Exploiting Weak Crypto On Car Key Fobs

October 18, 2017 by Christian Trapp 55 Comments

[tomwimmenhove] has found a vulnerability in the cryptographic algorithm that is used by certain Subaru key fobs and he has open-sourced the software that drives this exploit. All you need to open your Subaru is a RasPi and a DVB-T dongle, so you could complain that sharing this software equates to giving out master keys to potential car thieves. On the other hand, this only works for a limited number of older models from a single manufacturer — it’s lacking in compatibility and affordability when compared to the proverbial brick.

This hack is much more useful as a case study than a brick is, however, and [tomwimmenhove]’s work points out some bad design on the manufacturer’s side and as such can help you to avoid these kind of mistakes. The problem of predictable keys got great treatment in the comments of our post about an encryption scheme for devices low in power and memory, for instance.

Those of you interested in digital signal processing may also want to take a look at his code, where he implements filtering, demodulation and decoding of the key fob’s signal. The transmission side is handled by rpitx and attacks against unencrypted communications with this kind of setup have been shown here before. There’s a lot going on here that’s much more interesting than stealing cars.

[Via Bleeping Computer]

Continue reading “Exploiting Weak Crypto On Car Key Fobs” →

Spare RPi? You Have A Currency Trading Platform

October 17, 2017 by Bryan Cockfield 29 Comments

While Bitcoin and other altcoins are all the rage these days, there is still a lot of activity in the traditional currency exchanges. Believe it or not, there’s money to be made there as well, although it rarely makes fanciful news stories like cryptocurrency has been. Traditional currency trading can be done similar to picking stocks, but if you’d rather automate your particular trading algorithm you can set up a Raspberry Pi to make money by trading money.

This particular project by [dmitry] trades currency on the Forex exchange using an already-existing currency trading software package called MetaTrader. This isn’t an ARM-compatible software suite though, so some auxiliary programs (Wine and ExaGear Desktop) need to be installed to get it working properly. From there, its easy enough to start trading in government-backed currency while reaping all of the low-power-usage benefits that the Pi offers.

[dmitry] does note that you can easily use MetaTrader on a standard laptop, but you might be tempted to go against your trading algorithms and even then you won’t be reaping the power benefits of the ARM processor. We don’t see too many traditional currency or stock trading tips around here, but don’t forget that it’s still possible to mine some types of cryptocurrency even if BitCoin is out of reach of most now.

Encrypt Data On The Fly On A Pi With Cryptopuck

October 13, 2017 by Tom Nardi 22 Comments

There was a time that encryption was almost a dirty word; a concept that really only applied to people with something to hide. If you said you wanted to encrypt your hard drive, it may as well have been an admission to a crime. But now more than ever it’s clear that encryption, whether it’s on our personal devices or on the web, is a basic necessity in a digital society. The age of Big Data is upon us, and unless you’re particularly fond of being a row in a database, you need to do everything you can to limit the amount of plaintext data you have.

Of course, it’s sometimes easier said than done. Not everyone has the time or desire to learn how the different cryptographic packages work, others may be working on systems that simply don’t have the capability. What do you do when you want to encrypt some files, but the traditional methods are out of reach?

Enter the latest project from [Dimitris Platis]: Cryptopuck. By combining the ever-versatile Raspberry Pi Zero, some clever Python programs, and a few odds and ends in a 3D printed case, he has created a completely self-contained encryption device that anyone can use. Stick a USB flash drive in, wait for the LED to stop blinking, and all your files are now securely encrypted and only accessible by those who have the private key. [Dimitris] envisions a device like this could be invaluable for reporters and photographers on the front lines, protesters, or really anyone who needs a discreet way of quickly securing data but may not have access to a computer.

The hardware side is really just the Pi, a switch, a single LED for notifications, and a battery. The real magic comes from the software, where [Dimitris] has leveraged PyCrypto to perform the AES-256 encryption, and a combination of pyinotify and udiskie to detect new mounted volumes and act on them. The various Python scripts that make up the Cryptopuck suite are all available on the project’s GitHub page, but [Dimitris] makes it very clear the software is to be considered a proof of concept, and has not undergone any sort of security audit.

For some background information on how the software used by the Cryptopuck works you may want to check out this excellent primer from a few years back; though if you’d like to read up on why encryption is so important, you don’t need to go nearly as far back in time.

Continue reading “Encrypt Data On The Fly On A Pi With Cryptopuck” →

A Raspberry Pi Rain Man In The Making

October 13, 2017 by Dan Maloney 11 Comments

We see a lot of Raspberry Pis used to play games, but this is something entirely different from the latest RetroPie build. This Raspberry Pi is learning how to read playing cards, with the goal of becoming the ultimate card counting blackjack player.

