L0pht Light Industries
July 13, 2022 10:06 AM   Subscribe

After his wife told him for years that he needed to do something other than teaching, Joe Grand - "Kingpin" in the well-known hacker collective L0pht - decided to get back into cracking. Watch a master fail until he succeeds while nervous clients watch over his shoulder: How I hacked a hardware crypto wallet and recovered $2 million, and Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!?
posted by clawsoon (35 comments total) 27 users marked this as a favorite
 
Watching the trezor wallet key extraction was extremely neat, I was very interested to see that he has his hardware hacking setup run via jupyter notebooks. I guess that sort of work is what I hoped I would be doing as a teenager, so it's nice to see that someone gets to do it somewhere.
posted by Kikujiro's Summer at 10:23 AM on July 13 [7 favorites]


"How I broke into my mom's board game closet and recovered $10 million in Monopoly money."
posted by Ben Trismegistus at 10:40 AM on July 13 [10 favorites]


This thread is getting a little poopy. I hate crypto more than the next guy, but it isn't really what's on offer here.
Pretend dude is opening a locked safe with nothing in it, if you like, it's still quite a happening.
posted by seanmpuckett at 11:00 AM on July 13 [62 favorites]


Yeah, I am loving his effort. Thanks for the post, OP!
posted by Bella Donna at 11:42 AM on July 13 [1 favorite]


I was surprised Android file systems aren't encrypted by default.

I was also a bit surprised you can brute force the swipe hash; shouldn't there be some extra random bits in there to make that impossible?
posted by lowtide at 11:48 AM on July 13 [4 favorites]


You know what would re-rail the thread? For people to stop shitting on it. If you don't like the examples, feel free to skip this thread and/or go make a FPP that speaks to your soul. I can enjoy the post without supporting crypto; if you cannot do that or choose not to, please be a good community member and pipe down. Thank you.
posted by Bella Donna at 11:56 AM on July 13 [52 favorites]


If you don't like crypto, isn't evidence that wallets aren't secure a good thing?
posted by Nancy Lebovitz at 11:57 AM on July 13 [10 favorites]


For those of us like me who prefer text to video and would like to know more about Joe Grand, here's an excerpt from one (also crypto-related) article: Joe Grand, a computer engineer and hardware hacker known by many for recovering crypto from hard-to-reach places, spent hours breaking into a phone only to find a fraction of a Bitcoin....“I’m a little devastated,” said Lavar. “We didn’t make money, but we definitely made new friends.”

If you happen to be in the Netherlands in late October, you can take a 3-day training session from the guy. Interested in hardware hacking, but don't know where to start? This class, taught by world-renowned engineer and hacker Joe Grand, teaches fundamental hardware hacking concepts and techniques used to reverse engineer and defeat the security of electronic devices. Having premiered at Black Hat in 2005, it is the longest running hardware hacking training in our industry.

YouTube also has a "sizzle reel" for Grand that runs just under 3 minutes. Enjoy!
posted by Bella Donna at 12:20 PM on July 13 [7 favorites]


The guy has mad skills and has been doing really outstanding, envelope-pushing work for longer than either Metafilter or “crypto” funnymoney has existed. Just a chance to watch a master at work is a treat. Regardless of what’s at the end. It’s about the journey not the destination, crypto or otherwise.
posted by armoir from antproof case at 12:24 PM on July 13 [10 favorites]


While I do think it's best if we try to recognize that the real value here is in the digital safe-cracking, crypto is still a recent-enough sore spot for the world that some ridicule at all things crypto-related should be expected.

The only way I would imagine being able to post anything that has ANYTHING to do with crypto and not get a little ribbing, would be to start with all kinds of apologies and expectation-setting that, yes yes crypto is a huge grift, horrible for the environment, etc. but here is one orthogonally-related thing that is actually cool. And even then, I would still expect a little ribbing anyway.
posted by nushustu at 12:31 PM on July 13 [5 favorites]


Lost crypto wallets seems like a bad thing from an environmental perspective, more scarcity -> more value -> more mining.
posted by BrotherCaine at 12:50 PM on July 13


By that argument, it's then better for him to recover them, right?
posted by sagc at 12:58 PM on July 13 [1 favorite]


Thank you for posting this, clawsoon! This is like watching a movie hacker, but it’s actually real. Incredible skill.
posted by thoroughburro at 1:15 PM on July 13 [6 favorites]


