TL;DR: This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling.

Prologue: After my first success in bypassing APPROTECT readout protection of the NRF52-based Slok smartlock with #PocketGlitcher (i.e. …


Recently I bought a X-RAY machine from China to have some ghetto-style desktop setup in order to inspect/reverse engineer some PCBs and hardware implants.


Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way!

Disclaimer: due to a complaint from the citizens of my native city in Italy… I had to rename #PiadinaBoard into #BurtleinaBoard :P

Few months ago I have presented #FocacciaBoard: a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e. UART, JTAG, SWD, SPI, I2C).


A Multipurpose Breakout Board to hack hardware in a clean and easy way!

TL;DR: Go grab a copy of the Gerbers and 3D-printed Case STL files at https://github.com/whid-injector/Focaccia-Board and print through your favorite FAB.

Prologue

Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of…


In the previous post https://medium.com/@LucaBongiorni/usbsamurai-a-remotely-controlled-malicious-usb-hid-injecting-cable-for-less-than-10-ebf4b81e1d0b I have talked a bit about USBsamurai based on C-U0007.

With this blog-post I wanna bring more light regarding:

  • Which are the differences between C-U0007 & C-U0012
  • How to Build USBsamurai with a C-U0012
  • How to flash the C-U0012 with the LIGHTSPEED Firmware
  • How to…


TL;DR: The Video is self-explanatory. (Wanna know how to make it? Read the article below.)

All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes.

It had to be:

  • Remotely Controllable
  • Fast in Typing
  • Tiny as f***k
  • Cheaper than a…


Few months ago I was testing some TCP & Wiegand based Access Control Systems that also had RFID reading capability and a lovely Fingerprint reader embedded.

Most of my time was spent on hardware security related tasks. However, since I love to mess-up with chemical compounds… I decided to test…


While driving to work I have seen the advertisement of a Fireworks Festival that’s going to happen in the city. And, as usual, my curiosity brought me to one question: “How they trigger the fireworks?

Back when I was a contractor I have worked for a company which the main…


As you may know, I am close to release WHID Elite. And as pedantic hardware developer I wanna be sure everything works, even the smallest details.

Last week I was looking for new targets to test WHID Elite’s Radio Hacking capabilities and suddenly I found an interesting one: an Electrocuting…


As most of you already know, at the beginning of 2017, appeared on the market the Hak5’s BashBunny.

It is an interesting toy, but someone (i.e. Mame82) decided to create a way cooler version based on a 11$ Raspberry Pi Zero W. …

Luca Bongiorni

Non aetate verum ingenio apiscitur sapientia / Omnia silendo ut audeam nosco / There is no deduction for excellence / Tweets are my own

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store