Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hacking in the electronic context for fun!

Hacking in the electronic context for fun!

This presentation is a simple introduction to electronic hacking following a practical approach.

CoolerVoid

March 22, 2022
Tweet

More Decks by CoolerVoid

Other Decks in Programming

Transcript

  1. Common electronic attacks ◦ Whoamy ? ◦ The electronic context

    in Hacking ◦ QR code ◦ barcode ◦ Presence sensors ◦ Laser hacking ◦ Facial recognition ◦ Recv/send RF ◦ Recv/send IR ( TV Remote) ◦ Lockpick / door lockers ◦ Bonus OCR / Bypass turing tests
  2. # WHOAMY ? * Cybersecurity Engineer / Appsec team leader

    / Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode
  3. # WHOAMY ? * Cybersecurity Engineer / Appsec team leader

    / Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode Nickname: CoolerVoid github.com/CoolerVoid Twitter: @Cooler_freenode
  4. Common electronic attacks Common electronic attacks • QR code readers

    QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies Book of EMP GUN!!!! Crazy projects
  5. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  6. Common electronic attacks Refrigerant machines, parking of shopping !!! •

    QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • • https://github.com/h0nus/QRGen https://github.com/h0nus/QRGen
  7. Common electronic attacks • Validation questions • OCR • All

    user inputs • Block anomalys !! • https://hackaday.com/2014/04/04/sql-injection-fools-speed-traps-and-clears-your-record/ check Every point
  8. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  9. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies BYPASS!!!!
  10. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  11. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • Thief detector Thief detector - https:// - https://github.com/CoolerVoid/ github.com/CoolerVoid/C/blob/master/thiefget.c C/blob/master/thiefget.c • https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser
  12. Common electronic attacks OpenCV, tools for deep learning etc... •

    QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  13. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies OpenCV, tools for deep learning etc... BYPASS!!!!
  14. Common electronic attacks Mitigation with kinect ? 3D Scanner +

    Blender • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  15. Common electronic attacks 3D Scanner + Blender + 3D printer

    = Bypass Mitigation with kinect ? • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  16. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  17. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  18. Common electronic attacks • Flipper multi hack tool • Fuzz

    resources • Sniffer resources • Debug mode • Mimic mode • Jammer • etc... https://flipperzero.one/zero
  19. Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me •

    QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers ( TV Remote ) IR receivers ( TV Remote ) • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies • https://github.com/CoolerVoid/ https://github.com/CoolerVoid/arduino_ppt_walk arduino_ppt_walk
  20. Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me •

    QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  21. Common electronic attacks https://hackaday.com/2017/08/13/complete-ir-control/ ← by me ! • QR

    code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  22. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick Lockpick • Biometry Biometry • RFID RFID • Other technologies Other technologies
  23. Common electronic attacks • QR code readers QR code readers

    • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies
  24. Common electronic attacks IC hook / recv or send freq...to

    hack • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies
  25. Common electronic attacks Pirate BUS + IC hook / recv

    or send freq...to debug, hack... Solenoide Lockers password keypads Dispensers(ATM) Fuzz a lot pins of input…. • QR code readers QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • Other technologies Other technologies
  26. Common electronic attacks Clone, read, write... • QR code readers

    QR code readers • Barcode readers Barcode readers • Presence sensors Presence sensors • Laser sensors Laser sensors • Facial recognition Facial recognition • RF receivers RF receivers • IR receivers IR receivers • Lockpick – electronic locks Lockpick – electronic locks • Biometry Biometry • RFID RFID • RFC (resources bypass) RFC (resources bypass) • Other technologies Other technologies
  27. Common electronic attacks • Captcha • Recatcha • Math challenges

    • Ask questions by challenge • Challenges by images recognition
  28. Common electronic attacks Tools to help in bypass: • Cintruder

    • Tesseract-ocr • gOCR • lib cairo • imagemagick • OpenCV • Caca lib
  29. Common electronic attacks Math Challenges: • Big pitfall uses alone

    • Never use this with simple fonts • Mix with images and words (NLP) •3*8+15-234 Arithmetic expression evaluator, EXP solver using AST... https://github.com/CoolerVoid/arit_eval
  30. Common electronic attacks Bag of visual words • Split each

    image in chunks • Convert chunks in matrix • Load algorithm • Test classification • Test with another algorithm • Benchmark the best accuracy • Choice the best algorithm • https://github.com/CoolerVoid/libtext_bayes (NLP + ML )
  31. Common electronic attacks Bag of visual words • Split each

    image in chunks • Convert chunks in matrix • Load algorithm • Test classification • Test with another algorithm • Benchmark acurracy • Choice the best algorithm Example of algorithms KNN, Naive bayes, SVM... https://github.com/CoolerVoid/libtext_bayes (example detect spam messages)
  32. Common electronic attacks Browser Stealth actions for automate • Selenium

    web driver • PhantomJS • Clear cache each session • Change IP each action • Clear SQLite cache table • Change user agent each action • Cookie Jars... This can bypass recaptcha V3 ?
  33. Common electronic attacks questions ! • Name of mother ?

    • Birthday • Custom questions • Mix challenges • OTP for 2AF • Recaptcha • SMS • E-mail • GEO location • User Agent • Hardware fingerprint
  34. Common electronic attacks Thank you! Any Questions ? • github.com/CoolerVoid

    • Slide images from freepik https://br.freepik.com/