Posted Mar 26th 2008 4:04PM by Will O'Brien
Filed under: misc hacks, wireless hacks
Adding
PoE(Power over Ethernet) just
wasn't good enough for [steve]. Not only does he have power running over his Cat-5, he shared the ground wire and used the remaining pair to add a serial console to his rooftop mounted wireless router. Nice.
Posted Feb 14th 2008 11:02PM by Will O'Brien
Filed under: wireless hacks
This project got some blog love last year, but it slipped past my radar. [jhecker] built a parallel port interfaced device based on a Cypress 2.4ghz transceiver module. The module is pretty complete, so as long as you can wield a soldering iron, you can pull this one off. The module is pretty cheap, so it could be just the thing for building your own signal detector.
Posted Jan 1st 2008 9:56AM by Eliot Phillips
Filed under: wireless hacks
Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 "classic" Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking "crypto-like" parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.
The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an
OpenPCD) which lets them generate the same "random" seed number over and over again. This was actually happening on accident before they discovered the flaw.
One more broken security-through-obscurity system to add to the list. For more fun,
watch the video of the presentation.
Posted Oct 23rd 2007 8:45PM by Eliot Phillips
Filed under: wireless hacks
[Vivek Ramachandran]'s Cafe Latte attack was one of the last talks we caught at ToorCon. I've found quite a few articles about it, but none really get it right. It's fairly simple and deals with cracking WEP keys from unassociated laptops. First your WEP honeypot tells the client that it has successfully associated. The next thing the client does is broadcast a WEP encrypted ARP packet. By flipping the bits in the ARP packet you can replay the WEP packet and it will appear to the client to be coming from an IP MAC combo of another host on the network. All of the replies will have unique IVs and once you get ~60K you can crack it using
PTW. The bit flipping is the same technique used in the
fragmentation attack we covered earlier, but Cafe Latte requires generation of far fewer packets. You can read about the
Cafe Latte attack on AirTight Networks.
Posted Oct 4th 2007 2:37PM by Fabienne Serriere
Filed under: gps hacks, misc hacks, wireless hacks
[superlopez] sent in
this detailed article (mirrored
here and
here) which describes how to build a GPS and GLONASS (the Russian version of GPS) receiver. The resulting device is gigantic compared to one of those
tiny bluetooth USB GPS units, but the ability to build one's own receiver is one of those post-apocalyptic skills I sure would like to have. The creator of the article [Matjaz Vidmar] aka [S53MV] also has pages on
Packet-Radio (PKT) transceiver improvements (
PKT gets my vote for the best post-apocalyptic technology, and the only believable technology featured in the Transformers movie), and a more sophisticated homemade
frequency counter than the one featured
earlier this summer.
In 2005 we featured a
from-scratch GPS receiver as well, thought the project site seems to be down. If your GPS unit just needs a better antenna, check out [Will]'s
how-to from last year.
Posted Sep 29th 2007 11:39AM by Fabienne Serriere
Filed under: cellphones hacks, handhelds hacks, misc hacks, wireless hacks
Figuring out the JTAG pinout on a device turns out to be the most time consuming hardware portion of many hacks. [hunz] started a project called
JTAG Finder to automatically detect the JTAG pinouts on arbitrary devices using an 8bit AVR ATmega16/32L microcontroller. Check out the
slides (PDF) from the talk as they break down how one finds JTAG ports on an arbitrary device, with or without a pinout detection tool. [hunz] is looking for people to pick up the project where he left off.
Once you determine the correct pinout, you will need a JTAG cable: there are two main types, buffered and unbuffered, both of which I have soldered up and tested from
these circuit diagrams (image of completed buffered cable
here). The software most hardware people use today are the
openwince JTAG Tools. To get the JTAG Tools to compile, grab the latest source directly from
their CVS repository.
The last time we featured JTAG was
with regards to Linksys devices, but the tools listed above can be applied to any device with JTAG.
