A Briefcase Pentesting Rig For The Discerning Hacker

In the movies, the most-high tech stuff is always built into a briefcase. It doesn’t whether whether it’s some spy gear or the command and control system for a orbiting weapons platform; when an ordinary-looking briefcase is opened up and there’s an LCD display in the top half, you know things are about to get interesting. So is it any surprise that hackers in the real-world would emulate the classic trope?

As an example, take a look at the NightPi by [Sekhan]. This all-in-one mobile penetration testing rig has everything you need to peek and poke where you aren’t supposed to, all while maintaining the outward appearance of an regular briefcase. Well, admittedly a rather utilitarian aluminum briefcase…with antennas sticking out. OK, so it might not be up to 007’s fashion standards, but it’s still pretty good.

[Sekhan] has crammed a lot of gear into the NightPi beyond the eponymous Raspberry Pi 3B+. There’s an RFID reader, an RTL-SDR dongle, an external HDD, plus the 12V battery and 5V converter to power everything. All told, it cost about $500 USD to build, though that figure is going to vary considerably depending on what your parts bins look like.

To keep things cool, [Sekhan] has smartly added some vent holes along the side of the briefcase, and a couple of fans to get the air circulating. With these cooling considerations, we imagine you should be able to run the NightPi with the lid closed without any issue. That could let you hide it under a table while you interact with its suite of tools from your phone, making the whole thing much less conspicuous. The NightPi is running Kali Linux with a smattering of additional cools to do everything from gathering data from social media to trying to capture keystrokes from mechanical keyboards with the microphone; so there’s no shortage of things to play with.

If you like the idea of carrying around a Pi-powered security Swiss Army knife but aren’t too concerned with how suspicious you look, then the very impressive SIGINT tablet we covered recently might be more your speed. Not that we think you’d have any better chance making it through the TSA unscathed with this whirring briefcase full of wires, of course.

Reverse Engineering Cyclic Redundancy Codes

Cyclic redundancy codes (CRC) are a type of checksum commonly used to detect errors in data transmission. For instance, every Ethernet packet that brought you the web page you’re reading now carried with it a frame check sequence that was calculated using a CRC algorithm. Any corrupted packets that failed the check were discarded, and the missing data was detected and re-sent by higher-level protocols. While Ethernet uses a particularly common CRC, there are many, many different possibilities. When you’re reverse-engineering a protocol that contains a CRC, although it’s not intended as a security mechanism, it can throw a wrench in your plans. Luckily, if you know the right tool, you can figure it out from just a few sample messages.

A case in point was discussed recently on the hackaday.io Hack Chat, where [Thomas Flayols] came for help reverse engineering the protocol for some RFID tags used for race timing. Let’s have a look at the CRC, how it is commonly used, and how you can reverse-engineer a protocol that includes one, using [Thomas’] application as an example.

Continue reading “Reverse Engineering Cyclic Redundancy Codes”

Hackaday Links: June 2, 2019

The works of Shakespeare, Goethe, and Cervantes combined do not equal the genius of Rick And Morty. Actually, the word ‘genius’ is thrown around a bit too much these days. Rick and Morty has surpassed genius. This cartoon is sublime. It is beyond any art that could be created. Now, you might not have a high enough IQ to follow this, but Rick and Morty is, objectively, the best art that can be produced. It just draws upon so much; Rick’s drunken stammering is a cleverly hidden allusion to Dostoevsky’s Netochka Nezvanova, absolutely brilliantly providing the back-story to Rick’s character while never actually revealing anything. Now, you’re probably not smart enough to understand this, but Teenage Engineering is releasing a Rick and Morty Pocket Operator. Only the top percentages of IQs are going to understand this, but this is game-changing. Nothing like this has ever been done before.

