Expired RSA SecurID Token revival (guerrilla hack)

meneame.net TRACK TOP
Publicado el 25th Enero, 2016 por KaR]V[aN. Archivado en Electrónica, Hardware, Tips.
Leido 310 veces. Aqui no comenta ni $DEITY.

I had lying around an expired RSA SecurID with the typical blank display only showing a small 3 in the right.

Looking for some info about expired tokens I found an old topic at flickr (original URL here) where Travis Goodspeed managed to revive one the tokens with a simple trick: apply 3v for a second in two of the pads behind the protective plate.

Here is the diagram:

Expired RSA SecurID Token Revival Diagram

Expired RSA SecurID Token Revival Diagram

Here the revived Token:

Expired RSA SecurID Token Revived

Expired RSA SecurID Token Revived

The token was expired since november 2011 but still got battery to keep working.

I Haven’t tested if token still is valid to autenticate against RSA daemon after revival.

Aribag detonation

meneame.net TRACK TOP
Publicado el 29th Diciembre, 2015 por KaR]V[aN. Archivado en Sin categoria.
Leido 235 veces. Aqui no comenta ni $DEITY.

Just an old seat airbag that was found on the garbage. Recorded a 240fps.

VMware Fusion (OSX): Mooltipass in Virtual Machines

meneame.net TRACK TOP
Publicado el 19th Agosto, 2014 por KaR]V[aN. Archivado en Arduino, VMware.
Leido 7,514 veces. Aqui no comenta ni $DEITY.

So, I wanted to test the Mooltipass in different platforms besides my main OS, Mac OS X. The better way is to use virtual machines I already have VMware Fusion. On first try I wasn’t able to associate the Mooltipass to any of my virtual machines because the MP is an HiD device and as so, is always connected to the main OS and then emulated via VMware Fusion in the guest OS (in my case, Windows XP and Windows 8):

vmware_fusion_screenshot_without_usb_mooltipass

Mooltipass is not eligible to be associated to the guest OS

After some googling I found a relevant KB (knowledge base) article about associating HiD devices entirely to a Virtual Machine and disassociating it from the host OS: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1033435.

The article says that the virtual machine hardware definition file (.vmx extension, usually located at /Users/$USER/Documents/Virtual Machines.localized) has to be manually edited after shutting down the virtual machine and the VMware Fusion to add the two following lines:

usb.generic.allowHID = "TRUE"
usb.generic.allowLastHID = "TRUE"

After adding both lines, you can safely search for the Mooltipass HiD devide to properly associate it to the guest OS:

vmware_fusion_screenshot_with_usb_mooltipass

vmware_fusion_screenshot_with_usb_mooltipass

Update: Since VMware Fusion 7.1.1 it’s necessary to also add usb.generic.allowHID = “TRUE” in the following file: /Users/$USER/Library/Preferences/VMware\ Fusion/preferences

Broken Kindle 3

meneame.net TRACK TOP
Publicado el 8th Julio, 2013 por KaR]V[aN. Archivado en Cacharros, Electrónica.
Leido 334,193 veces. 2 comentarios archivados.

This is a donation of a friend as its not working. Actually this kindle 3 stop working when booting, hence the reason that shows the booting load bar.

broken Kindle 3 Front

broken Kindle 3 Front

I tried to search for onboard blown fuses but every single fuse I found was in good condition. After that I researched over internet and found that has a debug serial port. I tried to attach my usb to serial ttl converter with a little level shifter (kindle serial port works in 1.8v) but had no luck, not even a single character was shown in my Zterm :(

broken Kindle 3 Back Opened

broken Kindle 3 Back Opened

I wanted to install debian to see how the display could work and some few hack I’m thinking of but being the board pretty much dead (only seems to work for its battery charging) I decided to save it for parts as battery, case, metal frame, keyboard and display seems in good working conditions (although I’ve not been able to test them properly). If some generous reader has a kindle 3 with a broken display and he/she is willing to donate it to science I’ll be more than happy to pay the shipping.

LiPo Batteries Hacking and refurbishing

meneame.net TRACK TOP
Publicado el 30th Junio, 2013 por KaR]V[aN. Archivado en Cacharros, Electrónica.
Leido 313,309 veces. 9 comentarios archivados.

One of the difficult parts when prototyping is to find reliable power sources. Today is still hard to find the battery size we want to use because country exporting frontiers stops these chemical packages. Here I’ll show how to refurbish dead batteries by combining cells and protection circuits to preserve battery life.

An (almost) dead Apple MacBook Pro (17″) battery fell in my hands so I decided to tear it down to see if there was something profitable. Inside I found that the battery pack was composed with 6 individual cells, paired in 3 groups.

Apple Mac Book Pro 17" Battery Disassembly

Apple Mac Book Pro 17" Battery Disassembly

Seems that the third group had a small voltage difference between cells so they began discharge between them. This leaded both cells to die, condemning the entire battery pack.

Here can be seen the individual cells:

Batteries separated from the main board.

Batteries separated from the main board.

As can be seen the cells doesn’t have individual protection circuits witch are important to avoid discharge below 2.7v to preserve battery life.

I also came across with a small photo-frame that I bough just for hacking fun as is really a bad piece with almost no memory, no SD card expansion, 128×128 display and bad electronics. It cost me 1.99€ and the battery was drain dead from the first moment I opened the package.

Small and dead LiPo battery with the protection circuit.

Small and dead LiPo battery with the protection circuit.

It was inflated and reading 0.26v. Obviously battery couldn’t be rescued, but I salvaged the power cutting circuit. Here is the reverse side of the protection circuit board. Notice the polarity when soldering the LiPo cell and wires:

LiPo Battery protection circuit downside.

LiPo Battery protection circuit downside.

Once I soldered the protection circuit board to the Apple battery cell I ran some charging and discharging tests to ensure the assembly works fine and that power is cut at 2.7v:

Working Refurbished Battery

Working Refurbished Battery