Cheap entropy using RTL-SDR dongle

We’ve seen the RTL-SDR dongle used for a number of interesting projects, but here’s an unusual one not directly related to signal monitoring. Noel Bourke was considering the topic of entropy and randomness as it relates to encryption and came up with a unique use for the RTL-SDR. When RTL-SDRs came on the market back […]

BLE fun with Ubertooth: sniffing Bluetooth Smart and cracking its crypto

Mike Ryan writes about his latest efforts in BLE hacking. Hot on the heels of Omri Iluz’s BLE-sniffer-on-the-cheap, I decided to write up the BLE sniffer I built on Ubertooth. My sniffer highly robust, can capture data from connections, and is 100% open source. I also discovered a vulnerability in BLE’s crypto that allows me […]

NSA wants to build quantum computer to penetrate “hard targets”

The Washington Post is reporting that the NSA is building a computer to defeat all forms of encryption commonly used to ensure privacy of personal communications and data. The project seeks to build “a cryptologically useful quantum computer” which would open the door to easily breaking the strongest encryption tools in use today, including a […]

Secure Drop open source project

“SecureDrop is an open-source whistleblower submission system managed by Freedom of the Press Foundation that media organizations use to securely accept documents from anonymous sources. It was originally coded by the late Aaron Swartz.” SecureDrop is dependent on the Tor project, meaning sources who submit documents and journalists who download these documents must connect to […]

One Time Password (OTP) doorlock

Luca Dentella has just published his latest project, an Arduino-based door lock you can open using time-based OTP codes (compliant to the RFC 6238). “The simplest way to generate those codes is the use of Google Authenticator, a free mobile app. I’ve also prepared a simple webpage you can use to configure (scanning a QRCode) […]

Advice: what to expect when authorities confiscate your electronics

It’s unfortunate that we have to consider these matters, but with governments worldwide obsessed with violating the privacy of ordinary citizens we found a well documented post which puts some flesh on what some naively view as skeletal paranoia. In this comprehensive article Violet Blue of ZDNet outlines the tools and techniques government agents worldwide […]

Online source lets you send and receive Enigma cipher comms

The Enigma machine was a World War II era encryption device used by the German army. It was the subject of substantial efforts by Allied cryptographers which finally resulted in the successful cracking of the code, which led to decryption of German military comms. We found this website which allows you to encode and decode […]

Dead drop file sharing revisited

The concept of dead drops, where USB thumbdrives are installed in public places for the distribution of files “off the grid” has been a popular topic. Now Steve Schuler writes in with his new take on this concept currently featured in Science 2.0. His article describes low tech ways to place dead drop drives in […]

A peek into the curious world of HDMI copy protection… with the Bus Pirate

Adam Laurie (a/k/a/ Major Malfunction) is a white hat hacker from London, UK, who has presented at a number of conferences worldwide. He’s also the Director at Aperature Labs, Ltd. Recently he explored the broken HDCP security mechanism used in HDMI. After building the HDMI breakout cable pictured above he examined the cable’s data lines […]

SkyDogCon 2012 : Cryptanalysis of the enigma

At the recent SkyDogCon conference, Bob Weiss and Benjamin Gatti presented this talk analyzing Enigma, the World War II era Nazi encryption machine. The encryption theory behind Enigma is covered, including a detailed under-the-hood view of a typical device. Finally, a demo is conducted using a laptop in an effort to crack an Enigma message. […]

Try your hand at DEFCON 2012 decryption challenge

At the recently concluded DEFCON 20 conference in Las Vegas, attendees were presented with this decryption challenge by KoreLogic Security. Take their collection of encrypted password hashes and a bundle of encrypted files and see how many you can crack. File types are from various systems, including UNIX servers, Windows AD, LDAP servers, webapps, etc. […]

Parallax Propeller encryption objects

Parallax has recently added two new encryption objects to their Propeller Object Exchange. Mark Tillotson has released his AES object. He describes it as an “efficient implementation of the Advanced Encryption Standard in PASM. Supports 128, 192 and 256 bit keys, ECB and CBC modes. All heavy lifting in PASM.” Mark also recently released his […]

APCO25 protocol encryption cracked

The APCO25 (P25) communications protocol is a form of digital radio communications technology growing in popularity in police and other public safety radio systems in the US and abroad. Many such systems are unencrypted and can be received on digital radio scanners. Others employ encryption in an effort to prevent civilian monitoring. Now researchers with […]

IM-ME jams APCO P25 digital comms

APCO Project 25 is a digital modulation protocol used by a growing number of public safety radio systems and to a limited extent by Amateur Radio Operators. APCO P25 radio transmissions are capable of being monitored by scanning receivers from Radio Shack, GRE and Uniden. That is, unless the agency monitored decides to encrypt their […]

Breaking copy protection in MCUs: then and now

When you decide to copy protect the firmware on your MCU, how effective are efforts such as setting a lock bit or enabling chip erase modes? Sergei P. Skorobogatov’s article provides an overview of the methods he’s tried against MCUs from various manufacturers. He outlines both invasive and non-invasive techniques such as chip depackaging, microprobing […]

CNET free PC Lock™ software today only

OK, so it isn’t open source… but it is free (today only)! CNET is making available FREE downloads of PC Lock™ privacy encryption software for your PC. Just visit this link and follow the instructions. It will provide you with a free download and registration key. You will not be asked for credit card information. […]

Atmel announces new CryptoAuthentication chip

Atmel today announced the release of the ATSHA204 the first turnkey, optimized authentication device to include a 4.5Kbit EEPROM and a hardware SHA-256 accelerator. Fully tested ASF software libraries are available for Atmel AVR® and ARM®-based microcontrollers and are integrated within the new AVR Studio® 5. Contemplated uses include industrial, consumer, energy metering, home automation, […]

Analyzing a modern cryptographic RFID system

Henryk Plötz and Milosch Meriac gave a presentation at the recent 27C3 Chaos Communications Congress in Berlin, Germany, in which they demystified the HID iClass. One of the challenges of breaking iCLASS RFID readers was to extract the firmware and the security keys of RW400 readers without leaving visible traces like breaking the case open. […]

27C3: Embedded Reverse Engineering Tools and Techniques

Nathan Fain and Vadik presented at the 27C3 Chaos Communications Congress held recently in Berlin, Germany, on a topic of interest to us all: JTAG/Serial/FLASH/PCB Embedded Reverse Engineering Tools and Techniques. Check out their webpage for full documentation and analysis.

When FPGAs attack hashes

What could you do with an array of 15 FPGAs? Why not attack hashes! NSA@home is a fast FPGA-based SHA-1 and MD5 bruteforce cracker. It is capable of searching the full 8-character keyspace (from a 64-character set) in about a day in the current configuration for 800 hashes concurrently, using about 240W of power. The […]