Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hardware Hacks


Published on

null Trivandrum Chapter - August 2013 Meet

Published in: Education, Technology
  • IT Pathshala a globally recognized company for training cum 100% jobs which is initiative of Myzeal IT Solutions, Noida, a CMMI Level 3, Microsoft Certified Partner, ISO 9001:2008 compliant company offers Java training with 100% placement and hands-on practical practice. It’s a excellent training program, covers all major concepts and topics related to JAVA development and offers opportunity to work upon Real Live Projects developed in java and the instructor found the ways of explaining abstract concepts in a simple way, providing best conceptual practices.
    Our .Net Training with 100% Placement takeaways:
    • 100% guaranteed placement
    • Instructor mentoring available for ever
    • Real live international project experience
    • Guidance and supervision of experts and professionals
    • Experience Letter on Training Completion
    • Get certificate from reputed IT Company
    Are you sure you want to  Yes  No
    Your message goes here
    Are you sure you want to  Yes  No
    Your message goes here

Hardware Hacks

  1. 1. Hardware Hacking A primer Yashin Mehaboobe Icarus Labs ,CSPF By Mohesh Mohan Big Thanks to
  2. 2. Why hack hardware? •More interesting •More rewarding •Usually open entry point into an otherwise secure network •Interacting with the physical world.
  3. 3. The Raspberry Pi The computer geek’s electronics toy
  4. 4. Why Pi? •Easily supports a large variety of languages. •Comes with an Ethernet and USB ports. •GPIO pins for hardware hacks •Inbuilt RNG •Powerful GPU •Linux!!!!
  5. 5. Specifications Model A Model B Target price: US$ 25 US$ 35 SoC: Broadcom BCM2835 (CPU, GPU, DSP, SDRAM, and single USB port) CPU: 700 MHz ARM1176JZF-S core (ARM11 family, ARMv6 instruction set) GPU: Broadcom VideoCore IV @ 250 MHz OpenGL ES 2.0 (24 GFLOPS) MPEG-2 and VC-1 (with license), 1080p30 h.264/MPEG-4 AVC high-profile decoder and encoder Memory (SDRAM): 256 MB (shared with GPU) 512 MB (shared with GPU) as of 15 October 2012 USB 2.0 ports: 1 (direct from BCM2835 chip) 2 (via the built in integrated 3-port USB hub) Video input: A CSI input connector allows for the connection of a RPF designed camera module Video outputs: Composite RCA (PAL and NTSC), HDMI (rev 1.3 & 1.4), raw LCD Panels via DSI 14 HDMI resolutions from 640×350 to 1920×1200 plus various PAL and NTSC standards. Audio outputs: 3.5 mm jack, HDMI, and, as of revision 2 boards, I²S audio (also potentially for audio input) Onboard storage: SD / MMC / SDIO card slot (3,3V card power support only) Onboard network: None 10/100 Ethernet (8P8C) USB adapter on the third port of the USB hub Low-level peripherals: 8 × GPIO, UART, I²C bus, SPI bus with two chip selects, I²S audio +3.3 V, +5 V, ground Power ratings: 300 mA (1.5 W) 700 mA (3.5 W) Power source: 5 volt via MicroUSB or GPIO header Size: 85.60 mm × 53.98 mm (3.370 in × 2.125 in) Weight: 45 g (1.6 oz) Operating systems: Arch Linux ARM, Debian GNU/Linux, Fedora, FreeBSD, NetBSD, Plan 9, Raspbian OS, RISC OS,[Slackware Linux
  6. 6. Mayhem Numero Uno
  7. 7. WhatDuino •Open hardware project •Official versions: Uno, Mega, Duemilanove, Esplora etc •Compatible: Teensy, TinyDuino, Femtoduino, •Shields, shields, shields!!! •Multiple uses, single programming language!
  8. 8. Basic Overview •14 Digital pins •6 Analog pins •Voltage regulated power supply •Programmed over USB •Inbuilt LED at pin 13
  9. 9. Shields
  10. 10. Bus Pirate The ‘Bus Pirate’ is a universal bus interface that talks to most chips from a PC serial terminal, eliminating a ton of early prototyping effort when working with new or unknown chips. Many serial protocols are supported at 0- 5.5volts, more can be added
  11. 11. Bus Pirate : Cool stuff all over the world • Hack a cheap MD80 video camera, modify the firmware to remove date display • XDA used Bus pirate to root Meizu MX • Will_j used bus pirate to act as a transparent USB->serial bridge to a Wavecom GSM modem • sniff the exchange between an autonomous smartcard reader and a card • Hacking USB webkeys with Bus Pirate • IBM Thinkpad T30 Bios password reset with the Bus Pirate by Marcin • ph1ph1l0u reports success rescuing his Asus laptop from a bad bios flash using flashrom and the buspirate. • Bill Farrow fixed the Seagate 7200.11 hard drive firmware BSY bug with the Bus Pirate
  12. 12. Other Players MK Series Google android Mini PC Field Programmable Gate Arrays or FPGAs like Spartan
  13. 13. MK Series Mini PC •More Computing power (Single, Dual, Quad cores) •Super Cheap and small form factor •Built in Wifi, Bluetooth, HDMI, SD card slots, USB OTG •Supports Linux •No GPIO or hackable ports •Very Little documentation •Low Quality / Can be easily damaged
  14. 14. FPGAs •Awesome computing power • FPGAs are reprogrammable silicon chips • Recompile means rewiring  COPACOBANA version based on Virtex-4 SX 35 FPGAs • Dedicated code breaker for DES and other ciphers •NSA@home is a fast FPGA-based SHA-1 and MD5 bruteforce cracker •Bit complicated & Hard to work with
  15. 15. Calling Other Worlds Out of the box the bladeRF can tune from 300MHz to 3.8GHz without the need for extra boards. The current open source drivers provide support for GNURadio among other things, allowing the bladeRF to be placed into immediate use. This gives the bladeRF the flexibility to act as a custom RF modem, a GSM and LTE picocell, a GPS receiver, an ATSC transmitter or a combination Bluetooth/WiFi client without the need for any expansion cards. Transmit or receive any radio signal from 30 MHz to 6 GHz on USB power with HackRF. HackRF can be used to transmit or receive radio signals. It operates in half-duplex mode: it can transmit or receive but can't do both at the same time. However, full-duplex operation is possible if you use two HackRF devices.
  16. 16. bladeRF bladeRF x115 $650 The bladeRF x115 comes with a larger 115KLE Cyclone IV FPGA that provides additional room for hardware accelerators and signal processing chains including FFTs, Turbo Decoders, transmit modulators/filters, and receive acquisition correlators for burst modems.
  17. 17. The mother of all :USRP • Too pricey > $1000 • Can be used with GNU Radio to sniff GSM traffic • could use it to broadcast digital television • track radio tags, • even mess with garage door openers • POC Using a box with at least 27 FPGA’s plan on constructing a 6+ terabyte rainbow table. Once complete, any GSM conversation can be cracked in less than 5 minutes using a single FPGA.
  18. 18. Dreamz Unlimited!!! • We will be pretty soon be able to make small DIY robots equipped with enough hardware to sniff all wireless communication and even decrypt them real time… Possibilities are end less • A small step on this horizon is a flying drone called WASP. it's a 'Small Scale, Open Source UAV using off the shelf components. Designed to provide a vehicle to project cyber-offensive and defensive capabilities, and visual / electronic surveillance over distance cheaply and with little risk.'
  19. 19. Thank you!! Questions? Contact: