Bananas Against Racism

July 20, 2018 by Brian McEvoy 42 Comments

This is a tale as old as time. Not love, it is about keeping something you made safe from those who would destroy something beautiful. In this case, the thing of beauty is a talking banana who reads Twitch and Youtube comments. The ne’er-do-wells are trolls seeking to ban-anana the account by forcing it to recite restricted words.

The problems stem from a visit from [Greekgodx], whose followers tend toward the dark side. When they set their sights on [Mike Nichols]’ yellow automaton, things slipped into a bleak place, and a twenty-four-hour ban falls on the fruit. A bunch of filtering is done, but it isn’t enough to stop the trolls, and the tally-man adds a second permanent strike against the account. An arms race of slurs and filtering ensued until the robot was able to reject all attempts at racism.

The banana has since been peeled from the feeds, but if silly robots are your cup of tea, check out [Simone Giertz] turning a car into a computer mouse.

Continue reading “Bananas Against Racism” →

Cracking The Case Of Capcom’s CPS2 Security

June 6, 2018 by Tom Nardi 19 Comments

We love a good deep-dive on a specialized piece of technology, the more obscure the better. You’re getting a sneak peek into a world that, by rights, you were never meant to know even existed. A handful of people developed the system, and as far as they knew, nobody would ever come through to analyze and investigate it to find out how it all went together. But they didn’t anticipate the tenacity of a curious hacker with time on their hands.

[Eduardo Cruz] has done a phenomenal job of documenting one such system, the anti-piracy mechanisms present in the Capcom CPS2 arcade board. He recently wrote in to tell us he’s posted his third and final entry on the system, this time focusing on figuring out what a mysterious six pin header on the CPS2 board did. Hearing from others that fiddling with this header occasionally caused the CPS2 board to automatically delete the game, he knew it must be something important. Hackaday Protip: If there’s a self-destruct mechanism attached to it, that’s probably the cool part.

He followed the traces from the header connector, identified on the silkscreen as C9, back to a custom Capcom IC labeled DL-1827. After decapping the DL-1827 and putting it under the microscope, [Eduardo] made a pretty surprising discovery: it wasn’t actually doing anything with the signals from the header at all. Once the chip is powered up, it simply acts as a pass-through for those signals, which are redirected to another chip: the DL-1525.

[Eduardo] notes that this deliberate attempt at obfuscating which chips are actually connected to different headers on the board is a classic trick that companies like Capcom would use to try to make it harder to hack into their boards. Once he figured out DL-1525 was what he was really after, he was able to use the information he gleaned from his earlier work to piece together the puzzle.

This particular CPS2 hacking journey only started last March, but [Eduardo] has been investigating the copy protection systems on arcade boards since 2014.

[Thanks to Arduino Enigma for the tip.]

Linux Fu: Counter Rotate Keys!

June 1, 2018 by Al Williams 22 Comments

If you’ve done anything with a modern Linux system — including most variants for the Raspberry Pi — you probably know about sudo. This typically allows an authorized user to elevate themselves to superuser status to do things.

However, there is a problem. If you have sudo access, you can do anything — at least, anything the sudoers file allows you to do. But what about extremely critical operations? We’ve all seen the movies where launching the nuclear missile requires two keys counter-rotated at the same time and third firing key. Is there an equivalent for Linux systems?

It isn’t exactly a counter-rotating key, but the sudo_pair project — a prelease open-source project from Square — gives you something similar. The project is a plugin for sudo that allows you to have another user authorize a sudo request. Not only do they authorize it, but they get to see what is happening, and even abort it if something bad is happening.

Continue reading “Linux Fu: Counter Rotate Keys!” →

A Home Network, Security System, And A Hidden Room Behind A Bookcase

May 6, 2018 by James Hobson 33 Comments

Ok, now this is something special. This is a home network and security system that would make just about anyone stop, and with jaw hanging agape, stare, impressed at the “several months of effort” it took [timekillerjay] to install their dream setup. Just. Wow.

Want a brief rundown of the diverse skill set needed to pull this off? Networking, home security, home automation, woodworking, running two thousand feet(!) of cat 6a cable, a fair hand at drywall work for the dozens upon dozens of patches, painting, staining, and — while not a skill, but is definitely necessary — an amazingly patient family.

Ten POE security cameras monitor the premises with audio recording, infrared, and motion detection capabilities. This is on top of magnetic sensors for five doors, and eleven windows that feed back to an ELK M1-Gold security system which effortlessly coordinates with an Insteon ISY994i smart home hub; this allows for automatic events — such as turning on lights after dark when a door is opened — to occur as [timekillerjay]’s family moves about their home. The ELK also allows [timekillerjay] to control other things around the house — namely the sprinkler system — via relays. [timekillerjay] says he lost track of how many smart switches are scattered throughout his home, but there are definitely 39 network drops that service the premises.

