A Tamagotchi For WiFi Cracking

October 16, 2019 by Bryan Cockfield 8 Comments

OK, let’s start this one by saying that it’s useful to know how to break security measures in order to understand how to better defend yourself, and that you shouldn’t break into any network you don’t have access to. That being said, if you want to learn about security and the weaknesses within the WPA standard, there’s no better way to do it than with a tool that mimics the behavior of a Tamagotchi.

Called the pwnagotchi, this package of artificial intelligence looks for information in local WiFi packets that can be used to crack WPA encryption. It’s able to modify itself in order to maximize the amount of useful information it’s able to obtain from whatever environment you happen to place it in. As an interesting design choice, the pwnagotchi behaves like an old Tamagotchi pet would, acting happy when it gets the inputs it needs.

This project is beyond a novelty though and goes deep in the weeds of network security. If you’re at all interested in the ways in which your own networks might be at risk, this might be a tool you can use to learn a little more about the ways of encryption, general security, and AI to boot. Of course, if you’re new to the network security world, make sure the networks you’re using are secured at least a little bit first.

Thanks to [Itay] for the tip!

A New Way To Remote Terminal

August 9, 2019 by Bryan Cockfield 14 Comments

Thanks to the wonders of the internet, collaborating with others across great distances has become pretty simple. It’s easy now to share computer desktops over a network connection, and even take control of another person’s computer if the need arises. But these graphical tools are often overkill, especially if all we really need is to share a terminal session with someone else over a network.

A new project from [Elis] allows just that: to share an active terminal session over a web browser for anyone else to view. The browser accesses a “secret” URL which grants access to the terminal via a tunnel which is able to live stream the entire session. The server end takes care of all of the work of generating this URL, and it is encrypted with TLS and HTTPS. It also allows for remote control as well as viewing, so it is exceptionally well-featured for being simple and easy to run.

To run this software only a binary is needed, but [Elis] has also made the source code available. Currently he finds it a much more convenient way of administering his Raspberry Pi, but we can see a lot of use for this beyond the occasional headless server. Certainly this makes remote administration easy, but could be used collaboratively among a large group of people as well.

Doing 10 Gigabit Networking At Home, The Cheap Way

July 24, 2019 by Lewin Day 55 Comments

For the vast majority of us, Gigabit Ethernet is more than enough for daily tasks. The occasional big network file transfer might drag a little, but it’s rare to fall short of bandwidth when you’re hooked up over Cat 6. [Brian] has a thirst for saturating network links, however, and decided only 10 Gigabit Ethernet would do.

Already being the owner of a Gigabit Ethernet network at home, [Brian] found that he was now regularly able to saturate the links with his existing hardware. With a desire to run intensive virtual machines on his existing NAS without causing bandwidth issues, it was time for an upgrade. Unfortunately, the cost of rewiring the existing home network to Cat 6 and procuring hardware that could run 10 Gigabit Ethernet over copper twisted pair was prohibitively expensive.

Instead, [Brian] decided to reduce the scope to connecting just 3 machines. Switches were prohibitively expensive, so each computer was fitted with twin 10 Gigabit interfaces, such that it could talk to the two other computers. Rather than rely on twisted pair, the interfaces chosen use the SFP+ standard, in which the network cable accepts electrical signals from the interface, and contains a fiber optic transciever.

[Brian] was able to get the 3 computers networked for just $120, with parts sourced from eBay. It’s an approach that doesn’t scale well; larger setups would be much better served by using a switch and a less zany network topology. But for [Brian], it works just fine, and allows his NAS to outperform a 15,000 RPM server hard disk as far as read rates go.

If you’re curious about improving your own network performance, it might pay to look at your cables first – things are not always as they seem.

Curbing Internet Addiction In A Threatening Manner

July 15, 2019 by Erin Pinheiro 37 Comments

Those who have children of their own might argue that the youth of today are getting far too much internet time. [Nick] decided to put an emergency stop to it and made this ingenious internet kill switch to threaten teenagers with. Rather unassuming on the outside, the big red button instantly kills all network traffic as soon as you push it down, doing its label justice. Reset the toggle button, and the connection is restored, simple as that.

In order to achieve this, [Nick] fit inside the enclosure a Raspberry Pi Zero W, along with a battery and a wireless charging circuit for portability and completely wireless operation. The button is wired into the Pi’s GPIO and triggers a command to the router via SSH over WiFi, where a script listening to the signal tells it to drop the network interfaces talking to the outside world. It’s simple, it’s clean, and you can carry it around with you as a warning for those who dare disobey you. We love it.

Another use for big red buttons we’ve seen in the past is an AC power timer, but you can do just about anything with them if you turn one into an USB device. Check this one in action after the break.

