Crazy Danish HackerIn this video I show how to install BladeRF, use an FFT-based spectrum analyser to view GSM and WiFi signals, and last but not least, produce jamming signals!
Disclaimer: You should NOT produce jamming signals outside a faraday cage or equivalent lab configuration.
While jamming signals have little to no purpose for most people, they are of course used in some types of modern warfare, in some cinemas, and also if you're for example doing research on car hacking! Some newer cars have 2G and most likely 3G and 4G capabilities, and since 2G is the most insecure (or weakest link), the easiest way to e.g. sniff communication from the car over 2G GSM, is to jam the frequencies/channels it's using. That will make the car fall back to 2G GSM.
This should obviously be done under controlled environments.
After jamming the 3G and 4G frequencies while the car (or well, the GSM antenna of the car) is e.g. inside a faraday tent/cage, then you can proceed to either try to sniff any communication it attempts to make over 2G, or you can also host your own 2G BTS inside that faraday tent/cage and use it to sniff the data in a much more easy way.
Signal Jamming - Software Defined Radio Series #28Crazy Danish Hacker2018-05-24 | In this video I show how to install BladeRF, use an FFT-based spectrum analyser to view GSM and WiFi signals, and last but not least, produce jamming signals!
Disclaimer: You should NOT produce jamming signals outside a faraday cage or equivalent lab configuration.
While jamming signals have little to no purpose for most people, they are of course used in some types of modern warfare, in some cinemas, and also if you're for example doing research on car hacking! Some newer cars have 2G and most likely 3G and 4G capabilities, and since 2G is the most insecure (or weakest link), the easiest way to e.g. sniff communication from the car over 2G GSM, is to jam the frequencies/channels it's using. That will make the car fall back to 2G GSM.
This should obviously be done under controlled environments.
After jamming the 3G and 4G frequencies while the car (or well, the GSM antenna of the car) is e.g. inside a faraday tent/cage, then you can proceed to either try to sniff any communication it attempts to make over 2G, or you can also host your own 2G BTS inside that faraday tent/cage and use it to sniff the data in a much more easy way.
Topics covered: - Installation of tools inside the Windows 7 virtual machine - Adding a network interface to the virtual machine - Kali Linux Undercover Mode - Python POC Basics (Explaining the Proof Of Concept) - Verifying that our SLMail service is running - Changing the appearance (i.e. font size) of Immunity Debugger - Overflowing the Extended Instruction Pointer (EIP) - Sending a controlled crash string to modify EIP - Searching memory for "opcodes" in loaded modules such as DLLs (Multiple ways) - Little Endian encoding of EIP
The remaining topics such as finding bad characters, generating shellcode, reconfiguring the windows firewall, etc., will be covered in the following video.
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker
Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comListening to Astronauts ON THE ISS with a Baofeng UV-5RCrazy Danish Hacker2019-12-15 | In this video I unbox a Baofeng UV-5R radio and demonstrate how to configure it to receive the narrowband FM signal that the ISS (International Space Station) transmits for Voice, APRS and SSTV signals.
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Note: The winner has been found of the giveaway. Congratulations to Veso who wanted to give it away to someone else who needed it, and as such, another giveaway happened on Twitter instead.
Mr Robot is currently the only TV series that is technically correct when it comes to hacking.
Installing the apps including drivers is straight forward and doesn't require a guide, as it's like installing any other Android app.
For reception of Digital TV (DVB-T), the antenna should as instructed in the video, be placed outside for optimal signal quality.
The spectrum analyzer application should be able to even record signals as well, so if for example the ISS passes overhead and is transmitting, then you could pick up the International Space Station too, or several other interesting satellites too.
Recommended Hardware These Days: - R820T2 RTL-SDR with Metal Heatsink (From RTL-SDR.com for example) - ANT500 Antenna or Equivalent for Omnidirectional Use. (RTL-SDR.com also has a kit with a useful dipole antenna.)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Note: This is not the only known bug in the outdated firmware.
