Knowing how WiFi networks can be attacked is a big part of properly securing them, and the best way to learn about it is to (legally) run some attacks. [Matt Agius] has been going down the WiFi-cracking rabbit hole, and in the process created Pwnagotchi Tools to automate the actual password cracking part.
The first step in cracking a WiFi network is to record the handshake that gets exchanged when a client connects to an access point. This has been made very simple thanks to Pwnagotchi, which turns a Raspberry Pi into an automated handshake collection tool and Pwnagothi Tools helps to automate the steps that follow. It downloads the handshakes (pcap files) from the pwnagotchi, and converts it to pmkid/hccapx files to use with the hashcat password recovery tool. Hashcat scripts can then be generated for the actual cracking using any of the attacks that [Matt] has compiled. WPA/WPA2 is slow to crack and requires a lot of processing power, so [Matt] also added the option to automatically provision AWS GPU instances to run the cracking task in the cloud. It also keeps track of the status of each of the handshakes being cracked.
As wireless networks and IoT devices become more pervasive, it’s important to know the dangers, and how to protect against them. WiFi and Bluetooth security is probably the easiest to learn about, but other networks are just as vulnerable when an RTL-SDR is used. Another option Flipper Zero, a hacking gadget for Sub-1 GHz networks inspired by Pwnagotchi, which recently hit $4.8 million in its Kickstarter campaign.
With more and more manufacturers moving to USB-C, it seems as though the trusty USB port is getting more and more entrenched. Not that that’s a bad thing, either; having a universal standard like this is great for simplicity and interconnectability. However, if you’re still stuck with USB 2.0 ports on your now completely obsolete one-year-old phone, there’s still some hope that you can at least get rapid charging. [hugatry] was able to manipulate Qualcomm’s rapid charging protocol to enable it to work with any device.
Continue reading “Bitbanging Qualcomm Charge Controllers”
Do it yourself garage door openers must be all the rage nowadays. We just got word of another take on this popular idea. [Giles] was commissioned by his friend to find a way to control the friend’s garage door using a smart phone. The request was understandable, considering the costly garage door remote and the fact that the buttons on the expensive remote tended to fail after a while. The inspiration for this project came from some YouTube videos of other similar projects. Those projects all paired an Arduino with a Bluetooth headset in order to control the door from a mobile phone. [Giles] understood that while this would get the job done, it wouldn’t be very secure. Bluetooth headsets typically connect to mobile phones using a four digit PIN. Many of them have known default PINs and even if the default is changed, it wouldn’t take very long to guess a four digit PIN. [Giles] knew he had to find a more secure way.
Continue reading “Arduino Garage Door Opener Is Security Minded”
If you’re old enough to have used a dial-up modem we’d bet you can do an imitation of the sounds it made while connecting. Those not-so-beautiful sounds heralded the dawning of a technological era. But few actually know what each of those distinct sounds were doing. Now’s your chance to learn. This post explains each step in the dail-up handshake process.
This may be the most useful infographic we’ve ever seen. Normally we just seem them as gimmicks, but [Oona Räisänen] really put together something special with this one. Her blog post includes an audio clip so that you can play back the full handshake sounds. The main box on the graphic shows the audio spectrum from that clip, with an explanation below it. But you’ll also want to read through her full write-up for a more narrative description.
The part we found the most interesting is that these modems needed to disable the echo suppression used by the telephone system in order to operate at full-duplex. Apparently land lines disabled the speaker while you were talking so that you didn’t hear your own voice. This was a problem if the modem was trying to send and receive at the same time.