Hacker News new | past | comments | ask | show | jobs | submit login
Hack Rifle (hscott.net)
96 points by blueintegral on April 20, 2014 | hide | past | favorite | 55 comments



We could spend all day talking about the morality, possible government uses, and legality of all this, but I would personally just like to take a moment to appreciate how fucking cool this thing is.


It looks like something out of Buckaroo Banzai or Hackers.


My first reaction was that is looks like something the Laundry would issue (from Charlie Stross's excellent series about a Turing-complete Lovecraftian British intelligence agency):

http://en.wikipedia.org/wiki/Charles_Stross#The_Laundry_File...


The military-industrial-complex aesthetic doesn't really fit either of those two movies, but I agree there is a hacker's charm going on there.


I think I was mostly thinking of the exposed colored wires and screws. It not a clean-faced product. Plus, the science / action combination of hacking and guns made me think of those movies.

http://johnkennethmuir.files.wordpress.com/2010/11/banzai4.j...

http://www.hscott.net/wp-content/uploads/2014/04/IMG_6491.jp...


When you actually use it, WiFi cracking will be the last thing you're suspected of. Clever!


You could replace the scope with a viewfinder from an older video camera. These are essentially smallish monitors with eyepieces, giving you all the freedom you want wrt. spectrum displays overlaid over video imagery of the targeted area. Driving the thing might be an exercise in itself but it should be doable from the HDMI port on the Pi using a VGA converter or through a USB display adapter.

Personally I'd tone down the gun aspect of the whole thing though... lying on a roof somewhere in the US of A, pointing this thing at a window in an office building nearby is an open invitation for unwanted attention from trigger-happy defenders of the realm.


What is the use of any wifi cracking equipment these days?

Here in Munich (and also other German cities I've visited), no one carries a WEP WiFi anymore, and even the WPA1-only WiFis have nearly vanished...


You'd be surprised how many routers have shipped with WPS on by default, and without rate limiting. Your 25 character, randomly generated password isn't much help when you can simply try about 11000 WPS PINs and have it spit out the plaintext key to you :)


Even if it is turned off the router can still be vulnerable. Reaver use to be the go to script for this but now bully has taken over.[1]

[1]https://github.com/bdpurcell/bully


Not to mention OpenCL-accelerated WPA handshake cracking can still pay off reasonably.


Definitely agree. I've audited my fair share of WPA captured handshakes and had a lot of success. People choose shitty passwords.


Maybe I'm dumb. What does this thing do exactly? It doesn't seem like the post actually says.


It's basically a portable extremely long range WiFi adapter with an embedded computer on it that can be used for nefarious purposes. The form factor is based on an earlier project, which used a rifle stock as an easier way to aim a big Yagi antenna.


Looks like

> The way it’s set up right now, after pressing the button on the battery and booting up, pulling the trigger will scan for networks, find the best candidate, and start cracking.


Wifi cracking.


Reminds me of the "BlueSniper" rifle from a few years ago: http://www.tomsguide.com/us/how-to-bluesniper-pt1,review-408...


That might actually be the same original project I was referring to.


Remind anyone else of the smart rifle in Ken MacLeod's The Star Fraction?

http://en.wikipedia.org/wiki/The_Star_Fraction


Yeah, it reminded me of that too.


Another pretty awesome device modified for WiFi hacking is Denis' motorcycle.

Article: http://www.itnews.com.au/News/323897,pen-tester-builds-wifi-...

Kiwicon presentation: https://www.youtube.com/watch?v=Pr7YAhf4IG0


Semi-related: has anyone read this paper which claims to have a WPA2 rekeying vulnerability and evaluated it? They published in a journal I don't have access to, and don't have a preprint online, so it's probably not very important, but I'm still curious.

Achilleas Tsitroulis, Dimitris Lampoudis, Emmanuel Tsekleves. Exposing WPA2 security protocol vulnerabilities. International Journal of Information and Computer Security, 2014; 6 (1): 93 DOI: 10.1504/IJICS.2014.059797

(Fucking journals are extortion; the system must be destroyed.)


