An RFID Ring For The Body Mod Squeamish

Some people get inked, while others get henna or those water transfer tattoos you might find in a box of Cracker Jack. [Becky] wanted the benefits of having an RFID tag in her finger — unlock doors or log into your computer with a swipe of your finger — but wasn’t ready to get an implant. Her solution: make an artistic ring that conceals a tiny glass capsule RFID tag.

Besides not having to shove some tech under your epidermis, there are a few other advantages: you can change out tags as easy as changing rings, for one. You can also easily loan your ring to someone just as you might give them keys to your door.

Continue reading “An RFID Ring For The Body Mod Squeamish”

Following Pigs: Building An Injectable Livestock Tracking System

I’m often asked to design customer and employee tracking systems. There are quite a few ways to do it, and it’s an interesting intersection of engineering and ethics – what information is reasonable to collect in different contexts, anonymizing and securely storing it, and at a fundamental level whether the entire system should exist at all.

On one end of the spectrum, a system that simply counts the number of people that are in your restaurant at different times of day is pretty innocuous and allows you to offer better service. On the other end, when you don’t pay for a mobile app, generally that means your private data is the product being bought and sold. Personally, I find that the whole ‘move fast and break things’ attitude, along with a general disregard for the privacy of user data, has created a pretty toxic tech scene. So until a short while ago, I refused to build invasive tracking systems – then I got a request that I simply couldn’t put aside…

Continue reading “Following Pigs: Building An Injectable Livestock Tracking System”

A Briefcase Pentesting Rig For The Discerning Hacker

In the movies, the most-high tech stuff is always built into a briefcase. It doesn’t whether whether it’s some spy gear or the command and control system for a orbiting weapons platform; when an ordinary-looking briefcase is opened up and there’s an LCD display in the top half, you know things are about to get interesting. So is it any surprise that hackers in the real-world would emulate the classic trope?

As an example, take a look at the NightPi by [Sekhan]. This all-in-one mobile penetration testing rig has everything you need to peek and poke where you aren’t supposed to, all while maintaining the outward appearance of an regular briefcase. Well, admittedly a rather utilitarian aluminum briefcase…with antennas sticking out. OK, so it might not be up to 007’s fashion standards, but it’s still pretty good.

[Sekhan] has crammed a lot of gear into the NightPi beyond the eponymous Raspberry Pi 3B+. There’s an RFID reader, an RTL-SDR dongle, an external HDD, plus the 12V battery and 5V converter to power everything. All told, it cost about $500 USD to build, though that figure is going to vary considerably depending on what your parts bins look like.

To keep things cool, [Sekhan] has smartly added some vent holes along the side of the briefcase, and a couple of fans to get the air circulating. With these cooling considerations, we imagine you should be able to run the NightPi with the lid closed without any issue. That could let you hide it under a table while you interact with its suite of tools from your phone, making the whole thing much less conspicuous. The NightPi is running Kali Linux with a smattering of additional cools to do everything from gathering data from social media to trying to capture keystrokes from mechanical keyboards with the microphone; so there’s no shortage of things to play with.

If you like the idea of carrying around a Pi-powered security Swiss Army knife but aren’t too concerned with how suspicious you look, then the very impressive SIGINT tablet we covered recently might be more your speed. Not that we think you’d have any better chance making it through the TSA unscathed with this whirring briefcase full of wires, of course.

Reverse Engineering Cyclic Redundancy Codes

Cyclic redundancy codes (CRC) are a type of checksum commonly used to detect errors in data transmission. For instance, every Ethernet packet that brought you the web page you’re reading now carried with it a frame check sequence that was calculated using a CRC algorithm. Any corrupted packets that failed the check were discarded, and the missing data was detected and re-sent by higher-level protocols. While Ethernet uses a particularly common CRC, there are many, many different possibilities. When you’re reverse-engineering a protocol that contains a CRC, although it’s not intended as a security mechanism, it can throw a wrench in your plans. Luckily, if you know the right tool, you can figure it out from just a few sample messages.

A case in point was discussed recently on the Hack Chat, where [Thomas Flayols] came for help reverse engineering the protocol for some RFID tags used for race timing. Let’s have a look at the CRC, how it is commonly used, and how you can reverse-engineer a protocol that includes one, using [Thomas’] application as an example.

Continue reading “Reverse Engineering Cyclic Redundancy Codes”

Hackaday Links: June 2, 2019

The works of Shakespeare, Goethe, and Cervantes combined do not equal the genius of Rick And Morty. Actually, the word ‘genius’ is thrown around a bit too much these days. Rick and Morty has surpassed genius. This cartoon is sublime. It is beyond any art that could be created. Now, you might not have a high enough IQ to follow this, but Rick and Morty is, objectively, the best art that can be produced. It just draws upon so much; Rick’s drunken stammering is a cleverly hidden allusion to Dostoevsky’s Netochka Nezvanova, absolutely brilliantly providing the back-story to Rick’s character while never actually revealing anything. Now, you’re probably not smart enough to understand this, but Teenage Engineering is releasing a Rick and Morty Pocket Operator. Only the top percentages of IQs are going to understand this, but this is game-changing. Nothing like this has ever been done before.

