This repository has been archived by the owner on Oct 17, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
openproblems.html
245 lines (228 loc) · 39.3 KB
/
openproblems.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="chrome=1" />
<script type="text/javascript">/* Copyright 2008 Google. */ (function() { (function(){function e(a){this.t={};this.tick=function(a,c,b){this.t[a]=[void 0!=b?b:(new Date).getTime(),c];if(void 0==b)try{window.console.timeStamp("CSI/"+a)}catch(h){}};this.tick("start",null,a)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var f=0<d?new e(d):new e;window.jstiming={Timer:e,load:f};if(a){var c=a.navigationStart;0<c&&d>=c&&(window.jstiming.srt=d-c)}if(a){var b=window.jstiming.load;0<c&&d>=c&&(b.tick("_wtsrt",void 0,c),b.tick("wtsrt_","_wtsrt",
d),b.tick("tbsd_","wtsrt_"))}try{a=null,window.chrome&&window.chrome.csi&&(a=Math.floor(window.chrome.csi().pageT),b&&0<c&&(b.tick("_tbnd",void 0,window.chrome.csi().startE),b.tick("tbnd_","_tbnd",c))),null==a&&window.gtbExternal&&(a=window.gtbExternal.pageT()),null==a&&window.external&&(a=window.external.pageT,b&&0<c&&(b.tick("_tbnd",void 0,window.external.startE),b.tick("tbnd_","_tbnd",c))),a&&(window.jstiming.pt=a)}catch(g){}})(); })()
</script>
<link rel="shortcut icon" type="image/x-icon" href="http://www.google.com/images/icons/product/sites-16.ico" />
<link rel="apple-touch-icon" href="http://www.gstatic.com/sites/p/060b76/system/app/images/apple-touch-icon.png" type="image/png" />
<script type="text/javascript">/* Copyright 2008 Google. */ (function() { function d(a){return document.getElementById(a)}window.byId=d;function g(a){return a.replace(/^\s+|\s+$/g,"")}window.trim=g;var h=[],k=0;window.JOT_addListener=function(a,b,c){var f=new String(k++);a={eventName:a,handler:b,compId:c,key:f};h.push(a);return f};window.JOT_removeListenerByKey=function(a){for(var b=0;b<h.length;b++)if(h[b].key==a){h.splice(b,1);break}};window.JOT_removeAllListenersForName=function(a){for(var b=0;b<h.length;b++)h[b].eventName==a&&h.splice(b,1)};
window.JOT_postEvent=function(a,b,c){var f={eventName:a,eventSrc:b||{},payload:c||{}};if(window.JOT_fullyLoaded)for(b=h.length,c=0;c<b&&c<h.length;c++){var e=h[c];e&&e.eventName==a&&(f.listenerCompId=e.compId||"",(e="function"==typeof e.handler?e.handler:window[e.handler])&&e(f))}else window.JOT_delayedEvents.push({eventName:a,eventSrc:b,payload:c})};window.JOT_delayedEvents=[];window.JOT_fullyLoaded=!1;
window.JOT_formatRelativeToNow=function(a,b){a=((new Date).getTime()-a)/6E4;if(1440<=a||0>a)return null;var c=0;60<=a&&(a/=60,c=2);2<=a&&c++;return b?window.JOT_siteRelTimeStrs[c].replace("__duration__",Math.floor(a)):window.JOT_userRelTimeStrs[c].replace("__duration__",Math.floor(a))}; })()
</script>
<script>
var breadcrumbs = [{"path":"/openproblems","deleted":false,"title":"Open Problems","dir":"ltr"}];
var JOT_clearDotPath = 'http://www.gstatic.com/sites/p/060b76/system/app/images/cleardot.gif';
var JOT_userRelTimeStrs = ["a minute ago","__duration__ minutes ago","an hour ago","__duration__ hours ago"];
var webspace = {"gvizGstaticVersion":"current","enableAnalytics":true,"pageSharingId":"jotspot_page","enableUniversalAnalytics":false,"sharingPolicy":"OPENED","siteTitle":"NSA Playset","onepickUrl":"https://docs.google.com/picker","adsensePublisherId":null,"features":{"oAuthForChartsApi":true,"contactStoreMigrationPollForGapi":true,"gapiLoaderUtil":true,"moreMobileStyleImprovements":null,"googleChartsOverGstatic":false,"picasaAlbumInsert":false,"pageDrafts":false,"enableJot2Atari":true,"plusBadge":false,"pdfEmbedSupport":false},"isPublic":true,"newSitesBaseUrl":"https://sites.google.com","isConsumer":true,"serverFlags":{"cajaBaseUrl":"//www.gstatic.com/caja","cajaDebugMode":false},"domainAnalyticsAccountId":"","plusPageId":"","signInUrl":"https://accounts.google.com/AccountChooser?continue\u003dhttp://sites.google.com/site/nsaplayset/openproblems\u0026service\u003djotspot","analyticsAccountId":"UA-53153716-1","scottyUrl":"/_/upload","homePath":"/","siteNoticeUrlEnabled":null,