The Microsoft IntelliMouse Explorer 3.0 is the high water mark of computer peripheral design. Originally released in 2003, the IntelliMouse Explorer 3.0 was an instant classic. The design is nearly two decades old, but it hasn’t aged a day. That said, mouse sensors have gotten better in the years since, and I believe the original tooling has long worn out. Production of the original IntelliMouse Explorer 3.0 stopped a long time ago. Microsoft tried to revive the IntelliMouse a few years ago using a ‘BlueTrack’ sensor that was ridiculed by the gaming community. Now Microsoft is reviving the IntelliMouse with a good sensor. The Pro IntelliMouse is on sale now for $60 USD.

It has come to my attention that wooden RFID cards exist. This shouldn’t come as a surprise to anyone because wood veneer exists, thin coils of wire exist, and glue exists. That said, if you’re looking for an RFID card you can throw in the laser cutter for engraving, or you just want that special, home-made touch, you can get a wooden RFID card.

Lego has just released an Apollo Lunar Lander set, number 10266. It’s 1087 pieces and costs $99. This is a full-scale (or minifig-scale, whatever) Apollo LEM, with an ascent module detachable from the descent module. Two minifigs fit comfortably inside. Previously, the only full-scale (or, again, minifig-scale) Apollo LEM set was 10029, a Lego Discovery kit from 2003 (original retail price $39.99). Set 10029 saw a limited release and has since become a collectible: the current value for a new kit is $336. The annualized ROI of Lego set 10029-1 is 13.69%, making this new Apollo LEM set a very attractive investment vehicle. I’m going to say this one more time: Lego sets, and especially minifigs, are one of the best long-term investments you can make.

A Weinermobile is for sale on Craigslist. Actually, it’s not, because this was just a prank posted by someone’s friends. Oh, I wish I had an Oscar Mayer Weinermobile.

Rumors are swirling that Apple will release a new Mac Pro at WWDC this week. Say what you will about Apple, but people who do audio and video really, really like Apple, and they need machines with fast processors and good graphics cards. Apple, unfortunately, doesn’t build that anymore. The last good expandable mac was the cheese grater tower, retired in 2013 for the trash can pro. Will Apple manage to build a machine that can hold a video card?  We’ll find out this week.

Ripping Up A Rothult

NFC locks are reaching a tipping point where the technology is so inexpensive that it makes sense to use it in projects where it would have been impractical months ago. Not that practicality has any place among these pages. IKEA carries a cabinet lock for $20USD and does not need any programming but who has a jewelry box or desk drawer that could not benefit from a little extra security? Only a bit though, we’re not talking about a deadbolt here as this teardown shows.

Rothult has all the stuff you would expect to find in an NFC scanner with a moving part. We find a microcontroller, RFID decoder, supporting passives, metal shaft, and a geartrain. The most exciting part is the controller which is an STM32L051K8 processor by STMicroelectronics and second to that is the AS3911 RFID reader from AMS. Datasheets for both have links in the teardown. Riping up a Rothult in the lab, we find an 25R3911B running the RFID, and we have a link to that PDF datasheet. Both controllers speak SPI.

There are a couple of things to notice about this lock. The antenna is a flat PCB-mounted with standard header pins, so there is nothing stopping us from connecting coax and making a remote antenna. The limit switches are distinct so a few dabs of solder could turn this into an NFC controlled motor driver. Some of us will rest easy when our coworkers stop kidnapping our nice pens.

Rothult first came to our attention in a Hackaday Links where a commenter was kind enough to tip us off to this teardown. Thanks, Pio! If this whets your appetite for NFC, we have more in store.

RFID Payment Ring Made From Dissolved Credit Card

RFID payment systems are one of those things that the community seems to be divided on. Some only see the technology as a potential security liability, and will go a far as to disable the RFID chip in their card so that it can’t be read by a would-be attacker. Others think the ease and convenience of paying for goods by tapping their card or smartphone on the register more than makes up for the relatively remote risk of RFID sniffers. Given the time and effort [David Sikes] put into creating this contactless payment ring, we think it’s pretty clear which camp he’s in.

