Uncategorized

RISC-V-based Arduino

In their quest to democratize access to custom silicon, SiFive has announced the very first RISC-V-based Arduino just hours before the start of Maker Faire Bay Area 2017.

https://blog.hackster.io/sifive-unveils-the-first-risc-v-based-arduino-a4d07fe7f21f

 

Standard
Uncategorized

CAN-pipe: use Wireshark to sniff CAN traffic

A tool for creating a windows named pipe to capture CAN bus traffic using wireshark.

https://github.com/laplinker/CAN-pipe

Standard
Uncategorized

MalDuino: Arduino-based BadUSB

MalDuino — Open Source BadUSB

https://www.indiegogo.com/projects/malduino-badusb-arduino-usb#/

MalDuino is an arduino-powered USB device which has keyboard injection capabilities. Once plugged in, MalDuino acts as a keyboard, typing commands at superhuman speeds. What’s the point? You could gain a reverse shell, change the desktop wallpaper, anything is possible. For penetration testers, hobbyists and pranksters the MalDuino will serve you well!

MalDuino — Open Source BadUSB

 

Standard
Uncategorized

RHme’s embedded hardware CTF

What is RHme+
The RHme+ (Riscure Hack me ) is a low level hardware challenge that comes in the form of an Arduino board. It was launched during BlackHat Amsterdam in 2015. The winners of the first edition were announced on 18th of January 2016. The writeups together with the interview of the winners can be found from March 1 at the official challenge website. Use your weapon of choice to extract the flags. We have no preference and we are curious to see where your creativity and skill will take you! Just be sure to have fun! 😉 We estimate the difficulty level to be moderate. If you like these challenges and you would like more, let us know. Get in touch with us via twitter (#riscure #rhme+) or send us an email at challenge. at. riscure.com

http://rhme.riscure.com/

https://github.com/Riscure/RHme-2015

Standard
Uncategorized

Intel releases firmware source code to Arduino 101

Zoe Romano posted a new blog entry on Arduino.cc site, about Intel releasing the source code to the Arduino 101 firmware.

[…] We’re very happy to announce that the source code of the real-time operating system (RTOS) powering the Arduino 101 and Genuino 101 is now available for hacking and study purposes. The package contains the complete BSP (Board Support Package) for the Curie processor on the 101. It allows you to compile and modify the core OS and the firmware to manage updates and the bootloader. (Be careful with this one since flashing the wrong bootloader could brick your board and require a JTAG programmer to unbrick it). The firmware runs on the x86 chip inside the Curie module and communicates with the ARC core (which runs your Arduino sketches) using these callbacks. Right now, the x86 core takes care of handling Bluetooth Low Energy (BLE) and USB communication, offloading the ARC core. You can use the code which implements these functionalities as a starting point for your custom extra features. […]

https://blog.arduino.cc/2016/04/21/intel-releases-the-arduino-101-firmware-source-code/?utm_source=twitterfeed&utm_medium=twitter
https://downloadcenter.intel.com/download/25832
https://github.com/01org/corelibs-arduino101
http://forum.arduino.cc/index.php?board=103.0

Standard
Uncategorized

Hardware security at Security B-Sides Seattle

This month is B-Sides Seattle, and there are 3 hardware workshops (Attacking USB, JTAG, and Arduino) one by Joe (SecurelyFitz) and two by Matt (CryptoMonkey):

http://www.securitybsides.com/w/page/103147483/BsidesSeattle2015
https://www.eventbrite.com/e/bsides-seattle-2016-tickets-19822367234

I think I heard Matt say this was the last time he was offering this  Attacking USB training…

Note that Joe also has training at CanSecWest and Black Hat, in addition to B-Sides Seattle..
https://www.blackhat.com/us-16/training/applied-physical-attacks-on-x86-systems.html
https://cansecwest.com/dojos/2016/advanced_hardware.html

Standard