Joe Grand is such a legend. I have several of his Defcon Badges hanging around my closet. I'm glad there are Joe Grands around - I suspect we'll need even more of his type of skills to help keep electronics accessible in the fight for the right to repair.
posted by inflatablekiwi at 1:59 PM on July 13 [6 favorites]


Ah L0pht… I remember them having a really cool tshirt back in the day that I wanted but there was zero chance of me giving them a credit card number to buy it!
posted by cirhosis at 2:00 PM on July 13 [9 favorites]


I think the reason you'd do a demonstration using a hardware crypto wallet is because they should be one of the most high-risk, highly-contested use cases around. It should be the equivalent of a bank vault. What's in it is sort of immaterial—there's a lot of very unsavory stuff inside actual bank vaults, too. (Glances in the general direction of Switzerland.)

I have been getting into some hardware (mostly microcontroller) hacking and DIYing lately, and it's really pretty neat stuff. I made an attempt to learn microcontrollers a couple of times in the past, and bounced off each time—the toolsets were just too expensive, and the free software too arcane or poorly-documented... everything just felt like I needed to go back for a few semesters of concerted education before I could do anything. That seems to not be the case as much anymore. The test and debugging equipment is ridiculously cheap (from Alibaba etc.), and you can buy a USB dongle for under $100 that will do most of what a very expensive storage 'scope and logic analyzer used to be needed for. And the amount of hardware capability that you can toss into a project for $8 is really stunning.

Of course, that's a double-edged sword: because it's so cheap to throw what's effectively an entire 32-bit computer with a WiFi and TCP stack in it into anything... lots of things are going to suddenly acquire WiFi and TCP stacks without really needing them. And that's going to get pretty weird, when you suddenly discover that you've been being spied on by someone reflashing the firmware in your espresso machine over its undocumented WiFi connection.

This guy's skillset is only going to get more valuable.
posted by Kadin2048 at 2:09 PM on July 13 [9 favorites]


It should be the equivalent of a bank vault. What's in it is sort of immaterial. . .

Sure, tell that to Geraldo. [/old]
posted by The Bellman at 3:34 PM on July 13 [4 favorites]


Oh man. L0pht? There's a name I haven't heard of in a long time. They're been around for ages.

I don't know where their HQ is these days but I briefly got to see their place in San Diego in the Gas Light district before it got gentrified when I attended a weird noise and chaos magick party and ritual a floor or two above them.

Their floor looked like something straight out of Hackers, but a thousand times better. They had some serious racks and hardware going on and so many blinkenlights and boxen. The place was practically wall to wall silicon, PCBs and workbenches with some seriously nice test and diagnostic equipment.


As for hacking/cracking crypto hardware wallets, I'm totally cool with that. Break that shit, break it so hard. Make cryptobros afraid of people with skillz. The more FUD the better.
posted by loquacious at 5:17 PM on July 13 [12 favorites]


Of course, that's a double-edged sword: because it's so cheap to throw what's effectively an entire 32-bit computer with a WiFi and TCP stack in it into anything... lots of things are going to suddenly acquire WiFi and TCP stacks without really needing them.

Yeah, the house I live in with some people just got a shiny new stove and range and the damn thing has bluetooth and WiFi so you can do weird stuff like watch the timer or turn it on and off remotely from an app on your phone.

Because, uh, why? I mean yeah, cool, I guess you could throw a frozen casserole or roast something in there before you go to work and then turn it on from work before you get home but... seriously? Seriously!? If there isn't someone at home to turn it on for you do you really want to turn on an unattended oven in an empty house and no one there to deal with it if something caught fire?

That's like oven/range safety 101 and you shouldn't leave it on if you're not there to deal with it and it's just asking for a house fire or calamity.

Since I'm the computer nerd of the house I'm going to firmly refuse if anyone asks me to add it to the network as it's pretty much the last thing I want to have connected to the internet as an IoT device, even if I trusted $VeryWellKnownMegacorpBrand to not mess up the security, which obviously I don't.

Which reminds me I should probably figure out how to just straight up disable the WiFi and TCP stack, and I'm hoping I can find a physical WiFi module to just straight up plug or cut out without breaking the rest of stove.