"plusPageUrl":"","adsensePromoClickedOrSiteIneligible":true,"csiReportUri":"http://csi.gstatic.com/csi","sharingId":"jotspot","termsUrl":"//www.google.com/intl/en/policies/terms/","gvizVersion":1,"editorResources":{"sitelayout":["http://www.gstatic.com/sites/p/060b76/system/app/css/sitelayouteditor.css"],"text":["http://www.gstatic.com/sites/p/060b76/system/js/codemirror.js","http://www.gstatic.com/sites/p/060b76/system/app/css/codemirror_css.css","http://www.gstatic.com/sites/p/060b76/system/js/trog_edit__en.js","http://www.gstatic.com/sites/p/060b76/system/app/css/trogedit.css","/_/rsrc/1516783679000/system/app/css/editor.css","http://www.gstatic.com/sites/p/060b76/system/app/css/codeeditor.css","/_/rsrc/1516783679000/system/app/css/camelot/editor-jfk.css"]},"sharingUrlPrefix":"/_/sharing","isAdsenseEnabled":true,"domain":"defaultdomain","baseUri":"","name":"nsaplayset","siteTemplateId":false,"siteNoticeRevision":null,"siteNoticeUrlAddress":null,"siteNoticeMessage":null,"page":{"isRtlLocale":false,"canDeleteWebspace":null,"isPageDraft":null,"parentPath":null,"parentWuid":null,"siteLocale":"en","timeZone":"America/Los_Angeles","type":"text","title":"Open Problems","locale":"en","wuid":"wuid:gx:118ac8831556dde","revision":17,"path":"/openproblems","isSiteRtlLocale":false,"pageInheritsPermissions":null,"name":"openproblems","canChangePath":true,"state":"","properties":{},"bidiEnabled":false,"currentTemplate":{"path":"/system/app/pagetemplates/text","title":"Web Page"}},"canPublishScriptToAnyone":true,"user":{"keyboardShortcuts":true,"sessionIndex":"","onePickToken":"","guest_":true,"displayNameOrEmail":"guest","userName":"guest","uid":"","renderMobile":false,"domain":"","namespace":"","hasWriteAccess":false,"namespaceUser":false,"primaryEmail":"guest","hasAdminAccess":false},"gadgets":{"baseUri":"/system/app/pages/gadgets"}};
webspace.page.breadcrumbs = breadcrumbs;
var JOT_siteRelTimeStrs = ["a minute ago","__duration__ minutes ago","an hour ago","__duration__ hours ago"];
</script>
<script type="text/javascript">
window.jstiming.load.tick('scl');
</script>
<link rel="canonical" href="openproblems.html" />
<meta name="title" content="Open Problems - NSA Playset" />
<meta itemprop="name" content="Open Problems - NSA Playset" />
<meta property="og:title" content="Open Problems - NSA Playset" />
<style type="text/css">
</style>
<link rel="stylesheet" type="text/css" href="http://www.gstatic.com/sites/p/060b76/system/app/themes/treehouse/standard-css-treehouse-ltr-ltr.css" />
<link rel="stylesheet" type="text/css" href="_/rsrc/1516783679000/system/app/css/overlay.css%3Fcb=treehouse3a%2525215goog-ws-nav-leftnonemiddlestandard.css" />
<link rel="stylesheet" type="text/css" href="_/rsrc/1516783679000/system/app/css/camelot/allthemes-view.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/system/app/css/camelot/allthemes%2die.css" />
<![endif]-->
<title>Open Problems - NSA Playset</title>
<meta itemprop="image" content="/_/rsrc/1431365516508/config/customLogo.gif?revision=1" />
<meta property="og:image" content="/_/rsrc/1431365516508/config/customLogo.gif?revision=1" />
<script type="text/javascript">
window.jstiming.load.tick('cl');
</script>
</head>
<body xmlns="http://www.google.com/ns/jotspot" id="body" class=" en ">
<div id="sites-page-toolbar" class="sites-header-divider">
<div xmlns="http://www.w3.org/1999/xhtml" id="sites-status" class="sites-status" style="display:none;"><div id="sites-notice" class="sites-notice" role="status" aria-live="assertive"> </div></div>
</div>
<div id="sites-chrome-everything-scrollbar">
<div id="sites-chrome-everything" class="">
<div id="sites-chrome-page-wrapper" style="direction: ltr">
<div id="sites-chrome-page-wrapper-inside">
<div xmlns="http://www.w3.org/1999/xhtml" id="sites-chrome-header-wrapper" style="height:auto;">
<table id="sites-chrome-header" class="sites-layout-hbox" cellspacing="0" style="height:auto;">
<tr class="sites-header-primary-row" id="sites-chrome-userheader">
