Académique Documents
Professionnel Documents
Culture Documents
.. !!
..
@ MujahedAltahle ) (.
http://www.aabouzaid.com .
..
(:
CC -Attribution
- Non commercial .Share A like
)(by
)(nc
cc-by-nc-sa
)(sa
abdallah.ali.abdallah.elmasry@gmail.com
https://twitter.com/abdallah0masr
http://simplyarduino.com
)
.(physical security for computers data
1.........................................................
3..........................................................................
4...........................................................................
5................................................................
6....................................................................
7...........................................................
12.......................................................................
: 16............................
17...................................................................
19.............................................
21....................................................................
22.............................................................................
23................................................................... ..
27.................................................................. Pick Gun
29............................................................... bumping Key
30......................................................................................
: 16
34......................................................
: 36..........................RFID
37.............................................................. RFID
38...............................................................................
39........................................................... The RFID Tags
40..................................RFID tags
41.....................................................................................
42................................................
43..................Arduino RFID sniffer
: 44.........Binary code
: 51............................
57....................................................
58.....................................RFID
RFID 59.................................
63...........................................................................
64..........................................................................
: 64.................................................
: 65...............................
66.............................................................................
: 67....................................................
: RFID 68............................................
- 72
- 72...................
73..........................................................
: 74.....................................
75....................................................... Virtualzation
77.................................................................................
78.................................................................
79......................................................................
87.................................Virtualization
: 89..............................
: 90......................Live CD boot
: 95......................................................
: OphCrack 101...........Kali-Linux
: 106 ..OphCrack
: 109...............................Konboot
: 112.............................
: 113.............................
: GRUB 115............
: GRUB
117.............................................................................
: 121.................
: 125
10
: 125.....................
126.....................................
- 128............................
131................................TrueCrypt
: 132............................
133.................................................................
133................................................................ Keylogger
137................................................ :
Keylogger 137..........................................................
138........................................................................
141.............................................. HKL
142...........................
143............................................................ :
144................
144.................................................................................
145...............................
146.............................
150............................
150.................................................................... :
150.................................................................. :
11
150
151.......................................... :
152........................................
12
word excel sheets
.
13
.
!!
.
Physical Hacking
) ( Access control
Authentication
(
:
Lock Picking
Access Control
Social Engineering
bypass authentication
14
:
.
15
16
:
Lock Picking: Hacking Locks
.
:
.
17
....
.
) (
)
(Server Racks
.
18
storage media - fash disk CD
Trojan horse
stuxnet
SCADA .
10
30
.
.
19
3 :
:Cylinder
.
:protection pins
.
20
21
Lock Pick set
,
.Picks
picks :
22
23
..
3:
:
) (
24
25
26
4.
YouTube
27
Pick Gun
pick gun
.
: Half Automatic
)( automatic
28
:Full
29
bumping Key
Pick gun
:
30
.
:
) +(
:
:
31
Mushroom
.
spacer pin
protection
32
:
3 4
.
33
: ) +(
.
34
) (
http://hacknmod.com/hack/diy-dorm-room-keypad-lock-with-ar
duino
) (
http://www.instructables.com/id/Arduino-Combination-Lock-Loc
kduino
RFID
http://www.instructables.com/id/Arduino-RFID-Door-Lock
35
: RFID
36
: RFID
Cracking RFID Locks
RFID
37
: RFID
RFID
) (RFID
.Radio Frequency Identifcation
.NFC
.RFID Tags ) (RFID Tags
)( Antenna
.
: RFID
38
) (resonance circuit
RFID
reader .
http://simplyarduino.com/?p=283
: RFID
39
RFID tag
tag RFID Reader
Tags
125
13.56
433
865-868
125
.
: RFID
40
RFID tags
RFID reader
tags
RFID tag
,
RFID tag .
: RFID
41
RFID
tags
.
" "
Data Sniffing
RFID reader
RFID
.
: RFID
42
RFID
micro-controller Arduino
:
RFID
universal RFID tag
RFID
0007820706
0007820693
43
: RFID
RFID
Arduino Uno
" "
http://simplyarduino.com :
RFID tags
: RFID
44
:
Binary code
RFID
RFID reader
RDM630
125
:
45
: RFID
Arduino uno
Breadboard or testboard
jumpers
RFID 125
RDM630 RDM6300
) (antenna
http://www.arduino.cc
RDM630
: RFID
46
:
RDM630
1 5 :
.1 RDM630
.2
1 RDM630 0
Rx
.3 4 RDM630 GND
.4 5 RDM630 volt 5
.5 ANT1 & ANT2 RDM630
47
: RFID
RDM630
: :
// Example
;int data1 = 0
)(void setup
{
;)Serial.begin(9600
}
)(void loop
{
{ )if (Serial.available() > 0
// read the incoming number on serial RX
;)(data1 = Serial.read
// display incoming numbers in binary form
;)Serial.println(data1, BIN
}
}
: RFID
48
upload arduino
uno RDM630
Rx
.