The thing is already too smart for it's own damn good and turns off the electric stove elements if you slide a pan off of them to modulate the heat like you're supposed to when cooking with cast iron pans.
posted by loquacious at 5:29 PM on July 13 [9 favorites]


Nostalgic memories of l0pht make me happy. The shattered lives of people who lost their life savings because of crypto make me not so happy. The crypto subreddits used to pin the suicide hotline number to their front page during some of the crashes. That level of tragedy is hard to politely shut up and smile about, even though the hack is cool.

So I'm ambivalent about posts like this.
posted by AlSweigart at 6:08 PM on July 13 [2 favorites]


turn it on and off remotely from an app on your phone. Because, uh, why?

Might be easier for people with disabilities to use. EG: Many ranges no longer have knobs for oven controls making temperature selection difficult for blind users. A WiFi enabled range would let a friend set the temperature for you regardless of where they are located or could allow text to speech capabilities of a PC to provide that information even if the app doesn't have it built in.
posted by Mitheral at 6:47 PM on July 13 [2 favorites]


So this guy uses a lookup table of all possible swipe patterns to encrypted hashes to match it.

Reminds me of a primitive attack my friend did, on a regular Windows PC login, many years ago.

Passwords in Windows are also stored as an encrypted hash, but even if you downloaded a lookup table it would only find you a match for common passwords that people have used in the past - stuff like "password" or "abc123". But a properly secure password - of sufficient length so windows doesn't pad it with null characters, and never reused before so it never appears on anyone's lookup table - should in theory be secure and according to the specs, can't be cracked within the next thousand years etc etc.

This guy was a system administrator so of course his password would be secure.

But the attack was even more simplistic... we just replaced the hash on his PC with a hash that we already knew the password to. Then logged into his Windows PC with our password, messed around with the desktop wallpaper it to let him know we broke in, then after logging out we replaced the hash on his PC with his original hash.

So we never needed to know his password to begin with. He logged in with his own, super secure un-guessable password later, and found his PC had been compromised... my friend made fun of him saying that his password was "easy to guess" and "too weak" but of course we're all friends and we told him exactly what we did a few minutes later.
posted by xdvesper at 6:55 PM on July 13 [9 favorites]


Heh, Lopht. Back in 1999 I was taking a class to get my Microsoft Certified Systems Engineer cert (shhh, don't tell anyone) and I brought in l0phtcrack to show how easy it was to break in to a server when you have physical access. The days of weak ass security.
posted by zengargoyle at 7:15 PM on July 13 [3 favorites]


I work with this kind of stuff all day long and I'm impressed by this video. Excellent technique, great presentation skills, clean code, and anyone that knows their way around a SEGGER J-Link (JTAG debugging device) and OpenOCD is cool with me. Not like you can find one on the market these days but still...

I was also fascinated by the use of Juypter for this as well but it makes total sense. I've got a directory filled with half-baked Python test and setup scripts and now I'm kind of getting the idea here.
posted by JoeZydeco at 7:28 PM on July 13 [3 favorites]


turns off the electric stove elements if you slide a pan off of them
It's not induction, is it? Induction ranges have to do that because they can't run without a pan on the burner.
posted by Hatashran at 8:59 PM on July 13


I was surprised Android file systems aren't encrypted by default.

They have been for quite some time now, at least on Google's Android (Samsung has always done whatever the fuck they want). Maybe in Jelly Bean or possibly KitKat? I remember being mildly annoyed at the time because I took care not to have anything sensitive on my phone anyway and it made some things I wanted to do harder.

SD cards are different. Adopted storage has been encrypted just like internal storage ever since that feature was released. Non-adopted aren't (unless it's changed in the past few years), as it is assumed that you will also be using the card in other devices.
posted by wierdo at 10:09 PM on July 13


Also, a funny thing about that S3. Since it used a Qualcomm SoC there was zero need to use JTAG to dump the eMMC. The Qualcomm SoCs of that era (and maybe even still today) have a USB debug interface that works as soon as you plug the USB cable in with the phone off. Its primary use was for dead flashing devices with a bootloader that had ceased to function for some reason, but it can also be used to read from storage as well. The delightful thing is that it doesn't even require a functioning battery since it uses USB power.

The easily available tools kinda suck because they aren't meant for dumping the entire flash chip, but it can be scripted easily enough..
posted by wierdo at 10:59 PM on July 13 [1 favorite]


From a product designer's standpoint, when a WiFi stack is a zero-cost addon to your hardware BOM (as it's close to being, if not quite yet), why not take advantage of it? Being able to update a device's software in the field is pretty nice, and software controls are a lot cheaper than adding buttons and dials to the hardware. (Interoperability standards like HomeKit are interesting because they potentially let designers basically outsource their user interfaces completely.)