The Microsoft IntelliMouse Explorer 3.0 is the high water mark of computer peripheral design. Originally released in 2003, the IntelliMouse Explorer 3.0 was an instant classic. The design is nearly two decades old, but it hasn’t aged a day. That said, mouse sensors have gotten better in the years since, and I believe the original tooling has long worn out. Production of the original IntelliMouse Explorer 3.0 stopped a long time ago. Microsoft tried to revive the IntelliMouse a few years ago using a ‘BlueTrack’ sensor that was ridiculed by the gaming community. Now Microsoft is reviving the IntelliMouse with a good sensor. The Pro IntelliMouse is on sale now for $60 USD.

It has come to my attention that wooden RFID cards exist. This shouldn’t come as a surprise to anyone because wood veneer exists, thin coils of wire exist, and glue exists. That said, if you’re looking for an RFID card you can throw in the laser cutter for engraving, or you just want that special, home-made touch, you can get a wooden RFID card.

Lego has just released an Apollo Lunar Lander set, number 10266. It’s 1087 pieces and costs $99. This is a full-scale (or minifig-scale, whatever) Apollo LEM, with an ascent module detachable from the descent module. Two minifigs fit comfortably inside. Previously, the only full-scale (or, again, minifig-scale) Apollo LEM set was 10029, a Lego Discovery kit from 2003 (original retail price $39.99). Set 10029 saw a limited release and has since become a collectible: the current value for a new kit is $336. The annualized ROI of Lego set 10029-1 is 13.69%, making this new Apollo LEM set a very attractive investment vehicle. I’m going to say this one more time: Lego sets, and especially minifigs, are one of the best long-term investments you can make.

A Weinermobile is for sale on Craigslist. Actually, it’s not, because this was just a prank posted by someone’s friends. Oh, I wish I had an Oscar Mayer Weinermobile.

Rumors are swirling that Apple will release a new Mac Pro at WWDC this week. Say what you will about Apple, but people who do audio and video really, really like Apple, and they need machines with fast processors and good graphics cards. Apple, unfortunately, doesn’t build that anymore. The last good expandable mac was the cheese grater tower, retired in 2013 for the trash can pro. Will Apple manage to build a machine that can hold a video card?  We’ll find out this week.

Ripping Up A Rothult

NFC locks are reaching a tipping point where the technology is so inexpensive that it makes sense to use it in projects where it would have been impractical months ago. Not that practicality has any place among these pages. IKEA carries a cabinet lock for $20USD and does not need any programming but who has a jewelry box or desk drawer that could not benefit from a little extra security? Only a bit though, we’re not talking about a deadbolt here as this teardown shows.

Rothult has all the stuff you would expect to find in an NFC scanner with a moving part. We find a microcontroller, RFID decoder, supporting passives, metal shaft, and a geartrain. The most exciting part is the controller which is an STM32L051K8 processor by STMicroelectronics and second to that is the AS3911 RFID reader from AMS. Datasheets for both have links in the teardown. Riping up a Rothult in the lab, we find an 25R3911B running the RFID, and we have a link to that PDF datasheet. Both controllers speak SPI.

There are a couple of things to notice about this lock. The antenna is a flat PCB-mounted with standard header pins, so there is nothing stopping us from connecting coax and making a remote antenna. The limit switches are distinct so a few dabs of solder could turn this into an NFC controlled motor driver. Some of us will rest easy when our coworkers stop kidnapping our nice pens.

Rothult first came to our attention in a Hackaday Links where a commenter was kind enough to tip us off to this teardown. Thanks, Pio! If this whets your appetite for NFC, we have more in store.

RFID Payment Ring Made From Dissolved Credit Card

RFID payment systems are one of those things that the community seems to be divided on. Some only see the technology as a potential security liability, and will go a far as to disable the RFID chip in their card so that it can’t be read by a would-be attacker. Others think the ease and convenience of paying for goods by tapping their card or smartphone on the register more than makes up for the relatively remote risk of RFID sniffers. Given the time and effort [David Sikes] put into creating this contactless payment ring, we think it’s pretty clear which camp he’s in.

Alright, so the whole ring making part sounds easy enough, but how does one get an RFID chip that’s linked to their account? Easy. Just call the bank and ask them for one. Of course, they won’t just send you out a little RFID chip and antenna to mount in your hacked up project. (If only things were so simple!) But they will send you a new card if you tell them your old one is getting worn out and needs a replacement. All you have to do when it gets there is liberate the electronics without damaging them.

[David] found that an hour or so in an acetone bath was enough to dissolve the plastic and expose the epoxy-encased RFID chip, assuming you scrape the outer layers of the card off first. He notes that you can speed this part of the process up considerably if you know the exact placement and size of the RFID chip; that way you can cut out just the area you’re interested in rather than having to liquefy the whole card.

Once you have your chip, you just need to mount it into a ring. [David] has designed a 3D printable frame (if you’ve got a high-resolution SLA machine, that is) which accepts the chip and a new antenna made from a coil of 38 AWG magnet wire. With the components settled into the printed frame, its off to a silicone mold and the liberal application of epoxy resin to encapsulate the whole thing in a durable shell.

If a ring is not personal enough for you, then the next step is getting the RFID chip implanted directly into your hand. There are even folks at hacker cons who will do that sort of thing for you, if you’re squeamish.

Continue reading “RFID Payment Ring Made From Dissolved Credit Card”