Alright, so the whole ring making part sounds easy enough, but how does one get an RFID chip that’s linked to their account? Easy. Just call the bank and ask them for one. Of course, they won’t just send you out a little RFID chip and antenna to mount in your hacked up project. (If only things were so simple!) But they will send you a new card if you tell them your old one is getting worn out and needs a replacement. All you have to do when it gets there is liberate the electronics without damaging them.

[David] found that an hour or so in an acetone bath was enough to dissolve the plastic and expose the epoxy-encased RFID chip, assuming you scrape the outer layers of the card off first. He notes that you can speed this part of the process up considerably if you know the exact placement and size of the RFID chip; that way you can cut out just the area you’re interested in rather than having to liquefy the whole card.

Once you have your chip, you just need to mount it into a ring. [David] has designed a 3D printable frame (if you’ve got a high-resolution SLA machine, that is) which accepts the chip and a new antenna made from a coil of 38 AWG magnet wire. With the components settled into the printed frame, its off to a silicone mold and the liberal application of epoxy resin to encapsulate the whole thing in a durable shell.

If a ring is not personal enough for you, then the next step is getting the RFID chip implanted directly into your hand. There are even folks at hacker cons who will do that sort of thing for you, if you’re squeamish.

Continue reading “RFID Payment Ring Made From Dissolved Credit Card”

A Robust ESP8266 RFID Access Control System

By now we’ve seen plenty of projects that use an ESP8266 as a form of rudimentary access control: tap a button on your smartphone, and the door to your apartment unlocks. With the power and flexibility of the ESP, it’s a very easy project to pull off with minimal additional hardware. But what about if you want to get a little more serious, and need to support many users?

Rather than reinvent the wheel, you might want to check out the extremely impressive ESP-RFID project. It’s still based on the ESP8266 we all know and love, but it combines the diminutive WiFi-enabled microcontroller with a nice custom PCB and some exceptionally slick software to create a very professional access control system without breaking the bank. As the name implies, the system is geared towards RFID authentication and supports readers such as the MFRC522, PN532 RFID, or RDM6300. Add in a stack of Mifare Classic 1KB cards, and your hackerspace is well on the way to getting a new door control system.

The official hardware for ESP-RFID can be purchased through Tindie with or without an installed ESP-12F module, but as it’s a fully open source project, you’re also free to build your own version if you’d like. In either event, the board allows you to easily connect the ESP up to your RFID reader of choice, as well as door sensors and of course the door locks themselves.

On the software side of things, ESP-RFID should be able to handle about 1000 unique users and their RFID cards before the relatively limited RAM and storage of the ESP catches up with it. But if you’ve got that many people coming and going in your hackerspace, it might be time to update your systems to begin with. Incidentally, the project makes no guarantees about the security of the ESP-RFID code, and says that the system shouldn’t be used for secure locations. That said, you can run ESP-RFID without an Internet connection to reduce your attack surface, at the cost of losing NTP time synchronization.

If you’re not managing a few hundred users and their RFID cards, one of the more simplistic ESP8266 door locks might be more your speed. We’ve also seen similar tricks pulled off with the Particle Photon, in case you’ve got one of those rattling around the parts bin.

Hackaday Podcast Ep3 – Igloos, Lidar, And The Blinking LED Of RF Hacking

It’s cold outside! So grab a copy of the Hackaday Podcast, and catch up on what you missed this week.

Highlights include a dip into audio processing with sox and FFMPEG, scripting for Gmail, weaving your own carbon fiber tubes, staring into the sharpest color CRT ever, and unlocking the secrets of cheap 433 MHz devices. Plus Elliot talks about his follies in building an igloo while Mike marvels at what’s coming out of passive RFID sensor research.

And what’s that strange noise at the end of the podcast?

Direct Download (59.2 MB MP3)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Ep3 – Igloos, Lidar, And The Blinking LED Of RF Hacking”