First attempt at magnetron sputtering. Variable high voltage DC supplied by 120VAC to variac to MOT (1:59) to diode, max output ~7kV, though 30 amp fuse on variac blows before getting that high. Vacuum from two-stage rotary vane pump (soon to be the roughing pump to a turbomolecular pump). I hid behind an acrylic sheet the entire time in fear of implosion.

Wireless, LED balloon network designed, fabricated and executed for our friend's birthday! Created by Samy Kamkar, Alex Huf, Dylan Caponi and help from so many others! Music by Epoch Rises Video edited by David Zoeller Code @ https://github.com/samyk/bgrid Hackaday Supercon talk on design and implementation @ https://youtu.be/1NBNrgTEwq0 Hackaday article: https://hackaday.com/2019/01/24/samy-kamkars-led-balloon-network/

PoisonTap - siphons cookies, exposes internal router & installs web backdoor (reverse tunnel) on locked/password protected computers with a $5 Raspberry Pi Zero and Node.js. https://samy.pl/poisontap/ By Samy Kamkar Full details and source code at https://samy.pl/poisontap/ Buy a Raspberry Pi Zero here: https://amzn.to/2eMr2WY Buy cement for your USB ports here: https://amzn.to/2fX0I1e When PoisonTap (Raspberry Pi Zero & Node.js) is plugged into a locked/password protected computer (Windows, OS X or Linux), it: - emulates an Ethernet device over USB (or Thunderbolt) - takes over all Internet traffic from the machine (despite being a low priority network interface) - siphons and stores HTTP cookies from the web browser for the Alexa top 1,000,000 websites - exposes the internal router to the attacker, making it accessible remotely - installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies - allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain - does not require the machine to be unlocked - backdoors and remote access persist even after device removal Music by Epoch Rises: https://soundcloud.com/epochrises Intro graphics by Darin Leach: https://goo.gl/HDKRFG https://samy.pl/poisontap/

MagSpoof is a device that can spoof/emulate any magnetic stripe or credit card *wirelessly*. Full details at https://samy.pl/magspoof/ By Samy Kamkar - Allows you to store all of your credit cards and magstripes in one device - Works on traditional magstripe readers wirelessly (no NFC/RFID required) - Can disable Chip-and-PIN - Correctly predicts Amex credit card numbers + expirations from previous card number - Supports all three magnetic stripe tracks, and even supports Track 1+2 simultaneously - Easy to build using Arduino or other common parts Music by Epoch Rises: https://soundcloud.com/epochrises https://samy.pl/magspoof/

OwnStar is a device that can locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers. It can also unlock (and more) BMW Remote, Mercedes-Benz mbrace, Chrysler Uconnect, and Viper SmartStart. More technicals details to come at Defcon and in a future video. Since my communications with GM, GM/OnStar have resolved this issue for more than 3 million RemoteLink users! Read more: http://www.wired.com/2015/07/patch-gm-onstar-ios-app-avoid-wireless-car-hack/ By Samy Kamkar Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk Follow me on Twitter: https://twitter.com/samykamkar Join my mailing list: http://samy.pl/list/

Unlocking Motion-Sensor Secured Doors With Air Duster (Canned Air) by Samy Kamkar (read more...) After testing various methods purportedly used to defeat motion sensors that are used to unlock doors, I found none of the methods documented on the Internet or that I heard about actually work. After performing my own research, I discovered a new technique that actually does work, and is simple and inexpensive -- using air duster (canned air) to set off the PIR (passive infrared) motion sensor from the outside. The straw of these cans easily slips through most doors and allows you to aim the canister, while the output (technically not air, but typically a chemical such as difluoroethane) alters the temperature or amount of longwave infrared light that the sensor can detect, thus causing the sensor to believe there is motion, and unlocking the door from the outside.