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comSpy On Anyones Location - The LocationSmart VulnerabilityCrazy Danish Hacker2018-07-26 | In this video I talk about the LocationSmart vulnerability that allowed adversaries to spy on anyone's location for an extended period of time. While this particular vulnerability has been patched for a few weeks now, it's important to note that other companies providing the same service, could be vulnerable too.
Special Thanks: - Josh (First Elite Patron Supporter!)
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comInternational Space Station - Software Defined Radio Series #29Crazy Danish Hacker2018-07-21 | In this video I show how I managed to pick up the International Space Station! A few weeks ago, Alexander Gerst (an astronaut onboard the ISS) was scheduled to talk with two German schools (gymnasiums). As that exact time and date were also perfect for me, and the max elevation was decent (not perfect), I decided to try and pick up the ISS again.
If you want to pick up the ISS, then besides following the advice in this video, you should also listen between 09:00 UTC and 21:00 UTC approximately, as that is when the astronauts and also the radio is more likely to be active. If you try at night, even several nights in a row like 1:00 (AM) UTC, then unless they're repeatedly broadcasting a signal, then it's unlikely that you will pick up anything.
Update: The challenges in this CTF were developed by the PwC Team in Israel. CTFd.io was only used as the base platform.
Disclaimer: Explicit written permission should be obtained if you are going to test a system that you do not legally own. A lot of websites have a "bug bounty program" these days, which allow you to test websites of big companies, as long as you follow their pentest engagement rules. (Refer to e.g. HackerOne)
Stay tuned and subscribe for upcoming video about various types of hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comPrequal PwCTF - TNW 2018 - Complete SolutionCrazy Danish Hacker2018-06-18 | In this video I demonstrate how to solve the prequalification CTF (Capture The Flag) for the TNW Conference 2018! Topics such as decoding JavaScript and XML External Entities (XXE) injection are covered in this video.
Update: The challenges in this CTF were developed by the PwC Team in Israel. CTFd.io was only used as the base platform.
Disclaimer: Explicit written permission should be obtained if you are going to test a system that you do not legally own. A lot of websites have a "bug bounty program" these days, which allow you to test websites of big companies, as long as you follow their pentest engagement rules. (Refer to e.g. HackerOne)
Stay tuned and subscribe for upcoming video about various types of hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comServer-Side Request Forgery (SSRF) - Web Application Security Series #1Crazy Danish Hacker2018-06-11 | In this video I demonstrate how a Server-Side Request Forgery (SSRF) attack works, including how a Cross-Site Port Attack (XSPA) looks like in Wireshark, and I also cover the installation of XVWA.
There's a lot to learn in this video if you look closely, as I cover a bit more than just the basics of SSRF.
Disclaimer: Explicit written permission should be obtained if you are going to test a system that you do not legally own. A lot of websites have a "bug bounty program" these days, which allow you to test websites of big companies, as long as you follow their pentest engagement rules. (Refer to e.g. HackerOne)
Disclaimer: Avoid transmitting signals outside ISM bands. If you connect an antenna to the red "port", then you should not transmit without a filter for example, as this device produces a lot of bad harmonics, which will interfere with other radio signals.
As is evident in this video, I was unable to replicate the results from the original video. The original video seems too much of a hoax intended to go viral as a "tragedy". Since Google launched their search engine ("ages ago"), I have yet to observe this type of behaviour in relation to Google's advertising.
In case the original video / stream was not using any visual trickery, it's very likely that the same person or someone else nearby, was signed into Google Chrome with the same account, at the same location, and then searched for dog toys on his mark. The targeted ads are likely to be shared across user accounts if you're signed into Google Chrome.
There's another likely scenario, where he was using Google Chrome on his smartphone, and during the stream, searched for those specific dog toys, or even had bookmarks for specific dog toys, ready to open, as soon as the first set of ads had been shown.
Stay tuned and subscribe for upcoming video about various types of hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comMulti-RTL - Basic Test - Hardware Hacking Series #12Crazy Danish Hacker2018-04-26 | In this video I test that the modified RTL-SDRs are working and also discuss a few improvements on how to solder on the wires and connect the finished version to your computer. Following that I also talk about the coherent (rtl-sdr) receiver project, which can be used for (if working as designed), much more precise projects.
