About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Time Turner - Hacking RF Attendance Systems To Be in Two Places- 577

Vivek NairPosted 4 Years Ago
  • In Harry Potter, Hermione Granger wants to be in two classes at once. With magic, this is possible. But, what about real life?
  • There are devices for attendance systems at big schools. These use clicker systems in order to do quizzes and know if somebody is in the class or not.
  • The device is really simple. In order to see how the communication worked, they intercepted the SPI interface to see what was going on. The newer devices have a program fuse burned, making it impossible to dump the firmware. However, the original version of the device forget to do this, making it vulnerable.
  • The protocol is only 5 bytes. The first 3 bytes are a encrypted (poorly with a substitution cipher). The fourth byte is a lookup table for the answer for the packet. The final byte is a checksum that is not done very well.
  • A cheap ardunio board has the ability to emulate the functionality for us. The firmware for this can be found at here. Now, we can emulate a remote as any ID or any user.
  • But, we still don't KNOW the answer. Now what? We can create a device that listens to all of the other students! By emulating the base station, we can take the most popular answer and send that with any student ID we want. This allows us to NEVER go to class and always get the right answer.
  • Besides this, you can see all other votes. Or, even worse, you can send in votes for other people. System completely broken!
  • To patch this, you should not be able to see other peoples votes, alter them or overwhelm the service. To fix the availability aspect they could use frequency hoping (FHSS). To fix the confidentiality, they could use mutual key exchanges in order to encrypt the data. For integrity, having a unique fingerprint per device would making it nearly impossible to emulate other devices besides the ones that are owned.
  • The story telling of this is awesome! They really lean into the student needing to be in two classes at once. The story of the student needing to do something made for a really good story!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed