Brute Forcing A Mobile’s PIN Over USB With A $3 Board

July 16, 2023 by Donald Papp 51 Comments

Mobile PINs are a lot like passwords in that there are a number of very common ones, and [Mobile Hacker] has a clever proof of concept that uses a tiny microcontroller development board to emulate a keyboard to test the 20 most common unlock PINs on an Android device.

Trying the twenty most common PINs doesn’t take long.

The project is based on research analyzing the security of 4- and 6-digit smartphone PINs which found some striking similarities between user-chosen unlock codes. While the research is a few years old, user behavior in terms of PIN choice has probably not changed much.

The hardware is not much more than a Digispark board, a small ATtiny85-based board with built-in USB connector, and an adapter. In fact, it has a lot in common with the DIY Rubber Ducky except for being focused on doing a single job.

Once connected to a mobile device, it performs a form of keystroke injection attack, automatically sending keyboard events to input the most common PINs with a delay between each attempt. Assuming the device accepts, trying all twenty codes takes about six minutes.

Disabling OTG connections for a device is one way to prevent this kind of attack, and not configuring a common PIN like ‘1111’ or ‘1234’ is even better. You can see the brute forcing in action in the video, embedded below.

Continue reading “Brute Forcing A Mobile’s PIN Over USB With A $3 Board” →

ESP32-S2 Hack Chat With Adafruit

May 4, 2020 by Dan Maloney 23 Comments

Join us on Wednesday, May 6 at noon Pacific for the ESP32-S2 Hack Chat with Limor “Ladyada” Fried and Scott Shawcroft!

When Espressif released the ESP8266 microcontroller back in 2014, nobody could have predicted how successful the chip was to become. While it was aimed squarely at the nascent IoT market and found its way into hundreds of consumer devices like smart light bulbs, hackers latched onto the chip and the development boards it begat with gusto, thanks to its powerful microcontroller, WiFi, and lots of GPIO.

The ESP8266 was not without its problems, though, and security was always one of them. The ESP32, released in 2016, addressed some of these concerns. The new chip added another CPU core, a co-processor, Bluetooth support, more GPIO, Ethernet, CAN, more and better ADCs, a pair of DACs, and a host of other features that made it the darling of the hacker world.

Now, after being announced in September of 2019, the ESP32-S2 is finally making it into hobbyist’s hands. On the face of it, the S2 seems less capable, with a single core and neither Bluetooth nor Ethernet. But with a much faster CPU, scads more GPIO, more ADCs, a RISC-V co-processor, native USB, and the promise of very low current draw, it could be that the ESP32-S2 proves to be even more popular with hobbyists as it becomes established.

To talk us through the new chip’s potential, Limor “Ladyada” Fried and Scott Shawcroft, both of Adafruit Industries, will join us on the Hack Chat. Come along and learn everything you need to know about the ESP32-S2, and how to put it to work for you.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 6 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.
Continue reading “ESP32-S2 Hack Chat With Adafruit” →

Pi Zero Digital Frame Kiosk Uses OTG Right

June 3, 2016 by Gerrit Coetzee 14 Comments

USB On-The-Go (OTG) is one of the fun aspects of the USB standard. There are feelings about the other aspects, but that one is alright. Regardless, [Francesco] realized one day that the £3 digital picture frames he purchased at a charity sale really didn’t care if the files on the thumb drive mysteriously changed all the time. It would just keep pulling and displaying the latest file at a blistering 0.2 frames per second. That’s right, the concept [Francesco] went after is to show changing data, even animations, with an update of one frame every five seconds!

His initial tests showed good for the concept — the Pi can easily emulate a mass storage device, feeding in data whenever the picture frame looks for it. In addition to the Pi Zero board he added an Ethernet shield, a voltage regulator, a camera, and even some infrared LEDS. We suppose there are dreams for the future.

He has been developing scripts for this rig by logging in through a VNC. A cron job runs his scripts at regular intervals, grabbing useful data and making it available as an image. For example, one script opens up the weather in Epiphany (a web browser), takes a screenshot, and saves that screenshot to the mass storage being emulated using USB OTG. The digital picture frame blissfully updates, unaware of its strange appendages. Now the real limiting factor is how much you can accomplish with your mad Bash skills.

Video Preview: New IOIO Prototype

September 15, 2012 by Mike Szczys 9 Comments

We got our hands on this prototype of the new IOIO design. It’s a breakout board that makes adding hardware to an Android device pretty easy. [Ytai Ben-Tsvi] sent it our way, and took a bit of time to explain some of the differences between this board and the original version. You can see our video preview embedded after the break.

The size and form factor of the board remain the same, but the choice and layout of parts has changed. Most obviously, the USB-A connector is gone, replaced by a USB ~~mini-B~~ micro-B connector. This makes it possible to use the board as a USB-on-the-go device, or as a USB host device with the help of an adapter that will ship with the board. The JST connector is for external power. The previous revision included a footprint for it but it was never populated. There has also been an upgrade to the voltage regulation circuit, using a newer part as the switch-mode regulator.

There was a last-minute bug discovered in the layout. [Ytai] wants iron-clad 5V to ground short protection and is re-spinning the board to ensure he achieves that goal. He can’t say for sure, but as we mentioned in our previous post about the prototype, a price cut is planned. It could cut the current price of $50 down to just $30, but that won’t be decided until all of the choices have been made for the first production run.

Continue reading “Video Preview: New IOIO Prototype” →

Custom Flat Cables To Suit Your Needs

October 26, 2011 by Mike Szczys 17 Comments

[Cosimo Orlando] has a Motorola Xoom tablet. It’s an Android device that works great as a tablet, but can double as a Laptop when you need it to by adding a keyboard. The problem he was having is that the USB On-The-Go cables that he tried were never the right size or orientation. So he scavenged them for parts and built his own flat cable for a custom fit.

The final product pictured here actually uses protoboard to give the body some strength. [Cosimo] first laid out the dimensions on the substrate using a felt-tipped pen. He then took connectors from his mis-sized commercial cables and affixed them to the board with a combination of hot glue and solder. From there, just connect the five data lines and ground with some jumper wire and test for continuity. He finished this off with what he calls ‘adhesive plastic glossy black’ shaped to make a decent looking case. If you have any idea what product was used here, let us know by leaving a comment.

Forknife, Android G1 Controlled Robot

January 25, 2009 by Eliot 11 Comments

g1bot

When we first saw [Jeffrey Nelson]’s G1 based robot we immediately wondered what the transport for the controls was. The G1‘s hardware supports USB On-The-Go, but it’s not implemented in Android yet. It turns out he’s actually sending commands by using DTMF tones through the headphone adapter. The audio jack is connected to a DTMF decoder that sends signals to the bot’s Arduino. He wrote client/server code in Java to issue commands to the robot. You can find that code plus a simple schematic on his site. A video of the bot is embedded below.

Continue reading “Forknife, Android G1 Controlled Robot” →