Adding PoE(Power over Ethernet) just wasn’t good enough for [steve]. Not only does he have power running over his Cat-5, he shared the ground wire and used the remaining pair to add a serial console to his rooftop mounted wireless router. Nice.
wireless328 Articles
Wireless Fireworks Controller
[Tuckie] sent in his wireless fireworks controller. The electronic parts are off the shelf – a 12 channel relay board and remote provide the guts. He used a rock tumbler to mill the black powder needed to make the detonators. A combination of the fine ground black powder, nichrome wire and ping pong balls makes up the business end of each detonator. When a channel is selected with the remote, the relay is activated, current is sent to the detonator which is taped to the firework fuse.
Wireless Keyboards Easily Cracked
We first covered breaking the commodity 27MHz radios used in wireless keyboards, mice, and presenters when [Luis Miras] gave a talk at Black Hat. Since then, the people at Dreamlab have managed to crack the encryption on Microsoft’s Wireless Optical Desktop 1000 and 2000 products (and possibly more). Analyzing the protocol they found out that meta keys like shift and ALT are transmitted in cleartext. The “encryption” used on each regular keystroke involves XORing the key against a random one byte value determined during the initial sync with the receiver. So, if you sniff the handshake, you can decrypt the keystrokes. You really don’t have to though; there are only 256 possible encryption keys. Using a dictionary file you can check all possible keys and determine the correct one after only receiving 20-50 keystrokes. Their demo video shows them sniffing keystrokes from three different keyboards at the same time. Someone could potentially build a wireless keylogger that picks up every keystrokes from every keyboard in an office. You can read more about the attack in the whitepaper(pdf).
[via Midnight Research Labs]
FON Mp3 Streaming Router
I was looking for streaming solutions the other day. Little did I know that [John] would be sending in a hack for adding an mp3 decoder board to the La Fonera. The final device has both a web and command line interface which let you connect to any shoutcast/icecast streaming server. John has even gone so far as to provide the Openwrt image for the router with all of the software components you need.
Black Hat 2007 Other Wireless
Luis Miras presented “Other Wireless: New ways of being Pwned”. Instead of common con topics like Bluetooth or WiFi, this dealt with the cheap radios used in wireless keyboards, mice, and things like the wireless remote pictured above. These RX/TX pairs are found in 27MHz, 900MHz, and 2.4GHz versions. The devices all use the same main components: a microcontroller, an EEPROM for storing the serial number, and the transmitter. The dongle is nearly the same only with a receiver.
Wireless Card = ARM Development Platform
[Archantos] sent us this one. The mustumbler project is actually trying to use some external hardware to make a miniature wireless stumbler. [Archantos] points out that it’s could be a cheap way to get your hands on an ARM development platform. He’s right. Just a few connections gets access to the I2C bus, a GPIO expander for I2C runs the LCD and an EEPROM is there for program storage. The software is still being sorted out, but the hardware itself is functional. If they can manage to reverse engineer the Conexant chipset, they should have a very promising platform.