And, of course, if you can get some of your customers to install a phone app, that's a bunch of marketing data. For a cheap device, you can probably subsidize the retail price quite a bit that way. (Naturally, the versions without an app will cost more.)

So, yeah. They're going to end up everywhere.
posted by Kadin2048 at 12:28 AM on July 14 [1 favorite]


I like Joe Grand! I like hardware hacking! The video left me meh. It feels like an TV pilot created by a third party who's afraid the viewers will be scared off by Too Many Details. Maybe instead of a five minute timelapse of Two Dudes Looking Bored, you could have done a quick tour of your setup, huh? Two notes:
- why are you not using hot air to remove the caps, you have a rework station
- where do you live that it takes an hour for pizza to arrive, and can it truly be called living
posted by phooky at 6:01 AM on July 14 [4 favorites]


Might be easier for people with disabilities to use. EG: Many ranges no longer have knobs for oven controls making temperature selection difficult for blind users.

Ah, true. I think it's less about accessibility and more about hogwash IoT home automation selling points and data harvesting via the app.

I'm also just not interested in having a full internet stack from an unvetted source on our house network, especially one that can turn on the frickin' stove remotely because yeah that's great let's give potential hackers something they could conceivably use to non-figuratively burn down a house.

It's not induction, is it? Induction ranges have to do that because they can't run without a pan on the burner.


Nope, radiant quartz heating elements. I kind of wish it was induction because pan heat control is super easy with induction.

- where do you live that it takes an hour for pizza to arrive, and can it truly be called living

I live somewhere were it takes at least that long and there's maybe one pizza place that might deliver this far out of town, but it would be worth the wait. On the other hand in about the same amount of time I could just make pizza dough from scratch with sourdough starter, go collect some ingredients from the communal garden and make pizza.

Or ebike into town, grab a couple slices from the hot case and be home again in about the same time frame that it would take to decide on what pizza to order, call it in and wait for it.

We're definitely truly living out here but you'd have to really be into trees and nature. I never thought I would not be a city mouse and turn into a country mouse, and yeah I'm feeling a little personally attacked but living out here is pretty great all things considered.
posted by loquacious at 9:26 AM on July 14 [3 favorites]


Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!?

The only thing missing from this video was Geraldo Rivera.
posted by milnak at 1:41 PM on July 14 [1 favorite]


For folks who have no interest in cryptocurrency crap but just want to see some cool hardware hacking (and electronics workbench / test instrument porn), you might enjoy the video more if you start at around 13m50s in. This skips the somewhat reality-TV-esque setup and gets you right to xacto-knives-and-soldering part of things.
posted by Kadin2048 at 2:53 PM on July 14


l0pht used to run the Black Crawling Systems archives, which were basically mega-dumps of txtfiles and software. I spent whole summers in there (virtually) reading.

l0pht changed the course of my life, and I thank them all. So cool to see them over 20 years later still at the bleeding edge.
posted by fake at 3:36 PM on July 14 [1 favorite]


don't know where their HQ is these days but I briefly got to see their place in San Diego in the Gas Light district before it got gentrified when I attended a weird noise and chaos magick party and ritual a floor or two above them.
Huh, I never knew they were in San Diego - but I wonder if that’s the aesthetic David Hulton and his friends were shooting for with their place downtown (closer to Cortez Hill), too. I remember hanging out there writing some code which tried to sniff unencrypted WiFi traffic & send you an email warning you that your messages were unprotected, feeling distinctly insufficiently cool.

Also that Toorcon (2003?) where Neal Stephenson was mostly in the hall writing one of the Baroque Cycle books in longhand.
posted by adamsc at 6:10 PM on July 14 [1 favorite]


Joe Grand is also responsible for a whole bunch of product designs and rather clever hardware via Grand Idea Studio. He's responsible for one of my favourites, the Emic 2 Text-to-Speech Module, which puts a full DECTalk (= Stephen Hawking voice) in a package that will connect to any Arduino-alike
posted by scruss at 1:14 PM on July 16


« Older A Hookup App for the Emotionally Mature   |   Dig through the ditches and burn all your bridges Newer »


This thread has been archived and is closed to new comments