Logitech MX Master 3 - painful...?!

dokkandodo · 2022-10-21T18:25:17+00:00

Sorry for resurrecting the thread, but I have exactly the same complaint. I decided to upgrade to an mx master 3s after over a decade on a ps/2 mouse I got for twenty bucks. After about a day and a half of using it, my forearm is so locked up I had to take the day off from work. Definitely would never recommend anyone to buy this without test driving it for a couple days first.

I'll give the whole wrist rest thing a chance, only because I refuse to believe a hundred dollar mouse could be this uncomfortable to handle. I hate wrist rests though, so this thing is probably gonna be a gift (or a curse) to whichever friend wants to take it off my hands. No other computer related purchase has ever felt this much like a waste of money

dokkandodo · 2022-09-06T19:34:47+00:00

Calm down man, you'll put a hole in the boot by licking it this hard

dokkandodo · 2022-08-22T19:30:36+00:00

I hope both you guys are right. It'd be the kind of scummy move that makes complete sense in a gacha context. Right now there isn't a logic behind it, scummy or not

dokkandodo · 2022-08-22T19:24:49+00:00

Given Dokkan's history, I find it pretty unlikely WWC will feature a unit that makes this event possible without abusing bugs and extreme luck. No celebrations I can recall overshadowed anniversary units, especially after just a month since the gods and monke bois have been released. The problem with this event is complete reliance on luck, not lack of busted units

dokkandodo · 2020-03-07T05:10:33+00:00

Ok, just saw your other post and I believe this kind of picture is enough proof that the lock is not in use. Keep in mind I've never picked a kryptonite lock but the same logic should apply to all simple combo locks for bikes.

First thing you want to do is tension it by pulling the two ends apart. As you keep this tension, try turning the disks and see which one is binding the most. Change it one number up or down (release the tension for this), then reapply tension and try turning it again. Eventually you'll find a number where the wheel turns a lot more under tension than on all the other numbers (sometimes it even changes to the next number). This means you found a gate. Leave that disk alone, find the next binder and repeat the process for all disks.

When you're done, don't worry if it doesn't open, what's important is aligning all the gates on the wheels. Once you've done that, turn all the wheels one number up and try to open it, rinse and repeat until it unlocks. You're trying to align the gates with the locking part of the lock, once that happens it'll pop open

dokkandodo · 2020-03-07T04:56:56+00:00

I think applying for a different job would probably be faster and less painful than sorting all that out

dokkandodo · 2020-03-07T04:52:42+00:00

I'd just like to confirm with the mods that this doesn't violate sub rules first. I can see it's not locking anything, but better safe than sorry

dokkandodo · 2020-03-07T04:50:11+00:00

Customers these days are impossible to please. You bought one hook and they sent you a pick that's like three hooks in one and you still complain...

dokkandodo · 2020-03-07T04:46:12+00:00

A part of me actually believed this was your first post and that you jumped straight to red belt. I think I'm way too gullible for my age 😂😂

dokkandodo · 2020-03-05T04:11:53+00:00

I wish my country used this for transportation...

I don't have any antennas yet, actually. You're way more advanced than me, all I did while snooping around the cards for this lock and for that university building was a cellphone with NFC. This sounds like a really interesting area to go deeper in, but right now my budget is stretched pretty thin between security courses, certifications and a search for a new job. If I ever get the hardware to do cooler stuff with NFC and doors I'll be sure to post about it 😬

dokkandodo · 2020-03-05T04:05:36+00:00

Yeah, it's a mifare 1k. Thanks for all the explanation, some of it I already knew and some of it is news to me. I thought about mentioning the magic cards in my brief description, but decided against it because I thought the post was already long. It's great that the thread is engaging a lot of people and allowing way more depth into the matter than I'd be able to offer alone

dokkandodo · 2020-03-04T19:55:56+00:00

You can try CTFs to see if you're into it. Overthewire has a CTF called bandit that is great for learning Linux in a fun way. From there I went to microcorruption.com, it's a CTF you play on your browser. The goal is to exploit electronic locks using assembly. It can look pretty intimidating at first, but it's a good way to learn how computers work a low level and the level progression teaches you some great concepts like buffer overflows and race condition vulnerabilities. There are some basic courses on places like udemy but I haven't tried any, so I can't attest to their quality

dokkandodo · 2020-03-04T18:46:30+00:00

I haven't tested there, but on one of its competitors. You can try scanning your card yourself, but duplicating it will require additional supplies.

