did anyone ever release software for this stuff to decode the encoded ones?

On Mon, Mar 31, 2008 at 7:56 PM, intel96 <intel96 (at) bellsouth (dot) net [email concealed]> wrote:
> There was a presentation scheduled at Black Hat 2007 in Vegas on how to hack
> a wireless keyboard. During the presentation the presenter was unable to
> provide any evidence that he could hack a wireless keyboard. He did
> provide evidence on how to hack a Kensington Model#33374 wireless remote,
> used to control Power Point presentation.
>
> If someone, saw him hack a wireless keyboard during the presentation please
> let me know, because maybe I was running low on caffeine.......
>
> Here is the presentation that was scheduled:
>
> Other Wireless: New ways of being Pwned
> Luis Miras, Lead Vulnerability Researcher, Intrusion Inc
>
> There are many other wireless devices besides Wifi and Bluetooth. This talk
> examines the security of some of these devices, including wireless
> keyboards, mice, and presenters. Many of these devices are designed to be as
> cost effective as possible. These cost reductions directly impact their
> security. Examples of chip level sniffing will be shown as well as chip
> level injection attacks allowing an attacker to control the target system.
> The hardware used in these devices will be examined along with an attacker
> toolkit consisting of low cost hardware and software.
>
> Luis Miras is the lead vulnerability researcher at Intrusion Inc. He has
> done work for leading consulting firms and recently has done work for
> Chumby. His interests include vulnerability research, binary analysis, and
> hardware/software reversing. In the past he has worked in digital design,
> and embedded programming. When he isn't head down in IDA or a circuit board,
> you will likely find him boarding down some sweet powder.
>
>
>
>
>
>
> natronicus wrote:
>
> > Additionally, there was a presentation at Defcon last year where the
> > presenter demonstrated how to reverse engineer an example rf
> > controlled wireless keyboard with $100 of equipment off of ebay.
> >
> > I just visited the defcon media archives but couldn't find his
> > presentation.. maybe it was Blackhat 07 and not Defcon? It was a
> > small group of us in there; couldn't have been more than 20 people
> > attending the talk.
> >
> > Anyway, since I can't find his presentation, his process was:
> >
> > - Monitor the rf frequencies and dump them into software to analyze
> > - Figure out what is a 1 and what's a 0
> > - Guess the packet structure (header + payload + footer)
> > - Monitor payloads generated by using the device and generate a
> translation map
> >
> > He found that all of the rf wireless devices he tested used
> > proprietary protocols with no encryption. It was simple to deduce the
> > protocol and command lists, making it possible to inject any command
> > into the receiver and monitor all traffic.
> >
> > Bluetooth has its issues, but at least it's a known protocol that's
> > very difficult to sniff. Home grown protocols always make me twitchy.
> >
> > natron
> >
> > On Wed, Mar 26, 2008 at 10:51 AM, Sat Jagat Singh
> > <flyingdervish (at) yahoo (dot) com [email concealed]> wrote:
> >
> >
> > > There's actually been quite a lot about these lately:
> > >
> > > http://www.remote-exploit.org/advisories/27Mhz_Analyzing.pdf
> > >
> > >
> http://www.dreamlab.net/download/articles/27_Mhz_keyboard_insecurities.p
df
> > >
> > > Bluetooth hacking has also been demonstrated at
> > > previous Blackhat conferences.
> > >
> > >
> > >
> > > --- Eygene Ryabinkin <rea-sec (at) codelabs (dot) ru [email concealed]> wrote:
> > >
> > > > Good day.
> > > >
> > > > Can anyone point me to the papers/articles/research
> > > > of the (in)security
> > > > of wireless keyboards? Since many people want to
> > > > use them now,
> > > > there are some questions about their security --
> > > > button clicks are
> > > > transferred on the air and can be remotely
> > > > interceptable.
> > > >
> > > > Thanks!
> > > > --
> > > > Eygene
> > > >
> > > >
> > >
> ------------------------------------------------------------------------

> > > > This list is sponsored by: Cenzic
> > > >
> > > > Need to secure your web apps NOW?
> > > > Cenzic finds more, "real" vulnerabilities fast.
> > > > Click to try it, buy it or download a solution FREE
> > > > today!
> > > >
> > > > http://www.cenzic.com/downloads
> > > >
> > >
> ------------------------------------------------------------------------

> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> ________________________________________________________________________
____________
> > > Looking for last minute shopping deals?
> > > Find them fast with Yahoo! Search.
> http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> > >
> > >
> > >
> > >
> ------------------------------------------------------------------------

> > > This list is sponsored by: Cenzic
> > >
> > > Need to secure your web apps NOW?
> > > Cenzic finds more, "real" vulnerabilities fast.
> > > Click to try it, buy it or download a solution FREE today!
> > >
> > > http://www.cenzic.com/downloads
> > >
> ------------------------------------------------------------------------

> > >
> > >
> > >
> > >
> >
> > ------------------------------------------------------------------------

> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------

> >
> >
> >
> >
>
>
> ------------------------------------------------------------------------

> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

>
>

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

[ reply ]