Hacking in the electronic context for fun!

Hacking in the electronic context, for fun!

Common electronic attacks ◦ Whoamy ? ◦ The electronic context
in Hacking ◦ QR code ◦ barcode ◦ Presence sensors ◦ Laser hacking ◦ Facial recognition ◦ Recv/send RF ◦ Recv/send IR ( TV Remote) ◦ Lockpick / door lockers ◦ Bonus OCR / Bypass turing tests

# WHOAMY ? * Cybersecurity Engineer / Appsec team leader
/ Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode

# WHOAMY ? * Cybersecurity Engineer / Appsec team leader
/ Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode Nickname: CoolerVoid github.com/CoolerVoid Twitter: @Cooler_freenode

Common electronic attacks Common electronic attacks • QR code readers
QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies Book of EMP GUN!!!! Crazy projects

Common electronic attacks • QR code readers QR code readers
• Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

Common electronic attacks Refrigerant machines, parking of shopping !!! •
QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • • https://github.com/h0nus/QRGen https://github.com/h0nus/QRGen

Common electronic attacks • Validation questions • OCR • All
user inputs • Block anomalys !! • https://hackaday.com/2014/04/04/sql-injection-fools-speed-traps-and-clears-your-record/ check Every point

• Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies BYPASS!!!!

• Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • Thief detector Thief detector - https:// - https://github.com/CoolerVoid/ github.com/CoolerVoid/C/blob/master/thiefget.c C/blob/master/thiefget.c • https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser

Common electronic attacks OpenCV, tools for deep learning etc... •
QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

• Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies OpenCV, tools for deep learning etc... BYPASS!!!!

Common electronic attacks Mitigation with kinect ? 3D Scanner +
Blender • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

Common electronic attacks 3D Scanner + Blender + 3D printer
= Bypass Mitigation with kinect ? • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

Common electronic attacks • Flipper multi hack tool • Fuzz
resources • Sniffer resources • Debug mode • Mimic mode • Jammer • etc... https://flipperzero.one/zero

Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me •
QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers ( TV Remote ) IR receivers ( TV Remote ) • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • https://github.com/CoolerVoid/ https://github.com/CoolerVoid/arduino_ppt_walk arduino_ppt_walk

Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me •
QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

Common electronic attacks https://hackaday.com/2017/08/13/complete-ir-control/ ← by me ! • QR
code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

• Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies

Common electronic attacks IC hook / recv or send freq...to
hack • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies

Common electronic attacks Pirate BUS + IC hook / recv
or send freq...to debug, hack... Solenoide Lockers password keypads Dispensers(ATM) Fuzz a lot pins of input…. • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies

Common electronic attacks Clone, read, write... • QR code readers
QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • RFC (resources bypass) RFC (resources bypass) • Other technologies Other technologies

Common electronic attacks • Captcha • Recatcha • Math challenges
• Ask questions by challenge • Challenges by images recognition

Common electronic attacks Tools to help in bypass: • Cintruder
• Tesseract-ocr • gOCR • lib cairo • imagemagick • OpenCV • Caca lib

Common electronic attacks Math Challenges: • Big pitfall uses alone
• Never use this with simple fonts • Mix with images and words (NLP) •3*8+15-234 Arithmetic expression evaluator, EXP solver using AST... https://github.com/CoolerVoid/arit_eval

Common electronic attacks Bag of visual words • Split each
image in chunks • Convert chunks in matrix • Load algorithm • Test classification • Test with another algorithm • Benchmark the best accuracy • Choice the best algorithm • https://github.com/CoolerVoid/libtext_bayes (NLP + ML )

Common electronic attacks Bag of visual words • Split each
image in chunks • Convert chunks in matrix • Load algorithm • Test classification • Test with another algorithm • Benchmark acurracy • Choice the best algorithm Example of algorithms KNN, Naive bayes, SVM... https://github.com/CoolerVoid/libtext_bayes (example detect spam messages)

Common electronic attacks Browser Stealth actions for automate • Selenium
web driver • PhantomJS • Clear cache each session • Change IP each action • Clear SQLite cache table • Change user agent each action • Cookie Jars... This can bypass recaptcha V3 ?

Common electronic attacks questions ! • Name of mother ?
• Birthday • Custom questions • Mix challenges • OTP for 2AF • Recaptcha • SMS • E-mail • GEO location • User Agent • Hardware fingerprint

Common electronic attacks 1- Choose your weapons 2- Choose your
armor Create your path !

Common electronic attacks Thank you! Any Questions ? • github.com/CoolerVoid
• Slide images from freepik https://br.freepik.com/

Common electronic attacks github.com/CoolerVoid [email protected]

Hacking in the electronic context for fun!

Hacking in the electronic context for fun!

More Decks by CoolerVoid

Other Decks in Programming

Featured

Transcript