<td id="sites-header-title" class="sites-chrome-header-valign-middle"><div class="sites-header-cell-buffer-wrapper"><h2><a href="index.html" id="sites-chrome-userheader-logo"><img id="logo-img-id" src="_/rsrc/1431365516508/config/customLogo.gif%3Frevision=1" alt="NSA Playset" class="sites-logo sites-chrome-header-valign-middle " /></a></h2></div></td><td class="sites-layout-searchbox sites-chrome-header-valign-middle "><div class="sites-header-cell-buffer-wrapper"><form id="sites-searchbox-form" action="http://www.nsaplayset.org/system/app/pages/search" role="search"><input type="hidden" id="sites-searchbox-scope" name="scope" value="search-site" /><input type="text" id="jot-ui-searchInput" name="q" size="20" value="" aria-label="Search this site" /><div id="sites-searchbox-button-set" class="goog-inline-block"><div role="button" id="sites-searchbox-search-button" class="goog-inline-block jfk-button jfk-button-standard" tabindex="0">Search this site</div></div></form></div></td>
</tr>
<tr class="sites-header-secondary-row" id="sites-chrome-horizontal-nav">
<td colspan="2" id="sites-chrome-header-horizontal-nav-container" role="navigation">
<div class="sites-header-nav"><ul class="sites-header-nav-container-boxes"></ul><div style="clear: both;"></div></div>
</td>
</tr>
</table>
</div>
<div id="sites-chrome-main-wrapper">
<div id="sites-chrome-main-wrapper-inside">
<table id="sites-chrome-main" class="sites-layout-hbox" cellspacing="0" cellpadding="{scmCellpadding}" border="0">
<tr>
<td id="sites-chrome-sidebar-left" class="sites-layout-sidebar-left initial" style="width:215px">
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_5142628541216254" class="sites-embed" role="navigation"><h4 class="sites-embed-title">Site Information</h4><div class="sites-embed-content sites-sidebar-nav"><ul role="navigation" jotId="navList"><li class="nav-first "><div dir="ltr" style="padding-left: 5px;"><a href="contributions.html" jotId="wuid:gx:73572340a4d7d68" class="sites-navigation-link">Contributions</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="project-requirements.html" jotId="wuid:gx:16dc550e910f434e" class="sites-navigation-link">Project Requirements</a></div></li><li class=""><div class="current-bg" jotId="wuid:gx:118ac8831556dde" dir="ltr" style="padding-left: 5px;">Open Problems</div></li></ul></div></div>
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_31104189599864185" class="sites-embed" role="navigation"><h4 class="sites-embed-title">Passive Radio Interception</h4><div class="sites-embed-content sites-sidebar-nav"><ul role="navigation" jotId="navList"><li class="nav-first "><div dir="ltr" style="padding-left: 5px;"><a href="twilightvegetable.html" jotId="wuid:gx:2da1075785ceecdb" class="sites-navigation-link">TWILIGHTVEGETABLE (GSM)</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="leviticus.html" jotId="wuid:gx:34aeae76810b9e43" class="sites-navigation-link">LEVITICUS</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="drizzlechair.html" jotId="wuid:gx:2a2a5ea210f583a4" class="sites-navigation-link">DRIZZLECHAIR</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="porcupinemasquerade.html" jotId="wuid:gx:2a6c66f65b06714f" class="sites-navigation-link">PORCUPINEMASQUERADE (WiFi)</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="keysweeper.html" jotId="wuid:gx:59b13dfad3e593a4" class="sites-navigation-link">KEYSWEEPER</a></div></li></ul></div></div>
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_23754884558729827" class="sites-embed" role="navigation"><h4 class="sites-embed-title">Physical Domination</h4><div class="sites-embed-content sites-sidebar-nav"><ul role="navigation" jotId="navList"><li class="nav-first "><div dir="ltr" style="padding-left: 5px;"><a href="slotscreamer.html" jotId="wuid:gx:34cc9a73b3e6d40d" class="sites-navigation-link">SLOTSCREAMER (PCI)</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="adapternoodle.html" jotId="wuid:gx:3cc7cb5b3233e29d" class="sites-navigation-link">ADAPTERNOODLE (USB)</a></div></li></ul></div></div>
