Brute force project

I have the need to perform brute force protocol reversing via an RS-232 serial port. Hardware flow control is needed.

Nice to haves:

  • Able to send email when expected response is received.
  • Ability to log to flash or other accessible memory.
  • Ethernet connectivity

What is the proper hardware for this task?

Performance is fairly important as well.

Thanks!

So what specific parts of this project do you expect an arduino to perform?

What sort of performance do you need?

Curiosity forces me to expose my ignorance :slight_smile:

What is "brute force protocol reversing"

...R

Password guessing is among other possibilities.

So currently the reversing code is written in C# and runs on a VM. I’d rather not have a dedicated PC running full time to do this.

Preferred performance would be 20ms-30ms to construct a response and begin transmit.The interface is impatient requiring quick responses else it prompts again.

As an unrelated example, take this scenario:

The device has a known command, HELP. What is unknown is the command framing characters. The protocol is Extended ASCII.

When an incorrect command is given, the board does not respond, however when a good command is given, it will respond.

So an odometer attack would be used to determine the framing characters. It could be HELP, or HELP, etc. etc.

The code would test, via brute force, all possible character combinations, including none, in each framing position around the constant HELP.

I would want the Arduino to run this reversing code until it got a valid response, then store the values sent and somehow notify me.

Once the framing characters are found, they become the constants, and then all possible combinations of characters up to a command length of 4 in Extended ASCII will be tried to reverse the rest of the command set.

As someone else mentioned above, this could also be very useful for brute force password cracking for various home hardware like satellite boxes, and cable modems and routers installed by ISPs to cure double NAT issues (Comcast) for instance… however that’s not my current use case.

Sending various guesses for the command structure and checking for a response would be easy on the Arduino. The notification is also straightforward but there are many possibilities. Attempts could be logged to an SD card.

If the protocol includes a CRC, that dramatically increases the number of trials and time to solve.

Why not use a logic analyzer to actually see what's going on? They are probably less expensive that the time it might take you to brute force it.

Shpaget:
Why not use a logic analyzer to actually see what’s going on? They are probably less expensive that the time it might take you to brute force it.

This approach was attempted, as was extraction of the program image from the processor. Counter measures exist that make brute force much less labor intensive and more cost effective.

So given the above, what hardware would I order?

cycoder:
.... however that's not my current use case.

That leads me to think you don't plan to tell us.

Is it something illegal or something to be ashamed of?

...R

As an unrelated example,

Must be some issue with using a related example. 8)

Robin2:
That leads me to think you don't plan to tell us.

Is it something illegal or something to be ashamed of?

...R

Neither. It just means it isn't my current use case, i.e. I'm not hacking a router or a cable modem... as stated it is protocol reversal.

zoomkat:
Must be some issue with using a related example. 8)

Not at all... it was simply an example constructed to more easily answer the question of what protocol reversing is in a less boring fashion.

I am guessing at this point nobody is willing to help answer my question, is able to, or everyone is just refusing for some odd reason... I will just try to contact support directly I suppose.

So much for "community" support.

So much for "community" support.

You haven't given us much to go on, and of course, the secrecy is a bit off-putting.

In reply #6, I thought I made it clear that any Arduino could send trial commands via TTL serial. A few lines of C.

If you want email notification, buy a wifi or Ethernet "shield". You did not specify the network interface.

If you want to log to an SD card, buy an Arduino that has one, or buy an SD card module.

Let me get this straight.
The entire time you had access to official support and yet you come here asking for detailed instructions on how to do something that you refuse to tell us about.

What sort of countermeasures there might be that directly observing ones and zeros going back and forth is not going to help you? Is it some military grade rolling code?

Shpaget:
Let me get this straight.
The entire time you had access to official support and yet you come here asking for detailed instructions on how to do something that you refuse to tell us about.

What sort of countermeasures there might be that directly observing ones and zeros going back and forth is not going to help you? Is it some military grade rolling code?

Let me clear this up... I believe you have misread the initial question.

  1. I'm not asking how to do it
  2. I'm not asking for detailed instructions.
  3. I am asking what Arduino hardware to order that meets my requirements as listed above.

I explained what I am doing pretty clearly. There is no second side to communicate with to observe. I am developing that piece.

As I am sure you know, a lot of projects require NDAs be in place, and that is the case with this project. Keeping that in mind I have provided an accurate and sufficient analog scenario to demonstrate the theory of what I am doing, and to answer questions that have come up.

Beyond that, I don't see why anyone would be entitled to any more information than that, given it would be illegal for me to provide any more than I have, beyond answering the question I have asked which is:

What Arduino hardware and modules do I need in order to communicate via RS-232 with hardware flow control, log information, and notify.

jremington:
You haven't given us much to go on, and of course, the secrecy is a bit off-putting.

In reply #6, I thought I made it clear that any Arduino could send trial commands via TTL serial. A few lines of C.

If you want email notification, buy a wifi or Ethernet "shield". You did not specify the network interface.

If you want to log to an SD card, buy an Arduino that has one, or buy an SD card module.

So a ZERO and a Shield would do it?

Regarding the ZERO, it only lists RX/TX as part of the TTL serial capabilities. I assume I could hijack some of the other DIO to use for the hardware flow control requirement?

While I am capable of hand wiring everything, does anyone make a ready to go 9 PIN header and PS kit?

jremington:
Sending various guesses for the command structure and checking for a response would be easy on the Arduino. The notification is also straightforward but there are many possibilities. Attempts could be logged to an SD card.

If the protocol includes a CRC, that dramatically increases the number of trials and time to solve.

I am unable to find a model with SD card capabilities or a daughter board. Did you have any particular hardware in mind?

It seems the amount of data I would be logging would kill the flash on the UNO in no time based on the specs.

Ok.

I'm thinking this will do it:

Arduino Zero: http://store-usa.arduino.cc/collections/products-atheart/products/abx00003

SD/MMC SPI Daughter Board: http://www.amazon.com/Card-Reader-Module-Socket-Arduino/dp/B00IJRUUCY

WiFi Shield: http://store-usa.arduino.cc/collections/products-atheart/products/asx00001

RS-232/485 Shield: http://www.amazon.com/RS232-RS485-Shield-for-Arduino/dp/B00N4MKVFK

The Zero doesn't say whether or not it comes with a PS but that's really a non-issue.

Thoughts?

Shpaget:
Let me get this straight.
The entire time you had access to official support and yet you come here asking for detailed instructions on how to do something that you refuse to tell us about.

What sort of countermeasures there might be that directly observing ones and zeros going back and forth is not going to help you? Is it some military grade rolling code?

A dynamic key. A key that changes after x transmits. Personalised encryption makes matters a bit harder as well...such as sending your new key with each new byte shifted in the data packets over by one place...