Unfortunately I don't have a video about e.g. passive radar yet, but it is planned for a future video.
I'd like to thank Josh on Patreon for becoming my first elite patron supporter, as it was a key motivation to making videos again with my fairly busy work schedule. I also want to say thanks for my other patrons for continuing to support me for longer periods of time.
Special Thanks: - Josh (First elite patron supporter!)
The USB 3.0 to (Analog) VGA adapter is able to transmit radio signals because of the DAC (Digital to Analog Converter) chip, known specifically as Fresh Logic 2000, or FL2000/FL2K in short. These adapters can be bought for as low as 5$, so they are definitely worth trying out for this type of hack.
From my preliminary testing, results have been mixed but it did work with WBFM (Wideband FM) and also a "Dummy GSM signal". For the latter, keep in mind that you still need a full-duplex SDR to enable clients to authenticate to your own GSM network.
This device should also be able to transmit GPS. I have not been able to get mine to transmit a consistent GPS signal yet, but that would make GPS spoofing very cheap. Keep in mind that the generated signal without any modifications to the adapter is not very strong, at least not in my case.
However, always be careful when transmitting any type of radio signal and check applicable local laws if you want to be on the safe side.
It's important to note that not all USB to VGA adapters are compatible with this type of hack. If they advertise higher resolution than 1920 x 1080 at 60Hz, then they're most likely not using this chip. It also needs to be USB, preferably USB 3.0, as you will be able to achieve much greater "million samples per second" (i.e. ~130MS/s in my case) than USB 2.0 (~15MS/s i think).
Confirmed Working Adapter: http://www.logilink.eu/Produkte_LogiLink/Kabel_Adapter/USB_30_Adapter/Adapter_USB30_auf_VGA.htm
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comMulti-RTL - Assembly 2/2 - Hardware Hacking Series #11Crazy Danish Hacker2018-04-21 | In this video I finish soldering the two RTL-SDRs together and put them together into their original cases. Soldering the wires onto each of the RTL-SDRs required an extra level of patience, as it was important not to damage (i.e. burn) the traces on the PCBs for example.
Special Thanks: - Josh (First elite supporter!)
Warranty Disclaimer: Modifying your RTL-SDR will almost definitely void any warranties you might have.
Safety Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!)
Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too.
Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic. Consider using a fume extractor if you do a lot of soldering.
Soldering Thread: - 60Sn/40Pb (60% Tin / 40% Lead) 0.6mm with rosin/resin core (http://www.velleman.eu/products/view/?id=338233)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comMulti-RTL - Assembly 1/2 - Hardware Hacking Series #10Crazy Danish Hacker2018-04-16 | In this video I begin assembling a multi-RTL by removing the crystal from one of the RTL-SDRs (R820T or R820T2) and also one of the capacitors. Following that, I begin soldering on the wires connecting the two RTL-SDRs, where they will both share the same crystal.
Special Thanks: - Josh (First elite supporter!)
Warranty Disclaimer: Modifying your RTL-SDR will almost definitely void any warranties you might have.
Safety Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!)
Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too.
Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic. Consider using a fume extractor if you do a lot of soldering.
Soldering Thread: - 60Sn/40Pb (60% Tin / 40% Lead) 0.6mm with rosin/resin core (http://www.velleman.eu/products/view/?id=338233)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comSamsung UART - DEMO - Hardware Hacking Series #9Crazy Danish Hacker2018-04-09 | In this video I double check that I haven't shorted out the custom USB cable, before connecting it to the computer and Samsung phone. After that I do a basic test of the Samsung UART cable to see if it's working, and give a few pointers on how to access the S-BOOT menu.
Special Thanks: - Josh (First elite supporter!)
Warranty Disclaimer: Accessing the UART console on your Samsung device may void the warranty and in some cases even brick your device (i.e. make it unusable).