OpenSesame is a device that can wirelessly open virtually any fixed-code garage door in seconds, exploiting a new attack I've discovered in many wireless garages and gates. Using a child's toy from Mattel. http://samy.pl/opensesame By Samy Kamkar Can exploit *some* garages from: Liftmaster, Chamberlain, Stanley, Nortek, Linear, Multi-code, NSCD/North Shore commercial Door, Delta-3, Moore-O-Matic Are you vulnerable? More details and writeup at http://samy.pl/opensesame Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk Follow me on Twitter: https://twitter.com/samykamkar Join my mailing list: http://samy.pl/list/

Protect yourself against common garage hacking techniques and the OpenSesame attack. http://samy.pl/opensesame/ by Samy Kamkar

C-C-C-Combo Breaker is a motorized, battery powered, 3D printed, Arduino based device that can crack any Master combination lock in less than 30 seconds! http://samy.pl/combobreaker/ By Samy Kamkar Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_... Follow me on Twitter: https://twitter.com/samykamkar Join my mailing list: http://samy.pl/list/ --- Music by Epoch Rises: https://soundcloud.com/epochrises All hardware and software linked to from: http://samy.pl/combobreaker/

In this follow-up video I go over the full details of cracking open any Master combination lock in 8 tries or less. In my previous video, I provided a simple online tool to crack open any Master combination lock in 8 combinations or less! This new technique will allow you to learn the combination of any Master combo lock with only eight attempts maximum: http://samy.pl/mastervuln/ Online calculator: http://samy.pl/master/ By Samy Kamkar First part here: http://youtu.be/09UgmwtL12c Third part coming soon! Questions? Leave a comment below! Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk Join the Applied Hacking mailing list: http://samy.pl/list/ Follow me on Twitter: https://twitter.com/samykamkar Music by Epoch Rises: http://soundcloud.com/epochrises

Crack open any Master combination lock in 8 combinations or less! This online tool and new technique will allow you to learn the combination of any Master combo lock with only eight attempts maximum: https://samy.pl/master/ By Samy Kamkar 2nd part (explanation) here: https://youtu.be/qkolWO6pAL8 3rd part (Motorized Combo Breaker) here: https://youtu.be/YcpSvHpbHQ4 WHY NOT A SHIM? Shimming is an awesome technique for quickly opening older locks, however all of the newer Master combination locks don't allow shimming: http://www.masterlock.com/business-use/locker-blockguard Also, using this technique recovers the actual combo so you can reuse the lock. NOTE: If you only find ONE locked position under 11, try to find two locked positions between 10 and 20, and remove the first digit. So if "13" and "17" lock up, enter "3" and "7" as the locked positions into the tool. Questions? Leave a comment below! Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk Join the Applied Hacking mailing list: http://samy.pl/list/ Follow me on Twitter: https://twitter.com/samykamkar Music by Epoch Rises: https://soundcloud.com/epochrises

KeySweeper (http://samy.pl/keysweeper) is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboards (using proprietary 2.4GHz RF) in the area. Keystrokes are sent back to the KeySweeper operator over the Internet via an optional GSM chip, or can be stored on a flash chip and delivered wirelessly when a secondary KeySweeper device comes within wireless range of the target KeySweeper. A web based tool allows live keystroke monitoring. KeySweeper has the capability to send SMS alerts upon certain keystrokes being typed, e.g. "www.bank.com". If KeySweeper is removed from AC power, it appears to shut off, however it continues to operate covertly using an internal battery that is automatically recharged upon reconnecting to AC power. http://samy.pl/keysweeper By Samy Kamkar 0:00 Intro 0:59 Demonstration 1:11 Hardware used 5:33 Determining Keyboard Radio Frequency & Wireless Protocol 11:05 Sniffing 2.4GHz Proprietary RF 16:22 Decrypting Wireless Keystrokes 19:26 Using GSM for Internet and SMS 22:17 Powering and Usurping a USB Charger 25:36 Schematic Subscribe to my channel for more Applied Hacking videos: http://www.youtube.com/subscription_c... Follow me on Twitter: https://twitter.com/samykamkar Music by Epoch Rises: http://soundcloud.com/epochrises Hardware: Arduino Pro Mini / Teensy Nordic nRF24L01+ Adafruit FONA GSM board AC USB 5v 1A charger Winbond W25Q80BV SPI Flash chip 3.7v Lithium Polymer/Ion (Lipo/Lion) battery Software: Key Sweeper, PHP, jQuery, jQuery Terminal, jQuery UI Virtual Keyboard Also mentioned: HackRF, RTL-SDR, LO down converter, nRF24LE1H, nRF24LE1, nRF24L01, TI CC2500, Cypress CYRF6936, CYRF7936, Travis Goodspeed, GoodFET, KeyKeriki, Thorsten Schröder, Max Moser

