AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Defcon 20211/1/2024 ![]() (MTD stands for Memory Technology Devices.) Enter the command "cat /proc/mtd" and hit enter. This can be done by running cat against /proc/mtd. For example, look at the partition layout on the flash chips. Once you're logged on in single-user mode (root), I recommend taking a quick look at a few other things that are interesting. Mount rootfs_data and configure user accounts ![]() In this final post, we'll discuss how to gain full root access and successfully complete this exercise in IoT hacking. I will update this thread and post on twitter when I have more concrete plans.The first 3 installments of our series on Rapid7's hands-on exercise from the IoT Village at this year's DefCon covered how to set up a UART header, how to determine UART status and baud rate, and how to log into single-user mode on the device. I pretty happy with the prototype, I'll have a full video walk-through beforehand so everyone can decide if they think it is worth it to them. And there has to be a profit in there for Tor, otherwise it's not a very effective fundraiser. That's more than I wanted it to be, but having a xiao that is arduino-reprogrammable via usb-c, 1.3" dual OLEDs instead of the typical 0.96", and finger cuffs are not cheap. dual soldermask badges, lanyards, two sets of batts, stickers, fingercuffs (for the GSR sensor), box, etc. I expect it to be sub $150 for everything. And selling at a friendly vendor booth requires them to collect tax since Tor doesn't have a non-profit booth this year. I don't have a price yet because I don't know my final costs on everything. ![]() Once I have the badges in hand and I know they work I'll finish ordering other necessary components like lanyards, batteries, boxes, etc. ![]() I'm hoping to work with a friendly vendor to help me sell these at their booth, but that is not confirmed yet. Here's a higher-res picture with the current state of the interface (there are some other modes besides this primary lie detector mode). I expect to have that available a few days before defcon starts so everyone can determine if it is worth it to them. I will post a video of the badge in action and all the features it has, if I ever get out of soldering-hell over here. There will be at least one challenge (that dreamed up) with a prize going to the winner Source is licensed under the permissive WTFPL Source code and instructions on how to reflash the badge (via an arduino IDE) will be available prior to defcon on github. If you choose to purchase a badge, thanks for supporting Tor. I do not charge for my time or effort, I only hope to recoup any material costs. I am not funded by anyone, I front all costs of development myself. Price - $120 including tax which includes the badge, custom lanyard, finger cuff cable, two sets of batts, stickers, and probably some googly eyesĪll profits from the sale of this badge go directly to the Tor project, just like 2 years ago. Hacker warehouse will have to charge tax as they are not a non-profit. Their booth will be in the vendor area of the conference, which I believe is open Thursday - Sunday (check the defcon schedule for details). Where to buy - Because Tor does not have a vendor booth this year, I've teamed up with hacker warehouse who has agreed to help sell them at their vendor booth. There is also 3.3v/gnd and other 0.1" holes available for prototyping. There are 0.1" headers for every pin on the xiao. There is one 1.69bis SAO header, finger cuffs used for the GSR sensor, and is run off two AA batts with a boost vreg to 3.3v. The stock firmware also outputs the raw data over serial USB to allow further analysis of the data on a computer. Hardware - It is run off a cortex M0+ arduino based xiao, that you can connect to via USB-C. Use it to interrogate your friends, or to practice how to get through your next fed-job interview The output of these sensors with some statistics is graphed to each of the two 1.3" OLED screens. These are two of the sensors used in a polygraph machine. The badge has two primary sensors, a GSR sensor and a heart rate sensor. What it does - It acts as a mini lie detector. I received the working boards so it looks like this is happening, here are the details:
0 Comments
Read More
Leave a Reply. |