If [Taxi-guy] hasn’t named his project Rain Man, we humbly suggest that he does so. Because a Pi that can count into a six-deck shoe would be quite a thing, even though it would never be allowed anywhere near a casino. Hurdle number one in counting cards is reading them, and [Taxi-guy] has done a solid job of leveraging the power of OpenCV on a Pi 3 for the task. His description in the video below is very detailed, but the approach is simple: find the cards in a PiCam image of the playing field using a combination of thresholding and contouring. Then, with the cards isolated, compare the rank and suit in the upper left corner of the rotated card image to prototype images to identify the card. The Pi provides enough horsepower to quickly identify an arbitrary number of non-overlapping cards; we assume [Taxi-guy] will have to address overlapping cards and decks that use different fonts at some point.

We’re keen to see this Pi playing blackjack someday. As he’s coding that up, he may want to look at algorithmic approaches to blackjack strategies, and the real odds of beating the house.

Continue reading “A Raspberry Pi Rain Man In The Making” →

Untether From Your Location With A VPN

October 12, 2017 by Bryan Cockfield 38 Comments

By now, most of us know the perks of using a VPN: they make private one’s online activity (at least from your ISP’s point of view, probably), and they can also make it appear as if you are in a different locale than you physically are. This is especially important for trying to watch events such as the Olympics which might air different things at different times in different countries. It’s also starting to be an issue with services like Netflix which allow content in some areas but not others.

While VPNs can help solve this problem, it can be tedious to set them up for specific purposes like this if you have to do it often. Luckily, [clashtherage] has created a router with a Raspberry Pi that takes care of all of the complicated VPN routing automatically. In much the same way that another RPi router we’ve seen eliminates ads from all of your internet traffic, this one takes all of your traffic and sends it to a locale of your choosing. (In theory one could use both at the same time.)

Obviously this creates issues for Netflix as a company, and indeed a number of services (like craigslist, for example) are starting to block access to their sites if they detect that a VPN is being used. Of course, this only leads to an arms race of VPNs being blocked, and them finding ways around the obstacles, and on and on. If only IPv6 was finally implemented, we might have a solution for all of these issues.

Terrible Cluster Of PIs

October 11, 2017 by Al Williams 36 Comments

When we first saw [Ajlitt’s] Hackaday.io project Terrible Cluster we thought, perhaps, he meant terrible in the sense of the third definition:

3. exciting terror, awe, or great fear; dreadful; awful. (Dictionary.com)

After looking at the subtitle, though, we realized he just meant terrible. The subtitle, by the way, is: 5 Raspberry PI Zeros. One custom USB hub. Endless disappointment.

There are four Raspberry Pi Zero boards that actually compute and one Raspberry Pi Zero W serves as a head node and network router. The total cost is about $100 and half of that is in SD cards. There’s a custom USB backplane and even a 3D-printed case.

At first, using five tiny computers in a cluster might not seem like a big deal. Benchmarking shows the cluster (with a little coaxing) could reach 1.281 GFLOPS, with an average draw of 4.962W. That isn’t going to win any world records. However, the educational possibilities of building a $100 cluster that fits in the palm of your hand is interesting. Besides, it is simply a cute build.

We’ve seen much larger Pi clusters, of course. You might be better off with some desktop CPUs, but — honestly — not much better.

Running The SNES Classic Mini Emulator On The Raspberry Pi

October 6, 2017 by Lewin Day 30 Comments

Unless you’ve been living under a rock, you’d be familiar with Nintendo’s hugely popular Classic Mini consoles. Starting with the NES, and now followed with the SNES, the consoles ship in a cute, miniature enclosure and emulate Nintendo classics using the horsepower of modern ARM chips. These consoles use an emulator that has been created especially for the purpose by Nintendo, in house – and ~~[Morris]~~ [krom] wanted to see if he could take the emulator on the SNES Classic Mini and run it on the Raspberry Pi.

Yes, there are already SNES emulators on the Raspberry Pi. But anyone interested in the nuts and bolts of emulation can see the clear interest in the tricks and techniques Nintendo are using to achieve the feat. In particular, Nintendo engineers have the benefit of access to internal documentation that can make the job a lot easier, particularly when dealing with edge cases.

[krom] has been kind enough to share the full instructions necessary to recreate this feat. One stumbling block was the difference in hardware between the Raspberry Pi and the SNES Classic Mini – the Pi using a Broadcom GPU instead of the SNES’s Mali hardware. However, a workaround was simple enough – swapping out some libraries was all that was required. It also gives some interesting insight – it looks like the SNES Classic Mini relies on the SDL libraries to run.

While emulation of the SNES has been a largely solved problem for quite some time, it’s great to see more work going on in the field. In particular, the official Nintendo emulation is reported to be particularly adept at running games that rely on the SuperFX chip.

For another take on SNES emulation, try out your old Mario games on the HoloLens.

Thanks [Morris] for the tip!