Reverse Engineering a $20 remote controlled outlet

Introduction

A few years ago, I bought a remote controlled outlet from Walmart. I don't recall the exact price, but it was less than $20. It was pretty much purchased for the explicit reason of trying to understand how they worked. The end goal, is that I wanted to know if

  1. I could decode/intercept the signals

  2. It was vulnerable to replay attacks

Tools Used

  • RTL SDR

  • Yardstick One

  • Inspectrum

  • GQRX

  • rfcat

This is going to be quite a long post, so I suggest getting a cup of coffee before continuing. At the end, I have included a youtube video showing the entire process.

Read more…

Getting started with the proxmark3 easy clone

Introduction

I've been interested in RFID hacking for a really long time. The "gold standard" has been the proxmark series of tools. Unfortunately, these are quite expensive, especially for a hobbyist. However, thanks to the internet and the usual sources, there are pre-assembled versions available for under $100.

In this post, I'll share a quick tutorial on how to clone an access control card to a rewriteable card.

Read more…

Auditing a $50 Security Camera DVR System

FYI, this is a rewrite of some work I did in 2016 and was previously hosted on my old blogspot account. In doing research for the rewrite, I found that several people had done largely similar work, but I have identified some new information, particularly the ability to format the disk drive by sending a post request.

Introduction

Before the Internet of Things (IoT) took over, homes and businesses were watched by closed circuit cameras, and some did have LAN and WAN remote viewing. The WAN connection was not through a cloud system, but rather a direct connection to the IP address of the device. Unfortunately, given the price point of these devices, a lot of security corners were cut.

On a whim, I ordered one of these devices (it was on sale at Newegg for $50). The specific device was from Newegg, (Archive.org backup). It had a lot of neat features (night vision, motion detection based recording, 720p resolution), but I mostly bought it because I wanted to see just how bad the security was.

Project Scope

The goal is to emulate an attacker could disable or delete recordings with no knowledge of the system (i.e. no physical access to the device or model numbers), with the assumption that the attacker is already on the same network as the device. If that isn't successful, the scope will be revised to assume attacker knows the model number of the device.

Read more…

An indoor air quality monitor using particle.io

In this post, I'll discuss some hardware and a new build platform that I used to create an indoor/outdoor air quality monitor. This will be a multi-part post because it has several separate pieces of infrastructure.

In the late summer of 2020, wildfires were burning in Oregon. I saw lots of posts on twitter and other social media outlets of people constructing air filters out of box fans and household HVAC filters. I live on the East Coast, so I was not impacted, but I was curious about what the particulate matter content was inside/outside my home.

Read more…

Welcome to my blog

I'm going to use this as an introduction/explanation of what I want this to be. I do a lot of small projects, (Raspberry pi, arduino, etc) so I wanted to be able to share those (and provide documentation for myself).

Here is a short list of my hobbies:

  • cybersecurity

  • lock picking

  • model trains

  • arduino

  • raspberry pi

  • ham radio