Share Your Clipboard Across Machines Using MQTT

August 18, 2020 by Danie Conradie 21 Comments

Many of us regularly move from one computer to another for work, play, and hacking; every now and then finding yourself wishing you could copy something on one machine and paste on another without additional steps in between. [Ayan Pahwa] was well acquainted with this frustration, so he created AnywhereDoor, a cross-platform clipboard sharing utility that uses MQTT.

Some cloud-based solutions already exist to do this, but that means sending your private clipboard data to someone else’s server. Not keen on that idea, [Ayan]’s solution makes use of a MQTT broker that can run anywhere on the local network, and lightweight python clients to run on Mac, Windows and Linux. The client checks your clipboard at specified intervals, and publishes new data to a topic on the broker, to which all the clients are subscribed. The data is end-to-end encrypted using Fernet symmetrical key encryption, so the data won’t be readable to anyone else on the network. Currently, AnywhereDoor only supports copying text, but media is planned for a future version.

We like the relative simplicity of the utility, and see it being very handy for hackers bouncing between machines in the lab. Simple software utilities that solve a specific and real problem can are very useful, like a wiring documentation tool, or Kicad to isolation routing patchwork converter.

Polymorphic String Encryption Gives Code Hackers Bad Conniptions

July 27, 2020 by Lewin Day 26 Comments

When it comes to cyber security, there’s nothing worse than storing important secret data in plaintext. With even the greenest malicious actors more than capable of loading up a hex editor or decompiler, code can quickly be compromised when proper precautions aren’t taken in the earliest stages of development. To help avoid this, encryption can be used to hide sensitive data from prying eyes. While a simple xor used to be a quick and dirty way to do this, for something really sophisticated, polymorphic encryption is a much better way to go.

A helpful tool to achieve this is StringEncrypt by [PELock]. An extension for Visual Studio Code, it’s capable of encrypting strings and data files in over 10 languages. Using polymorphic encryption techniques, the algorithm used is unique every time, along with the encryption keys themselves. This makes it far more difficult for those reverse engineering a program to decrypt important strings or data.

While the free demo is limited in scope, the price for the full version is quite reasonable, and we expect many out there could find it a useful addition to their development toolkit. We’ve discussed similar techniques before, often used to make harder-to-detect malware.

[Thanks to Dawid for the tip!]

Grey Gear: French TV Encryption, 1980s Style

June 25, 2020 by Kristina Panos 38 Comments

Who among us didn’t spend some portion of their youth trying in vain to watch a scrambled premium cable TV channel or two? It’s a wonder we didn’t blow out our cones and rods watching those weird colors and wavy lines dance across the screen like a fever dream.

In the early days of national premium television in America, anyone who’d forked over the cash and erected a six-foot satellite dish in the backyard could tune in channels like HBO, Showtime, and the first 24-hour news network, CNN. Fed up with freeloaders, these channels banded together to encrypt their transmissions and force people to buy expensive de-scrambling boxes. On top of that, subscribers had to pay a monthly pittance to keep the de-scrambler working. Continue reading “Grey Gear: French TV Encryption, 1980s Style” →

EARN IT: Privacy, Encryption, And Policing In The Information Age

May 6, 2020 by Jonathan Bennett 40 Comments

You may have heard about a new bill working its way through the US congress, the EARN IT act. That’s the “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020”. (What does that mean? It means someone really wanted their initials to spell out “EARN IT”.)

EARN IT is a bipartisan bill that claims to be an effort to put a dent in child exploitation online. It’s also managed to catch the attention of the EFF, Schneier, and a variety of news outlets. The overwhelming opinion has been that EARN IT is a terrible idea, will make implementing end-to-end encryption impossible, and violates the First and Fourth Amendments. How does a bill intended to combat child pornography and sex trafficking end up on the EFF bad list? It’s complicated.

Continue reading “EARN IT: Privacy, Encryption, And Policing In The Information Age” →

Can Solid Save The Internet?

April 4, 2020 by Elliot Williams 32 Comments

We ran an article on Solid this week, a project that aims to do nothing less than change the privacy and security aspects of the Internet as we use it today. Sir Tim Berners-Lee, the guy who invented the World Wide Web as a side project at work, is behind it, and it’s got a lot to recommend it. I certainly hope they succeed.