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comSamsung UART - Prototype Board - Hardware Hacking Series #8Crazy Danish Hacker2018-03-26 | In this video I solder the headers, variable resistor, and wires onto the prototype board. It was an interesting experience, as this was the first time that I had actually made something with a prototype board. Stay tuned for the next video where I'll demonstrate the finished and home-made Samsung Anyway device.
Special Thanks: - Josh (First elite supporter!)
Warranty Disclaimer: Accessing the UART console on your Samsung device may void the warranty and in some cases even brick your device (i.e. make it unusable).
Safety Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!)
Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too.
Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic. Consider using a fume extractor if you do a lot of soldering.
Soldering Thread: - 60Sn/40Pb (60% Tin / 40% Lead) 0.6mm with rosin/resin core (http://www.velleman.eu/products/view/?id=338233)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comSamsung UART - Micro USB Header - Hardware Hacking Series #7Crazy Danish Hacker2018-03-15 | In this video I solder on the individual Ethernet wires onto the micro USB header. This was one of the most challenging parts of this project, mostly because of the small distance between the pins. The oscilloscope that I also soldered together, took several hours and was challenging too, but with the Micro USB header it was a simple yet challenging task.
The individual wires on the Micro USB header, will be used for the prototype board coming up in the next video.
Special Thanks: - Josh (First elite supporter!)
Warranty Disclaimer: Accessing the UART console on your Samsung device may void the warranty and in some cases even brick your device (i.e. make it unusable).
Safety Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!)
Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too.
Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic. Consider using a fume extractor if you do a lot of soldering.
Soldering Thread: - 60Sn/40Pb (60% Tin / 40% Lead) 0.6mm with rosin/resin core (http://www.velleman.eu/products/view/?id=338233)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comSamsung UART - Introduction - Hardware Hacking Series #6Crazy Danish Hacker2018-03-12 | In this video I go through the hardware that I will use, to create a custom Micro USB to Samsung UART adapter. The upcoming videos will go through the different stages of creating this adapter, and finally a demonstration of it in action. This was quite a challenging project, primarily because of the components I decided to use.
Special Thanks: - Josh (First elite supporter!)
Warranty Disclaimer: Accessing the UART console on your Samsung device may void the warranty and in some cases even brick your device (i.e. make it unusable).
Safety Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!)
Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too.
Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic. Consider using a fume extractor if you do a lot of soldering.
Soldering Thread: - 60Sn/40Pb (60% Tin / 40% Lead) 0.6mm with rosin/resin core (http://www.velleman.eu/products/view/?id=338233)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker Website: crazydanishhacker.comAccessing Hidden Serial Consoles - BusPirate Demo 2/2 - Hardware Hacking Series #5Crazy Danish Hacker2017-05-05 | In this video I demonstrate how to connect a BusPirate device to the router and access the serial console with PuTTy! I also show a common mistake when connecting the cables.
Warranty Disclaimer: By opening and modifying your router you forfeit/nullify all warranties. If you break your router while modifying it like I do in my videos, then it is your own fault. Soldering on equipment is not without risks. (I haven't managed to break my routers yet though.)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerAccessing Hidden Serial Consoles - USB-to-TTL Demo 1/2 - Hardware Hacking Series #4Crazy Danish Hacker2017-04-04 | In this video I demonstrate how to connect the USB-to-TTL device and access the serial console with PuTTy! I also show what a bad connection looks like, i.e. when you've mixed up the TX and RX cables, the boot loader menu, and last but not least, interesting boot messages that may enable us to gain root at a later point in time.
*** Want early access to my videos? Check out my Patreon page! All Patreons get early access to my videos.
Warranty Disclaimer: By opening and modifying your router you forfeit/nullify all warranties. If you break your router while modifying it like I do in my videos, then it is your own fault. Soldering on equipment is not without risks. (I haven't managed to break my routers yet though.)
