David Sopas – Web Security Researcher

Hardware

17/10/18 Hardware , IoT # , , ,

Opening a fingerprint + BLE smartlock – the smart way!

I got my hands on a smartlock that costs around 35€ on Amazon which unlocks using the fingerprint or app (using BLE).
In reality I don’t know the brand and model but this is not something that I really care. What I wanted to check was – how hard was breaking this smartlock?

After a quick inspection I noticed that this lock had something covered below the USB port (which is used to power the battery). Using a sharp knife I scrubbed the thing up and… a screw appeared 🙂

C’mon… Really? I opened it and start disassembling the device.

I needed to scrub also some parts because this lock was supposed to be waterproof so they covered some wires.

In the end, we got a small PCB with a connected fingerprint sensor. Didn’t saw any spring like other locks and can’t manage to open it by shimming. But I saw a motor which was connected by a white and yellow wire to the PCB.

I already played with some motors and other devices like that on Arduino and they usually only need some power to rotate. In this case, I’m guessing that connecting the 3.7V battery to the PCB wires it will rotate (or open).

I grabbed a couple of wires to prevent soldering or damaging the lock and connected them to the lock battery. Than connected the wires to the PCB part that connected to the motor.

And the lock opened. No fingerprint or BLE needed.

Check out the small video that I did – https://www.youtube.com/watch?v=VEjwV3LsLJ0

So I guess you take around 5 second to open this lock using a direct connection to the motor.
The vendor claims its a strong lock… Anyone can break it in 5 seconds.

Screwdrivers rule! 🙂

no responses
10/10/18 Hardware # , , , ,

micro:bit password generator

So I got a new toy – micro:bit. I initially bought three of these devices so I can sniff BLE traffic using btlejack. After playing with it, I decided to learn more about this hardware.

It’s pretty simple to use, specially if you decide to use Microsoft MakeCode, but also support MicroPython. I went with this last one and created something that is still in testing because of hardware limitations.

I decided to create a simple password generator. You have two buttons. Button A (left side) and Button B (right side).
Button A generates “randomly” and displays on the small leds a 4 digit pin number. Button B generates a 12 length char password that will consist in numbers, some letters (some letters don’t display well on the leds) and a couple of symbols.

Why I did this? Well because usually you need something to generate a fast pin or password. Some of my clients NEED this. Nothing is recorded and if you don’t catch the pin or password, click to generate another one.

Next step… Battery. Implement a CR2032 battery with a on/off button. Also, improve the code a bit and share it on github.

Check the video here – https://www.youtube.com/watch?v=M3CO_OvSO4w

no responses