All of the tor exit nodes on campuses with good journal subscriptions have disappeared or they have been marked as open proxies by the journal cabal. I used to be able to get any journal pub via an exit node at BostonU or GaTech.

dx.doi.org needs to disappear too. Two of the three ipv6 endpoints are always down and unbound never seems to shuffle the addresses in such a way I get the working address first:

  dfc@ronin:~$ wget http://dx.doi.org/10.1504/IJICS.2014.059797
  --2014-04-21 00:32:13--  http://dx.doi.org/10.1504/IJICS.2014.059797
  Resolving dx.doi.org (dx.doi.org)... 2001:550:100:6::203, 2001:550:100:6::202, 2a00:1a48:7805:112:2c13:65be:ff08:2e89, ...
  Connecting to dx.doi.org (dx.doi.org)|2001:550:100:6::203|:80... failed: Connection timed out.
  Connecting to dx.doi.org (dx.doi.org)|2001:550:100:6::202|:80... failed: Connection timed out.
  Connecting to dx.doi.org (dx.doi.org)|2a00:1a48:7805:112:2c13:65be:ff08:2e89|:80... connected.


I remember that paper. The researchers ran a de-auth attack and then attempted to brute force the key.

It isn't worth reading.


I'm curious about the total weight before and after modification? I can only imagine that in the near future someone is going to want to 3d print this and mount it on some type of consumer UAV and open source the software/hardware setup. I'm also pretty curious what, if any, measurements can be taken with this setup?


I didn't weigh it, but before it was probably 2 or 3 pounds and adding everything to it was like an extra two pounds. As it is, you can do anything you could with a regular laptop and wifi card, but if you added an SDR, you could measure I and Q and do whatever you want.


Hmm, I wonder how long before someone fits one of these (airsoft or not) onto a drone and starts causing havoc?


I've seen this as a payload for military UAVs (Hunter); it's a 700kg aircraft, though.

I don't think you could put the right electronics on a small quadcopter, but the gas powered quadcopters are perfectly capable -- anything which can carry a DSLR.

The nice thing about antennas is they're super directional (if desired), so really all you need is altitude, not necessarily maneuverability -- a tethered balloon or just being on top of a building would work fine. For SIGINT, you probably want longer loiter times than a small UAV will give you; a small UAV with wifi/cell would mainly be for tracking a moving target, or killing a target which happens to be radiating on a specific frequency (i.e. find/kill a certain cellphone).

In general the military cares more about cellular signals than wifi, at least so far.


Electrically powered multicopters can carry DSLRs quite easily. If it's supposed to carry expensive equipment, you'll want to use a hexa- or octocopter though.

Of course multicopter flight times, especially with payloads, are problematic.


I don't think a tethered balloon would be an ideal platform for such a directional antenna in any vaguely windy location, you need a lot of stability for it to be useful. I'm having difficult imagining any way to make that work which isn't essentially a stayed vertical support with the balloon ... probably not at net helping.


JLENS works with a variety of sensors (optical and RF) today, although I'm more familiar with the smaller systems (just a big tower with a payload on top)


Snowden documents (the ones Applebaum presented, possibly, if not others) confirm that US drones already do this in the countries our oligarchs don't like.

"In addition to the GILGAMESH system used by JSOC, the CIA uses a similar NSA platform known as SHENANIGANS. The operation – previously undisclosed – utilizes a pod on aircraft that vacuums up massive amounts of data from any wireless routers, computers, smart phones or other electronic devices that are within range." - http://privacysos.org/node/1323


Someone did that at defcon a few years ago.[1][2]

I think it used a surplus army target drone, with an ardupilot flight controller, and either an n900 or openmoko cellphone as the base for the onboard computer and wifi, bluetooth and 3g radios.

The general idea was you could connected to the drone via 3g or wifi to control it, and use the other radio to intercept signals. If necessary you could offload heavyweight computation to servers on the ground.

[1]https://www.defcon.org/html/defcon-19/dc-19-speakers.html#Ta...

[2]http://www.geek.com/geek-pick/wasp-the-linux-powered-flying-...


interesting - seems like the reverse use-case would also sense. soldier with one of these uses it to block guidance and communication systems going into a drone. range would be an issue i suppose.


I think overall it probably depends on how one defines havoc, who is behind such and where it takes place (some village in pashtunistan or some university campus). After all, the same action being described in a another context could be called "peacekeeping" and be accepted as such by vast swaths of a population.


Needs to pull out all that extra cable wrapped around the barrel. It's not helping the noise figure any.


For the love of everything that is holy, please do not get MITM'ed.


I don't find this interesting or cool; it's pretty disgusting and immoral for someone to spend their time 'hacking' weapons and then publishing an article detailing their work.


> it's pretty disgusting and immoral for someone to spend their time 'hacking' weapons and then publishing an article detailing their work.

Unstated major premises:

1. Weapons are inherently bad.

2. Modifying something bad is bad.

3. Publishing how to do bad things is bad.

Call me crazy, but I don't agree with any of those.