Topics Covered: - UART Pin Header - Connecting a USB-to-TTL cable - Configuring & Using PuTTy - Troubleshooting Bad Cable Connections - Serial Console Demo - Boot Loader Menu (U-BOOT) - Boot Arguments & Single-User Mode - Interesting Boot Messages -- Kernel Version Vulnerable
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerAccessing Hidden Serial Consoles - Fixing Bad Grounds - Hardware Hacking Series #3Crazy Danish Hacker2017-03-15 | In this video I talk about a bad ground on the header I previously soldered on. The header is subsequently removed and replaced with an appropriately sized header.
To access and interact with the serial console (UART), we need to have a functioning header with at least 3 pins (Ground, TX and RX).
Warranty Disclaimer: By opening and modifying your router you forfeit/nullify all warranties. If you break your router while modifying it like I do in my videos, then it is your own fault. Soldering on equipment is not without risks. (I haven't managed to break my routers yet though.)
Safety Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!)
Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too.
Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic.
Soldering Thread: - 60Sn/40Pb (60% Tin / 40% Lead) 0.6mm with rosin/resin core (http://www.velleman.eu/products/view/?id=338233)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerAccessing Hidden Serial Consoles - Multimeter & Oscilloscope - Hardware Hacking Series #2Crazy Danish Hacker2017-03-12 | In this video I show how to use a multimeter to find the RX, TX, ground and voltage pins. Following that, I show how to use an oscilloscope to confirm which pin is for receiving data, where the data transfer is then shown in the oscilloscope program.
It's important to check that the voltage does not exceed 5 volts, as most USB-to-TTL devices cannot handle voltages above 5v, including the Bus Pirate. Some serial consoles such as RS-232 goes up to +-25 volts, which cannot be handled by these devices.
Warranty Disclaimer: By opening and modifying your router you forfeit/nullify all warranties. If you break your router while modifying it like I do in my videos, then it is your own fault. Soldering on equipment is not without risks. (I haven't managed to break my routers yet though.)
Lightning Note: As you may have seen in the preview at the end of this video, I've upgraded my lighting recently so that newer videos will generally be more sharp and clear.
Hardware: - Multimeter (The one I have with a "beep" sound is Velleman DVM821. Link: https://www.velleman.eu/products/view/?id=432336) - Oscilloscope (Velleman EDU09. This is not an easy kit to assemble. Link: http://www.vellemanprojects.eu/products/view/?country=be&lang=en&id=411826) - USB to TTL Serial Cable (adafruit.com/product/954) Alternatively: sparkfun.com/products/12977 - TP Link Router (TL-WA801ND)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerAccessing Hidden Serial Consoles - Overview - Hardware Hacking Series #1Crazy Danish Hacker2017-03-03 | In this video I talk about the tools required to modify a router slightly, so that the serial console can be accessed. The serial console is basically a backdoor, sometimes "locked", into the heart of the router.
Having serial console access enables you to find out what's going on when your router boots up (i.e. starts), which may provide information about misconfigurations or other interesting information, because even if you can't modify the boot parameters without reflashing the device, and it prompts you with a login screen that cannot easily be guessed, then you still have access to the entire bootlog which can provide useful in many cases.
Safety Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!) Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too. Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic.
Warranty Disclaimer: By opening and modifying your router you forfeit/nullify all warranties. If you break your router while modifying it like I do in my videos, then it is your own fault. Soldering on equipment is not without risks. (I haven't managed to break my routers yet though.)
Topics Covered: - Tools required - Router specifications (brief) - Serial console (UART) location - DD-WRT notes about router vulnerabilities - Solder bridges - Basic theory about connecting to serial consoles (in relation to power, etc.) - JTAG port location
Hardware: - Multimeter (The one I have with a "beep" sound is Velleman DVM821. Link: https://www.velleman.eu/products/view/?id=432336) - Oscilloscope (Velleman EDU09. This is not an easy kit to assemble. Link: http://www.vellemanprojects.eu/products/view/?country=be&lang=en&id=411826) - USB to TTL Serial Cable (adafruit.com/product/954) - Bus Pirate - v3.6a (http://dangerousprototypes.com/docs/Bus_Pirate) - TP Link Router (TL-WA801ND) - D-Link Router (DIR-842 - Revision B)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerAdafruit MiniPOV4 - Soldering Session 001Crazy Danish Hacker2017-02-27 | In this video I solder together an Adafruit MiniPOV4 Kit from scratch. The whole process took a few hours, which has been cut down to around 35 minutes.
