+Mahesh Padmanabh Thanks!

Hi sammy, Nice video. I see you use alot of programming in some of your tutorials and I was woundering where you learn them. At the time, I only know c# but any other language is a bit difficult.

rockhopper123452 Thanks! Simply start with some basic tutorials. I learned everything online, there are so many amazing resources -- and I've learned a lot with trial and error (more error than trial). Be persistent, try different things, and follow areas you think are interesting!

I don't like wireless mice and keyboards, and I especially hate ones with proprietary protocols. Somewhere inside the company, some manager will probably have made the call to skip real security to cut their development and QA time.

Samy Kamkar what is the name of the intro? song

i need to know more about this device.. can it be fitted in an old nokia phone?

Thanks Rui Santos, me too!

Thanks Simon Ho!

Thanks Jay Bee!

Did you go to school for electrical engineering?

Brownkevin7 Hi, no, I did not go to school (I dropped out of high school). I learned most of the hardware stuff from the Internet the past year or two.

Samy Kamkar Really , No school? Im in school for computer science and kinda sad at the lack of electronics in it but love the programming. Ive been trying to teach myself but it seems like a lot of dedication. Any advice? thanks for the reply you seem like a brilliant person.

Brownkevin7 Cool! Programming is how I started in all of this too, and I only got into hardware recently with some basic Arduino stuff. The learning gap is actually very small, and fortunately it's getting smaller every day -- the cool thing is you can actually use your CS/programming skillZ for hardware using tools like Arduino, Teensy, Raspberry Pi, Beaglebone, etc. Plenty of tutorials out there on getting started, I'd suggest pick up a fun weekend project!

Samy Kamkar True! Any advice on a good book for learning electrical conversions like ohms and stuff like that, thats the only part im iffy on and like wiring and designing how id want to wire something, but thanks for the advice and reply i appreciate it you make dope videos and all of them will be getting likes and recommendation to people from me thanks again take care.

Thanks so much Pedro Cunha!

1234rghji Thanks!

Redwan Safi Thanks! Fortunately I re-recorded it 283 times until it sounded almost articulate!

***** Thanks Aaron!

@@samykamkar can you buy one of these already built in

Thanks Mladamas!

Torman2242 Thanks Torman! Looking forward to sharing more with you!

Samy Kamkar Thank you, I've been hoping that perhaps, I had not been able to get a successful lock due to grabbing the wrong library, missing a modification, etc. I've seen that some of the libraries modify the clock divisor etc. such as described in (maniacalbits.blogspot.com/2013/04/rf24-performance-improvement-wspi.html) so I thought perhaps it would be something simple that I'm doing wrong. I've added caps, additional voltage regulation boards, external highly regulated power supplies etc. so I was hoping for a revelation to get me back on track.

Brian Gray Does it show any potentials when scanning? What kind of keyboard? Have you tried holding a key down during the scan? For the regulated supply, have you tried a 3.3v regulated supply to the nRF chip with shared ground between Arduino and nRF? I assume you tried a 10uF+ cap directly on the nRF chip between + and GND? Have you made sure the wires between the Arduino and nRF aren't too long? Are you using a legitimate nRF chip (I've seen clones, more obvious when they're chip-on-board [epoxy glob instead of an SMD chip], that aren't capable of sniffing)?

Samy Kamkar The keyboards were purchased for this project and are the Microsoft 800 Model: 1455 described in your documentation. Matching FCCid etc. I have tested 2 separate keyboards holding shift, various other keys, and simple repetitive typing. On at least one occasion, I've seen some possibly related potential traffic while holding a key. This appears to have been a false positive every time? I've attempted several variations of supplying power. Raw from my FTDI cable, and various supply configurations from my KORAD KD3005D power supply including powering the nrf24L01+ with 3.3V + I don't recall if I've explicitly ensured a shared ground but I will configure a test of this within the next hour or so. I have added a 10uF cap to one of my nrf24L01+'s and also attempted using an addicore socket adapter board with another (www.amazon.com/gp/product/B00QOJACOA/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1). In addition, I have attempted testing with a Neewer® BLACK NRF24L01 + PA + LNA Wireless module (www.amazon.com/gp/product/B00H6ZO5Y4/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1) with similar lackluster results. None of the chips that I've been using appear to be clones that I'm aware of. I've iteratively shortened the attaching wires to where no wire is greater than 1.25" I have used both stranded and solid core 20 gauge wire over the past month. In attempt to narrow down possible issues, I've introduced additional hardware... and used an Arduino mega 2560 with various iterations of nrf chips, flash chip included, removed, etc. to see if I was simply having issues with solder joints or some other possible issue. [Intending to use the mega to interact with the mini pro via the backtrace functionality.] If I modify the code to replace if (p[4] == 0xCD) with (1) as also mentioned in these comments, I primarily receive a stream of FFFF... , with other occasional 'noise'. I similarly see streams of FFFF... when the backtrace option is enabled. Is this normal or possibly a sign of something I may be doing incorrectly, perhaps something you've seen? I don't see any connection faults, shorts, etc. I am unable to guarantee that I'm doing any of this properly. I am greatly appreciative of your quick replies and willingness to offer suggestions.