49
: RFID
serial monitor
RFID RDM630
.serial monitor
: RFID
50
binary
value 11 11 RFID
tag
checksum
digital data
checksum.
51
: RFID
:
:
:
1
RDM630 Rx
2 .
:
serial monitor
.
52
RFID :
RFID_serial_work :
/*
Developed by Abdallah Ali Abdallah
Modifed to run on Arduino Uno or similar boards
based on (Arduino Mega + RDM630 RFID) code - which
you can fnd it in the following link
http://maniacbug.wordpress.com/2011/10/09/125khz-rfdmodule-rdm630/
http://arbitraryuser.com/2013/04/16/rdm630-125khz-rfd-r
eading-with-the-arduino-mega-2560-r3/
connect Tx Pin(1) in RDM630 to DigitalPin (2) in arduino
*/
#include <SoftwareSerial.h>
#defne rxPin 2
#defne txPin 3
//-----------------------------------//create a Serial object RFID
SoftwareSerial Serial1= SoftwareSerial(rxPin, txPin);
uint8_t buffer[14];
uint8_t* buffer_at;
uint8_t* buffer_end = buffer + sizeof(buffer);
String checksum;
boolean tagfound = false;
void setup()
{
Serial.begin(9600);
Serial.println("Serial Ready");
RFID :
53
Serial1.begin(9600);
Serial.println("RFID Ready");
}
void loop()
{
if (Serial1.available()){
delay(20);
buffer_at = buffer;
while ( buffer_at < buffer_end )
{
*buffer_at++ = Serial1.read();
}
tagfound = true;
Serial1.end();
Serial1.begin(9600);
}
if (tagfound){
buffer_at = buffer;
uint32_t result = 0;
// Skip the preamble
++buffer_at;
// Accumulate the checksum, starting with the frst
value
uint8_t checksum = rfd_get_next();
// We are looking for 4 more values
int i = 4;
while(i--)
{
// Grab the next value
uint8_t value = rfd_get_next();
// Add it into the result
54
RFID :
result <<= 8;
result |= value;
// Xor it into the checksum
checksum ^= value;
}
// Pull out the checksum from the data
uint8_t data_checksum = rfd_get_next();
// Print the result
Serial.print("Tag: ");
Serial.print(result);
if ( checksum == data_checksum )
Serial.println(" OK");
else
Serial.println(" CHECKSUM FAILED");
// We're done processing, so there is no current
value
tagfound = false;
}
}
uint8_t rfd_get_next(void)
{
uint16_t hexresult;
// Working space to assemble each byte
static char byte_chars[3];
// Pull out one byte from this position in the stream
snprintf(byte_chars,3,"%c
%c",buffer_at[0],buffer_at[1]);
sscanf(byte_chars,"%x",&hexresult);
buffer_at += 2;
return static_cast<uint8_t>(hexresult);
}
55
: RFID
.
RDM630
2
: RFID
56
RFID 125
7
RFID 10 7 2702008 :
000
2
.
57
: RFID
RFID
arduino rfd reader
.
lcd
)
(
ATmega 328
PCB
.
: RFID
58
RFID
sniffer
.
RFID
RFID
reader
http://www.instructables.com/id/Arduino-and-RFID-from-seeeds
tudio
http://www.instructables.com/id/Reading-RFID-Tags-with-an-Ard
uino
http://www.instructables.com/id/Wiring-and-programming-the-P
arallax-RFID-Serial-Ca
universal RFID key
59
: RFID
RFID
RFID lock
tag universal tag
universal RFID key
: RFID
60
:
:
Dong Jackson
61
: RFID
: RFID
62
universalkey.ino atmega 328
universal
key
PCB
http://www.instructables.com/id/A-Universal-RFID-Key
63
: RFID
SMD
RFID
:
http://scanlime.org/2008/09/using-an-avr-as-an-rfd-tag
http://www.instructables.com/id/Stupid-Simple-Arduino-LF-RFID-Tag-Sp
oofer
: RFID
64
RFID
:
.
65
: RFID
:
RFID
.
Passport RFID
.
passports
.
