Hacking in the electronic context for fun!

Transcript

1. Hacking in the electronic context, for fun!

2. Common electronic attacks ◦ Whoamy ? ◦ The electronic context

   in Hacking ◦ QR code ◦ barcode ◦ Presence sensors ◦ Laser hacking ◦ Facial recognition ◦ Recv/send RF ◦ Recv/send IR ( TV Remote) ◦ Lockpick / door lockers ◦ Bonus OCR / Bypass turing tests

3. # WHOAMY ? * Cybersecurity Engineer / Appsec team leader

   / Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode

4. # WHOAMY ? * Cybersecurity Engineer / Appsec team leader

   / Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode Nickname: CoolerVoid github.com/CoolerVoid Twitter: @Cooler_freenode

5. Common electronic attacks Common electronic attacks • QR code readers

   QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies Book of EMP GUN!!!! Crazy projects

6. Common electronic attacks • QR code readers QR code readers

   • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

7. Common electronic attacks Refrigerant machines, parking of shopping !!! •

   QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • • https://github.com/h0nus/QRGen https://github.com/h0nus/QRGen

8. Common electronic attacks • Validation questions • OCR • All

   user inputs • Block anomalys !! • https://hackaday.com/2014/04/04/sql-injection-fools-speed-traps-and-clears-your-record/ check Every point

9. Common electronic attacks • QR code readers QR code readers

   • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

10. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies BYPASS!!!!

11. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

12. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • Thief detector Thief detector - https:// - https://github.com/CoolerVoid/ github.com/CoolerVoid/C/blob/master/thiefget.c C/blob/master/thiefget.c • https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser

13. Common electronic attacks OpenCV, tools for deep learning etc... •

    QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

14. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies OpenCV, tools for deep learning etc... BYPASS!!!!

15. Common electronic attacks Mitigation with kinect ? 3D Scanner +

    Blender • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

16. Common electronic attacks 3D Scanner + Blender + 3D printer

    = Bypass Mitigation with kinect ? • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

17. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

18. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

19. Common electronic attacks • Flipper multi hack tool • Fuzz

    resources • Sniffer resources • Debug mode • Mimic mode • Jammer • etc... https://flipperzero.one/zero

20. Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me •

    QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers ( TV Remote ) IR receivers ( TV Remote ) • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • https://github.com/CoolerVoid/ https://github.com/CoolerVoid/arduino_ppt_walk arduino_ppt_walk

21. Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me •

    QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

22. Common electronic attacks https://hackaday.com/2017/08/13/complete-ir-control/ ← by me ! • QR

    code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

23. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies

24. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies

25. Common electronic attacks IC hook / recv or send freq...to

    hack • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies

26. Common electronic attacks Pirate BUS + IC hook / recv

    or send freq...to debug, hack... Solenoide Lockers password keypads Dispensers(ATM) Fuzz a lot pins of input…. • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies

27. Common electronic attacks Clone, read, write... • QR code readers

    QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • RFC (resources bypass) RFC (resources bypass) • Other technologies Other technologies

28. Common electronic attacks • Captcha • Recatcha • Math challenges

    • Ask questions by challenge • Challenges by images recognition

29. Common electronic attacks Tools to help in bypass: • Cintruder

    • Tesseract-ocr • gOCR • lib cairo • imagemagick • OpenCV • Caca lib

30. Common electronic attacks Math Challenges: • Big pitfall uses alone

    • Never use this with simple fonts • Mix with images and words (NLP) •3*8+15-234 Arithmetic expression evaluator, EXP solver using AST... https://github.com/CoolerVoid/arit_eval

31. Common electronic attacks Bag of visual words • Split each

    image in chunks • Convert chunks in matrix • Load algorithm • Test classification • Test with another algorithm • Benchmark the best accuracy • Choice the best algorithm • https://github.com/CoolerVoid/libtext_bayes (NLP + ML )

32. Common electronic attacks Bag of visual words • Split each

    image in chunks • Convert chunks in matrix • Load algorithm • Test classification • Test with another algorithm • Benchmark acurracy • Choice the best algorithm Example of algorithms KNN, Naive bayes, SVM... https://github.com/CoolerVoid/libtext_bayes (example detect spam messages)

33. Common electronic attacks Browser Stealth actions for automate • Selenium

    web driver • PhantomJS • Clear cache each session • Change IP each action • Clear SQLite cache table • Change user agent each action • Cookie Jars... This can bypass recaptcha V3 ?

34. Common electronic attacks questions ! • Name of mother ?

    • Birthday • Custom questions • Mix challenges • OTP for 2AF • Recaptcha • SMS • E-mail • GEO location • User Agent • Hardware fingerprint

35. Common electronic attacks 1- Choose your weapons 2- Choose your

    armor Create your path !

36. Common electronic attacks Thank you! Any Questions ? • github.com/CoolerVoid

    • Slide images from freepik https://br.freepik.com/

37. Common electronic attacks github.com/CoolerVoid [email protected]