Basic soldering skills are good to have, as they may enable you to perform some other hacks that I will demonstrate in upcoming videos.
Disclaimer: Soldering irons are tools that should be handled properly as they can easily cause injury. Soldering thread containing lead is toxic and should not be exposed to open wounds. If you do a lot of soldering, then you should consider wearing some thin gloves. (Not plastic!)
Always wash your hands after handling lead. If you're going to eat something while soldering, then wash your hands first. Keep food and drinks away from your working table too.
Lead-free solder thread is not without risks too, as it's harder to use, and the increased fumes it may produce are in return more toxic.
Soldering Thread: - 60Sn/40Pb (60% Tin / 40% Lead) 1.0mm with rosin/resin core (http://www.velleman.eu/products/view/?id=15925)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerMega Antenna Review (Rubber Duck Edition) - Software Defined Radio Series #26Crazy Danish Hacker2017-02-18 | In this video I review several different sizes of rubber duck antennas, some SMA adapters, an attenuator, and also one large yagi-uda antenna. In the future I will review the yagi-uda antenna more in-depth along with other types of antennas such as L-Band patches.
Adapters: - SMA Female to SMA Female (For the adapter/extension cables that came with the BladeRF) - RP-SMA Jack to SMA Plug (For the Large GSM Antenna and similar antennas that utilise a RP-SMA Male connectors) (There are too many RF adapter types to be honest.)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerTransmit Radio Signals w/ Raspberry Pi (2/2) - Software Defined Radio Series #25Crazy Danish Hacker2017-02-15 | In this video I demonstrate how rpitx can be used with a Raspberry Pi to transmit various other radio signals, and not just wideband FM.
NOTE: The Raspberry Pi produces a lot of harmonics, which is generally very bad in terms of RF transmissions, as "duplicates" of the original signal will be seen at Frequency*2, Frequency*3, Frequency*4, etc.
Hardware: - Raspberry Pi v3 Model B - Transmitter - Terratec E4000 RTL-SDR (RTL2832U) - Receiver
Topics covered: - RPiTX Installation and Usage - Common Issues
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerTransmit Radio Signals w/ Raspberry Pi (1/2) - Software Defined Radio Series #24Crazy Danish Hacker2017-02-10 | In this video I show how to transmit radio signals with a Raspberry Pi! This video includes the complete steps from the beginning, where we format and reinstall the operating system (Raspbian), enable SSH access, upload audio files, install the necessary programs, and how to use them.
NOTE: The Raspberry Pi produces a lot of harmonics, which is generally very bad in terms of RF tranmissions, as "duplicates" of the original signal will be seen at Frequency*2, Frequency*3, Frequency*4, etc.
Hardware: - Raspberry Pi v3 Model B - Transmitter - Terratec E4000 RTL-SDR (RTL2832U) - Receiver
Topics covered: - Formatting SD Cards Properly - Installing Raspbian - Enabling SSH (Now disabled by default since 30th November 2016!) -- raspberrypi.org/blog/a-security-update-for-raspbian-pixel - Uploading Files With FileZilla - Installing PiFmRds - Basic PiFmRds Usage
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerMobile Wireless Recon: Raspberry Pi v3 Export NetXML to KML - WiFi Hacking Series #12Crazy Danish Hacker2016-11-13 | In this video I show how to copy our netxml files from the Raspberry Pi to our computer with FileZilla (sftp), and subsequently in Kali; how to use giskismet to export our data into KML format that Google Earth and Google Maps can parse.
This is the final video in the Mobile Wireless Recon series for now, meaning that I'll focus on non-wifi (802.11) content next.