: RFID
66
) Aluminum Foil
(
.
RFID
.RFID tag
: RFID
67
:
RFID 125 13.3
433 865
.
13.3
.
: RFID
RFID
68
Active Tags
:
passive tag
.1
.2
.3
.4
69
: RFID
active tag
.1
.2
.3 )
(x+4y+z x, y, z
.4 hashing process
.5
hash
.6
: RFID
70
RFID :
71
: RFID
72
73
Internal threats
:
Virtualization
Windows
:
Linux .
74
:
Build your Virtulaization LAB
75
Virtualzation
Virtualization
Operating systems -OS
virtual machine
hardware
physical machine
:
6 RAM
intel core i5 4
250
76
virtualziation 4
1 1 virtual
machine
virtualbox
77
virtualbox
https://www.virtualbox.org
iso
:
Kali-linux
Windows xp sp2
Windows 7 sp1
Slax Linux: de-ice.net disks 1.100
Ubuntu 13.04
www.ubuntu.com
slax linux de-ice slax
Hacking dojo
http://hackingdojo.com/pentest-media
;(
78
http://www.linuxac.org
] [
http://www.simplyubuntu.com
line
command
) 42(
79
VirtualBox
Debian
.
VirtualBox :
80
Windows XP New
Windows XP
) (Victim Windows Xp
81
RAM
) (
) (
82
.
dynamic .static
10
VitualBox 10
.
dynamic
300
virtualbox 10
300
dynamic hard-disk
83
.
)
(
setting
) (new storage
ISO
84
85
start
XP
86
windows 7
ubuntu
.
: De-ICE
linux live cd
virtualbox
87
Virtualization
Intel AMD
2008 .
Xen
http://www.xenproject.org
http://en.wikipedia.org/wiki/Virtualization
http://www.vmware.com/virtualization
88
..
..
89
:
Cracking Windows Protections
.
90
Live CD boot
Live Cd
-
.
:
iso
www.kali.org
91
)
(
Kali-linux
Kali-linux cd
boot
92
93
(:
.
:
:
Kali-Linux
94
.1
- USB .
.2
.3
ISO Kali -
.
.4
- USB
.
.5
usb hard-disk
.6
- Boot
Kali-Linux
95
accounts
.
User
96
Abdallah Ali
Mohamed
Aser Elmasry
Ahmed Emad
Noha Elmounir
SAM
C:/Windows/System32/confg/SAM
LM xp 2003
server NTLM
97
cd boot
live
cd
live
xp .
media
cd /media
98
SAM
cd /media/C864CB764CBB70A/Windows/System32/confg
SAM chntpw
:
chntpw -l SAM
99
Administrator
chntpw -u USERNAME SAM
XPPRESP3
Sp3
chntpw -u XPPRESP3 SAM
:
) (
) ( ihackedyou
100
.
umount /dev/sda1
reboot
(:
101
: OphCrack Kali-Linux
twitter Facebook
.
102
RAM .
cracking tables
" "
http://ophcrack.sourceforge.net/tables.php
103
ophcrack
tables
,
install
.
:
SAM load
crack .
104
105
106
:
OphCrack
Ophcrack Live CD
Ophcrack ophcrack
.live cd boot
107
Ophcrack
http://ophcrack.sourceforge.net/download.php?type=livecd
- Universal USB
Installer
automatic crack
108
Rainbow Tables
109
Konboot
konboot
60
Restart
Konboot
MAC Osx
Windows 8
110
Konboot
: konboot
2012
http://www.piotrbania.com/all/kon-boot
Ophcrack
111
112
113
live cd boot
) (.
:
114
2015
NTFS
FAT32
)
(.
Koonbot
:
115
GRUB
GRUB
recovery mode
root .
- ) (
116
117
GRUB
: RedHat CentOS
118
quiet
single Enter
119
de-ice cd 1 slax .
120
:
RedHat 5 or 6
)CentOS (All versions
De-Ice
ubuntu 10.04
ubuntu 13.04 or later
fedora 14
fedora 17
debian 6
PAE
3 bit 32
64 .
: PAE
) (13.04
system
121
OphCrack
john john the
) ripper (.
live cd
.john
12.04
mount /etc/
passwd shadow
SAM
passwd
shadow
122
Home
unshadow passwd shadow > unshadw-users-passwords
unshadw-users-password
hash
:
john unshadw-users-password
123
(:
john
ahmed, omar, mohanned
.
124
125
) (
.
126
.
