When Der Spiegel and Jacob Appelbaum published leaked pages of the National Security Agency's ANT Catalog—the collection of tools and software created for NSA's Tailored Access Operations (TAO) division—it triggered shock, awe, and a range of other emotions around the world. Among some hardware hackers and security researchers, it triggered something else, too—a desire to replicate the capabilities of TAO's toolbox to conduct research on how the same approaches might be used by other adversaries.This is kind of advanced hardware/software hacking, so I'm guessing most of my readers who would feel comfortable diving into this stuff have heard of this already, but maybe not. (Borepatch? Dr. Jim? You there?) You'll note that "Project creator Michael Ossmann " is said to be a radio frequency hardware engineer. That, of course, is what I do, although I've never worked in this area and I'll be the first to admit I'm weak at embedded software. Several projects seem to focus on a System On a Chip (SOC) from Texas Instruments called the C1111. For example the project "Turnipschool" embeds one of these TI chips onto what appears to be (or could be made to appear to be) a USB cable. Instant bugging of any communication of the USB bus - as well as injecting commands into the USB cable. Details for doing it yourself are at the project's webpage.
In less than 18 months since the catalog's leak, the NSA Playset project has done just that. The collection boasts over a dozen devices that put the power of the NSA's TAO into the hands of researchers. Project creator Michael Ossmann—a security researcher, radio frequency hardware engineer, and founder of Great Scott Gadgets—detailed the tools at a presentation during the Black Hat conference in Las Vegas last week, and he talked with Ars more about it this past weekend at DEF CON 23.
The same TI SOC is used in other places; as usual, once you learn how to use a device, people tend to come up with different uses for it. For example, Ossmann turned the out-of-production Mattel IM-Me "Girl-Tech" toy into a spectrum analyzer. Samy Kamkar, of Applied Hacking, turned one into a garage door opener, which will open every garage door that uses the standard radio keys. He explains in a video on that page how remarkably non-secure they are and how easy it is to open every garage door that uses that protocol.
There might well be some interesting and useful toys in their toybox. Check it out.