Hardware: - Raspberry Pi 3 Model B + Original Case - Alfa card (AWUS036H ~30dBm) - GPS (GlobalSat BU353S4) - PowerBank (5V/2A ~10000mAh)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerMobile Wireless Recon: Raspberry Pi v3 Kismet & Final Conf - WiFi Hacking Series #11Crazy Danish Hacker2016-11-13 | In this video I show how to install and configure Kismet and autorun it at startup. This is the final video before we look into exporting the netxml files and importing them into Google Earth for example. Some important things to note in this video, are the blacklist configuration, the specific Kismet configuration I use, and of course the autorun script at startup.
Dependencies to install for Kismet: sudo apt-get install screen ncurses-dev libpcap-dev tcpdump libnl-dev wireshark
Location for wpa_supplicant service files: /usr/share/dbus-1/system-services/ ( fi.epitest.hostap.WPASupplicant.service and fi.w1.wpa_supplicant1.service )
Hardware: - Raspberry Pi 3 Model B + Original Case - Alfa card (AWUS036H ~30dBm) - GPS (GlobalSat BU353S4) - PowerBank (5V/2A ~10000mAh)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerMobile Wireless Recon: Raspberry Pi v3 GPSd Install & Config - WiFi Hacking Series #10Crazy Danish Hacker2016-09-29 | In this video I show how to install and configure GPSd, which is used to acquire the current location for our wireless reconnaissance project.
It is worth noting the configuration I use, in case this is the first time you're setting up GPSd on your own device despite that the installation is very easy.
Hardware: - Raspberry Pi 3 Model B + Original Case - Alfa card (AWUS036H ~30dBm) - GPS (GlobalSat BU353S4) - PowerBank (5V/2A ~10000mAh)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerMobile Wireless Recon: Raspberry Pi v3 OS Installation - WiFi Hacking Series #9Crazy Danish Hacker2016-09-21 | In this video I show how to install the Raspbian operating system, and perform some basic but necessary configuration changes.
Hardware: - Raspberry Pi 3 Model B + Original Case - Alfa card (AWUS036H ~30dBm) - GPS (GlobalSat BU353S4) - PowerBank (5V/2A ~10000mAh)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerFridays are Fact-Days - Apollo Missions to the MoonCrazy Danish Hacker2016-09-17 | Recently I decided to record the moon. After playing a bit in my video editing software, I wanted to add some information about the manned Apollo missions, and then I eventually committed into making a full video that took two hours to create.
Hardware: - Canon video camera (low-end) - Tripod (low-end)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerGPS Spoofing w/ BladeRF - Software Defined Radio Series #23Crazy Danish Hacker2016-09-11 | In this video I show how to spoof our own GPS signal! This can be used to change our location, according to our mobile phone, which can be used in location aware games such as Pokemon Go.
Note: Spoofing your location in Pokemon Go can get you banned from the servers.
Topics covered: - Switching to GPS Only mode on Android - Creating a static location GPS file - Running the BladeRF script - Checking the transmitted data in SDR# - Verifying that the GPS signal is working on Android - Using Google Maps to test the spoofed GPS signal
Topics covered: - Transmitting a DVB-T signal - Verifying the signal visually - Using w_scan to scan for DVB-T channels - Using vlc to view a DVB-T frequency - Configuring channels.conf for mplayer - Using mplayer with the correct demuxer (lavf) - Checking system resource usage while viewing DVB-T channels
Channels.conf details: (Make sure to change the frequency if you're not transmitting on 522MHz) service_id 1:522000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_AUTO:FEC_AUTO:QAM_AUTO:TRANSMISSION_MODE_AUTO:GUARD_INTERVAL_AUTO:HIERARCHY_AUTO:69:68:1
Script usage: (Make sure to set the frequency you want to transmit on, and make sure you have loaded the FPGA, and last but not least, that you're pointing to the correct MPEGTS file.) ./dvbt-blade.py -m t8k -c 8 -C qpsk -r 7/8 -g 1/32 -f 522e6 ~/Desktop/file.ts
Notes for when it doesn't work: Sometimes it's not going to work, despite that you've done exactly as I did in my video. In that case, unplug the devices, try switching USB ports, don't use USB hubs for the bladeRF and RTL-SDR that decodes the DVB-T signal, and pray to the "demo gods", in case you're demonstrating this to someone else. In my case, I actually just waited a bit, and did something else for 30 minutes, came back, and did exactly the same thing again, and then it worked.