All of the crucial components are hidden in his office, behind a custom bookshelf. Building it required a few clever tricks to disguise the bookshelf for the secret door that it is, as well as selecting components with attention to how much noise they generate — what’s the point of a hidden security system if it sounds like a bunch of industrial fans?

An uninterruptible power supply will keep the entire system running for about 45 minutes if there is a power outage, with the cameras recording and system logging everything all the while. Not trusting the entrance to his vault to something from Batman, he’s also fitted the bookshelf with a 600lb magnetic lock that engages when the system is armed and the door already closed. A second UPS will keep the door secured for 6+ hours if the house loses power. Needless to say, we think this house is well secured.

[Via /r/DIY]

Microsoft Secures IoT From The Microcontroller Up

April 25, 2018 by Drew Risinger 48 Comments

Frustrated by the glut of unsecured IoT devices? So are Microsoft. And they’re using custom Linux and hardware to do something about it.

Microsoft have announced a new ecosystem for secure IoT devices called “Azure Sphere.” This system is threefold: Hardware, Software, and Cloud. The hardware component is a Microsoft-certified microcontroller which contains Microsoft Pluton, a hardware security subsystem. The first Microsoft-certified Azure Sphere chip will be the MediaTek MT3620, launching this year. The software layer is a custom Linux-based Operating System (OS) that is more capable than the average Real-Time OS (RTOS) common to low-powered IoT devices. Yes, that’s right. Microsoft is shipping a product with Linux built-in by default (as opposed to Windows Subsystem for Linux). Finally, the cloud layer is billed as a “turnkey” solution, which makes cloud-based functions such as updating, failure reporting, and authentication simpler.

Continue reading “Microsoft Secures IoT From The Microcontroller Up” →

Cracking A Bluetooth Credit Card

April 8, 2018 by Tom Nardi 44 Comments

You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.

[Mike Ryan] of ICE9 Consulting has recently published an article detailing the work done to examine and ultimately defeat the security on the FUZE Card. From using an x-ray machine to do non-destructive reconnaissance on the device’s internals to methodically discovering all the commands it responds to over Bluetooth, it’s safe to say the FUZE Card is cracked wide open at this point.

To be clear, the attacker must still pair with FUZE, so physical access is required. But as pointed out by [Mike] in the blog post, handing your card over to a merchant is standard operating procedure in many cases. It isn’t as if it would be hard to get a hold of one of these FUZE cards for a minute or two without the owner becoming suspicious. Pairing FUZE to the Linux device to continue to the next step of the attack only takes a few seconds, as demonstrated in the video after the break.

Once paired, the attacker can simply send a BLE command to FUZE which disables the lock screen. It’s really that simple. The attacker can also send commands to dump credit card info over Bluetooth, meaning they could download your information even when the card is “safely” back in your pocket. The inherent failure in the FUZE design is that you don’t need to provide any sort of authentication to pair it to a new Bluetooth device. It makes the (very dangerous) assumption that the person holding it is entitled to do so.

Even if you know better than to ever buy a device like this, the post [Mike] has written up is really a must-read for anyone who’s ever looked at a device and tried to figure out what was going on in its little silicon brain. We especially liked his assertion that reverse engineering a device essentially boils down to: “staring, thinking, a little experimentation, but mostly staring and thinking.” We’re having an internal debate here at Hackaday HQ about making that the site’s tagline.

Incidentally, this is very similar to the Bluetooth gun “safe” that was cracked not so long ago. At this point, it might be wise to just stay away from anything with that little blue logo on it if you intend to trust it with your identity and/or deadly weapon.

Continue reading “Cracking A Bluetooth Credit Card” →

Monitor Foot Traffic Using Radio

April 6, 2018 by Bryan Cockfield 15 Comments

We talk a lot about information security around here, but in reality it’s not at the forefront of everyone’s minds. Most people are content to walk around with their phones constantly looking for WiFi or Bluetooth connections despite the dangers. But if you’re not a black hat sort of person, you can do something like [Verkehrsrot] did and use all of these phones to do something useful and harmless.

[Verkehrsrot]’s project involves building a radio listening device in order to get an estimate of the amount of traffic in a particular area. The device polls for and detects WiFi and Bluetooth devices nearby and tallies them. For the privacy-minded, it doesn’t persistently store any information about the people or the devices that it detects. The project also runs on a variety of platforms, although you can get the whole thing up and running with little more than an ESP32 and a small lithium-ion battery.

If you’re looking for a useful way to tally the number of people in a given area, this project could be the thing for you. Not everyone keeps their WiFi and Bluetooth turned on, but even so this is still a good way to estimate. But if you need to count everyone going into a room, for example, you’ll need another way to count them.