encryption

89 Articles

Simulating The Enigma’s Oddball Cousin

June 16, 2019 by 11 Comments

Even if you wouldn’t describe yourself as a history buff, you’re likely familiar with the Enigma machine from World War II. This early electromechanical encryption device was used extensively by Nazi Germany to confound Allied attempts to eavesdrop on their communications, and the incredible effort put in by cryptologists such as Alan Turing to crack the coded messages it created before the end of the War has been the inspiration for several books and movies. But did you know that there were actually several offshoots of the “standard” Enigma?

For their entry into the 2019 Hackaday Prize, [Arduino Enigma] is looking to shine a little light on one of these unusual variants, the Enigma Z30. This “Baby Enigma” was intended for situations where only numerical data needed to be encoded. Looking a bit like a mechanical calculator, it dropped the German QWERTZ keyboard, and instead had ten buttons and ten lights numbered 0 through 9. If all you needed to do was send off numerical codes, the Z30 was a (relatively) small and lightweight alternative for the full Enigma machine.

Creating an open source hardware simulator of the Z30 posses a rather unique challenge. While you can’t exactly order the standard Enigma from Digi-Key, there are at least enough surviving examples that they’ve been thoroughly documented. But nobody even knew the Z30 existed until 2004, and even then, it wasn’t until 2015 that a surviving unit was actually discovered in Stockholm.

Of course, [Arduino Enigma] does have some experience with such matters. By modifying the work that was already done for full-scale Enigma simulation on the Arduino, it only took a few hours to design a custom PCB to hold an Arduino Nano, ten buttons with matching LEDs, and of course the hardware necessary for the iconic rotors along the top.

The Z30 simulator looks like it will make a fantastic desk toy and a great way to help visualize how the full-scale Enigma machine worked. With parts for the first prototypes already on order, it shouldn’t be too long before we get our first good look at this very unique historical recreation.

The HackadayPrize2019 is Sponsored by:

A Different Way To Privately Chat Over Telegram

May 23, 2019 by 16 Comments

If you’ve had the need to send secure, private messages in recent times, you might have considered using Telegram. However, using such a service means that, if discovered, it’s well known what manner of encryption you’re using, and there’s a third party involved to boot. [Labunsky] walks a different path, and built a covert channel within Telegram itself.

[Labunsky] likens their process to the process used in the film Seventeen Moments of Spring, in which a flower placed in an apartment windows indicates a spy has failed their mission. In this case, instead of a flower in a window, one user blocks another to signal them. By switching the blocked status on and off, messages can be sent, albeit in a slow and convoluted way.

It’s more of a proof of concept than a practical way to message people over Telegram. With that said, it does work, and it might just keep the security services monitoring your chats confused for a few extra weeks. Or, it would, if we hadn’t written an article about it. Perhaps consider using zero-width characters instead.

Voja Antonic: Designing The Cube

February 7, 2019 by 6 Comments

Voja Antonic designed this fantastic retrocomputing badge for Hackaday Belgrade in 2018, and it was so much fun that we wanted to bring it stateside to the Supercon essentially unaltered. And that meant that Voja had some free time to devote to a new hardware giveaway: the Cube. So while his talk at Supercon in November was ostensibly about the badge, he just couldn’t help but tell us about his newer love, and some of the extremely clever features hidden within.

It’s funny how the hardware we design can sometimes reflect so much on the creator. Voja designed then-Yugoslavia’s first widely used home computer (and published the DIY plans in a magazine!). Thousands were built from their kits. The Galaksija was a Z80-based design with a custom BASIC that was just barely squeezed into the available 4K of ROM. So you shouldn’t be shocked that the retro-badge has a working keyboard and a nice BASIC on board.

But let’s jump ahead to the Cube, because that’s even more of a passion project. On the outside, they’re very simple devices, with only a USB port and a sweet diffused LED ring visible. Aesthetic? Minimalistic? Beautiful, honestly.
Continue reading “Voja Antonic: Designing The Cube”

Don’t Toss That Bulb, It Knows Your Password

January 29, 2019 by 70 Comments

Whether it was here on Hackaday or elsewhere on the Internet, you’ve surely heard more than a few cautionary tales about the “Internet of Things” by now. As it turns out, giving every gadget you own access to your personal information and Internet connection can lead to unintended consequences. Who knew, right? But if you need yet another example of why trusting your home appliances with your secrets is potentially a bad idea, [Limited Results] is here to make sure you spend the next few hours doubting your recent tech purchases.

In a series of posts on the [Limited Results] blog, low-cost “smart” bulbs are cracked open and investigated to see what kind of knowledge they’ve managed to collect about their owners. Not only was it discovered that bulbs manufactured by Xiaomi, LIFX, and Tuya stored the WiFi SSID and encryption key in plain-text, but that recovering said information from the bulbs was actually quite simple. So next time one of those cheapo smart bulb starts flickering, you might want to take a hammer to it before tossing it in the trash can; you never know where it, and the knowledge it has of your network, might end up.

Regardless of the manufacturer of the bulb, the process to get one of these devices on your network is more or less the same. An application on your smartphone connects to the bulb and provides it with the network SSID and encryption key. The bulb then disconnects from the phone and reconnects to your home network with the new information. It’s a process that at this point we’re all probably familiar with, and there’s nothing inherently wrong with it.

The trouble comes when the bulb needs to store the connection information it was provided. Rather than obfuscating it in some way, the SSID and encryption key are simply stored in plain-text on the bulb’s WiFi module. Recovering that information is just a process of finding the correct traces on the bulb’s PCB (often there are test points which make this very easy), and dumping the chip’s contents to the computer for analysis.