The basic idea is that instead of handing your photos, your content, and your thoughts over to social media and other sharing platforms, you’d store your own personal data in a Personal Online Data (POD) container, and grant revocable access to these companies to access your data on your behalf. It’s like it’s your own website contents, but with an API for sharing parts of it elsewhere.

This is a clever legal hack, because today you give over rights to your data so that Facebook and Co. can display them in your name. This gives them all the bargaining power, and locks you into their service. If instead, you simply gave Facebook a revocable access token, the power dynamic shifts. Today you can migrate your data and delete your Facebook account, but that’s a major hassle that few undertake.

Mike and I were discussing this on this week’s podcast, and we were thinking about the privacy aspects of PODs. In particular, whatever firm you use to socially share your stuff will still be able to snoop you out, map your behavior, and target you with ads and other content, because they see it while it’s in transit. But I failed to put two and two together.

The real power of a common API for sharing your content/data is that it will make it that much easier to switch from one sharing platform to another. This means that you could easily migrate to a system that respects your privacy. If we’re lucky, we’ll see competition in this space. At the same time, storing and hosting the data would be portable as well, hopefully promoting the best practices in the providers. Real competition in where your data lives and how it’s served may well save the Internet. (Or at least we can dream.)

Simulating The Enigma’s Oddball Cousin

June 16, 2019 by Tom Nardi 11 Comments

Even if you wouldn’t describe yourself as a history buff, you’re likely familiar with the Enigma machine from World War II. This early electromechanical encryption device was used extensively by Nazi Germany to confound Allied attempts to eavesdrop on their communications, and the incredible effort put in by cryptologists such as Alan Turing to crack the coded messages it created before the end of the War has been the inspiration for several books and movies. But did you know that there were actually several offshoots of the “standard” Enigma?

For their entry into the 2019 Hackaday Prize, [Arduino Enigma] is looking to shine a little light on one of these unusual variants, the Enigma Z30. This “Baby Enigma” was intended for situations where only numerical data needed to be encoded. Looking a bit like a mechanical calculator, it dropped the German QWERTZ keyboard, and instead had ten buttons and ten lights numbered 0 through 9. If all you needed to do was send off numerical codes, the Z30 was a (relatively) small and lightweight alternative for the full Enigma machine.

Creating an open source hardware simulator of the Z30 posses a rather unique challenge. While you can’t exactly order the standard Enigma from Digi-Key, there are at least enough surviving examples that they’ve been thoroughly documented. But nobody even knew the Z30 existed until 2004, and even then, it wasn’t until 2015 that a surviving unit was actually discovered in Stockholm.

Of course, [Arduino Enigma] does have some experience with such matters. By modifying the work that was already done for full-scale Enigma simulation on the Arduino, it only took a few hours to design a custom PCB to hold an Arduino Nano, ten buttons with matching LEDs, and of course the hardware necessary for the iconic rotors along the top.

The Z30 simulator looks like it will make a fantastic desk toy and a great way to help visualize how the full-scale Enigma machine worked. With parts for the first prototypes already on order, it shouldn’t be too long before we get our first good look at this very unique historical recreation.

A Different Way To Privately Chat Over Telegram

May 23, 2019 by Lewin Day 16 Comments

If you’ve had the need to send secure, private messages in recent times, you might have considered using Telegram. However, using such a service means that, if discovered, it’s well known what manner of encryption you’re using, and there’s a third party involved to boot. [Labunsky] walks a different path, and built a covert channel within Telegram itself.

[Labunsky] likens their process to the process used in the film Seventeen Moments of Spring, in which a flower placed in an apartment windows indicates a spy has failed their mission. In this case, instead of a flower in a window, one user blocks another to signal them. By switching the blocked status on and off, messages can be sent, albeit in a slow and convoluted way.

It’s more of a proof of concept than a practical way to message people over Telegram. With that said, it does work, and it might just keep the security services monitoring your chats confused for a few extra weeks. Or, it would, if we hadn’t written an article about it. Perhaps consider using zero-width characters instead.