Dan Maloney
@Dan Fruzzetti Any experience? :)
Tom Redman (I can't @ you for some reason): https://www.cs.tau.ac.il/~tromer/papers/acoustic-20131218.pdf
👀 Thanks!
It seems almost like scifi
Tom: i'd also suggest just investigating the underlying phenomenon of electrostriction as you can reproduce this at home
Even with the CPU instructions... is that truly readable in any meaningful way? Just kinda throwing it out there, I'm sure it could be to people much smarter than me. Some state-level hacks are kind of surreal in their complexity
around Y2K i did several banks in my area as either a mainframe worker for Y2K, a mainframe worker's subcontractor (they were so hot to hire anyone omg), and a hospital administration. the banks would be easier targets today, by far, because their hourly employees are often quite friendly even with people they only vaguely recognize online who may or may not be that one person thay think they remember from whatever.
that said, at the time the access controls were different, printers had just made a surprising jump in photorealism and some weird things were awry. i had my own work badge, my own telecom tool belt, and my own telecom tool bag. some trick telecom tools and some stuff to plant.
fact #1: back then, you could just call and say you were coming, and when you arrived you'd have authority as if someone hired you. no authentication strings that i recall, once i was asked for a cost cener code and told them i wrote it down but forgot to bring it
Nice, thanks @samy kamkar – i'll check that out!
@Dan Fruzzetti that is wild!
Honestly the human element... every time.
back then, it was way less tech-deep. what i mean is, if i could get into a back room or into an absent teller's drawer and grab a confidential document or photograph a confidential document, then i'd get a solid day's pay for teaching them all how to avoid it
but you were still sometimes asked to prove you could access the voicemail room, the mainframe room, the 'computer room' etc. and sometimes they'd ask you to leave a calling card. i never had to actually tap a circuit of any kind, though i had to prove i could have with photographs
I recall the story of a pen tester who would wear a fake pregnancy prosthetic because honestly, who's gonna deny her entry if this poor woman forgot her key card? She played the "pregnancy brain" card
@Tom Redman i would delight in pulling that
That's so crazy. My heart would be pounding haha
adrenaline, yes; heart, do anything to keep it no
the trick is to actually feel nonchalant
beta blockers or square breathing, etc?
and then, to be able to bullshit FAST on your feet
If I had it to do over again, pen testing would be my thing
because your rehearsed option will go sideways if you have to interact with the target
just ask which printer/scanner it is that needs fixing
@Dan Maloney you're still alive. i'm 40 and completing an MTM because *shrug*
@charliex ahh, you remember too
still works
copy machines too, ESPECIALLY right when they got networked
@charliex <3 oh i wanna see so bad
@samy kamkar I loved your project on the credit card mag stripe emulator... your enthusiasm for that project came through in the post. What your most excited moment in hacking?
What was*
@Tom Redman it's surprising that much of this can be very effective -- of course sound is going to make it harder but when you're dealing with algos that are using significantly different operations on a per-bit basis, then it's quite clear what's going on when you begin measuring amplitude of anything that reveals power usage -- if you have access, i'd suggest taking an oscilloscope to a microcontroller, implementing any existing crypto example, and measuring power -- start with something like a shunt resistor as it performs an operation and compare to the high level implementation of the algo and you'll be surprised at how much you can "see"
@samy kamkar oh that's so smart the rotation in power use gives you a clue about the rotation in processing modes
Amazing! Definitely going to dig in... I love this stuff to death. It might be the thing I'm most curious about!
And I look up to see that our hour is already up - amazing. We usually like to let the host go at this point, and we'll certainly do that if Samy has to go, but anyone who wants to stay on and keep the chat going is more than welcome. The Hack Chat is always here for you, even in these troubled times.
Thanks @samy kamkar – loved the opportunity to learn today!
thank you!
I just want to say a big thanks to Samy for coming on today, and to all of you for a great chat. Really, thanks all!
cheers @samy kamkar
Next week we'll be talking about Laser Artistry with Seb Lee-Delisle:
Thanks @samy kamkar
https://hackaday.io/event/170294-lasers-hack-chat
Laser Artistry Hack Chat
Pew pew goes my big green laser Wednesday, April 1, 2020 12:00 pm PDT Local time zone: Hack Chat This event was created on 03/09/2020 and last updated 36 minutes ago. Join this event's team Seb Lee-Delisle will host the Hack Chat on Wednesday, April 1, 2020 at noon Pacific Time.
thanks all! will hang for a little longer
thanks for the links @charliex
thanks @samy kamkar and others
Excellent @samy kamkar, thanks!
I'll wait a bit to pull the transcript and post it.
anytime, if i recall i intro'd you to alyssa at dc last year, she does a lot of SCA
@Tom Redman hmm most exciting thing, this is an old project but i was super excited because i kind of didn't believe in myself that it would work but had just kept messing around with the idea and one day it worked. i assumed i was doing something wrong when it actually worked. more networking related and quite old now, but was soooo happy http://samy.pl/pwnat
or https: if you're into that kind of thing
😁
> i assumed i was doing something wrong when it actually worked
Like code that works the first time 'round :D
thanks @Dan Maloney
exactly
tfw when something compiles on the first try and you become immediately suspicious
"something must be wrong"
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.