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_4615275689866394" class="sites-embed" role="navigation"><h4 class="sites-embed-title">Hardware Implants</h4><div class="sites-embed-content sites-sidebar-nav"><ul role="navigation" jotId="navList"><li class="nav-first "><div dir="ltr" style="padding-left: 5px;"><a href="chuckwagon.html" jotId="wuid:gx:b2c0f7514988658" class="sites-navigation-link">CHUCKWAGON</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="turnipschool.html" jotId="wuid:gx:11a6d64c7cf7c7b8" class="sites-navigation-link">TURNIPSCHOOL</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="blinkercough.html" jotId="wuid:gx:2284c752b5f6bf26" class="sites-navigation-link">BLINKERCOUGH</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="saviorburst.html" jotId="wuid:gx:b9382ce566adc6e" class="sites-navigation-link">SAVIORBURST</a></div></li></ul></div></div>
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_9232020119670779" class="sites-embed" role="navigation"><h4 class="sites-embed-title">Active Radio Injection</h4><div class="sites-embed-content sites-sidebar-nav"><ul role="navigation" jotId="navList"><li class="nav-first "><div dir="ltr" style="padding-left: 5px;"><a href="cactustutu.html" jotId="wuid:gx:57e12325b2124b43" class="sites-navigation-link">CACTUSTUTU</a></div></li><li class=""><div dir="ltr" style="padding-left: 5px;"><a href="tinyalamo.html" jotId="wuid:gx:251b28d1e5ce6c27" class="sites-navigation-link">TINYALAMO (BT)</a></div></li></ul></div></div>
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_11000228417105973" class="sites-embed" role="navigation"><h4 class="sites-embed-title">RETROREFLECTORS</h4><div class="sites-embed-content sites-sidebar-nav"><ul role="navigation" jotId="navList"><li class="nav-first "><div dir="ltr" style="padding-left: 5px;"><a href="congaflock.html" jotId="wuid:gx:2d15fb924b03dcfb" class="sites-navigation-link">CONGAFLOCK</a></div></li></ul></div></div>
</td>
<td id="sites-canvas-wrapper">
<div id="sites-canvas" role="main">
<div id="goog-ws-editor-toolbar-container"> </div>
<div xmlns="http://www.w3.org/1999/xhtml" id="title-crumbs" style="">
</div>
<h3 xmlns="http://www.w3.org/1999/xhtml" id="sites-page-title-header" style="" align="left">
<span id="sites-page-title" dir="ltr" tabindex="-1" style="outline: none">Open Problems</span>
</h3>
<div id="sites-canvas-main" class="sites-canvas-main">
<div id="sites-canvas-main-content">
<table xmlns="http://www.w3.org/1999/xhtml" cellspacing="0" class="sites-layout-name-one-column sites-layout-hbox"><tbody><tr><td class="sites-layout-tile sites-tile-name-content-1"><div dir="ltr"><div>The following is an annotated list of ANT projects pulled from : <a href="https://en.wikipedia.org/wiki/NSA_ANT_catalog">https://en.wikipedia.org/wiki/NSA_ANT_catalog</a></div><div><a href="http://www.nsaplayset.org/goog_987123711">http://cryptome.org/2014/01/nsa-codenames.htm</a></div><div><a href="nsa_ant_catalog.pdf">http://www.nsaplayset.org/nsa_ant_catalog.pdf</a></div><div><br /></div><div><span style="background-color:rgb(255,0,0)">NEEDED</span> <span style="background-color:rgb(255,153,0)">WANTED</span> <span style="background-color:rgb(255,255,0)">UNDER DEVELOPMENT</span> <span style="background-color:rgb(0,255,0)">COVERED</span> <span style="background-color:rgb(0,255,255)">UNINTERESTING</span></div><div><br /></div><div><span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:rgb(255,255,0)">Plug-N-Pwn:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">COTTONMOUTH-I: </span><span style="font-family:Arial;white-space:pre-wrap;font-size:10pt;background-color:transparent">COTTONMOUTH-I is a USB plug that uses TRINITY as digital core and HOWLERMONKEY as RF transceiver. Cost in 2008 was slightly above $1M for 50 units.</span></p></span><span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">COTTONMOUTH: (see image at right) A family of modified USB and Ethernet connectors that can be used to install Trojan horse software and work as wireless bridges, providing covert remote access to the target machine. </span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">COTTONMOUTH-II is deployed in a USB socket (rather than plug), and costs only $200K per 50 units, but requires further integration in the target machine to turn into a deployed system.