While reading the slides of NCCGroup at BlackHat Asia 2014, the picture of the Facedancer21 looked pretty familiar to me. And it was not a coincidence because this was actually the picture I took last year of my own Facedancer to illustrate one of my blog post :-)
RFID, when the manufacturer matters...
Nowadays we can find RFID technology almost everywhere: in supermarkets (anti-theft), in assembly lines (identify & track items), in highways (tolls), in public transportation, in your passport and your credit card and it is also used by many companies and by hotels for access management.
This post is about the latter. Indeed, during my trips, should it be for business or for holidays, I have stayed in many hotels. Some of them were still using good old keys like you do at home, most of them still use magnetic cards and some were relying on RFID cards to give you access to your room. Unfortunately, the security level of such RFID access management highly depends on the manufacturer as we will see.
Dumping Z-Wave device firmware
In the previous weeks, I had to work on Z-Wave devices and that lead me to dump the firmware of those devices. Consequently, I used my favorite GoodFET to achieve this goal :-)
Code is now available on the GoodFET’s project repository. Be aware that you will need to update the firmware of your GoodFET device before using it because the Z-Wave chip requires specific timing and bit banging.
More details on that work are available on my employer’s blog as, this time, this was not a spare time project :)
A journey in script-kiddie-land and kernel-land
Yes, I know what some of you may think: will we finally get the third and last part about the robot vaccum? You will. But trust me, I don’t have a lot of spare time and debugging the radio stuff is not the funniest part nor the easiest one!
But let’s come back to our subject. Reading some (all?) of my posts here, you may know what a GoodFET is. But have you heard about its little brother, the FaceDancer?
Firmware extraction and reconstruction
Recently I had to extract a firmware from an I2C EEPROM.
Although I am pretty used to SPI EEPROM on embedded equipments, seeing an I2C bus seemed pretty unusual to me.
As you may have noticed from my previous posts, I make heavily use of my GoodFET. It is a very handy tool and although I also have a BusPirate v4, I prefer Travis’s tool. Unfortunately, I2C protocol is not compiled by default on the firmware, the tools are marked as “untested” on the website and the pinout is not documented on the website. That’s a lot of things to find out :-)
Ask me a question
Hi Jean-Michel, I am also working one a tcp stream reassembly utility and I see that you have done some work in defining the C wrapper for the libnids reassembly patch for Python. I was wondering if you have actually used the resume function in Python ? I have tried but are not getting a usable structure from the callback in Python. Do you perhaps have a sample Python function call or some tips maybe in order to use this function in Python? Regards, ChrisA
Hard drive rescuing with a GoodFET
This post is a little pause in my vacuum reversing trilogy. It is half about electronics, half about digital forensics but somehow it is still 100% of my hobbies ;-)
A friend of mine had faced a harddrive failure recently and wanted her data back. So she sent me the drive instead of giving away one month of salary to an expensive data rescuing company.
Most of the time, replacing the controller board of the harddrive is enough to get your data back. Hopefully some companies like HDDzone allows you to order the exact model of the PCB you want to replace.
One week later, the PCB was in my mail box. Great.