Over the years, halloween has always been fun for me, I basically wish I was American so that I could dress up excessively every year!

This year I decided that I would like to build my own costume. Naturally I wanted all the blinken lights, but without all the hard work of having to build the frame around it. Sadly while soldering together LEDs and piecing together some code to get them to work was something I could do, building the non electronic parts of the costume to make it look good was far out of my reach.

The costume came out as follows, how I put it together after the break:

Read more »

Usually I have a blog post about building/breaking something with the intention of actually building or breaking it. This one however is not like the others.

It started about 2 years ago, I got a POV fan from the Lockheed Martin booth at Blackhat, it looked as follows:

This is how I destroyed that fan. I made a lot of dumb mistakes and learnt a couple of things too.
Read more »

Hacker badges of Defcon 2017 (25)
Defcon every year has many many different electronic badges that you can play with / hack / blind your friends with.  I was lucky enough to get one of these really cool badges and I wanted to figure out the lock codes from the hardware/firmware rather than trying to use the interface.

TL;DR

I didn’t end up going into the firmware beyond strings since they released it on github eventually and there were no other unlocks, but the basics of doing it were as follows:

— Get an FTDI cable ( the hackerwarehouse badge is 3.3v and I have one similar to this: https://www.amazon.com/gp/product/B06ZYPLFNB/ref=oh_aui_detailpage_o01_s02?ie=UTF8&psc=1 )
— Connect the wires up correctly to TX and RX
— Make sure the device is found ( lsusb on linux and system_profiler SPUSBDataType on OSX )
— Get the lastest esptool from https://github.com/espressif/esptool
— Put the badge into firmware mode by booting and holding the down button
— python ./esptool.py –port /dev/tty.usbserial-A106AUUX -b 74880 -c esp8266 read_flash 0 0x400000 badge_flash.bin
— 
strings original_contents.bin | grep -B 15 -A 15 LRLR

 

...snip
region perm unlocked
region unlocked
konami!
UDDDUULR 
RLRLLRDU
UUDDLRLR
see if I don't!
with my blurglecruncheon,
...snip

Read more »

After the fairly successful ZACon badges I did in 2014, the BSides team in Cape Town (where I now live) asked if I’d like to be involved in building another one. Naturally my response was abso-fscking-lutely not. However with a combination of alcohol, begging and offers of whatever we wanted ( mostly from our marvelous sugar pony ) they did manage convince Mike Davis (@ElasticNinja) and myself to do them for 2016. So we set off with a couple of cynical attitudes and some fantastic hangovers to start some brand new badges.

This is a much longer post than normal and one I’ve split into two separate parts, a brief coverage of the hardware and then a longer explanation of the software. If you are just interested in the code, you can head over to https://github.com/AndrewMohawk/BSidesBadge2016

Read more »

Recently, I’ve seen a number of posts on Facebook groups for South African communities about people having their car remotes jammed and the contents of their cars cleaned out while they are at petrol stations, malls and other public areas. It seems to be on the rise as an easy way for criminals to gain access to vehicles usually to look for high resale items such as laptops, cameras, wallets and purses. This is just a post on building a really simple, not start of the art way to determine if someone is constantly transmitting (jamming) on the frequency cars commonly use for their remotes.

Car jamming works on a very simple process that you simply block the “lock” signal being sent to your vehicle. People often will walk away from their car and press the lock button assuming it will just work without physically confirming this. Essentially when you press the button on your remote your remote sends out a signal that when your car decodes it and verifies it as from your remote will perform an action. Most remotes for cars (and gates/other consumer devices) work at 433mhz. What a criminal will do is simply hold down the button on another remote (such as a gate remote) and this will stop your car from being able to properly receive that signal. An easy way to think of this is that your remote is shouting out a series of numbers that your car can understand. But when another person also presses their remote its like two people shouting at the same time and the car cannot properly hear the series of numbers.

There are a number of ‘detectors’ available but the prices range from about R500 to over a few thousand! Generally these simply determine if there is a signal being transmitted for an extended period of time, and if there is it will sound an audio or visual (usually LEDs) alarm.

Having worked with 433mhz transmitters and receiver pairs for some of the research I did previously on bypassing car remotes as well as building the zacon badges I thought I would give it a go to build a very cheap passive ‘detector’. I put detector in quotes because it still needs a person to visually see the alert!

Essentially you can buy a very cheap 433mhz receiver ( usually they are sold in pairs of receiver and transmitter ) for about $1-2 (~R20). The additionally components you would need are a 5v voltage regulator, a resistor and an LED. You can then wire up an LED to the data channels of the receiver and everytime there is any activity in the 433mhz (and 434) range the LED will come on. Thus if you are trying to determine if there is jamming around you will see the LED staying on.

The circuit is dead simple and shouldn’t take more than a few minutes to build (and should be easy enough to show your kids how to build it too!):

 

Fritzing of remote jammer detector

 

Here are a couple more pics of the device:

Cheers,
Andrew