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">COTTONMOUTH-III is a stacked Ethernet and USB plug costing approximately $1.25M for 50 units.</span></p><div><span><br /></span></div><div><span><i>The USB components are covered by ADAPTERNOODLE. SLOTSCREAMER intends to act as a generic DMA over PCI via PCI jumpers, ExpressCard, and Thunderbolt.</i></span></div><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:rgb(255,153,0)">Network Recon:</span></p>BANANAGLEE : High level Cisco/Juniper trojan<br />ZESTYLEAK: High level Juniper trojan<br />JETPLOW(6): firmware rootkit for cisco routers<br />FEEDTROUGH(3) : BIOS rootkit for Juniper netscreen firewalls<br />GOURMETTROUGH(4): BIOS rootkit for other Juniper firewalls<br />SOUFFLETROUGH(7): BIOS rootkit for Juniper SSG 500 and 300<br />HALLUXWATER(5): boot ROM rootkit for Huawei routers<br />HEADWATER(8): trojan for Huawei routers<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><br /></span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">SCHOOLMONTANA(9): rootkit for Juniper J-series routers/firewalls</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">SIERRAMONTANA(10): rootkit for Juniper M-series routers/firewalls</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">STUCCOMONTANA(11): rootkit for Juniper T-series routers/firewalls</span></p><div><span><br /></span></div><div><span><i>While we don't need to recreate tools for these specific use cases, it would be interesting to recreate some high level / low level functionality in other commercial routers.</i></span></div><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:transparent">GSM Stuff:</span><span style="font-size:15px;font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><span style="white-space:pre"> </span></span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">CANDYGRAM(35): A $40,000 tripwire device that emulates a GSM cellphone tower.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">CYCLONE-HX9: EGSM base station router</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">EBSR(38): 1 watt (pico class) GSM base station</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">NEBULA(41): (macro class) Base station router GSM/UMTS/CDMA2000/ LTE coming soon*</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">TYPHON HX(42): GSM base station router</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">HOLLOWPOINT: GSM/UTMS/CSMA2000/FRS signal platform. Operates In the 10MHz to 4GHz range. Includes receiver and antenna. Can both transmit and receive.</span></p><div><span style="font-family:Arial;line-height:15.333332061767578px;white-space:pre-wrap">WATERWITCH(43): A portable "finishing tool" that allows the operator to find the precise location of a nearby mobile phones.</span></div><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><span style="background-color:rgb(255,255,0)">GENESIS(40):</span> Modified GSM handset (Motorola SLVR L9) to sniff and monitor traffic (covered by TWILIGHTVEGETABLE)</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">PICASSO(32): Modified GSM handset for jamming, sniffing, recording from microphone</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">ENTOURAGE(39): locates wireless devices (phones etc)</span></p><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:rgb(255,153,0)">SIM stuff:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">GOPHERSET: SIM implant to exfiltrate Phonebook, SMS/Call logs</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">MONKEYCALENDAR: SIM implant to exfiltrate location data</span></p><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:rgb(255,153,0)">Phone rootkits:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">TOTECHASER(33) : Windows CE trojan</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">TOTEGHOSTLY(34): Windows mobile trojan</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">DROPOUTJEEP(29): iPhone trojan</span></p><div><span><br /></span></div><div><span><i>Clearly Windows CE and Mobile aren't super interesting, but it would be nice to be able to provide baseline rootkit functionality for iOS and Android.