[zz]Hacking 27Mhz Wireless Keyboards.

5 views
Skip to first unread message

大风

unread,
Dec 9, 2007, 9:37:21 PM12/9/07
to ph4...@googlegroups.com

 

黑无线键盘的

 


This is the kind of research I just love.

The people from dreamlab have been busy with exploring the 27Mhz wireless technique used in keyboards from Microsoft and Logitech. The most interesting fact they found is that the encryption scheme used is at least to call trivial. They are Xoring a key against a random byte determined during the initial sync with the receiver. With only 20 to 50 keystrokes it would be possible to gain the key to decrypt the keystrokes. But, as you probably understand with Xoring there are only 256 possibilities which concludes that the keystrokes can be captured and decrypted by brute forcing the key used. The choice for such a weak cipher probably stems from the vendors idea, that no one will go through the hassle of hacking 27Mhz wireless keyboards and intercept keystrokes, and obviously this was a wrong assumption. You either use strong encryption, or you don't use encryption at all.

It is a huge problem because some keyboards have a maximum range of 100 meters. I know at least one bank in my town who uses wireless keyboards all over the place. Since I'm never wireless, I can understand that this can come as a shock to some who work in security and uses wireless peripherals.

The whitepaper and video can be downloaded here:

http://www.dreamlab.net/download/articles/27_Mhz_keyboard_insecurities.pdf
http://www.remote-exploit.org/max/automated.html

Enjoy.

 

[Ph4nt0m]

[Ph4nt0m Security Team]

                  @ph4nt0m

          Email:  ax...@ph4nt0m.org

          PingMe:

          === Ultimate Hacking ===

          === XPLOITZ ! ===

          === #_# ===

#If you brave,there is nothing you cannot achieve.#

 

 

 

image001.gif

noop

unread,
Dec 9, 2007, 9:41:30 PM12/9/07
to Ph4nt0m
日,xcon刚有人讲过这个嘛~
但是意义好像不是特别大,你想黑谁的键盘?
隔壁办公室的MM?人家用的是有线!
哈哈。只有某些高科技男才用无线键盘。。。无线鼠标可能多点。

大风

unread,
Dec 9, 2007, 9:52:28 PM12/9/07
to ph4...@googlegroups.com


我正准备去买个无线键盘,好躺在沙发上玩电脑,哈哈


[Ph4nt0m]
[Ph4nt0m Security Team]
刺@ph4nt0m
Email: ax...@ph4nt0m.org
PingMe:
=== Ultimate Hacking ===
=== XPLOITZ ! ===
=== #_# ===
#If you brave,there is nothing you cannot achieve.#




-----邮件原件-----
发件人: ph4...@googlegroups.com [mailto:ph4...@googlegroups.com] 代表 noop
发送时间: 2007年12月10日 10:42
收件人: Ph4nt0m
主题: [Ph4nt0m] Re: Hacking 27Mhz Wireless Keyboards.

大风

unread,
Dec 10, 2007, 1:58:40 AM12/10/07
to ph4...@googlegroups.com

 

原文: http://www.team509.com/download/the_2_way_for_using_lookaside_to_break_software.pdf

 

 

关于堆溢出中lookaside表的利用

 

 

networker networker

unread,
Dec 10, 2007, 6:16:28 AM12/10/07
to ph4...@googlegroups.com
这个大牛的文章够牛

在07-12-10,大风 <opens...@gmail.com> 写道:

 

原文: http://www.team509.com/download/the_2_way_for_using_lookaside_to_break_software.pdf

 

 

关于堆溢出中lookaside表的利用

 

 



 


Reply all
Reply to author
Forward
0 new messages