Blog

, ,

Reversing H.Koenig wireless remote (part 3)

, ,
Reversing H.Koenig wireless remote (part 3)

For those who want to read the whole story from the beginning, here are Part 1 and Part 2.

I haven’t talked about this project for a while but I was still working on it. So, what took me so long that I didn’t write about it?

Well, as I told you in Part 1, my final goal is to be able to control the robot vacuum with a GoodFET and a transceiver. The robot relies on an A7105 transceiver which is not directly supported by the GoodFET project and I don’t want to add support for it as I have already written code to support a Chipcon CC2500 transceiver that might be radio-compatible with the Avantcom one.

Knowing all the parameters we need by spying the configuration phase on the SPI bus from the remote control should have been enough to build another remote. But sometimes things don’t go well!

, ,

RFID, when the manufacturer matters...

, ,
RFID, when the manufacturer matters...

Nowadays we can find RFID technology almost everywhere: in supermarkets (anti-theft), in assembly lines (identify & track items), in highways (tolls), in public transportation, in your passport and your credit card and it is also used by many companies and by hotels for access management.

This post is about the latter. Indeed, during my trips, should it be for business or for holidays, I have stayed in many hotels. Some of them were still using good old keys like you do at home, most of them still use magnetic cards and some were relying on RFID cards to give you access to your room. Unfortunately, the security level of such RFID access management highly depends on the manufacturer as we will see.

, , ,

Dumping Z-Wave device firmware

, , ,
Dumping Z-Wave device firmware

In the previous weeks, I had to work on Z-Wave devices and that lead me to dump the firmware of those devices. Consequently, I used my favorite GoodFET to achieve this goal :-)

Code is now available on the GoodFET’s project repository. Be aware that you will need to update the firmware of your GoodFET device before using it because the Z-Wave chip requires specific timing and bit banging.

More details on that work are available on my employer’s blog as, this time, this was not a spare time project :)

, , ,

A journey in script-kiddie-land and kernel-land

, , ,
A journey in script-kiddie-land and kernel-land

Yes, I know what some of you may think: will we finally get the third and last part about the robot vaccum? You will. But trust me, I don’t have a lot of spare time and debugging the radio stuff is not the funniest part nor the easiest one!

But let’s come back to our subject. Reading some (all?) of my posts here, you may know what a GoodFET is. But have you heard about its little brother, the FaceDancer?

, , ,

Firmware extraction and reconstruction

, , ,
Firmware extraction and reconstruction

Recently I had to extract a firmware from an I2C EEPROM.

Although I am pretty used to SPI EEPROM on embedded equipments, seeing an I2C bus seemed pretty unusual to me.

As you may have noticed from my previous posts, I make heavily use of my GoodFET. It is a very handy tool and although I also have a BusPirate v4, I prefer Travis’s tool. Unfortunately, I2C protocol is not compiled by default on the firmware, the tools are marked as “untested” on the website and the pinout is not documented on the website. That’s a lot of things to find out :-)

, ,

Hard drive rescuing with a GoodFET

, ,
Hard drive rescuing with a GoodFET

This post is a little pause in my vacuum reversing trilogy. It is half about electronics, half about digital forensics but somehow it is still 100% of my hobbies ;-)

A friend of mine had faced a harddrive failure recently and wanted her data back. So she sent me the drive instead of giving away one month of salary to an expensive data rescuing company.

Most of the time, replacing the controller board of the harddrive is enough to get your data back. Hopefully some companies like HDDzone allows you to order the exact model of the PCB you want to replace.

One week later, the PCB was in my mail box. Great.