</i></span></div><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:rgb(255,0,0)">Retro-Reflectors:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">RAGEMASTER(48): bugged video cable</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">LOUDAUTO: $30 audio-based RF retro-reflector listening device.[19]</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">CTX4000: Used to light up TAWDRYYARD etc</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">PHOTOANGLO(16): upgrade of CTX4000</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">NIGHTWATCH(15): Portable computer used to reconstruct and display video data from VAGRANT signals; used in conjunction with a radar source like the CTX4000 to illuminate the target in order to receive data from it.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">TAWDRYYARD: locator beacon, when it detects a certain signal, it sends one back</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">SURLYSPAWN(28): Keystroke monitor technology that can be used on remote computers that are not internet connected.</span></p><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap">Firmware Implants:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><span style="background-color:rgb(255,153,0)">IRATEMONK(21):</span> Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate, and Western Digital.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><span style="background-color:rgb(255,153,0)">IRONCHEF:</span> Technology that can "infect" networks by installing itself in a computer I/O BIOS.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">DEITYBOUNCE: Technology that installs a backdoor software implant on Dell PowerEdge servers via the motherboard BIOS and RAID controller(s).</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">SWAP: Technology that can reflash the BIOS of multiprocessor systems that run FreeBSD, Linux, Solaris, or Windows.</span></p><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap">Hardware Implants:</span></p><p style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">WAGONBED: I2C module for remote </span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">CROSSBEAM : GSM module that mates a modified commercial cellular product with a WAGONBED controller board.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">BULLDOZER: Technology that creates a hidden wireless bridge allowing NSA personnel to remotely control a system wirelessly.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">FIREWALK: A device that looks identical to a standard RJ45 socket that allows data to be monitored/injected </span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><br /></span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:rgb(0,255,0)">Software Implants:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">WISTFULTOLL: Collects “forensic information” from windows machines.</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">SOMBERKNAVE: Software that can be implanted on a Windows XP system allowing it to be remotely controlled from NSA headquarters.</span></p><div><br /></div><div><i>Can we just call this good with meterpreter and dumpcreds etc?</i></div><br /><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap;background-color:rgb(0,255,255)">Generic hardware:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">JUNIORMINT(22): tiny board for hidden implants</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">TRINITY(26): tiny microcontroler for hidden implants</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">MAESTRO-II(23): a multi-chip module approximately the size of a dime that serves as the hardware core of several other products. The module contains a 66 MHz ARM7 processor, 4 MB of flash, 8 MB of RAM, and a FPGA with 500,000 gates. Unit cost: $3–4K (in 2008). It replaces the previous generation modules which were based on the HC12 microcontroller.