Hardware Hacks
3 likes•3,908 views
This document provides an overview of hardware hacking and various hardware platforms that can be used for hacking purposes. It discusses the Raspberry Pi and its specifications, the Arduino and shields that can be used with it. The Bus Pirate is introduced as a universal bus interface to eliminate prototyping effort. Other platforms mentioned include MK series mini PCs, FPGAs, bladeRF, HackRF, and USRP for wireless capabilities. The document envisions possibilities of hacking wireless communications and even building small DIY robots for surveillance using these open hardware platforms.
Hardware Hacks
- 1. Hardware Hacking A primer Yashin Mehaboobe Icarus Labs ,CSPF By Mohesh Mohan Big Thanks to
- 2. Why hack hardware? •More interesting •More rewarding •Usually open entry point into an otherwise secure network •Interacting with the physical world.
- 3. The Raspberry Pi The computer geek’s electronics toy
- 4. Why Pi? •Easily supports a large variety of languages. •Comes with an Ethernet and USB ports. •GPIO pins for hardware hacks •Inbuilt RNG •Powerful GPU •Linux!!!!
- 5. Specifications Model A Model B Target price: US$ 25 US$ 35 SoC: Broadcom BCM2835 (CPU, GPU, DSP, SDRAM, and single USB port) CPU: 700 MHz ARM1176JZF-S core (ARM11 family, ARMv6 instruction set) GPU: Broadcom VideoCore IV @ 250 MHz OpenGL ES 2.0 (24 GFLOPS) MPEG-2 and VC-1 (with license), 1080p30 h.264/MPEG-4 AVC high-profile decoder and encoder Memory (SDRAM): 256 MB (shared with GPU) 512 MB (shared with GPU) as of 15 October 2012 USB 2.0 ports: 1 (direct from BCM2835 chip) 2 (via the built in integrated 3-port USB hub) Video input: A CSI input connector allows for the connection of a RPF designed camera module Video outputs: Composite RCA (PAL and NTSC), HDMI (rev 1.3 & 1.4), raw LCD Panels via DSI 14 HDMI resolutions from 640×350 to 1920×1200 plus various PAL and NTSC standards. Audio outputs: 3.5 mm jack, HDMI, and, as of revision 2 boards, I²S audio (also potentially for audio input) Onboard storage: SD / MMC / SDIO card slot (3,3V card power support only) Onboard network: None 10/100 Ethernet (8P8C) USB adapter on the third port of the USB hub Low-level peripherals: 8 × GPIO, UART, I²C bus, SPI bus with two chip selects, I²S audio +3.3 V, +5 V, ground Power ratings: 300 mA (1.5 W) 700 mA (3.5 W) Power source: 5 volt via MicroUSB or GPIO header Size: 85.60 mm × 53.98 mm (3.370 in × 2.125 in) Weight: 45 g (1.6 oz) Operating systems: Arch Linux ARM, Debian GNU/Linux, Fedora, FreeBSD, NetBSD, Plan 9, Raspbian OS, RISC OS,[Slackware Linux
- 7. WhatDuino •Open hardware project •Official versions: Uno, Mega, Duemilanove, Esplora etc •Compatible: Teensy, TinyDuino, Femtoduino, •Shields, shields, shields!!! •Multiple uses, single programming language!
- 8. Basic Overview •14 Digital pins •6 Analog pins •Voltage regulated power supply •Programmed over USB •Inbuilt LED at pin 13
- 9. Shields
- 10. Bus Pirate The ‘Bus Pirate’ is a universal bus interface that talks to most chips from a PC serial terminal, eliminating a ton of early prototyping effort when working with new or unknown chips. Many serial protocols are supported at 0- 5.5volts, more can be added
- 11. Bus Pirate : Cool stuff all over the world • Hack a cheap MD80 video camera, modify the firmware to remove date display • XDA used Bus pirate to root Meizu MX • Will_j used bus pirate to act as a transparent USB->serial bridge to a Wavecom GSM modem • sniff the exchange between an autonomous smartcard reader and a card • Hacking USB webkeys with Bus Pirate • IBM Thinkpad T30 Bios password reset with the Bus Pirate by Marcin • ph1ph1l0u reports success rescuing his Asus laptop from a bad bios flash using flashrom and the buspirate. • Bill Farrow fixed the Seagate 7200.11 hard drive firmware BSY bug with the Bus Pirate
- 12. Other Players MK Series Google android Mini PC Field Programmable Gate Arrays or FPGAs like Spartan
- 13. MK Series Mini PC •More Computing power (Single, Dual, Quad cores) •Super Cheap and small form factor •Built in Wifi, Bluetooth, HDMI, SD card slots, USB OTG •Supports Linux •No GPIO or hackable ports •Very Little documentation •Low Quality / Can be easily damaged
- 14. FPGAs •Awesome computing power • FPGAs are reprogrammable silicon chips • Recompile means rewiring COPACOBANA version based on Virtex-4 SX 35 FPGAs • Dedicated code breaker for DES and other ciphers •NSA@home is a fast FPGA-based SHA-1 and MD5 bruteforce cracker •Bit complicated & Hard to work with
- 15. Calling Other Worlds Out of the box the bladeRF can tune from 300MHz to 3.8GHz without the need for extra boards. The current open source drivers provide support for GNURadio among other things, allowing the bladeRF to be placed into immediate use. This gives the bladeRF the flexibility to act as a custom RF modem, a GSM and LTE picocell, a GPS receiver, an ATSC transmitter or a combination Bluetooth/WiFi client without the need for any expansion cards. Transmit or receive any radio signal from 30 MHz to 6 GHz on USB power with HackRF. HackRF can be used to transmit or receive radio signals. It operates in half-duplex mode: it can transmit or receive but can't do both at the same time. However, full-duplex operation is possible if you use two HackRF devices.
- 16. bladeRF bladeRF x115 $650 The bladeRF x115 comes with a larger 115KLE Cyclone IV FPGA that provides additional room for hardware accelerators and signal processing chains including FFTs, Turbo Decoders, transmit modulators/filters, and receive acquisition correlators for burst modems.
- 17. The mother of all :USRP • Too pricey > $1000 • Can be used with GNU Radio to sniff GSM traffic • could use it to broadcast digital television • track radio tags, • even mess with garage door openers • POC Using a box with at least 27 FPGA’s plan on constructing a 6+ terabyte rainbow table. Once complete, any GSM conversation can be cracked in less than 5 minutes using a single FPGA.
- 18. Dreamz Unlimited!!! • We will be pretty soon be able to make small DIY robots equipped with enough hardware to sniff all wireless communication and even decrypt them real time… Possibilities are end less • A small step on this horizon is a flying drone called WASP. it's a 'Small Scale, Open Source UAV using off the shelf components. Designed to provide a vehicle to project cyber-offensive and defensive capabilities, and visual / electronic surveillance over distance cheaply and with little risk.'