Difference between revisions of "Summerschool Aachen 2004/Hardware Hacking Lab"

From C4 Wiki
Jump to: navigation, search
Line 1: Line 1:
===Notes from the Lab Session===
+
==Notes from the Lab Session==
  
 
* nCipher HSM
 
* nCipher HSM
Line 5: Line 5:
 
* Netgear RT314
 
* Netgear RT314
 
* The Netgear FR314 xDSL Router...
 
* The Netgear FR314 xDSL Router...
* Dismantling the Early Warning System (PEWS) AN/TRS-2(V)
 
  
===Notes from Presentations===
+
=== Dismantling the Early Warning System (PEWS) AN/TRS-2(V) ===
 +
 
 +
Myself and Ernest dismantled the PEWS detector to find out what it is and how it works. It is a device designed to detect passing vehicles and personnel by using seismic and magnetic detectors, and send this to the receiver. The manual for the system [http://www.tpub.com/content/infantryequipment/TM-11-5895-1047-10/index.htm is online].
 +
 
 +
The detector is weatherproof so it was necessary to remove the sealant to open it. Once opened it contained two main boards, both of which were densely packed with discrete components (resistors, capacitors and transistors). There were a few chips, but based on their datasheets these were very simple (one was a decimal counter, the other contained a few simple logic gates). The serial number of one of these showed that the chip was manufactured in 1981 so that would explain why the system is so basic.
 +
 
 +
The output of the device can either be sent using wires or radio. There is no means to give the device a key, so the signal must be unencrypted. It probably simply sends the serial number and whether it detects a person or a vehicle. Only two digits of the serial number are shown on the receiver. There doesn't appear to be any attempt to prevent jamming, interception or generation of false signals so it is not that interesting from a security perspective.
 +
 
 +
There are some photos available on the internal network:<br>
 +
[http://untertasse.informatik.rwth-aachen.de/~md/Pictures/1day/Pictures-Pages/Image20.html Outside]
 +
[http://untertasse.informatik.rwth-aachen.de/~md/Pictures/1day/Pictures-Pages/Image21.html Boards 1]
 +
[http://untertasse.informatik.rwth-aachen.de/~md/Pictures/1day/Pictures-Pages/Image22.html Boards 2]
 +
[http://untertasse.informatik.rwth-aachen.de/~md/Pictures/1day/Pictures-Pages/Image23.html Boards 3]
 +
 
 +
-- [[Steven Murdoch]]
 +
 
 +
==Notes from Presentations==

Revision as of 15:40, 21 September 2004

Notes from the Lab Session

  • nCipher HSM
  • The Anatomy of an ADSL modem
  • Netgear RT314
  • The Netgear FR314 xDSL Router...

Dismantling the Early Warning System (PEWS) AN/TRS-2(V)

Myself and Ernest dismantled the PEWS detector to find out what it is and how it works. It is a device designed to detect passing vehicles and personnel by using seismic and magnetic detectors, and send this to the receiver. The manual for the system is online.

The detector is weatherproof so it was necessary to remove the sealant to open it. Once opened it contained two main boards, both of which were densely packed with discrete components (resistors, capacitors and transistors). There were a few chips, but based on their datasheets these were very simple (one was a decimal counter, the other contained a few simple logic gates). The serial number of one of these showed that the chip was manufactured in 1981 so that would explain why the system is so basic.

The output of the device can either be sent using wires or radio. There is no means to give the device a key, so the signal must be unencrypted. It probably simply sends the serial number and whether it detects a person or a vehicle. Only two digits of the serial number are shown on the receiver. There doesn't appear to be any attempt to prevent jamming, interception or generation of false signals so it is not that interesting from a security perspective.

There are some photos available on the internal network:
Outside Boards 1 Boards 2 Boards 3

-- Steven Murdoch

Notes from Presentations