</span></p></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap">HOWLERMONKEY: tiny, generic RF transceiver</span></p><div><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><br /></span></div><div><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><i>All of these tools are essentially trimmed down versions of existing hardware, which even if we were to recreate them, wouldn't do much good except as components in other playset projects.</i></span></div><div><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><br /></span></div><span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-weight:bold;vertical-align:baseline;white-space:pre-wrap">Wifi Tools:</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><span style="background-color:rgb(255,0,0)">NIGHTSTAND(14):</span> Portable system that wirelessly installs Microsoft Windows exploits from a distance of up to eight miles.</span></p><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><span style="background-color:rgb(255,0,0)">SPARROW II(17):</span> WLAN monitoring from a UAV</span></span></div><div><span><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><br /></span></span></div><div><span><span style="font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><i>NIGHTSTAND is essentially a pineapple (or even a netbook) with a powerful directional antenna. Should be easy enough to throw together.</i></span></span></div><div><font face="Arial"><span style="white-space:pre-wrap"><i>Several WiFi UAV projects have been demoed at hacker cons. If someone could throw a kit together, it would make a great replica of the SPARROW system.</i></span></font></div></div></td></tr></tbody></table>
</div>
</div>
<div id="sites-canvas-bottom-panel">
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_page-subpages"> </div>
<div id="sites-attachments-container">
</div>
<a xmlns="http://www.w3.org/1999/xhtml" name="page-comments"></a>
<div xmlns="http://www.w3.org/1999/xhtml" id="COMP_page-comments"><div class="sites-comment-docos-wrapper"><div class="sites-comment-docos"><div class="sites-comment-docos-background"></div><div class="sites-comment-docos-header"><div class="sites-comment-docos-header-title">Comments</div></div><div id="sites-comment-docos-pane" class="sites-comment-docos-pane"></div></div></div></div>
</div>
</div>
</td>
</tr>
</table>
</div>
</div>
<div id="sites-chrome-footer-wrapper">
<div id="sites-chrome-footer-wrapper-inside">
<div id="sites-chrome-footer">
</div>
</div>
</div>
</div>
</div>
<div id="sites-chrome-adminfooter-container">
<div xmlns="http://www.w3.org/1999/xhtml" class="sites-adminfooter" role="navigation"><p><a class="sites-system-link" href="https://www.google.com/a/UniversalLogin?continue=http://sites.google.com/site/nsaplayset/openproblems&service=jotspot">Sign in</a><span aria-hidden="true">|</span><a class="sites-system-link" href="http://sites.google.com/site/nsaplayset/system/app/pages/reportAbuse" target="_blank">Report Abuse</a><span aria-hidden="true">|</span><a class="sites-system-link" href="javascript:;" onclick="window.open(webspace.printUrl)">Print Page</a><span aria-hidden="true">|</span><span class="sites-system-link">Powered By</span> <b class="powered-by"><a href="http://sites.google.com">Google Sites</a></b></p></div>
</div>
</div>
</div>
<div id="sites-chrome-onebar-footer">
</div>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
window.jstiming.load.tick('sjl');
</script>
<script xmlns="http://www.w3.org/1999/xhtml" src="http://www.gstatic.com/sites/p/060b76/system/js/jot_min_view__en.js"></script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
window.jstiming.load.tick('jl');
</script>
<script xmlns="http://www.w3.org/1999/xhtml">
sites.core.Analytics.createTracker();
sites.core.Analytics.trackPageview();
