3

.. !!

..
@ MujahedAltahle ) (.

http://www.aabouzaid.com .

..

(:

CC -Attribution
- Non commercial .Share A like

Creative Commons license - CC-BY-NC-SA

)(by

)(nc

cc-by-nc-sa
)(sa

abdallah.ali.abdallah.elmasry@gmail.com
https://twitter.com/abdallah0masr
http://simplyarduino.com

)
.(physical security for computers data

1.........................................................
3..........................................................................
4...........................................................................
5................................................................
6....................................................................
7...........................................................
12.......................................................................
: 16............................
17...................................................................
19.............................................
21....................................................................
22.............................................................................
23................................................................... ..
27.................................................................. Pick Gun
29............................................................... bumping Key
30......................................................................................

 : 16

34......................................................

: 36..........................RFID
37.............................................................. RFID
38...............................................................................
39........................................................... The RFID Tags
40..................................RFID tags
41.....................................................................................
42................................................
43..................Arduino RFID sniffer
: 44.........Binary code
: 51............................
57....................................................
58.....................................RFID
RFID 59.................................
63...........................................................................
64..........................................................................
: 64.................................................
: 65...............................
66.............................................................................
: 67....................................................
: RFID 68............................................

- 72

- 72...................
73..........................................................

: 74.....................................
75....................................................... Virtualzation
77.................................................................................
78.................................................................
79......................................................................
87.................................Virtualization

: 89..............................
: 90......................Live CD boot
: 95......................................................
: OphCrack 101...........Kali-Linux
: 106 ..OphCrack
: 109...............................Konboot

: 112.............................
: 113.............................
: GRUB 115............
: GRUB
117.............................................................................
: 121.................

 : 125

10

: 125.....................
126.....................................
- 128............................
131................................TrueCrypt

: 132............................
133.................................................................
133................................................................ Keylogger
137................................................ :

Keylogger 137..........................................................
138........................................................................
141.............................................. HKL

142...........................
143............................................................ :

144................
144.................................................................................
145...............................
146.............................

150............................
150.................................................................... :
150.................................................................. :

11

150

151.......................................... :

152........................................

12

word excel sheets


.

13

.
!!


.

Physical Hacking

) ( Access control
Authentication

(
:

Lock Picking

Access Control

Social Engineering

bypass authentication

14

embedded spying boards

:


.

15

16

:
Lock Picking: Hacking Locks

.
:


.

17

....





.

) (
)
(Server Racks

.

18

storage media - fash disk CD
Trojan horse

stuxnet

SCADA .

10

30
.



.

19

3 :

:Cylinder

.

:protection pins

.

:Pin Housing tunnels

.

20

21

Lock Pick set

,

.Picks

picks :

22

23

..
3:

:
) (

24

25

26

4.

YouTube

27

Pick Gun
pick gun


.
: Half Automatic

)( automatic

28

:Full

29

bumping Key
Pick gun


:

30

.
:

) +(

:


:

31

Mushroom

.

spacer pin
protection

32

:

3 4
.

33

: ) +(



.

34

) (

http://hacknmod.com/hack/diy-dorm-room-keypad-lock-with-ar
duino

) (

http://www.instructables.com/id/Arduino-Combination-Lock-Loc
kduino

RFID
http://www.instructables.com/id/Arduino-RFID-Door-Lock

35

 : RFID

36

: RFID
Cracking RFID Locks

RFID

37

: RFID

RFID
) (RFID
.Radio Frequency Identifcation
.NFC

.RFID Tags ) (RFID Tags

)( Antenna
.

 : RFID

38

) (resonance circuit
RFID
reader .

http://simplyarduino.com/?p=283

 : RFID

39

The RFID Tags

RFID tag
tag RFID Reader
Tags

125

13.56

433

865-868

125

.

 : RFID

40
RFID tags

RFID reader
tags
RFID tag



,

RFID tag .

 : RFID

41

It's Wireless .. It's Crackable

..

RFID
tags
.
" "
Data Sniffing

RFID reader

RFID
.