Well, it's probably at least lame. All this kinda crap is just some guy who had a free weekend and happens to have a decent podium to speak about it on. Clearly the device itself is useless because it's the opposite of what you want - something inconspicuous.


I sure hope you're joking... you are joking right?


Do you need any permission from government for hacking around with a rifle ?


This isn't a rifle, it is airsoft.

I actually think the rifle form factor is a horrible idea in use, due to people flipping out when a rifle is pointed at their building. But for shock value, it wins.

The ideal is probably to use a panel antenna on the back of a laptop, or some non threatening way to conceal a higher gain antenna. It would be cute if someone put all this in an SLR camera form factor, I think...a 70-200 f2.8 is big enough for a high gain yagi.


"I actually think the rifle form factor is a horrible idea in use, due to police flipping out when" they see them and shooting innocent children.

Fixed it for you: http://www.huffingtonpost.com/2013/10/23/andy-lopez_n_415281..., see also e.g. http://www.storyleak.com/airsoft/

This is a beyond horrible idea, it could easily get you killed. Use it in an apparently offensive manner, i.e. point it at someone, and the shooting would even be justified, unlike at least one of the two above incidents.


+1, it's not a good idea to use a rifle form factor. A good hack, but a bad idea considering others' reactions. I'm pretty comfortable with guns (raised in more rural Idaho), and I'm not particularly keen on the idea of seeing someone point a "rifle" out their window.


Sadly photographers often get hassled if they take photographs in public. At least, the do in the UK. It got so bad the Met police had tonissue guidelines to their officers about why it's okay for people to take photographs in public. http://content.met.police.uk/Site/photographyadvice that advice is written from the lerspective of the Police. It doesn't mention the extra protection given to journalistic material for example.

So, while it's not going to get you shot using a Hack-DSLR might get you arrested.


I've been "harassed" a few times over seas. Usually it involves accidently photographing near police stations or military installations, which is a pretty obvious no-no, except that the buildings were pretty non-descript and I had no idea what they were at the time.

It's only happened a few times: someone comes out and either tells me to stop, or yells at me in a language I don't speak very well, and I say "sorry" in whatever language and continue walking around.

I find that the trouble happens when photographers/travelers try to argue with the people harassing them.

Usually most the people I encounter just make a joke, smile, and encourage me to take photos.

Funny how far a smile gets you when you're traveling.


Yes, this is definitely not a real rifle and would definitely freak people out if you walked around with it, which I'm not going to do.


Why not a telescope?


I'd prefer a magic wand.


I like it!


In the US, you can modify a gun pretty much however you want (short of making it fully automatic, having a barrel that's "too short" per regulation, or building any form of suppressor).

But of course this is an airsoft gun, which you can modify to your heart's content.


As long as you are not using a lower receiver [1], it's not actually a rifle, just pieces of metal and plastic. The lower receiver is the actual firearm according to U.S. law. For example, these [2] are the non-rifle parts of an AR-15.

[1]: https://en.wikipedia.org/wiki/Lower_receiver

[2]: https://i.imgur.com/TozIZ7l.jpg


ITAR applies to certain accessories as well (optics, some suppressors, and I believe certain muzzle brakes). That's only an issue for export, though.

(and the "lower receiver" vs. "receiver" part is only for the AR-15 or rifles of similar design; lots of rifles have a single receiver, and for handguns it generally means the frame -- it's in reality a circular definition, with the receiver being the serialized part which is serialized because it's the receiver...)

It's really interesting with firearms like the Sig P250, where the interchangeable piece is on the "fire control group" and the rest of the firearm is totally interchangeable -- this is specifically because German regulations restrict people to owning two handguns, and this lets you have one firearm in multiple calibers, sizes, etc.

(Amazon's policy is even weirder..."anything in the firing path" is prohibited, but a lot of other accessories are commonly sold, and the policy isn't really uniformly enforced at that.)

Plus, in some countries they restrict airsoft and pellet guns (like this one) based on muzzle energy (or sometimes velocity). 3-6 J is a common limit.


Not in the US, up to a certain point. Certain kinds of weapons and weapon shapes are regulated.

As a rule of thumb, historically US law has reflected the following, "If it's not explicitly banned, it's OK. And if you do it while banned and it is kind of awesome, the law will change". This has changed considerably in many areas, but still generally holds true as an ideal.

edit: let's not downvote someone for asking a reasonable question. lots of places exist with lots of regulations.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: