An Exercise In Firmware Dumping With The GreatFET

Looking to hone his hardware hacking skills, [James Chambers] recently set out to reverse engineer a common cheap wireless keyboard: the Logitech K360. The chipset it uses has already been fairly well explored (and exploited) by security researchers, but the goal here was more about gaining some practical hands-on experience than it was breaking any new ground.

The first post in what we’re sure will be a fascinating series deals with dumping the board’s firmware using the GreatFET. We actually haven’t seen too many projects that showcase the capabilities of this highly capable open hardware multi-tool, so the post serves as a nice demonstration of how one goes about writing the necessary Python scripts to put it to work in a practical scenario.

Some promising bytes.

Of course, even with the best of tools, there’s always a few stumbling blocks. After identifying what was clearly some kind of programming header on the K360’s diminutive PCB, it took a few failed attempts at reading the firmware before [James] realized he needed to tap into more pins on the keyboard’s nRF24LE1 microcontroller. Once everything was physically wired up, he wrote some code for the GreatFET that would perform the proper incantations on the chip’s PROG and RESET pins to enable its programming interface.

[James] goes on to explain how you can pull some extended chip information out of the hardware and verify the contents of the firmware dump with Gihdra, but any more advanced analysis will have to wait until the next post in the series. In the meantime, if you like reading about hardware hacking from this “over the shoulder” viewpoint, you should check out some of the fantastic work that [wrongbaud] has sent in over the last year or so.

Hacking USB Hack Chat

Join us on Wednesday, February 26 at noon Pacific for the Hacking USB Hack Chat with Kate Temkin!

For all its aggravating idiosyncrasies, the Universal Serial Bus has been a game-changer in peripheral connections for nearly a quarter of a century now. What was once simply a means to connect a mouse and a keyboard to a computer has been extended and enhanced into something so much more than its original designers intended. The flexibility that led to these innovative uses for USB also led to its ubiquity, with some form of the connector sprouting from nearly every imaginable device.

Kate Temkin is well-versed in the intricacies of the Universal Serial Bus. As a software lead for Great Scott Gadgets, Kate has developed software and firmware for GSG’s products, like GreatFET and HackRF. Kate also contributes to and maintains a number of open-source projects, including the FaceDancer project. And when she’s not busy with all of this, she can be found sharing her deep knowledge with USB security training courses, where she shows how USB is vulnerable to attack, and what to do to prevent it.

Join us for the Hacking USB Hack Chat this week, where Kate will discuss anything and everything about USB. Come learn about what the future holds for the USB standard, and what you can do to keep your USB project on track.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, February 26 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Hacking USB Hack Chat”

Hands-On: GreatFET Is An Embedded Tool That Does It All

There’s a new embedded hacking tool on the scene that gives you an interactive Python interface for a speedy chip on a board with oodles of GPIO, the ability to masquerade as different USB devices, and a legacy of tricks up its sleeve. This is the GreatFET, the successor to the much loved GoodFET.

I first heard this board was close to launch almost a year ago and asked for an early look. When shipping began at the end of April, they sent me one. Let’s dig in for a hands-on review of the GreatFET from Great Scott Gadgets.

Continue reading “Hands-On: GreatFET Is An Embedded Tool That Does It All”

Radio Gets Ridiculous

There were plenty of great talks at this year’s Supercon, but we really liked the title of Dominic Spill’s talk: Ridiculous Radios. Let’s face it, it is one thing to make a radio or a computer or a drone the way you are supposed to. It is another thing altogether to make one out of things you shouldn’t be using. That’s [Dominic’s] approach. In a quick 30 minutes, he shows you two receivers and two transmitters. What makes them ridiculous? Consider one of the receivers. It is a software defined radio (SDR). How many bits should an SDR have? How about one bit? Ridiculous? Then you are getting the idea.

Dominic is pretty adept at taking a normal microcontroller and bending it to do strange RF things and the results are really entertaining. The breadboard SDR, for example, is a microcontroller with three components: an antenna, a diode, and a resistor. That’s it. If you missed the talk at Supercon, you can see the newly published video below, along with more highlights from Dominic’s talk.

Continue reading “Radio Gets Ridiculous”

Shmoocon 2017: Software Defined Radio For Terahertz Frequencies

Before Bluetooth, before the Internet of Things, and before network-connected everything, infrared was king. In the 90s, personal organizers, keyboards, Furbys, and critical infrastructure was built on infrared. Some of these devices are still around, hiding in plain sight. This means there’s a lot of opportunities for some very fun exploits. This was the focus of [Mike Ossmann] and [Dominic Spill]’s talk at this year’s Shmoocon, Exploring The Infrared World. What’s the hook? Using software-defined radio with terahertz frequencies.

irtra
[Dominic]’s infrared detector
Infrared communication hasn’t improved since the days of IrDA ports on laptops, and this means the hardware required to talk to these devices is exceptionally simple. The only thing you need is an IR phototransistor and a 4.7k resistor. This is enough to read signals, but overkill is the name of the game here leading to the development of the Gladiolus GreatFET neighbor. This add-on board for the GreatFET is effectively a software defined IR transceiver capable of playing with IrDA, 20 to 60 kHz IR remote control systems, and other less wholesome applications.

Demos are a necessity, but the world seems to have passed over IR in the last decade. That doesn’t mean there still aren’t interesting targets. A week before Shmoocon, [Mike Ossmann] put out the call on Twitter for a traffic light and the associated hardware. Yes, police cars and ambulances use infrared signaling to turn traffic lights green. You shouldn’t. You can, but you shouldn’t.

What was the takeaway from this talk? IR still exists, apparently. Yes, you can use it to send documents directly from your PalmPilot to a laser printer without any wires whatsoever. One of the more interesting applications for IR is an in-car wireless headphone unit that sends something almost, but not quite, like pulse coded audio over infrared. The demo that drew the most applause was an infrared device that changed traffic lights to green. The information to do that is freely available on the web, but you seriously don’t want to attempt that in the wild.