 : RFID

42

RFID

micro-controller Arduino
:

RFID

universal RFID tag

RFID
0007820706
0007820693

43

: RFID

Arduino RFID sniffer

RFID

Arduino Uno

" "

http://simplyarduino.com :

RFID tags

 : RFID

44

:
Binary code

RFID

RFID reader
RDM630

125
:

45

: RFID

Arduino uno

Breadboard or testboard

jumpers

RFID 125

RDM630 RDM6300

) (antenna

http://www.arduino.cc

RDM630

RDM630 & RDM6300

 : RFID

46

:
RDM630
1 5 :
.1 RDM630
.2

1 RDM630 0
Rx

.3 4 RDM630 GND
.4 5 RDM630 volt 5
.5 ANT1 & ANT2 RDM630

47

: RFID

RDM630

: :

// Example
;int data1 = 0
)(void setup
{
;)Serial.begin(9600
}
)(void loop
{
{ )if (Serial.available() > 0
// read the incoming number on serial RX
;)(data1 = Serial.read
// display incoming numbers in binary form
;)Serial.println(data1, BIN
}
}

 : RFID

48

upload arduino
uno RDM630
Rx
.

49

: RFID

serial monitor
RFID RDM630
.serial monitor

 : RFID

50

binary
value 11 11 RFID
tag

checksum

digital data

checksum.

51

: RFID

:
:

:
1

RDM630 Rx
2 .

:
serial monitor
.

52

RFID :

RFID_serial_work :

/*
Developed by Abdallah Ali Abdallah
Modifed to run on Arduino Uno or similar boards
based on (Arduino Mega + RDM630 RFID) code - which
you can fnd it in the following link
http://maniacbug.wordpress.com/2011/10/09/125khz-rfdmodule-rdm630/
http://arbitraryuser.com/2013/04/16/rdm630-125khz-rfd-r
eading-with-the-arduino-mega-2560-r3/
connect Tx Pin(1) in RDM630 to DigitalPin (2) in arduino
*/
#include <SoftwareSerial.h>
#defne rxPin 2
#defne txPin 3
//-----------------------------------//create a Serial object RFID
SoftwareSerial Serial1= SoftwareSerial(rxPin, txPin);
uint8_t buffer[14];
uint8_t* buffer_at;
uint8_t* buffer_end = buffer + sizeof(buffer);
String checksum;
boolean tagfound = false;
void setup()
{
Serial.begin(9600);
Serial.println("Serial Ready");

RFID :

53

Serial1.begin(9600);
Serial.println("RFID Ready");
}
void loop()
{
if (Serial1.available()){
delay(20);
buffer_at = buffer;
while ( buffer_at < buffer_end )
{
*buffer_at++ = Serial1.read();
}
tagfound = true;
Serial1.end();
Serial1.begin(9600);
}
if (tagfound){
buffer_at = buffer;
uint32_t result = 0;
// Skip the preamble
++buffer_at;
// Accumulate the checksum, starting with the frst
value
uint8_t checksum = rfd_get_next();
// We are looking for 4 more values
int i = 4;
while(i--)
{
// Grab the next value
uint8_t value = rfd_get_next();
// Add it into the result

54

RFID :

result <<= 8;
result |= value;
// Xor it into the checksum
checksum ^= value;
}
// Pull out the checksum from the data
uint8_t data_checksum = rfd_get_next();
// Print the result
Serial.print("Tag: ");
Serial.print(result);
if ( checksum == data_checksum )
Serial.println(" OK");
else
Serial.println(" CHECKSUM FAILED");
// We're done processing, so there is no current
value
tagfound = false;
}
}
uint8_t rfd_get_next(void)
{
uint16_t hexresult;
// Working space to assemble each byte
static char byte_chars[3];
// Pull out one byte from this position in the stream
snprintf(byte_chars,3,"%c
%c",buffer_at[0],buffer_at[1]);
sscanf(byte_chars,"%x",&hexresult);
buffer_at += 2;
return static_cast<uint8_t>(hexresult);
}

55

: RFID

.
RDM630
2

 : RFID

56

RFID 125

7
RFID 10 7 2702008 :

000



2
.