It’s not uncommon for smart bulbs like these to use the ESP8266 or ESP32, and [Limited Results] found that to be the case here. With the wealth of information and software available for these very popular WiFi modules, dumping the firmware binary was no problem. Once the binary was in hand, a little snooping around with a hex editor was all it took to identify the network login information. The firmware dumps also contained information such as the unique hardware IDs used by the “cloud” platforms the bulbs connect to, and in at least one case, the root certificate and RSA private key were found.

On the plus side, being able to buy cheap smart devices that are running easily hackable modules like the ESP makes it easier for us to create custom firmware for them. Hopefully the community can come up with slightly less suspect software, but really just keeping the things from connecting to anything outside the local network would be a step in the right direction.

(Some days later…)

[Limited Results] had hinted to us that he had previously disclosed some vulnerabilities to the bulb’s maker, but that until they fixed them, he didn’t want to make them public. They’re fixed now, and it appears that the bulbs were sending everything over the network unencrypted — your data, OTA firmware upgrades, everything.  They’re using TLS now, so good job [Limited Results]! If you’re running an old version of their lightbulbs, you might have a look.

On WiFi credentials, we were told: “In the case where sensitive information in the flash memory wasn’t encrypted, the new version will include encrypted storage processing, and the customer will be able to select this version of the security chips, which can effectively avoid future security problems.” Argue about what that actually means in the comments.

Rebuilding The First Vocal Encryption System

January 27, 2019 by 12 Comments

Back in the early days of radio, it was quickly apparent that the technology would revolutionize warfare, but only if some way could be found to prevent enemies from hearing what was said. During World War II, the Allies put a considerable amount of effort into securing vocal transmissions, resulting in a system called SIGSALY – 50 tons of gear developed by Bell Laboratories with the help of Alan Turing that successfully secured communications between the likes of Churchill and Roosevelt during the war.

Now, a small piece of the SIGSALY system lives again, in the form of a period-faithful reproduction of the vocal quantizer used in the system. It’s the work of [Jon D. Paul], who undertook the build to better understand how the SIGSALY system worked. [Jon] also wanted to honor the original builders, who developed a surprisingly sophisticated system given the technology of the day.

SIGSALY was seriously Top Secret in the day, and most of the documentation was destroyed when the system was decommissioned. Working from scant information, [Jon] was able to recreate the quantizer from period parts, including five vintage VT-109/2051 thyratrons scrounged from eBay. The vacuum tubes are similar in operation to silicon-controlled rectifiers (SCRs) and form the core of the ADC, along with a resistor divider ladder network. Almost every component is period correct, and everything is housed in a nice acrylic case. It’s a beautiful piece of work and a great homage to a nearly forgotten piece of cryptographic history.

Interestingly, Bell Labs had a bit of a head start on the technology that went into SIGSALY, by virtue of their work on the first voice synthesizer in the 1930s.

Continue reading “Rebuilding The First Vocal Encryption System”

RISC-V Will Stop Hackers Dead From Getting Into Your Computer

December 13, 2018 by 35 Comments

The greatest hardware hacks of all time were simply the result of finding software keys in memory. The AACS encryption debacle — the 09 F9 key that allowed us to decrypt HD DVDs — was the result of encryption keys just sitting in main memory, where it could be read by any other program. DeCSS, the hack that gave us all access to DVDs was again the result of encryption keys sitting out in the open.

Because encryption doesn’t work if your keys are just sitting out in the open, system designers have come up with ingenious solutions to prevent evil hackers form accessing these keys. One of the best solutions is the hardware enclave, a tiny bit of silicon that protects keys and other bits of information. Apple has an entire line of chips, Intel has hardware extensions, and all of these are black box solutions. They do work, but we have no idea if there are any vulnerabilities. If you can’t study it, it’s just an article of faith that these hardware enclaves will keep working.

Now, there might be another option. RISC-V researchers are busy creating an Open Source hardware enclave. This is an Open Source project to build secure hardware enclaves to store cryptographic keys and other secret information, and they’re doing it in a way that can be accessed and studied. Trust but verify, yes, and that’s why this is the most innovative hardware development in the last decade.

Continue reading “RISC-V Will Stop Hackers Dead From Getting Into Your Computer”

5G Cellphone’s Location Privacy Broken Before It’s Even Implemented

December 7, 2018 by 52 Comments

Although hard to believe in the age of cheap IMSI-catchers, “subscriber location privacy” is supposed to be protected by mobile phone protocols. The Authentication and Key Agreement (AKA) protocol provides location privacy for 3G, 4G, and 5G connections, and it’s been broken at a basic enough level that three successive generations of a technology have had some of their secrets laid bare in one fell swoop.

When 3G was developed, long ago now, spoofing cell towers was expensive and difficult enough that the phone’s International Mobile Subscriber Identity (IMSI) was transmitted unencrypted. For 5G, a more secure version based on a asymmetric encryption and a challenge-reponse protocol that uses sequential numbers (SQNs) to prevent replay attacks. This hack against the AKA protocol sidesteps the IMSI, which remains encrypted and secure under 5G, and tracks you using the SQN.

The vulnerability exploits the AKA’s use of XOR to learn something about the SQN by repeating a challenge. Since the SQNs increment by one each time you use the phone, the authors can assume that if they see an SQN higher than a previous one by a reasonable number when you re-attach to their rogue cell tower, that it’s the same phone again. Since the SQNs are 48-bit numbers, their guess is very likely to be correct. What’s more, the difference in the SQN will reveal something about your phone usage while you’re away from the evil cell.

A sign of the times, the authors propose that this exploit could be used by repressive governments to track journalists, or by advertisers to better target ads. Which of these two dystopian nightmares is worse is left as comment fodder. Either way, it looks like 5G networks aren’t going to provide the location privacy that they promise.

Via [The Register]

Header image: MOs810 [CC BY-SA 4.0].