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerBroadcasting Digital TV w/ BladeRF - Part 1/2 - Software Defined Radio Series #21Crazy Danish Hacker2016-09-04 | In this video I show how to install all the necessary tools for broadcasting our own digital TV signal!
Topics covered: - Converting mp4 files to mpegts (.ts) with VLC - Using Camtasia to encode an mp4 file into lower resolution - Using sdr# (sdrsharp) to briefly look for unused frequencies - Virtual machine design for DVB-T TX and RX - Fixing the repository lists (/etc/apt/sources.list) - Testing that our DVB-T dongle (RTLSDR) is recognized as a DVB-T device - Using w_scan to scan for DVB-T channels - Installing the dependencies for compiling gr-dvbt - Compiling and installing gr-dvbt - Copying files to our TX VM with Filezilla and openssh-server
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerMobile Wireless Recon: Hardware Requirements - WiFi Hacking Series #8Crazy Danish Hacker2016-09-01 | In this video I show what type of hardware is necessary to conduct mobile wireless reconnaissance without a laptop, but instead with a raspberry pi, plug'n'play style!
The wireless card, GPS module, and powerbank do not have to be those exact models that I use. In fact, as long as the wireless card is supported with Kismet, and is able to get a decent signal, powered over USB, etc., then almost any card can be used.
Generally I recommend Alfa cards (I know they're not super easy to get, but they're worth it), because they're generally the best. If you want an Alfa card that's compatible with hostapd-wpe, then you want the black version. (Not used in this video, but I have one for a future video.)
For the GPS module, several other types will work. More specifically those mentioned in the 'gpsmon' help page, which features a list of supported GPS modules/chipsets. Obviously, the GPS module needs to support USB output. Kismet can work directly with some GPS modules, but I prefer using gpsmon as a local service.
Hardware: - Raspberry Pi 3 Model B + Original Case - Alfa card (AWUS036H ~30dBm) - GPS (GlobalSat BU353S4) - PowerBank (5V/2A ~10000mAh)
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhacker124MHz Bandwidth w/ BladeRF on Ubuntu! - Software Defined Radio Series #20Crazy Danish Hacker2016-08-28 | In this video I show how to install custom versions of gr-osmosdr and gqrx on Ubuntu Linux, which allows us to receive 124MHz bandwidth at the same time.
This is achieved by a few HDL accelerators in BladeRF, which allows it to calibrate and tune the underlying RF front-end several thousand times per second.
When these tasks are performed quickly, the BladeRF can digitize and stitch together up to 200MHz of additional bandwidth, which is a pretty impressive feat.
Topics covered: - Installing Ubuntu - Installing BladeRF-cli on Ubuntu - Using apt-get on Ubuntu to get gr-osmosdr and gqrx - Compiling custom versions of gr-osmosdr and gqrx
Stay tuned and subscribe for more upcoming videos showing actual hacks!
Twitter: @CrazyDaneHacker Facebook: facebook.com/crazydanishhacker Patreon: patreon.com/crazydanishhackerSpectrum Painter w/ BladeRF on Kali Linux - Software Defined Radio Series #19Crazy Danish Hacker2016-08-21 | In this video I show how to use Spectrum Painter with BladeRF on Kali Linux, to transmit images over the air and view them in the FFT inside SDR# with a separate RTL-SDR
Disclaimer: Do not transmit on used frequencies, and only at low transmit power, or inside an RF shielded cage/box/bag. (High transmit power creates "reflection images".) Consider checking local laws before transmitting. If possible, use the 2.4GHz ISM band, or any other ISM band en.wikipedia.org/wiki/ISM_band.
Topics covered: - Getting Spectrum Painter - Converting Images - Using bladeRF-cli to Transmit Data