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
sites.Searchbox.initialize(
'sites-searchbox-search-button',
{"object":[]}['object'],
'search-site',
{"label":"Configure search options...","url":"/system/app/pages/admin/settings"});
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
gsites.HoverPopupMenu.createSiteDropdownMenus('sites-header-nav-dropdown', false);
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" defer="true">
JOT_setupNav("5142628541216254", "Site Information", false);
JOT_addListener('titleChange', 'JOT_NAVIGATION_titleChange', 'COMP_5142628541216254');
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" defer="true">
JOT_setupNav("31104189599864185", "Passive Radio Interception", false);
JOT_addListener('titleChange', 'JOT_NAVIGATION_titleChange', 'COMP_31104189599864185');
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" defer="true">
JOT_setupNav("23754884558729827", "Physical Domination", false);
JOT_addListener('titleChange', 'JOT_NAVIGATION_titleChange', 'COMP_23754884558729827');
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" defer="true">
JOT_setupNav("4615275689866394", "Hardware Implants", false);
JOT_addListener('titleChange', 'JOT_NAVIGATION_titleChange', 'COMP_4615275689866394');
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" defer="true">
JOT_setupNav("9232020119670779", "Active Radio Injection", false);
JOT_addListener('titleChange', 'JOT_NAVIGATION_titleChange', 'COMP_9232020119670779');
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" defer="true">
JOT_setupNav("11000228417105973", "RETROREFLECTORS", false);
JOT_addListener('titleChange', 'JOT_NAVIGATION_titleChange', 'COMP_11000228417105973');
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
new sites.CommentPane('//docs.google.com/comments/d/AAHRpnXsPxZjbAZh3TEOF-thhM7zMOiVsM_OrVn102M6zxRm76nTTSXRohAqnIprQQEyXLBZLDwG4BRzGPu6L2btbWHs0EcdV_SfnyYL83Ljwru-9tsUlSqb81M-rNfcdZfMjc9N_HArk/api/js?anon=true',
false, false);
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
setTimeout(function() {
var fingerprint = gsites.date.TimeZone.getFingerprint([1109635200000, 1128902400000, 1130657000000, 1143333000000, 1143806400000, 1145000000000, 1146380000000, 1152489600000, 1159800000000, 1159500000000, 1162095000000, 1162075000000, 1162105500000]);
gsites.Xhr.send('http://www.nsaplayset.org/_/tz', null, null, 'GET', null, null, { afjstz: fingerprint });
}, 500);
</script>
<script xmlns="http://www.w3.org/1999/xhtml">
window.onload = function() {
if (false) {
JOT_setMobilePreview();
}
var loadTimer = window.jstiming.load;
loadTimer.tick("ol");
loadTimer["name"] = "load," + webspace.page.type + ",user_page";
window.jstiming.report(loadTimer, {}, 'http://csi.gstatic.com/csi');
}
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
JOT_insertAnalyticsCode(false,
false);
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
var maestroRunner = new gsites.pages.view.SitesMaestroRunner(
webspace, "en");
maestroRunner.initListeners();
maestroRunner.installEditRender();
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript" defer="true">
//<![CDATA[
// Decorate any fastUI buttons on the page with a class of 'goog-button'.
if (webspace.user.hasWriteAccess) {
JOT_decorateButtons();
}
// Fires delayed events.
(function() {
JOT_fullyLoaded = true;
var delayedEvents = JOT_delayedEvents;
for (var x = 0; x < delayedEvents.length; x++) {
var event = delayedEvents[x];
JOT_postEvent(event.eventName, event.eventSrc, event.payload);
}
JOT_delayedEvents = null;
JOT_postEvent('pageLoaded');
})();
//]]>
</script>
<script xmlns="http://www.w3.org/1999/xhtml" type="text/javascript">
JOT_postEvent('decorateGvizCharts');
</script>
<script type="text/javascript">
JOT_setupPostRenderingManager();
</script>
<script type="text/javascript">
JOT_postEvent('renderPlus', null, 'sites-chrome-main');
</script>
<div id="server-timer-div" style="display:none"> </div>
<script type="text/javascript">
window.jstiming.load.tick('render');
JOT_postEvent('usercontentrendered', this);
</script>
</body>
</html>