USBdriveby (http://samy.pl/usbdriveby) is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on any unlocked machine via USB in a matter of seconds. It does this by emulating a keyboard and mouse, blindly typing things, flailing the mouse pointer around and weaponizing mouse clicks. A version for Windows and OS X is available on github. It also evades several security measures in OS X, including hacking the accessibility settings, window positioning, overriding network settings, and disabling portions of the Little Snitch firewall. By Samy Kamkar Want to attack *locked* or password protected computers? Then check out PoisonTap: https://youtu.be/Aatp5gCskvk Subscribe to my channel for more Applied Hacking videos: https://www.youtube.com/subscription_center?add_user=s4myk Follow me on Twitter: https://twitter.com/samykamkar More USBdriveby details: http://samy.pl/usbdriveby Also check out BadUSB: https://srlabs.de/badusb/ Music by Epoch Rises: http://soundcloud.com/epochrises aka USB Driveby / USB Drive By WINDOWS VERSION A Windows version is available on the Github linked from https://samy.pl/usbdriveby/ Another user posted an alternate version for Windows: https://youtu.be/FfRhKzbgmeU FOR LINUX: You can simply open a terminal, add a new directory to the beginning of $PATH, install a malicious "sudo" in that user-owned path that siphons credentials and performs the same attacks and more (and still send the sudo password to the real sudo to prevent the user from noticing.) DETECTING OPERATING SYSTEM: You can detect OS by the unique way each OS communicates with the USB device. WHY NOT RUBBER DUCKY? Rubber Ducky is an awesome tool but lacks the HID mouse emulation required to pull off the mouse-based DNS attack we perform here! Additionally, this is half the price!

Digital Ding Dong Ditch is a device to hack into and ring my best friend's wireless doorbell whenever I send a text message to the device. More details below... Subscribe for more fun videos like this or follow me on Twitter! https://twitter.com/samykamkar In this project, we'll learn not only how to create this device, but how to reverse engineer radio frequencies we know nothing about using RTL-SDR (a ~$14 software defined radio), as well as creating hardware and software using Arduino, the Adafruit FONA (GSM/SMS/2G board), an RF (radio frequency) transmitter to transmit custom signals, and even how to reverse engineer a proprietary radio signal we know nothing about! More details: http://samy.pl/dingdong Source code: https://github.com/samyk/dingdong Follow me on Twitter: https://twitter.com/samykamkar Music by Epoch Rises: https://soundcloud.com/epochrises

SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control. More details below... by Samy Kamkar FULL DETAILS on SkyJack website: http://samy.pl/skyjack You can support SkyJack on Suprmasv: https://www.suprmasv.com/projects/161/skyjack Follow me on Twitter: https://twitter.com/samykamkar Hardware/software used: SkyJack: http://samy.pl/skyjack Raspberry Pi: http://www.raspberrypi.org/ Parrot AR.Drone 2: http://ardrone2.parrot.com/ Aircrack-ng: http://www.aircrack-ng.org/ Node.js: http://nodejs.org/ node-ar-drone: https://github.com/felixge/node-ar-drone Alfa AWUS036h wifi card: http://www.alfa.com.tw/products_show.php?pc=34&ps=92 Edimax EW-7811Un wifi card: http://www.edimax.com/en/produce_detail.php?pd_id=347&pl1_id=1 More details on SkyJack site: http://samy.pl/skyjack