I really should have written this after ZaCon (november last year), but I’m lazy. However I have been asked to give a brief overview of the same talk at ITWeb this year so I figure I may as well finish this article and get it out :P
So in the first blog post I discussed the basics of Magnetic stripes and how the tech works. I like it because its fundamentally simple (perhaps like myself ;).
This entry is going to cover spoofing, from building a spoofer to having something read the entries. Ideally you want to have a magreader at this stage, either one of the nifty USB ones that act as an HID device or one that you built that can read the tracks you are interested in. Below is a cheap TTL reader I got (cost about R150, thats ~$20):
This is really just so that you can “listen” to what your spoofer can generate. Magnetic stripe spoofers have been done all over the place, so please don’t think I did this, you can see some great examples HERE and HERE. Essentially however the system is dead simple, you have the ‘sound’ that you wish to play (as discussed previously), an amplifier that can crank up the volume to the level that its going to get picked up and an electromagnet (it sounds fancy, its just wire coiled around a piece of metal – more later).
Its taken a lot of motivation to start writing this, and I hope its okay, I have a mental block that I need to write this and the second post about magstripes before moving on to some new things with my plants I want to try.
My friend Roelof Temmingh (@Roeloftemmingh) made this cool video for my talk, check it out below or at http://vimeo.com/51228567. Please note we had permission to test out the door at Senseposts’ old office :)
I see I haven’t update this blog in ages, I’d love to say I didn’t have enough time, but it was mostly just me being.. well lazy.
Zacon IV was on the 27th of October ( http://www.zacon.org.za/about.html ) and was really great, had a super time and met some great people. My talk covered a bunch of the stuff I did on the blog and essentially these sections:
* Lockpicking (briefly)
* Magstripes (reading + spoofing)
* RTLSDR (listening to guards)
* RFID (proxmark – bypassing LF EM4x door locks)
* RFCat (spoofing remotes)
It went relatively well apart from a few small demo problems (such as not being able to spoof a magnetic stripe – turned the volume down by mistake when I tried to show it! *doh*). The video of the talk can be seen here:
Previously I discussed using my RTL-SDR to merely listen for analog audio signals. In this entry I’ll discuss using it to decode digital signals (this example on fixed remote signals often used for garages / gates ) so that they can be replayed/brute forced with something like the RFCat project (based on TI’s CC1111EMK module). This has probably been done to death already but I figured since I struggled with it maybe this will help someone else do it a lot quicker (and mostly cause I think its cool).
The basic components are:
* RTL-SDR on a windows machine with the HDSDR application installed (really easy to use — saves me doing hard work)
* Audio application to look at demodulated stream (I like the open-source project Audacity )
* RFcat under linux for easy transmission of data – find more about RFcat at http://code.google.com/p/rfcat/
Then there are 3 basic steps to a replay/bruteforce attack:
* Capture Signal: Figure out what frequency it is on, figure out what modulation is used
* Decode Captured Signal: Decode the signal to data you can work with so you can replay it and if possible brute force similar ones
* Transmit Signal: Send off your data for epic-winness (okay its not that complex, but it still feels cool)
I am going to assume at this stage that you have access to the remote (otherwise it may be illegal, I think.. lets just go with that). The easiest thing to do firstly is try and identify your remote, here is my garage remote for the complex that I live in (with many garages all of the same type):
This is just an update on the Arduino watering system, everything seems to be going well whilst I am away (I am away for ~a month, till the end of Blackhat / Defcon). In winter the plants don’t require nearly as much water and it seems that after 8 days the water level has dropped only 11.5cm in a reservoir ( read orange bucket ) that is about 60cm across. The orange container is smaller at the bottom, probably around 45cm so an guestimated average of say 50cm for the diameter.
At this stage I was going to do the math to work out how much water had be consumed minus that of evaporation, but I’m too lazy right now.
At this rate that container should keep the 4 plants near it (tomato, chilli, orange, peppers) as well as the palm and the 2 trays as well as the random flower going for about 6 weeks!
Not the quickest of cats
on the best of days.