57

: RFID

RFID
arduino rfd reader

.


lcd

)

(

ATmega 328
PCB
.

 : RFID

58

RFID
sniffer



.

RFID

RFID
reader

http://www.instructables.com/id/Arduino-and-RFID-from-seeeds
tudio
http://www.instructables.com/id/Reading-RFID-Tags-with-an-Ard
uino
http://www.instructables.com/id/Wiring-and-programming-the-P
arallax-RFID-Serial-Ca

universal RFID key

59

: RFID

RFID

RFID lock
tag universal tag
universal RFID key

, atemga 8 atmega 328 atmega 168

 : RFID

60

:
:

pdf

Dong Jackson

61

: RFID

 : RFID

62

universalkey.ino atmega 328

universal

key

PCB

http://www.instructables.com/id/A-Universal-RFID-Key

63

: RFID

SMD

RFID

:
http://scanlime.org/2008/09/using-an-avr-as-an-rfd-tag
http://www.instructables.com/id/Stupid-Simple-Arduino-LF-RFID-Tag-Sp
oofer

 : RFID

64

RFID

:




.

65

: RFID

:




RFID
.


Passport RFID
.

passports



.

 : RFID

66

) Aluminum Foil
(
.




RFID

.RFID tag

 : RFID

67

:

RFID 125 13.3
433 865
.

13.3

.

 : RFID

RFID

68

Active Tags
:
passive tag
.1
.2

.3

.4

69

: RFID

active tag

.1
.2

.3 )
(x+4y+z x, y, z
.4 hashing process
.5
hash
.6

active tag sniffing

one way hashing

) (.

 : RFID

70

RFID :

Multi-factor authentication security systems

71

: RFID

72

73

Internal threats



:

Virtualization

Windows

:
Linux .

74

:
Build your Virtulaization LAB

75

Virtualzation
Virtualization
Operating systems -OS
virtual machine
hardware

Vmware, Cirtix, Microsoft HyperV,

Oracle virtualbox

physical machine
:

6 RAM

intel core i5 4

250

76

virtualziation 4

1 1 virtual
machine

virtualbox

vmware player virtualbox

vmware workstation
.

77

virtualbox

https://www.virtualbox.org
iso
:

Kali-linux
Windows xp sp2
Windows 7 sp1
Slax Linux: de-ice.net disks 1.100
Ubuntu 13.04


www.ubuntu.com

slax linux de-ice slax

Hacking dojo

http://hackingdojo.com/pentest-media

;(

78

http://www.linuxac.org

] [

http://www.simplyubuntu.com

line

command

) 42(

79

VirtualBox

Debian
.
VirtualBox :

Application> System Tools> Oracle VM

80

Windows XP New

Windows XP
) (Victim Windows Xp

81

RAM
) (

) (

82

.
dynamic .static

10
VitualBox 10
.
dynamic
300
virtualbox 10


300

dynamic hard-disk

83

.
)
(

setting
) (new storage
ISO

84

DVD R/W iso

85

start

XP

86

windows 7
ubuntu
.
: De-ICE
linux live cd

virtualbox

87

Virtualization

Intel AMD
2008 .

Xen

http://www.xenproject.org

http://en.wikipedia.org/wiki/Virtualization
http://www.vmware.com/virtualization

88

..
..

89

:
Cracking Windows Protections


.

90
Live CD boot

Live Cd
-

.
:

iso

www.kali.org

91

)
(

Kali-linux

Kali-linux cd
boot

92

Live (686-pae) boot

93

(:

.

:
:

Kali-Linux

Win32 Disk Imager

http://sourceforge.net/projects/win32diskimager/fles/latest/download

94

.1

- USB .

.2

.Win32 Disk Imager

.3

ISO Kali -
.

.4

- USB

.
.5

usb hard-disk

.6

- Boot

Kali-Linux

95

accounts
.