Continue reading “Curbing Internet Addiction In A Threatening Manner” →

The $50 Ham: Checking Out The Local Repeater Scene

April 11, 2019 by Dan Maloney 24 Comments

So far in this series, we’ve covered the absolute basics of getting on the air as a radio amateur – getting licensed, and getting a transceiver. Both have been very low-cost exercises, at least in terms of wallet impact. Passing the test is only a matter of spending the time to study and perhaps shelling out a nominal fee, and a handy-talkie transceiver for the 2-meter and 70-centimeter ham bands can be had for well under $50. If you’re playing along at home, you haven’t really invested much yet.

The total won’t go up much this week, if at all. This time we’re going to talk about what to actually do with your new privileges. The first step for most Technician-class amateur radio operators is checking out the local repeaters, most of which are set up exactly for the bands that Techs have access to. We’ll cover what exactly repeaters are, what they’re used for, and how to go about keying up for the first time to talk to your fellow hams.

Continue reading “The $50 Ham: Checking Out The Local Repeater Scene” →

A Network Attached Radiation Monitor

February 13, 2019 by Tom Nardi 25 Comments

It started as a joke, as sometimes these things do. [Marek Więcek] thought building a personal radiation detector would not only give him something to work on, but it would be like having a gadget out of the Fallout games. He would check the data from time to time and have a bit of a laugh. But then things got real. When he started seeing rumors on social media that a nearby nuclear reactor had suffered some kind of radiation leak, his “joke” radiation detector suddenly became serious business.

With the realization that having his own source of detailed environmental data might not be such a bad idea after all, [Marek] has developed a more refined version of his original detector (Google Translate). This small device includes a Geiger counter as well as sensors for more mundane data points such as temperature and barometric pressure. Since it’s intended to be a stationary monitoring device, he even designed it to be directly plugged into an Ethernet network so that it can be polled over TCP/IP.

[Marek] based the design around a Soviet-era STS-5 Geiger tube, and outfitted his board with the high voltage electronics to provide it with the required 400 volts. Temperature, barometric pressure, and humidity are read with the popular Bosch BME280 sensor. If there’s no Ethernet network available, data from the sensors can be stored on either the built-in SPI flash chip or a standard USB flash drive.

The monitor is powered by a PIC32MX270F256B microcontroller with an Ethernet interface provided by the ENC28J60 chip. In practice, [Marek] has a central Raspberry Pi that’s polling the monitors over the network and collecting their data and putting it into a web-based dashboard. He’s happy with this setup, but mentions he has plans to add an LCD display to the board so the values can be read directly off of the device. He also says that a future version might add WiFi for easier deployment in remote areas.

Over the years we’ve seen a fair number of radiation monitors, from solar-powered WiFi-connected units to the incredible work [Radu Motisan] has done building his global network of radiation detectors. It seems hackers would rather not take somebody else’s word for it when it comes to the dangers of radiation.

This Tiny Router Could Be The Next Big Thing

February 1, 2019 by Tom Nardi 22 Comments

It seems like only yesterday that the Linksys WRT54G and the various open source firmware replacements for it were the pinnacle of home router hacking. But like everything else, routers have gotten smaller and faster over the last few years. The software we run on them has also gotten more advanced, and at this point we’ve got routers that you could use as a light duty Linux desktop in a pinch.

But even with no shortage of pocket-sized Linux devices in our lives, the GL-USB150 “Microrouter” that [Mason Taylor] recently brought to our attention is hard to ignore. Inside this USB flash drive sized router is a 400 MHz Qualcomm QCA9331 SoC, 64 MB of RAM, and a healthy 16 MB of storage; all for around $20 USD. Oh, and did we mention it comes with OpenWRT pre-installed? Just plug it in, and you’ve got a tiny WiFi enabled Linux computer ready to do your bidding.

On his blog [Mason] gives a quick rundown on how to get started with the GL-USB150, and details some of the experiments he’s been doing with it as part of his security research, such as using the device as a remote source for Wireshark running on his desktop. He explains that the diminutive router works just fine when plugged into a USB battery bank, offering a very discreet way to deploy a small Linux box wherever you may need it. But when plugged into a computer, things get really interesting.

If you plug the GL-USB150 into a computer, it shows up to the operating system as a USB Ethernet adapter and can be used as the primary Internet connection. All of the traffic from the computer will then be routed through the device to whatever link to the Internet its been configured to use. Depending on how you look at it, this could be extremely useful or extremely dangerous.

For one, it means that something that looks all the world like a normal USB flash drive could be covertly plugged into a computer and become a “wiretap” through which all of the network traffic is routed. That’s the bad news. On the flip side, it also means you could configure the GL-USB150 as a secure endpoint that lets you quickly and easily funnel all the computer’s traffic through a VPN or Tor without any additional setup.

We’ve seen all manner of hacks and projects that made use of small Linux-compatible routers such as the TP-Link TL-MR3020, but we expect the GL-USB150 and devices like it will be the ones to beat going forward. Let’s just hope one of them doesn’t show up uninvited in your network closet.