Reverse engineering wireless pro studio lighting

Richard Webb just finished an article on reverse engineering the wireless protocol used to communicate with some pro studio lighting. His approach involves sniffing the SPI bus into the lighting controller’s RF module using the Open Bench Logic Sniffer to obtain preliminary addressing information, then used an nRF24L01+ module in receive mode to capture packets. […]

Video: JTAGulator introduction and demonstration

Hardware hacking guru Joe Grand of GrandIdeastudio has posted this new, detailed introduction/demonstration of the JTAGulator, an open source hardware tool te hat assists in identifying on-chip debug (OCD) and/or programming connections from test points, vias, or component pads on a target device. (We note the Bus Pirate usage at 5:40.)

Reverse engineering a NAND flash device management algorithm

Joshua Wise writes: The following is a description of how I went about reverse-engineering the on-flash format, and of the conclusions that I came to. My efforts over the course of about a month and a half of solid work – and a “long tail” of another five months or so – resulted in a […]

Video: Using superpowers for hardware reverse engineering

Prior to delivering a presentation at today’s DEFCON, hardware hacking guru Joe Grand gave this talk at BSidesLV held August 5-6, 2014 in Las Vegas. Joe describes, “[s]uperpowers, normally used by superheroes in the battle of good versus evil, are also accessible to engineers and hackers in equipment used for failure analysis and verification of […]

Reverse engineering a wireless soil moisture sensor

Ray Wang at Rayshobby has been working on reverse engineering a wireless soil moisture sensor. He writes, “At the Maker Faire this year I got lots of questions about soil moisture, which I knew little about. Recently I started learning about how to build my own soil sensor, and came across this cheap 433MHz wirelss […]

Hacking the Java Debug Wire Protocol (JDWP)

Christophe Alladoum has posted a tutorial on the IO Active Labs Research blog on the Java debug wire protocol and its insecurities. He explains, “In this post, I will explain the Java Debug Wire Protocol (JDWP) and why it is interesting from a pentester’s point of view. I will cover some JDWP internals and how […]

DEFCON 21 video: Decapping Chips the Easy Hard Way

In this presentation from DEFCON 21, Adam “Major Malfunction” Laurie and Zac Franken of Aperture Labs go hardcore with chip analysis. For some time it has been possible to discover the inner workings of microprocessors with the help of a microscope and some nasty chemicals such as fuming nitric acid. However, unless you have access […]

Silver bullet oscilloscope IR receiver

The crew from AnalysIR have shared a simple technique for viewing the mark and space data from IR transmission on an oscilloscope. They call it the “silver bullet” method. The idea is to use a standard IR Led mounted into a BNC/RCA plug using a spare channel making an Oscilloscope infrared receiver. So we set […]

Defcon 21: secret life of SIM cards

PHd student Karl Koscher and software engineer Eric Butler have teamed up to research phone SIM cards and how they are used to run small apps. At the DEFCON 21 conference they presented their methodology and results. “This talk, based on our experience building SIM apps for the Toorcamp GSM network, explains what (U)SIM Toolkit […]

Dissertation: security analysis of contactless payment cards

Here’s an interesting academic document we found related to hardware hacking. In this published doctoral dissertation, Timo Kasper from the Ruhr-University Bochum, Germany, presents in detail his efforts in analyzing the security of Mifare smart cards. “The tools are first employed for analyzing a contactless payment application, which is based on Mifare Classic technology, with […]

CCC Video: Extracting keys from FPGAs, OTP tokens and door locks

This presentation on extracting keys from FPGAs, OTP Tokens and door locks is from the recent Chaos Communications Conference (CCC) in Hamburg, Germany. In it David briefly introduces implementation attacks and side-channel analysis (SCA) in particular, along with related methods to bypass security mechanisms and extract secret keys. “The main focus is on three case […]

Decoding radio-controlled bus stop displays

Oona Räisänen (a/k/a Windytan) is a self-taught signals and electronics hacker from Helsinki, Finland, who is fascinated by mysteries, codes and ciphers, and vintage tech. She’s previously written regarding the use of digital transmissions carried on FM broadcast subcarriers as a means of supplying data to digital information signs used at bus stops.

EFERGY E2 Classic FSK decoding using RTL-SDR and R-Pi

Nathaniel Elijah has posted the a complete working prototype of an EFERGY E2 CLASSIC Transmission decoder using a Raspberry Pi and RTL-SDR USB Dongle. The EFERGY E2 Classic is an electrical usage monitor which displays information received from associated wireless energy sensors. Nathaniel writes, “It is now possible to capture those 10s to 20s power […]

Video: Multiplexed Wired Attack Surfaces

In this presentation from the recent Toorcon 15 in San Diego, CA, Michael Ossmann and Kyle Osborn detail their efforts in hacking cellphones via multiplexed USB signals. Manufacturers of mobile devices often multiplex several wired interfaces onto a single connector. Some of these interfaces, probably intended for test and development, are still enabled when the […]

Video: Reversing Tire Pressure Monitors with SDR

In this presentation from the recent Toorcon 15 in San Diego, CA, Jared Boone, co-developer of the HackRF SDR detailed his efforts in reversing tire pressure monitors found on most vehicles. Tire Pressure Monitoring Systems (TPMS) are present on all US automobiles sold as of 2008. This talk, given at ToorCon 15 in San Diego, […]

Reversing CedarX and open Allwinner driver

Tsvetan reports some good news for the open source community: a group of hackers (jemk, wingrime, nove) worked on the reverse engineering of CedarX and an open source driver for Allwinner chips is on the way! Details on these efforts and links can be found at Olimex. Via the contact form.

44CON to include HackRF presentation

We understand that Michael Ossmann will deliver a talk entitled ” Reverse Engineering with HackRF” at the 44CON conference. This talk will consist of one long demonstration of how to use HackRF to reverse engineer a proprietary radio system. 44CON is an annual Information Security Conference and Training event taking place in London. Designed to […]

Video: Blackbox JTAG Reverse Engineering

Felix Domke has been working on reverse engineering blackbox devices using the JTAG interface and presented this talk at the 26C3 Chaos Communications Congress conference. JTAG is an industry standard for accessing testmode functionality in almost any complex microchip. While the basics of JTAG are standardized, the exact implementation details are usually undocumented. Nevertheless, JTAG […]

rompar: a tool to analyze masked ROMs

You may have seen those highly magnified photos of decapped chips displaying the hardware architecture and wondered what information is represented by the solder-like designs. Adam “Major Malfunction” Laurie of Aperature Labs has developed a software tool to assist in deciphering the bits represented in these highly magnified chip photos. Known as rompar, its a […]