User

96

Abdallah Ali
Mohamed
Aser Elmasry
Ahmed Emad
Noha Elmounir
SAM

C:/Windows/System32/confg/SAM

LM xp 2003

server NTLM

97

Vista, Windows 7, Windows 8,

Windows Server 2008, Windows Server 2012

cd boot

live

cd

live

xp .

media

cd /media

98

SAM
cd /media/C864CB764CBB70A/Windows/System32/confg

SAM chntpw
:
chntpw -l SAM

99

Administrator

chntpw -u USERNAME SAM
XPPRESP3

Sp3
chntpw -u XPPRESP3 SAM
:

) (

) ( ihackedyou

100

.
umount /dev/sda1
reboot

(:

101

: OphCrack Kali-Linux

twitter Facebook
.

102

RAM .
cracking tables

" "

rainbow table ophcrack

ophcrack
windows xp
,windows vista, windows seven

http://ophcrack.sourceforge.net/tables.php

103

ophcrack

kali> Password Attack>Offiline attack> OphCrack

tables
,

install


.

 :
SAM load

crack .

104

105

106

:
OphCrack

Ophcrack Live CD
Ophcrack ophcrack

.live cd boot

107

Ophcrack
http://ophcrack.sourceforge.net/download.php?type=livecd

USB fash Disk 8

Universal USB Installer

http://www.pendrivelinux.com/universal-usb-installer-easy-as1-2-3

- Universal USB
Installer

automatic crack

108

Rainbow Tables

109

Konboot

konboot
60


Restart

Konboot

MAC Osx

Windows 8

110

Konboot

)Microsoft Windows XP 32Bit/64Bit (all versions since SP2

)Microsoft Windows Server 2003 32Bit/64Bit (all versions
)Microsoft Windows Server 2008 32Bit/64Bit (all versions
)Microsoft Windows Vista 32Bit/64Bit (all versions
)Microsoft Windows 7 32Bit/64Bit (all versions including EFI
)Microsoft Windows 8 32Bit/64Bit (all versions including EFI,

: konboot
2012

http://www.piotrbania.com/all/kon-boot

Ophcrack

111

112

113

live cd boot
) (.

:

partitons Ext3 & Ext4

BtrfS

114

2015

NTFS
FAT32

)
(.
Koonbot
:

Gentoo 2.6.24-gentoo-r5 GRUB 0.97

Ubuntu 2.6.24.3-debug GRUB 0.97
Debian 2.6.18-6-6861 GRUB 0.97

115

GRUB

GRUB


recovery mode
root .
- ) (

116

117

GRUB

: RedHat CentOS

118

quiet
single Enter

119

de-ice cd 1 slax .

120

:
RedHat 5 or 6
)CentOS (All versions
De-Ice
ubuntu 10.04
ubuntu 13.04 or later
fedora 14
fedora 17
debian 6

PAE
3 bit 32
64 .
: PAE

) (13.04

system

processor Enable PAE

121

OphCrack
john john the
) ripper (.
live cd

.john

12.04


mount /etc/

passwd shadow

SAM
passwd
shadow

122

Home

unshadow passwd shadow > unshadw-users-passwords
unshadw-users-password
hash
:
john unshadw-users-password

123

(:
john
ahmed, omar, mohanned
.

john rainbow tables

1000
dictionary attack

hash.

124

125

) (
.

126

.
14
LM NLTM
Rainbow tables
GPU based hash cracking
14
" !! 14 "

19
:
fsl-hggi-hgvplk-hgvpdl

127

" - - -"


.
Rainbow tables


:
Fslhggi@start0fanything111
24

093 999 463 123

.
Efta7-ya-smsms
IslamIsThePeaceInMind&Heart
Ilove-masr-c0z-it'smycountery

;(

https://howsecureismypassword.net

128

-
..
live cd boot


SAM live cd boot




bit
live cd



) 24 (.
bit-locker
windows 7 pro & windows 7 ultimate

129

) (
LVM

13.04 :

130

Home

Encrypt Home folder
.

Strong password
:

131

TrueCrypt

TrueCrypt
virtual partitons

portable hard-disk
.

.

http://www.truecrypt.org/downloads
http://www.truecrypt.org/docs/tutorial

132

Keyloggers

133

.


.



.