Brian Gray Have you double checked the wiring? One thing to note is many RF24 projects use pin 10 for CSN, but I use pin 8 (since the flash chip code is fixed to pin 10 and can't change) I'm not sure about the noise you're seeing, when I get back to the hardware in a day or two I'll do some testing. My immediate guess is something isn't wired properly -- and definitely make sure anything that is connected to something else are all sharing the same ground.

Samy Kamkar, I've gone through the wiring dozens of times. I have two others with their own hardware (in the same position as me) that have looked over my wiring. I 'think' I have the wiring done properly including the CSN switched from pin 10. The grounding was done appropriately in previous testing but I made an additional effort to make explicit ground points with the same result as previously mentioned. My next troubleshooting step will most likely be to load example nrf ping code to confirm that the hardware is functioning or not. All frustrations aside, this has been an interesting project to work with, thank you for sharing it.

Thanks nicknack125!

Thanks Joseph Calabria, hope you enjoy the vids!

Samy Kamkar I'm always waiting for another. A lot of help for a starting hacker/coder!

Max Richie Scientific remote spying. kzbin.info/www/bejne/epPXXoKcl7aHptk

+Stephen Pavis Thanks!

By the way they didn't even try to encrypt data. Using XOR is pathetic

@oH well,lord! base64 is better

Killberty, thanks! It was a blast. I'll keep working to provide you some fun information and content!

Samy Kamkar How a bout making a hardware keylogger (plugged begween an usb Keyboard and the pc) with a teensy 3.1? A cheap variant with flash storage and an expensive one with wireless? I know there are many around but none is documented and explained and high qualtiy (as i am used to by your videos) and this should not be too hard for you.

Killberty Cool idea -- I have an idea for something similar to a hardware keylogger...I have a few projects in the works for future vids and then will get back to a keylogging related one for you!

Samy Kamkar I would love to see this. I love you (nohomo). Can't wait for your next video. :)

Thanks Tasos!

Thanks Hans Förster! More videos on the way for you!

George Edwards you got it.

Thanks *****! More videos are coming up!

Thanks!

Thank you ulric rainard!

Thanks Jim Chamberlain! It probably started with someone performing a DoS attack on me when I was young...thought my brand new computer was fried! Scary and exciting at the same time...

#samyismyhero

Samy Kamkar So it is good to hear that a DoS attack has a silver lining. Keep up the good work and inspiring others to learn valuable skills.

Samy Kamkar But most of all, samy is my hero!

Thanks Blair!

Thanks Ed Armstrong!

Thanks Christian kaltoum!

Thanks *****!

Awesome, thanks Newton Gaire!

Samy Kamkar your Defcon "How i met your girlfriend " was also awesome.. i am starting in security sector.. what shall i start from . really love to know from an experienced person :D

Newton Gaire Awesome, thanks! I'd say just work on a project that's out of your reach -- it won't be for long, just set a goal for yourself that may seem tough and just work towards it in any way possible. Research, test, and be persistent! Even if you never complete it, the information you will learn on the way will be invaluable. Good luck!

Thanks Alan Moreno!

Thanks TCN0101!

Thanks Raees Mohammed! The Tubes of You, Twitter and my site are the only places I release stuff -- working on some new projects for you to check out!

Thanks grimthereeper!

KindAlcoholic Thanks, glad you enjoyed it!

Thanks Masterpieced! You got it

+b sals Thanks! Working on it!

Uki Malla, thanks for commenting! It's okay to not succeed in creating something, the fact that you even tried means you probably learned a lot along the way. I have a *ton* of projects I haven't completed, but each one I do I learn more information that helps me successfully create something else in a future project. Every little piece of information is like a building block and over time, you can put them together to construct some really amazing things. You can do so much without an Arduino by focusing on software and networking. One thing I had a lot of fun learning is network hacking, learning TCP/IP, common tools like tcpdump, nmap, ngrep, dsniff, etc, then building my own versions of those tools from scratch which *really* taught me how each piece works and works together. Good luck and thanks for commenting!

you are right to be paranoid. you are right.

Thanks Mohamed Mostafa :)

Hi Nicole Tutt, thanks for reaching out! It appears that out of the 11 wireless keyboards Microsoft offers, one of them does state it provides AES encryption (the 2000 model), however I haven't tested it and can't speak to the security around that model. I actually ran to Best Buy a few days ago to pick one up but while they offered several Microsoft wireless keyboards, they did not offer the 2000 model and none of the others mentioned encryption or AES.

I learned everything I know from him.

@@samykamkar 😂😂😂

Thanks Alexander Chen! Nope, in Los Angeles

Devesh singh Sweet! Let me know how the build goes!

Sung William Thanks! It's C for the Arduino and some PHP/Javascript on the web side.

Jesus Villanueva I believe Logitech uses similar nRF chips, though they use some form of AES encryption. It may be susceptible to other vulnerabilities, but it would require some deep investigation.

Hi XClann, they had a "Sculpt Ergonomic Keyboard" at Best Buy a few days ago but it had no mention of AES or encryption, however it never mentioned "for Business" like the one I see on Microsoft's site. I'll pick a new one up and check it out.

