Skip to main content

Posts

Showing posts from April 20, 2008

Credit Card Magnetic Strips Hacked

Every credit card has personally identifiable information inserted into the magnetic strip on the back, but hacking it so far proved a task too difficult for most malevolent figures to even attempt. RFID security guru Adam Laurie has come up with a test program named CHaP.py, specifically designed to read the chip and PIN credit cards that comply with the EMV standard.The EMV is a standard for interoperation of IC cards ("Chip cards") and IC capable POS terminals and ATM's, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. It defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions, according to Wikipedia. The Black Hat DC briefings saw the first demo of the program in action in its early stages. It only works with PC / SC rea...

RFID credit cards easily hacked with $8 reader

The RFID hacks keep coming fast and furious -- hot the heels of that Mifare / Oyster Card exploit , the crew at BoingBoing TV has posted up a little demo of how easy cracking the RFID encryption on an American Express card can be. All it takes is an $8 dollar reader easily available on eBay, some software, and the courage to walk around with a laptop waving plastic boxes at people's butt pockets, but developer Pablos Holman says he's hoping to develop a newer version that will allow him to be a little more discreet. The root of the problem is apparently the fact that the system uses local decryption rather than sending card info to a secure data center, but either way we've been worried about this for a long time -- we're sticking to loose change and the barter system from now on. Video

How to secure your Wifi Network?

Login into the remote administration of your router then look for the wireless security part. Enable WPA-PSK or WPA2 encryption and make a password of completely random characters and numbers with a length of 63 for your password. Also change the default password on your router. A good idea to get maximum distance is to change your signal channel to either 1 or 11 instead of 6. Do not disable SSID broadcast or enable MAC filtering. Worthless precautions that only cause connectivity issues.

Cracking WPA-PSK secured Wireless Networks

WPA-PSK cracking. The text about cracking WPA coding is an alternative to the classic process (dictionary atack - cracking WPA key with Aircrack-ng and wordlist). I have used Cowpatty, John the Ripper and genPMK. Additionaly to the pentest you can get hash at Lostboxen (6GB) or at Shmoo (35GB) and wordlist for generating your own control sums... more

Hack Attack: Turn your $60 router into a $600 router

What you'll need: One of the supported routers. I used a Linksys WRT54GL Wireless router that I picked up from Newegg, and the instructions that follow detail the upgrade process specifically for that router and its close siblings. If you're upgrading one of the other supported routers, you might want to look into instructions specific to your router. These instructions may generally work for other supported routers, but I'm not making any promises. The generic DD-WRT v23 SP1 mini firmware version located here.* The generic DD-WRT v23 SP1 standard firmware version located here.* *You'll be upgrading the firmware twice, first using the mini firmware, then using the standard. Upgrading your router to the DD-WRT firmware Check out this gallery for the detailed step-by-step upgrade with screenshots. When you're finished, come back here for some of my favorite tweaks. more

Awus036H vs Awus036s

USB Alfa Network AWUS036H This usb card AWUS036H coming from alfa network is a jewel!. She's fully compatible with aireplay-ng , 500mw, a RP-SMA connector and -96dbm sensibility !High security 64/128/256bit WEP Encryption, TKIP, WPA, 802.11. She've a realtek rtl8187 chipset, who works great under linux and with the aircrack suite . Dongle Wifi Awus036s She has a RPSMA connector too and she's more portable with no usb wire need. This time, it's not a realtek rtl8187 chipset but a ralink rt2500 chipset, much better ;) Also works great in WEP and WPA TKIP/AES see the constructor doc for more informations.More of then , with her ralink chipset, she's really good supported by linux and especially backtrack.

Backtrack Wireless Compatibility

Ubiquiti SRC Driver : Madwifi-ng Chipset : Atheros AR5212 a/b/g FCC ID: SWX-SRC http://www.ubnt.com/products/ NetGear WG511v2 Chipset : Marvell lspci : Marvell Technology Group Ltd. 88w8335 [Libertas] 802.11b/g Wireless (rev 03) lspci -n : 11ab:1faa (rev 03) FCC ID : PY3WG511V2H1 CANADA ID : 4054A-WG511V21 CE : 0470 Senao NL-2511CD PLUS EXT2 Driver : HostAP (wlan-ng drivers have been removed from BT2 final. See here to use HostAP driver) Chipset : Prism 2.5 Firmware : 1.74 is suggested, check [here] for instructions. FCC ID: NI3-2511CD-PLUS3 For Kismet, edit your Kismet.conf to "source=hostap,Wlan0,Prism2" To raise the output of this card to 250mw Not verified Caution! This might destroy your card if you do not know exactly what your doing! The change in readmif seems stable only in Master mode. ifconfig wlan0 up iwpriv wlan0 alc 0 iwpriv wlan0 readmif 116 [-> actual powertx value] iwpriv wlan0 writemif 62 49 [-> I've no idea at all why "49"] iwpriv wlan...