Keylogger

) Keylogger " "(

Tab Backspace caps-Lock )
(....F1,F2 :

134

.
"Software " Hardware
.
Hardware Keylogger HKL

.
FTP server

.
HKL :
1
".
HKL :
.
.
.
HKL
:
USB Keylogger
1

;Physical keyboard Virtual Keyboard

.HKL

135

:
PS/2 Keylogger

PCI Keylogger and Mini-PCI Keylogger for laptops

Built-in Keylogger and Trojan Keyboard

USB

PS/2
.

,

.
PCI HKL
Motherboard
PCI


.

Built-In Trojan Keybaord




.

136

Hardware Software
USB Flash Memory USB




.


HKL ) (
)(
.

200 .

137

HKL
.
-
- binary code
) (0s 1s .

Keylogger

teensyduino

USB
atmega32U

?http://www.irongeek.com/i.php
page=security/homemade-hardware-keylogger-phukd

138

Virtual Keyboard
.
:
.1



.
.2


.

139

.3
:
.1
.2 ) One time Password OTP
2

( Two Step Authentication

)3TSA ( .


.

OTP

TSA

Google Authenticator

140

Two Step Verifcation

/http://www.google.com/landing/2step

Outlook Hotmail
:
Sing in with a single-use code

Facebook Code
.Generator Facebook
) Android ( IOS
Facebook
.

141

HKL

:
Backspace
.

142

Unauthorized Access: Physical
Penetration Testing For IT Security
Teams




,
.

http://www.amazon.com/Unauthorised-Access-Physical-Pe
netration-Security/dp/0470747617/ref=pd_sim_b_6
No Tech Hacking

No Tech- Hacking

http://www.amazon.com/No-Tech-Hacking-Engineering-Dumpst
er/dp/1597492159

143

The Basics of Hacking and Penetration Testing

" "

The
and

Hacking

of

Basics

Penetration
,Testing

http://www.amazon.com/The-Basics-Hacki
ng-Penetration-Testing/dp/1597496553/ref=pd_sim_b_5

:
Build Your Own Security Lab: A Field Guide
for Network Testing
The Art of Deception: Controlling the Human Element
of Security
Practical-Lock-Picking-Physical-Penetration

Metasploit: The Penetration Tester's Guide

144

)
- ( 10

) - ( 3

) - (

145

307-2000 14 / 2000
257-98 25 / 1998

123-01 /9/ 2001

53-05

146

/ 2000

:204

2000

1990

147

2002/58EC

EEC/92/242

EC/98/34

) 5 (

) (

JHA/2005/222

148

U.S.C. 18
25102511 to 2522,2705, 2701, 2702,2711, 2000,1029,
1030

) / (1981

149

) / (

) / (

)
/ (

) / (

) / (

150

" "

.

:
Kali-Linux

)( Debian
Wheezy

LibreOffice 4.0.3

Gimp 2.8

Kacst Book

Droid San

151

:
A5

7 10 ) = 2.54 (.

Format Page .
:

152

http://en.wikipedia.org/wiki/Physical_security
http://www.instructables.com/id/Arduino-and-RFID-f
rom-seeedstudio/
http://en.wikipedia.org/wiki/Lock_picking
http://www.instructables.com/id/Stupid-Simple-Ard
uino-LF-RFID-Tag-Spoofer/
http://www.instructables.com/id/A-Universal-RFID-K
ey/
http://coeia.ksu.edu.sa/
%D8%A7%D9%84%D9%82%D9%88%D8%A7%D9
%86%D9%8A
%D9%86-%D9%88%D8%A7%D9%84%D9%85%D8
%B9%D8%A7%D9%87%D8%AF%D8%A7%D8%AA
http://mojtabanow.info/web/?p=752
http://en.wikipedia.org/wiki/Hardware_keylogger
http://www.securelist.com/en/analysis?
pubid=204791931
http://www.aiotestking.com/ec-council/2012/04/ho
w-will-you-defend-against-hardware-keyloggers-wh
en-using-public-computers-and-internet-kiosks/
http://www.irongeek.com/i.php?
page=security/usb-hardware-keyloggers-1-keycarb
on