Posts

Acoustics Emanation Tool

Mechanical PIN-Entry keypads such as the used in secure payment terminals, ATMs, keypad lock on door, etc; can be vulnerable to attacks based on differentiating the sound emanated by different keys. The sound of button clicks can differ slightly from key to key, although the sound of clicks sound very similar to the human hear. Several research studies have demonstrated that it is possible to recover the typed data from the acoustic emanations and has been a known source of concern and present a threat to user privacy; see the References section below. Besides, keypad emanations are specifically tested in the PCI SSC PTS security-testing process required for the approval of secure payment terminals. The "Monitoring During PIN Entry" testing requirement, verifies that there is no feasible way to determine any entered PIN digit by monitoring sound, electro-magnetic emissions, power consumption or any other external characteristic available for monitoring . Precisely, thes

Python notebooks and the SARK-110 Antenna Analyzer

Image
The SARK-110 can be controlled from a computer using scripts written in Python programming language . For this purpose, there is an open source library and examples written in Python that facilitates this task and can be used from Windows, Linux or Mac OS. The library includes some basic examples that are normal Python scripts, and also some examples written as Jupyter Notebooks . As described in the Jupyter website , "the Jupyter Notebook is an open-source web application that allows you to create and share documents that contain live code, equations, visualizations and narrative text. Uses include: data cleaning and transformation, numerical simulation, statistical modeling, data visualization, machine learning, and much more" . The provided notebook examples, such as   https://github.com/EA4FRB/sark110-python/blob/master/src/plot_example.ipynb , illustrate how to use the libray or more properly stated, the Python Sark110 class, and plot the acquired data.  There

Identification of the wireless protocol of a car key fob

Image
As a continuation of my previous post , I will use HackRF One with Universal Radio Hacker (URH) software for the quick identification of the wireless protocol used in my car remote key fob.  Since I didn't know the transmission frequency of the fob, I first used HackRF Spectrum analyzer software to identify its frequency. Here in Europe the more probable frequencies should be in the range of 433 MHz, 868 MHz or 915 MHz ISM frequencies, so I configured a frequency span from 400 MHz to 1 GHz.  I let the analyzer start the scan and pressed the buttons of the key fob to transmit the data. The transmission appeared very clear at the frequency of 434 MHz. I noted this frequency to be used with URH software.  Then, I launched URH software and started with its Spectrum Analyzer to the fine identification of the transmission frequency; in this case 434,408 MHz.  After that, I captured a couple of transmissions for each of the three buttons of the fob using the "