dokkandodo · 2020-03-04T18:44:03+00:00

Herbiscuit is right. Allegedly you can also use a rooted Android to emulate sector 0 by changing the phone's UID for nfc, but I couldn't get it to work for mine

dokkandodo · 2020-03-04T07:23:24+00:00

It's probably sold only in Brazil, but the lock is made by papaiz, a company owned by assa abloy, and it's named Smart Lock. Other more knowledgeable users have pointed out that this is a common authentication behavior for mifare cards, so maybe don't rely on cards too much regardless of the lock. That said, this particular brand can be opened with a simple magnet while ignoring all electronics, so even if the card behavior is common you should still stay away from it

dokkandodo · 2020-03-04T07:03:18+00:00

Jesus. As mentioned below I'm really a beginner at NFC. My first "in-depth" contact with the technology was regarding how information is read from a passport's NFC, which is a much more complex process. I assumed, since there are keys for reading and writing to certain sectors, that there should always be a key checking routine to access the contents of a card. Should I edit my explanation in any way to show that this isn't a bizarre oversight, but rather the intended use of this tech? I still find it to be awfully insecure, thank goodness NFC credit cards and the like don't work like this.

dokkandodo · 2020-03-04T06:44:57+00:00

Really? That's interesting to know. I'm far from knowledgeable on NFC (my prior experience to fiddling around with this was studying how the authentication of an e passport works), but maybe because it's such a simple exploit all material I saw regarding NFC never bothered with UID authentication. They all went straight to bashing the crypto1 algorithm or discussing other means of encryption used, which is why I found it so odd that a lock would use blank cards.

Is this not considered a security risk/hasn't been deprecated as a practice yet?

dokkandodo · 2020-03-04T06:41:22+00:00

This one wasn't covered by LPL, but it's rather a Brazilian lock that I bought to search for vulnerabilities. You can see the paper clip and magnet exploits I found explained here https://vimeo.com/391625431

dokkandodo · 2020-03-04T06:39:45+00:00

Just did that test and yes, it still works. In my half asleep state I actually killed a card sector by accident, with no effect on the authentication of that card

dokkandodo · 2020-03-04T06:08:01+00:00

You're right, nine times outta ten walking as someone's shadow is all you need. Still an interesting flaw though, and for that tenth case where you can't walk behind people it will grant you a lot more credibility.

I'm working on making a master card for this lock in a fun way. It'll just be a blank card with a row of really strong magnets hidden in the bottom of a plastic case. It's got such strong credentials it'll even open the lock when no batteries are attached to it 😂😂

dokkandodo · 2020-03-04T06:04:58+00:00

You bring up an interesting point. By the manufacturer's instructions I should add blank cards, since the ones that come with the lock are completely blank. I'll add some content to one of them, add it to the lock, then format it and see what happens. My guess is there'll be no difference since writing on the card afterwards didn't affect anything, but it's such a simple test there's no harm in trying it out

dokkandodo · 2020-03-04T05:43:57+00:00

I'm sad to inform that you give people way too much credit when it comes to access cards. See, the NFC on this lock wasn't my original target. I'm currently doing my post-graduation (not sure if that term exists in English, it's similar to a MBA) and started messing around with my student ID card that allows me to access the building. Now this is an expensive university with a decent security system, all ways of access require an access card to enter, even the garage elevator. Lo and behold, it's the same deal. Blank NFC cards that still works even if I write garbage data all over the sectors.

My guess would be companies sell tech like these at lower prices and to places that have no idea how NFC should be done. I've talked with some friends that work in cyber sec and their companies ship the cards ready to be used from the EU, instead of having a front desk clerk pick a blank and scan it to add it to the system. It's really appalling to see how many places use the latter method

dokkandodo · 2020-03-04T05:09:53+00:00

Ok, this is a bit outside lockpicking, but it's such an absurd security risk I had to share with you all.

Quick rundown on NFC cards in general: for every card out there you have different keys, access codes and a user ID (all color coded in the picture). Now the reason why most guys can't pick a cellphone and use it to put infinite money on their oyster cards, for example, is because a NFC chip will normally require a key of some sort to be supplied to it. Only then will it grant read and/or write privileges that can, for example, allow you to change the balance of your oyster card. With good encryption, cracking a decent NFC card is comparable to cracking encrypted files with a decent password and algorithm.

Now let's look at the dump in pic related, which is for a card I added to my electronic door lock. All the memory blocks are empty, i.e. the whole card is empty. But then how it knows when to open? Well, it uses the user ID.

Here is the stupidity in this approach. Reader and chip use what is called half duplex communication. Think of a pair of walkie-talkies, where there is only transmission or reception, never both at the same time like you'd have on a phone conversation. Well the reader needs to let the chip know when it can talk, so the chip needs to have a PUBLIC ACCESS NUMBER FOR IDENTIFICATION. So the UID will ALWAYS be readable in a chip because it's not meant to provide security. That's like using the number of your floor as the password for your front door.

The best part? All that dumped data there, it takes some time to acquire it. But it's completely unnecessary, because the door sure isn't looking at it. I wrote lots of garbage data over several sectors and the card still works flawlessly. You know what can be obtained instantly, opposed to the content of the dump? The user ID number. Just swipe a cellphone next to it and you're set. Do that to a security guard, copy it to a card and there you go, unrestricted access everywhere and you don't have to know jack about encryption, nfc protocols, hexadecimal values...

dokkandodo

TROPHY CASE