Monday, February 11, 2019

Cracked Screen? No problem!

I managed to brake an old Nexus smartphone that I use for some infosec stuff (running Kali Nethunter). Only the touchscreen input broke, I can see the screen pretty good, but can't input anything... so how to unlock the phone?
If you used ADB before on the device (and computer), its pretty simple, just connect your smartphone and fire up your terminal:

$ adb shell input text YOURPIN
$ adb shell input keyevent 66

If you haven't used ADB before you probably can't connect to the device because 1) you need to enable developer settings and 2) you need to allow the computer to connect, both steps need user input.
But there are other ways, like using an OTG cable to connect a USB mouse (duh!). I found this article on Joy of Android mentioning other methods.

Friday, February 1, 2019

NFC Drip

Last year, I gave a couple of talks about data exfiltration and my research using NFC as a covert channel to exfiltrate data. I found that NFC can be used at a much longer distance than I expect.
Much longer.

If you like data exfiltration or want to know more about my NFC research, you can find a video of  my presentation bellow.
(TL;DR I've managed to exfiltrate data from a smartphone NFC radio up to 20 meters and from a NFC Usb dongle from more than 60 meters away!)