Hi Samy Kamkar . Thanks for the reply! Let me know if KeySweeper works on it.

Hey Mike Mck, yup, the lights are actually christmas lights I hacked, tied to an Arduino to control and added an nRF24L01+ chip for wireless control. Originally they were GE G35 christmas lights (RGB LEDs, independently addressable), which like all other christmas lights, have a box/remote that you control them with, but very limited in control unless you like flashing green and red. I cut off the box, tied an Arduino to the data line instead, and control it through that. Darco has a great writeup on reverse engineering the G35 lights proprietary protocol here: www.deepdarc.com/2010/11/27/hacking-christmas-lights/ I did this about 4 years ago before addressable LED strips were affordable (you could pick up a 50-strand of the G35 lights for $30 or so). These days when dealing with addressable LEDs, I prefer the WS2812B strands. You can see a custom panel I made with ~1000 LEDs, controlled wirelessly via iPad, here: kzbin.info/www/bejne/hZSuYYOtpNika8U And here I tied it to an Xbox Kinect for depth keying: kzbin.info/www/bejne/oZKzkpaGf9WbfZo

Thanks!

You can potentially find vulnerabilities in the sniffer itself. Using a keyboard with proper encryption (eg AES) solves the sniffing issue, however others have found that even AES encrypted keyboards are vulnerable to keystroke injection attacks (which I've also included in the KeySweeper source code).

Awesome, glad you enjoyed it *****!

why do you hack?

***** I like puzzles, but I quickly found digital puzzles (hacking!) has real world application...it feels pretty awesome to actually solve a puzzle, and all of the sudden have the actual *ability* to do something with that information or skill.

Thanks ghostrider090!

Thanks Kennedy Sanchez!

Thanks linutas!

The judge dreed is on your back ^^ Linas Dragûnas we doesn't like spy :)

consequences will never be the same

Thanks Claudio D.!

access denied you got it! Working on one now!

dude, this is an alpha project so you add whatever you feel is necessary to take it further.

Hey Killberty! In general I really like the Arduino Nano (with ATmega328), and you can get a clone on ebay for a few dollars. It's powerful enough for most projects, has a nice size, and is inexpensive. This project will *probably* work with an ATmega168 since the processor/timing-intensive stuff is moved off board onto the nRF and GSM chips, but I don't know if the 168 chip has enough space and memory for everything. It probably does but you'd need to test. Throw out some suggestions on videos...I'm here messing with car cig lighter modifications, totally unrelated to security and more with Arduino and power but may throw a vid on that up once I finish this circuit.

Samy Kamkar hey Samy, prepare for some cool video suggestions :D -Hardware Keylogger - additional challenge: make it one as small and one as cheap as possible -Teensy to reverse TCP meterpreter on windows + DNS + other things your creative mind will think of -Teensy built into a (HP brand pls) laptop for keylogging -Any Android via USB Hack (Pin code brute force plus anything cooler you might think of) -Teensy combined with storage to execute a program on it e.g. Mimikatz (github.com/gentilkiwi/mimikatz) or with procdump for not flagging anti virus (you smell the ducky, don't you? :D ) or some nirsoft tools to steal passwords ;) Also a question: My teensy will transmit keystrokes on ANY OS apart from Windows, on Win it will install drivers for keyboard/mouse/joystick which takes hours, so i can't prank my dad/friends by just plugging the teensy in for 1-2sec. Any workaround? PS: It works flawlessly on *nix, MacOS, even Android

Killberty These are awesome suggestions, thanks! I will work on something around at least one of these!

Samy Kamkar tahnks, what about the driver thing? ETA for your next videoß :)

Killberty Oh yeah, are you sure it can't just start typing (even if it does ask to install drivers)? I've been out of town but am working on two new projects -- hope to have something in the next two weeks for you!

Hi IMcPwn! Regarding the FONA, you're right, sorry about that! I use both for projects and linked to the one I didn't use, though they've been out of stock for a while in the uFL version. However don't fret, you can always solder the SMA connector off and connect a uFL connector, or connect an antenna directly after soldering it off, or cut a hole in the charger. Also, I hacked up a smaller antenna in my build -- you can actually cut off the plastic on most antennas to expose the wire inside, or steal an antenna from an old GSM phone, or make one from a wire. You can do a little research on making your own antenna, but it's just a wire cut to length, so you could just solder the SMA connector off and solder a wire to it and everything will fit! Hold on to the connector for future projects. I don't have any picture of this soldered as it's all glued up in my KeySweeper, though a schematic is provided in the git as well as the end of the page. You can look at how I wired things up in my Digital Ding Dong Ditch project though: samy.pl/dingdong/ Most pins should be the same but no guarantee, I would simply go off the schematic in the KeySweeper project. And thanks for the git love!

Bhuwan Mohan Check it out here! www.adafruit.com/products/1946

Hi Ess Aiche, thanks! I've updated the code with the pinout -- search for the word "flash": github.com/samyk/keysweeper/blob/master/keysweeper_mcu_src/keysweeper_mcu_src.ino