Slide 1

Slide 1 text

Hacking in the electronic context, for fun!

Slide 2

Slide 2 text

Common electronic attacks ○ Whoamy ? ○ The electronic context in Hacking ○ QR code ○ barcode ○ Presence sensors ○ Laser hacking ○ Facial recognition ○ Recv/send RF ○ Recv/send IR ( TV Remote) ○ Lockpick / door lockers ○ Bonus OCR / Bypass turing tests

Slide 3

Slide 3 text

# WHOAMY ? * Cybersecurity Engineer / Appsec team leader / Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode

Slide 4

Slide 4 text

# WHOAMY ? * Cybersecurity Engineer / Appsec team leader / Programmer * Secure code evangelist * Open Source evangelist Name: Antonio Costa Nickname: CoolerVoid Open Source Projects: github.com/CoolerVoid Twitter: @Cooler_freenode Nickname: CoolerVoid github.com/CoolerVoid Twitter: @Cooler_freenode

Slide 5

Slide 5 text

Common electronic attacks Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies Book of EMP GUN!!!! Crazy projects

Slide 6

Slide 6 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 7

Slide 7 text

Common electronic attacks Refrigerant machines, parking of shopping !!! ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies ● ● https://github.com/h0nus/QRGen https://github.com/h0nus/QRGen

Slide 8

Slide 8 text

Common electronic attacks ● Validation questions ● OCR ● All user inputs ● Block anomalys !! ● https://hackaday.com/2014/04/04/sql-injection-fools-speed-traps-and-clears-your-record/ check Every point

Slide 9

Slide 9 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 10

Slide 10 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies BYPASS!!!!

Slide 11

Slide 11 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 12

Slide 12 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies ● Thief detector Thief detector - https:// - https://github.com/CoolerVoid/ github.com/CoolerVoid/C/blob/master/thiefget.c C/blob/master/thiefget.c ● https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser https://pt.slideshare.net/antoniocooler/detector-de-ladro-com-laser

Slide 13

Slide 13 text

Common electronic attacks OpenCV, tools for deep learning etc... ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 14

Slide 14 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies OpenCV, tools for deep learning etc... BYPASS!!!!

Slide 15

Slide 15 text

Common electronic attacks Mitigation with kinect ? 3D Scanner + Blender ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 16

Slide 16 text

Common electronic attacks 3D Scanner + Blender + 3D printer = Bypass Mitigation with kinect ? ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 17

Slide 17 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 18

Slide 18 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 19

Slide 19 text

Common electronic attacks ● Flipper multi hack tool ● Fuzz resources ● Sniffer resources ● Debug mode ● Mimic mode ● Jammer ● etc... https://flipperzero.one/zero

Slide 20

Slide 20 text

Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers ( TV Remote ) IR receivers ( TV Remote ) ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies ● https://github.com/CoolerVoid/ https://github.com/CoolerVoid/arduino_ppt_walk arduino_ppt_walk

Slide 21

Slide 21 text

Common electronic attacks Vídeo PoC: https://www.youtube.com/watch?v=Wx64BfLgxQU ← by me ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 22

Slide 22 text

Common electronic attacks https://hackaday.com/2017/08/13/complete-ir-control/ ← by me ! ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 23

Slide 23 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick Lockpick ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 24

Slide 24 text

Common electronic attacks ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick – electronic locks Lockpick – electronic locks ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 25

Slide 25 text

Common electronic attacks IC hook / recv or send freq...to hack ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick – electronic locks Lockpick – electronic locks ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 26

Slide 26 text

Common electronic attacks Pirate BUS + IC hook / recv or send freq...to debug, hack... Solenoide Lockers password keypads Dispensers(ATM) Fuzz a lot pins of input…. ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick – electronic locks Lockpick – electronic locks ● Biometry Biometry ● RFID RFID ● Other technologies Other technologies

Slide 27

Slide 27 text

Common electronic attacks Clone, read, write... ● QR code readers QR code readers ● Barcode readers Barcode readers ● Presence sensors Presence sensors ● Laser sensors Laser sensors ● Facial recognition Facial recognition ● RF receivers RF receivers ● IR receivers IR receivers ● Lockpick – electronic locks Lockpick – electronic locks ● Biometry Biometry ● RFID RFID ● RFC (resources bypass) RFC (resources bypass) ● Other technologies Other technologies

Slide 28

Slide 28 text

Common electronic attacks ● Captcha ● Recatcha ● Math challenges ● Ask questions by challenge ● Challenges by images recognition

Slide 29

Slide 29 text

Common electronic attacks Tools to help in bypass: ● Cintruder ● Tesseract-ocr ● gOCR ● lib cairo ● imagemagick ● OpenCV ● Caca lib

Slide 30

Slide 30 text

Common electronic attacks Math Challenges: ● Big pitfall uses alone ● Never use this with simple fonts ● Mix with images and words (NLP) ●3*8+15-234 Arithmetic expression evaluator, EXP solver using AST... https://github.com/CoolerVoid/arit_eval

Slide 31

Slide 31 text

Common electronic attacks Bag of visual words ● Split each image in chunks ● Convert chunks in matrix ● Load algorithm ● Test classification ● Test with another algorithm ● Benchmark the best accuracy ● Choice the best algorithm ● https://github.com/CoolerVoid/libtext_bayes (NLP + ML )

Slide 32

Slide 32 text

Common electronic attacks Bag of visual words ● Split each image in chunks ● Convert chunks in matrix ● Load algorithm ● Test classification ● Test with another algorithm ● Benchmark acurracy ● Choice the best algorithm Example of algorithms KNN, Naive bayes, SVM... https://github.com/CoolerVoid/libtext_bayes (example detect spam messages)

Slide 33

Slide 33 text

Common electronic attacks Browser Stealth actions for automate ● Selenium web driver ● PhantomJS ● Clear cache each session ● Change IP each action ● Clear SQLite cache table ● Change user agent each action ● Cookie Jars... This can bypass recaptcha V3 ?

Slide 34

Slide 34 text

Common electronic attacks questions ! ● Name of mother ? ● Birthday ● Custom questions ● Mix challenges ● OTP for 2AF ● Recaptcha ● SMS ● E-mail ● GEO location ● User Agent ● Hardware fingerprint

Slide 35

Slide 35 text

Common electronic attacks 1- Choose your weapons 2- Choose your armor Create your path !

Slide 36

Slide 36 text

Common electronic attacks Thank you! Any Questions ? ● github.com/CoolerVoid ● Slide images from freepik https://br.freepik.com/

Slide 37

Slide 37 text

Common electronic attacks github.com/CoolerVoid [email protected]