14
LM NLTM
Rainbow tables
GPU based hash cracking
14
" !! 14 "
19
:
fsl-hggi-hgvplk-hgvpdl
127
" - - -"
.
Rainbow tables
:
Fslhggi@start0fanything111
24
093 999 463 123
.
Efta7-ya-smsms
IslamIsThePeaceInMind&Heart
Ilove-masr-c0z-it'smycountery
;(
https://howsecureismypassword.net
128
-
..
live cd boot
SAM live cd boot
bit
live cd
) 24 (.
bit-locker
windows 7 pro & windows 7 ultimate
129
) (
LVM
13.04 :
130
Home
Encrypt Home folder
.
Strong password
:
131
TrueCrypt
TrueCrypt
virtual partitons
portable hard-disk
.
.
http://www.truecrypt.org/downloads
http://www.truecrypt.org/docs/tutorial
132
Keyloggers
133
.
.
.
Keylogger
134
.
"Software " Hardware
.
Hardware Keylogger HKL
.
FTP server
.
HKL :
1
".
HKL :
.
.
.
HKL
:
USB Keylogger
1
135
:
PS/2 Keylogger
USB
PS/2
.
,
.
PCI HKL
Motherboard
PCI
.
Built-In Trojan Keybaord
.
136
Hardware Software
USB Flash Memory USB
.
HKL ) (
)(
.
200 .
137
HKL
.
-
- binary code
) (0s 1s .
Keylogger
teensyduino
USB
atmega32U
?http://www.irongeek.com/i.php
page=security/homemade-hardware-keylogger-phukd
138
Virtual Keyboard
.
:
.1
.
.2
.
139
.3
:
.1
.2 ) One time Password OTP
2
OTP
TSA
Google Authenticator
140
Two Step Verifcation
/http://www.google.com/landing/2step
Outlook Hotmail
:
Sing in with a single-use code
Facebook Code
.Generator Facebook
) Android ( IOS
Facebook
.
141
HKL
:
Backspace
.
142
Unauthorized Access: Physical
Penetration Testing For IT Security
Teams
,
.
http://www.amazon.com/Unauthorised-Access-Physical-Pe
netration-Security/dp/0470747617/ref=pd_sim_b_6
No Tech Hacking
No Tech- Hacking
http://www.amazon.com/No-Tech-Hacking-Engineering-Dumpst
er/dp/1597492159
143
The
and
Hacking
of
Basics
Penetration
,Testing
http://www.amazon.com/The-Basics-Hacki
ng-Penetration-Testing/dp/1597496553/ref=pd_sim_b_5
:
Build Your Own Security Lab: A Field Guide
for Network Testing
The Art of Deception: Controlling the Human Element
of Security
Practical-Lock-Picking-Physical-Penetration
144
)
- ( 10
) - ( 3
) - (
145
307-2000 14 / 2000
257-98 25 / 1998
53-05
146
/ 2000
:204
2000
1990
147
2002/58EC
EEC/92/242
EC/98/34
) 5 (
) (
JHA/2005/222
148
U.S.C. 18
25102511 to 2522,2705, 2701, 2702,2711, 2000,1029,
1030
) / (1981
149
) / (
) / (
)
/ (
) / (
) / (
150
" "
.
:
Kali-Linux
)( Debian
Wheezy
LibreOffice 4.0.3
Gimp 2.8
Kacst Book
Droid San
151
:
A5
7 10 ) = 2.54 (.
Format Page .
:
152
http://en.wikipedia.org/wiki/Physical_security
http://www.instructables.com/id/Arduino-and-RFID-f
rom-seeedstudio/
http://en.wikipedia.org/wiki/Lock_picking
http://www.instructables.com/id/Stupid-Simple-Ard
uino-LF-RFID-Tag-Spoofer/
http://www.instructables.com/id/A-Universal-RFID-K
ey/
http://coeia.ksu.edu.sa/
%D8%A7%D9%84%D9%82%D9%88%D8%A7%D9
%86%D9%8A
%D9%86-%D9%88%D8%A7%D9%84%D9%85%D8
%B9%D8%A7%D9%87%D8%AF%D8%A7%D8%AA
http://mojtabanow.info/web/?p=752
http://en.wikipedia.org/wiki/Hardware_keylogger
http://www.securelist.com/en/analysis?
pubid=204791931
http://www.aiotestking.com/ec-council/2012/04/ho
w-will-you-defend-against-hardware-keyloggers-wh
en-using-public-computers-and-internet-kiosks/
http://www.irongeek.com/i.php?
page=security/usb-hardware-keyloggers-1-keycarb
on