FTS4BT Wireless Bluetooth® Protocol Analyzer & Packet Sniffer

Complex & Ever Changing Bluetooth is an extremely complex software and hardware technology that is evolving fast. Even the most experienced Bluetooth developers and test engineers are challenged by keeping up with the latest changes from the baseband all the way to the profile level. Interoperability There are now enough Bluetooth-enabled devices on the market to prove that the technology is viable. Commercial success is tied to making sure that your devices interoperate smoothly so consumers can realize the benefits of Bluetooth. Currently Supported Version 2.1+EDR Features: Extended Inquiry Response. Secure Simple Pairing. QoS. Non-Automatically Flushable Packet Boundary Flag. Sniff Subrating. Erroneous Data Reporting. Encryption Pause and Resume. Link Supervision Timeout Changed Event. Security Mode 4. Supports EDR (Enhanced Data Rate): FTS4BT is the only analyzer currently on the market to support Bluetooth v2.1 + EDR. Finger-sized Bluetooth ComProbe: Air sniffing hardware ...

ASUS EeePC 900 Series

The Eee 900 Series was officially launched in Hong-Kong on April 16, 2008 for 513 USD. The system will launch on May 1, 2008 in the UK for £329 (approximately €410, $650) including VAT. The system is expected to cost around 399 EUR or 499 USD when it launches in other territories around April. The 900 series is supposed to launch on May 12th, 2008 in the US for a base price of $549. The Eee 900 series dimensions are a little larger than the 70x models - measuring 225 × 165 × 35 mm (WxDxH) and weighing around 1 kg. The machine has multi-touch features that allow two-finger scrolling and zooming via a "pinch" gesture The machine is available in both Linux and Windows XP configurations. Linux version is named the EeePC 900 and comes with a 20 GB SSD, while the Windows XP version is named the EeePC 900 Win and has a 12 GB SSD. The Windows version comes with Microsoft Works and Windows Live Suite preinstalled. The machines are otherwise identical to each other with 1 GB of RAM, an...

Wi-Fi Security

There were some pretty interesting things developments during the last few weeks: aircrack-ptw or Breaking 104 bit WEP in less than 60 seconds . Works great! There is a tutorial “ How to crack WEP with no clients ” which helps you to generate the necessary ARP packets. Lorcon - Loss Of Radio CONnectivity. 802.11 packet generator implementing an hardware abstraction layer - you don’t have to mess around with WiFi drivers anymore. From now on Lorcon does this for you. Pretty interesting slides on Wi-Fi fuzzing from Black Hat Europe .

Bluetooth Sniffing

The last weeks there where some rumors about “Bluetooth Sniffing for everyone”. Max Moser released a paper in which he is describes how to modify a regular Bluetooth dongle into a full featured Bluetooth Sniffer using Frontline’s FTS4BT software .The Software is available for free, the firmware you need to convert a Bluetooth dongle into a sniffer comes with the Software. All you need is a serial number to run the Software. The media give the impression that now everybody can easily sniff Bluetooth. But in fact, Bluetooth Sniffing is not that easy. To successfully sniff Bluetooth connection you always have to know at least one of the Bluetooth addresses used in a piconet. And not only that, you also have to know whether the device is master or slave of the piconet and if it’s inquiry or page scanning.If the connection is encrypted you even need more information. You need to know the other devices Bluetooth address, too and you have to know the Link Key the two devices are using for th...

List of CSR chipset for hacking purposes.

These are some Bluetooth dongle, which support changing firmware with dfutool and tuning with bccmd. There is no guarantee that they still support flashing and tuning when you buy them, because vendors often tend to change the hardware without further notice. Acer Bluetooth Stick - BC2-EXT Linksys USBBT100 Rev 1 D-Link DBT-120 Rev C1 DELOCK 61478 A7 eb502-HCI Fujitsu Siemens BLUETOOTH V2.0 - BC4-EXT -there are no known revision for this dongle Toshiba PA3455U-1BTM Aircable Host XR Cellink BTA-6030 Bluetooth Adapter The adapter must allow flashing of the external ROM ( BlueCore4-ext or BlueCore2-ext )

AIRcable Host XR™

The only long-range (10 km-class) Bluetooth® USB "Dongle" Key Features: Bluetooth 2.0-compatible Standard USB connector Works with Windows, Linux, and Mac OS X. 1 km external antenna included Extended range for up to 30 km No external power needed Aluminum case for reduced interference and increased sensitivity Extends the range of your existing bluetooth devices! Built on AIRcable XR™ long-range technology The AIRcable Host XR, equipped with an extremely-powerful, highly-sensitive Bluetooth transmitter, can achieve an unparalleled range of up to 30 km! With a 9 dBi omni-directional antenna, the extended range is up to 2 km, and with the 18 dBi directional antenna, it is up to 10 km. Additionally, given its high sensitivity, it can extend the range of weaker Bluetooth devices like cell phones and headsets by hundreds of meters. With most other devices only capable of obtaining a range of 10 meters or less, no other Bluetooth device comes even close. Plus, this long-range Blue...