Skip to main content

Posts

Building an Altair-Duino 8800 Replica

How the hell did I end up with an Altair replica The first computer I ever used was a TI-99/4A.  I was probably 12 or 13; my dad brought it home one day because he thought he needed to be able to do word processing.  I'm guessing he didn't do his homework, because that computer wasn't really a platform for such work. It ended up unused in a spare bedroom attached to an old TV for a while before I was allowed to play with it.  Like all computers of that time, it came with printed manuals which I read and and used to teach myself BASIC and computer concepts in general.  I hooked up an old tape recorder to store the programs that I hand-typed in from magazines.  We didn't have any computer classes in school at that time - it was all what you could glean from reading code and experimenting. One day it disappeared.  He decided it wasn't being used and sold it. By then, around 1983 or so, I had spent so much time reading computer and electronics magazines and boo...
Post a Comment
Read more
Recent posts

Building a WiFI/BT Sniffer - part 2 (Operation)

Command line interface Connect to the device with a USB cable, and open it in your favorite serial terminal.  Your terminal needs to be VT102 compatible for the colors to work.   Start with the 'help' command: Most of these should be pretty self-explanatory - commands that work with the filesystem or give information.  The `scan`, `survey`, and `config` commands will be detailed below.  For now, let's see what the status of the device shows: Status shows a few useful pieces of information: Hardware - not much to interesting; just shows the ESP32-S3 information GPS - shows current lock status, long/lat coordinates, GPS time, and number of satellites.  If the GPS is not receiving good data, the display will be "NO GPS LOCK" Filesystem - shows used/free space Memories - shows free heap space for both internal and external RAM Wall clock - synced to GPS, shows current date/time and offset as well as timezone. Configuration Device configuration is performed usin...
Post a Comment
Read more

Building a WiFi/BT sniffer - part 1 (construction)

(tl;dr version - the sniffer project is at this  Github repo .  Project is well documented there) For various reasons, I wanted to build a portable device to sniff WiFi and Bluetooth signals.  My goals for the project were for the device to be able to: "Survey" all devices in the area, and log the results for later analysis Continuously monitor for target broadcasters  based on: WiFi SSID WiFi MAC prefix (Manufacturer's OUI) Bluetooth device name Bluetooth MAC prefix (Manufacturer's OUI)  Bluetooth service UUID value Log detection for analysis Signal detection in an obvious way Have GPS to keep track of geographic location (as well as timekeeping) I found a couple of projects on Github that looked kind of promising, but not exactly what I was looking for.  One seemed a bit more promising than the others at first glance.  The project developer was happy to sell pre-built hardware (with a buzzer for alerts), but could run on just an ESP32 dev board....
Post a Comment
Read more

Successful Fault Injection (glitching) with the Bus Pirate

Introduction In this post, I'll discuss using power fault injection (glitching) to bypass UART password authentication in an application running on a simple Arduino dev board using the Bus Pirate.  (Spoiler - it works!) The Bus Pirate  is an open source hardware/firmware debugging and test tool that is capable of many, many things useful to an embedded engineer and/or hacker.  In this case, we'll be using the UART functionality to communicate with and time, generate, and inject a power fault into our target (an Arduino Uno). Background For a recent project, I was connected to a consumer IoT device's UART port and found that I could break into the U-Boot bootloader at which time I prompted to enter a password.  I noticed that once the password prompt mode was entered, it would allow infinite retries of password until the correct password was entered (not a good idea from a product security standpoint).  I later pulled the entire firmware from the flash of the dev...
Post a Comment
Read more