.

mpv-shot0012-zoomCryptographically secure random numbers actually matter, a lot. If you’re old enough to remember the Debian OpenSSL debacle of 2008, essentially every Internet service was backdoorable due to bad random numbers. So they matter. [Vladimir] makes the case that writing good random number generators is very, very hard. Consequently, it’s very important that their output be tested very, very well.

So how can we test them? [Vladimir] warns against our first instinct, running a statistical test suite like DIEHARD. He points out (correctly) that running any algorithm through a good enough hash function will pass statistical tests, but that doesn’t mean it’s good for cryptography.
Continue reading “33C3: How Can You Trust Your Random Numbers?”

33C3: Chris Gerlinsky Cracks Pay TV

People who have incredible competence in a wide range of fields are rare, and it can appear deceptively simple when they present their work. [Chris Gerlinksy]’s talk on breaking the encryption used on satellite and cable pay TV set-top boxes was like that. (Download the slides, as PDF.) The end result of his work is that he gets to watch anything on pay TV, but getting to watch free wrestling matches is hardly the point of an epic hack like this.

The talk spans hardware reverse engineering of the set-top box itself, chip decapping, visual ROM recovery, software reverse analysis, chip glitching, creation of custom glitching hardware, several levels of crypto, and a lot of very educated guessing. Along the way, you’ll learn everything there is to know about how broadcast streams are encrypted and delivered. Watch this talk now.

Some of the coolest bits:

  • Reading out the masked ROM from looking at it with a microscope never fails to amaze us.
  • A custom chip-glitcher rig was built, and is shown in a few iterations, finally ending up in a “fancy” project box. But it’s the kind of thing you could build at home: a microcontroller controlling a switch on a breadboard.
  • The encoder chip stores its memory in RAM: [Chris] uses a beautiful home-brew method of desoldering the power pins, connecting them up to a battery, and desoldering the chip from the board for further analysis.
  • The chip runs entirely in RAM, forcing [Chris] to re-glitch the chip and insert his payload code every time it resets. And it resets a lot, because the designers added reset vectors between the bytes of the desired keys. Very sneaky.
  • All of this was done by sacrificing only one truckload of set-top boxes.

Our jaw dropped repeatedly during this presentation. Go watch it now.

Prime Numbers are Stranger than You Thought

If you’ve spent any time around prime numbers, you know they’re a pretty odd bunch. (Get it?) But it turns out that they’re even stranger than we knew — until recently. According to this very readable writeup of brand-new research by [Kannan Soundararajan] and [Robert Lemkein], the final digits of prime numbers repel each other.

More straightforwardly stated, if you pick any given prime number, the last digit of the next-largest prime number is disproportionately unlikely to match the final digit of your prime. Even stranger, they seem to have preferences. For instance, if your prime ends in 3, it’s more likely that the next prime will end in 9 than in 1 or 7. Whoah!

Even spookier? The finding holds up in many different bases. It was actually first noticed in base-three. The original paper is up on Arxiv, so go check it out.

This is a brand-new finding that’s been hiding under people’s noses essentially forever. The going assumption was that primes were distributed essentially randomly, and now we have empirical evidence that it’s not true. What this means for cryptology or mathematics? Nobody knows, yet. Anyone up for wild speculation? That’s what the comments section is for.

(Headline photo of researchers Kannan Soundararajan and Robert Lemke: Waheeda Khalfan)