Your source for daily hacks

Tagged: security

Published on: October 7, 2013 / Comments: 1

Biometric security toy box is awesome

bombox2Taking a ploy from the upcoming TouchID feature the new iPhone will have, Grant was inspired to make this really neat toy box for his son’s toy car collection.

You would think getting a fingerprint reader would be the most difficult part, but apparently Adafruit has ‘em for sale!  So Grant got a fingerprint reader, a hobby servo, pushbutton, and some batteries and hooked it up to an Arduino UNO.

Looks like a fun project, especially for something like a jewelry box.

Check out the source code and other details on Grant’s site.

Check out the video after the break.

(more…)

Published on: September 23, 2013 / Comments: 2

Hacking iPhone 5S TouchID

Think your iPhone 5S TouchID is secure? Think again. The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple’s TouchID using the How to fake a fingerprints? process they wrote about back in 2004.

“First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.”

Nothing good could ever come from storing your fingerprints on your smartphone.  Just don’t do it people! You can read more about the iPhone 5s TouchID Hack here.

Published on: September 15, 2013 / Comments: None

Lazy Sunday Links – 9/15/2013

Sunday is a good lazy day. Time to learn stuff and bang out some easy hacks.

 

Chirp is a Javascript toolkit for creating chiptunes.  Only works in Google Chrome but sounds retro-tastic and actually sounds pretty good.

Voltage dividers are an essential skill to learn when building circuits. Go learn some voltage diviers.

Transmit data serially without a Microcontroller.  Uses a specialized IC by Holtek to transmit and receive, but really quite useful if you have some data you want to move and don’t feel like adding a Microcontroller to your project!

The gMax is a pretty large 3D Printer on kickstarter.  It boasts a 16″ x 16″ x 9″ print volume.  Wow that’s some large prints!

Don’t understand how hobbyist FDM 3D Printers work ?  Here’s a writeup on how they work.

The illustrated guide to crypto hashes.  Informative

Tuning an RTOS can be daunting to pick the right scheduling algorithm. How to select the right algorithm using system modeling.

If you’re not a VIM guru, you’re probably using the nano text editor.  Here’s some tips to make your nano experience a little more pleasurable.  Works on the Raspberry Pi too.

 

Published on: September 13, 2013 / Comments: None

Defeating a cheap infra-red security system with Arduino

Security researcher Silvio put together his process for defeating a cheap infra-red based security system.  The security system uses an infra-red remote to arm and disarm the alarm.  The alarm is triggered by any motion that happens while it is armed.

In his first attempt he tried to use an off the shelf learning remote to record the signal and play it back.  For whatever reason the remote didn’t like the signal and didn’t even try to learn it.  So in his second attempt, he whipped out a frequency counter and an oscilloscope and was able to replicate the signal using an Arduino and an infra-red LED.  For fun he also made a third attempt using a more hacker friendly open source board called a USB Infrard Toy made by Dangerous Prototypes.

A good read if you want to learn the process of simple reverse engineering.  Full article here.

Published on: August 27, 2013 / Comments: None

Decoding RF signals like keyfobs with HackRF SDR

Dragorn has a couple of tutorials up on his site about working with the HackRF SDR.  Just like decoding weather satellite signals, decoding wireless remotes and other signals is cool too.  If you’re familiar with the cheap RTL-SDR, then just know the HackRF is like that but more powerful (and can transmit).

Dragorn starts out with part 1: inspecting a pair of car keyfobs.  In this tutorial, he records the signals and inspects them using baudline.  You can see the different encoding mechanisms the 2 different keyfobs use.  Dragorn points out that actually decoding the data is pointless as the data transmitted uses a rolling key pair that constantly changes the data sent for security.

gnuradio

And thus he moves on to part 2: using GNU Radio this time with something that decoding the data might be useful.  For this one he is using a cheapo 433mhz transmitter you would use on an arduino like the ones use in this post.  GNU Radio is a little more complex than baudline.  You get to visually pipe inputs and outputs together for different modules until you achieve the proper filtering and decoding.

Published on: August 14, 2013 / Comments: None

Spying on your neighbors with rtl-sdr

Unless you’re just upgrading from windows 3.1, you’ve seen the cheap SDR (software defined radio) rtl-sdr project.  SDR’s aren’t new but someone figured out how to turn a cheap sub-20$ dongle into a decent SDR bringing the entry price low enough for everyone to experiment with them.

Every electronic device you own is screaming its name into the infinite void

Melissa Elliott has put together a presentation titled “exploring the world of unintentional radio emissions” that was presented at DEF CON.    After talking about the concept itself, she shows you how almost everything that runs on electricity emits some sort of electronic signature.  That signature can be profiled and sometimes data can be decoded from it.

No it’s not time to break out the tin foil hats or anything but if you really are paranoid, Melissa gives some tips how to shield this information in the form of Faraday cages.  You don’t have to be an old ham radio buff or even a budding electronics engineer to appreciate how cool SDR’s are.

 

 

 

Published on: July 27, 2013 / Comments: None

Code cracking robot goes low-tech brute force

A group of researchers put together this finger pushing robot to crack lock screens on android phones. While I’m sure this will method will work on non-android phones, I know that the IOS lock screen can have a self destruct feature after so many failed attempts. According to the article they will demo this unit at the upcoming Def Con conference in Las Vegas.  Apparently on most phones this thing will find your password in under 24 hours, in some cases minutes using profiling algorithms.

The bot is inspired by a 3D printer design called the delta bot.  I’m sure this will lead to the evolution of different unlock screens using facial recognition or more gesture based unlocks.  The IOS wipe-after-so-many-bad-attempts is also a good solution assuming there is no legal issue with implementing it.

I personally just think it’s cool watching this thing punch away at the screen, but there’s a full writeup over at Forbes about it if you’re interested in learning more.