Posted Sep 23rd 2007 10:43PM by Eliot Phillips
Filed under: wireless hacks
I was looking for streaming solutions the other day. Little did I know that [John] would be sending in a hack for
adding an mp3 decoder board to the La Fonera. The final device has both a web and command line interface which let you connect to any shoutcast/icecast streaming server. John has even gone so far as to provide the Openwrt image for the router with all of the software components you need.
Posted Sep 14th 2007 11:39PM by Will O'Brien
Filed under: misc hacks, wireless hacks
I just realized that we'd never covered the classic amateur radio antenna hack - known as the mobile electric screwdriver antenna. I was looking for a decent writeup, and ran across this interesting tunable indoor antenna. [W2BRI] put together a
5 foot cube loop antenna built from copper pipe. The tuning mechanism uses an electric screwdriver to tune his giant PC Board tuning capacitor. Looks like a nice solution if you're into radio and have pesky neighbors.
Posted Aug 12th 2007 11:03PM by Will O'Brien
Filed under: pcs hacks, wireless hacks
Slapping a wifi card into a pc isn't very ground breaking, but [Darkside] had to
add a PCI header and trace the board just to hook up a keyboard before he could do much with his old intel vpn gateway. In the end, he added m0n0wall and a wireless card to turn it into a nice wireless router.
Posted Aug 4th 2007 3:23PM by Will O'Brien
Filed under: wireless hacks, cons
[Aaron] gave the latest on WiCrawl. The focus has been on the UI and usefulness for penetration testing. It's got support for [David]s
coWPAtty FPGA WPA cracking accelerator and some UI improvements. Even better, you can grab the WiCrawl module to put on a
BackTrack Slax livecd from the
project page. [Aaron] passed out some CD's at the talk - I'll update if the ISO gets posted.
And yes, I think I finally recovered from playing Hacker Jeopardy on team MRL. We held our own, but lost on the (LAME) final jeopardy question.
Posted Jul 31st 2007 1:01PM by Will O'Brien
Filed under: handhelds hacks, misc hacks, portable audio hacks, wireless hacks
[sprite_tm] made my morning by sending in his
latest work. After opening up his new
SMC WSKP100
(Skype wifi phone) to identify the hardware differences, he managed to shrink a flash image from the SMCWSP100 to fit on his new toy. Then he spent some time hacking the kernel from the former to work on his phone. The result? A SIP operational phone that'll connect to his asterix server at half the price of SMC's official SIP phone.
Posted Jun 14th 2007 4:38PM by Will O'Brien
Filed under: misc hacks, portable audio hacks, wireless hacks
[dk] sent in the
DVX project. It's a complete
D-STAR implementation that's built around a digital transceiver chip, an ATMEL mcu and a digital voice compression chip. Compared to most digital radio's I've seen, this one is pretty simple. The really complex action lives in the main chips with a bunch of caps and resistors to support them. Watch out for Digikey's pricing - it looks like a major gouge after looking at the tx/rx chips on
Analog Device's site. If you get them at a decent price, they could make great rf links for your projects. The link to the paper seems a bit broken, but here's the
correct one.
Posted Jun 1st 2007 11:37PM by Will O'Brien
Filed under: wireless hacks
I'm on a 1-wire/home automation kick lately. It looks like he's giving up on the router platform, but [barebottoms] did some
interesting work with a couple of wireless routers (a belkin that he fried, and then onto a wrt54g) to create automated controls for his reef. Think of it as home automation for the fishes. It's an interesting idea - a hacked wireless router could make a fairly robust and power efficient controller for simple HA applications.
His site isn't really that informative, I found the
forum posts more interesting.
Next Page >
hack a day serves up a fresh hack each day, every day from around the web and a special how-to hack each week.
send us your hacks
have a hack you'd like to see here? tell us about it
Most Commented On (60 days)
Recent Comments
