unstdio.org

Since then Hexxeh has rolled out ChromeOS Lime (Which is badass) it has added additional hardware support. One of the key features is the support for the broadcom wifi drivers (BCM43XX). I took a look at my Macbook Air and sure enough, it has a bcm43xx broadcom wifi card so I decided to try running Lime on it. To my surprise it worked, and worked well.

First I didn’t want a huge flash drive sticking out of the side of my Macbook Air so I ordered a tiny usb flash drive from Amazon. Can’t beat 10 bucks. http://www.amazon.com/SanDisk-Cruzer-Flash-Drive-SDCZ33-008G-B35/dp/B005XVC4VE/ref=sr_1_1?s=electronics&ie=UTF8&qid=1332528427&sr=1-1

Once that came in, I installed the latest version of Lime 3/22/2012 using the super easy chrome install tool. This took about 10 minutes.

The thing that I found strange when using this was the lack of Flash support. After poking around some of the chrome forums it looks like they removed the chrome driver recently, which really sucked. So now you can only watch 1/3 of youtube videos. I hope we can get the Flash back in the Lime build. (libflashplayer.so) Also when watching HTML5 videos on youtube there are weird orange pixel interference which can be very distracting.

First of all, it’s really hard for me to turn down a challenge. So when a buddy of mine sent me a link to the stripe.com CTF / war game last thursday I was pretty intrigued. Can find it here: https://stripe.com/blog/capture-the-flag  It’s been a couple of years since I was able to complete a decent amount of the STS IO challenge (http://io.smashthestack.org:84/). I always seem to underestimate how addicting these things are.

After a couple of hours working on it I am now on level 4. It took me a bit to get back in the groove, having to re-learn all the gdb commands. I think the thing that is the biggest time waste for me on the first couple was not looking at the obvious. I spent a bit of time trying to jump in and look for a printf() implementation vuln or something, when all you really need to do is step back and look at the obvious. I don’t want to give anything away for those who want to join in on the addicting fun. I hope to be able to finish the rest of it this weekend. Taking a quick look at 4, I think we are looking at a buffer overflow. If you haven’t already, you should give it a try. But make sure you have a couple hours to burn.

What’s a Friday with out Rebecca…http://www.youtube.com/watch?v=kfVsfOSbJY0

And and nice beer from keg.io

I meant to write about this last week but have been pretty busy with some other projects I have been working on. I have to say I had a great time at toorcon Seattle this year. Props to David for getting this event all put together.

There were definitely some good talks, which inspired me to do a bit more poking around. The first one I want to mention was the talk titled “Get Off of My Cloud: Cloud Credential Compromise and Exposure” This touched on amazon’s ec2 public AMI distribution and the security risks involved with using AMI’s not created by you. It brought up some interesting points and some issues that people may have overlooked. He mentioned that they have written some tools to “clean up” the AMI’s before sharing them out to the public. They didn’t release the scripts at the con and he mentioned that they weren’t publicly available yet so I went ahead an wrote some scripts (in bash) to look for the vulnerabilities when using an ami for the the first time, whether it a be a public ec2 AMI or an AMI that is put out by amazon.

The second talk that I found real interesting was the “We Are The Robots: Social Hacking With Bot Swarms” which talked about the connections made by users on twitter. They had a competition with bots on twitter to see what relationships bots can create between two other people and what information links them.

The last talk I that was interesting was “Highly concurrent Python for brute forcing and discovery”. I only have just started using python in some projects so this was a bit more advanced that I was used to but seriously great information. He talked about Python coroutines and epoll to build your own high performance brute forcing and discovery tools.

I was doing some php scripting today and needed to call a remote server to see if it was running a certain process. It seems like a valid enough request. I spent some time looking into php’s exec() and system() functions to find a way to call ssh to login and run the command. I kept running into the problem of the ssh session needing to be interactive. I started to look around for other options in php to ssh to remote machine and saw the SSH2 Manual. This was great but needed the ssh2 extension to be installed and in my case it wasn’t and I didn’t want to have to install additional software. I then found the phpseclib library which worked out great. It’s easy to use and worked right out of the box without any other software needed. Check it out: http://phpseclib.sourceforge.net/

You can read the documentation on the site or use this simple test script to get it working.

<?php
require_once("Net/SSH2.php");
$passwd='sup3rs3cr3t';
$user='username';
$server='remoteserver.com';
$ssh = new Net_SSH2($server);
if (!$ssh-&gt;login($user, $passwd)) {
exit('Login Failed');
}
$who = $ssh-&gt;exec('whoami');
echo $who;
 
?>

I know, command line line php has been forever and it’s nothing new. I have been coding in php for over 5 years now but not until recently have I needed to use to use it for something more than web application development. In the past couple months I have been using the amazon AWS environment. There are a ton of tools built for AWS and a very good API but I have found some things that I have needed to do that arn’t made easy. One example is duplicating or copying an EC2 security group. Do to some infrastructure changes we wanted to duplicate an already existing security group with only minor changes. In our case the security group had a lot of custom firewall rules that would take too long to duplicate. So here is a script to copy EC2 groups:

<?php
 
echo "\n";
 
echo "#######################\n";
 
echo "Copy EC2 Security Group\n";
 
echo "#######################\n";
 
echo "\n";
 
echo "Enter security group you want to copy FROM: ";
 
$handle = fopen ("php://stdin","r");
 
$grp1 = fgets($handle);
 
$grp1 = trim($grp1);
 
echo "\n";
 
echo "Enter security group you want to copy TO: ";
 
$handle = fopen ("php://stdin","r");
 
$grp2 = fgets($handle);
 
$grp2 = trim($grp2);
 
echo "\n";
 
echo "You are going to copy settings from ".$grp1." to ".$grp2." Is this correct? (y/n):";
 
$handle = fopen ("php://stdin","r");
 
$response = fgets($handle);
 
$response = trim($response);
 
//echo $response;
 
if($response == 'y'){
 
echo "Getting settings from ".$grp1."...\n";
 
$cmd = "ec2-describe-group ".$grp1;
 
exec($cmd, $lines);
 
echo "Copying group settings...\n";
 
foreach($lines as $line){
 
//echo $line."\n";
 
$values = explode("\t",$line);
 
//foreach($values as $value){
 
//echo $value."\n";
 
//}
 
if(isset($values[4])){
 
if($values[4] == "icmp"){
 
$cmd = "ec2-authorize ".$grp2." -P icmp ".$values[5].":".$values[6]." -u ".$values[1]." -o ".$values[11];
 
//echo $cmd;
 
exec($cmd);
 
}elseif($values[4] == "tcp"){
 
if(isset($values[10])){
 
$cmd = "ec2-authorize ".$grp2." -P tcp -p ".$values[5]." -u ".$values[1]." -o ".$values[11];
 
//echo $cmd."\n";
 
exec($cmd);
 
}else{
 
$cmd = "ec2-authorize ".$grp2." -P tcp -p ".$values[5]." -s ".$values[9];
 
//echo $cmd."\n";
 
exec($cmd);
 
}
 
}elseif($values[4] == "udp"){
 
if(isset($values[10])){
 
$cmd = "ec2-authorize ".$grp2." -P udp -p ".$values[5]." -u ".$values[1]." -o ".$values[11];
 
//echo $cmd."\n";
 
exec($cmd);
 
}else{
 
$cmd = "ec2-authorize ".$grp2." -P udp -p ".$values[5]." -s ".$values[9];
 
//echo $cmd."\n";
 
exec($cmd);
 
}
 
}
 
}
 
}
 
}else{
 
echo "quit";
 
exit;
 
}
 
?>

I have been pretty busy these past couple months. I got a new job working with the Amazon AWS environment which has kept me pretty busy. I tried this compact flash swap a month ago with poor results. I tried it again last weekend with a faster compact flash card which was a lot better.

First I ordered a 2.5” ide 44pin to compact flash adapter and a Transcend 4gb 133 CF card. The read and write speeds on this card are terrible. I would not recommend this card for this purpose. They were listed on ebay as:

- CF Compact flash to 2.5″ IDE 44 pin Adapter SSD ($8.99)

- TRANSCEND 4 GB Compact Flash Card Type 133X NEW ($14.94)

I later bought a “PixelFlash 4gb 400x” card. Although this was a no-name brand (at least to me) it worked pretty well. The read and write speeds were decent and are similar to the internal HDD. I swapped it into the Apple TV and I’m running a the Beta4 of the Openelec OS

I have been recently been working closely with the guys from openelec. I have also been testing the builds on the apple tv and reporting bugs. I replaced the original 40gb apple drive with a spare 30gb dive I had laying around to install openelec on. If you are familiar with the 1st gen apple tv’s then you know about the heat they give off during normal use. Since I don’t store any media locally on the ATV, (stream from NAS) I have decided to try out a SSD setup.

I ordered a 44pin ide (2.5 hdd) to compact flash adapter along with a 4gb compact flash card. The adapter is nice because it has mounting holes in the same place as the 2.5in hdd. This will allow me to mount the the adapter in the same fashion as the original hard drive. I will post with some pictures and results on both heat and speed when I get it setup.

Ubuntu 10.10

Ubuntu 10.10 came out this weekend and I had a chance to upgrade one of my desktops. I didn’t see a whole lot of design changes from the 10.04 release. I did notice there were a lot of packages that were upgraded. I took a while to upgrade the system but that’s what you get when you upgrade on release day.

One of the things I really like about the new version is the Netbook edition. The interface (Unity) has been well designed for the smaller screen. It reminds me of a mobile OS. I have always liked the idea of putting a mobile OS like Android on a Netbook. For the majority of what people use them for it’s great. Although with the tablet market on the rise we could see less Netbooks around.

Windows Phone 7

Windows phone 7 was officially released yesterday? It’s kinda hard to tell with all the leaks and people already having a copy of it to demo. I was pleasantly surprised on the design aspect they took. I’m not going to say it’s better than the iPhone but it is comparable. They added some nice features like auto wireless syncing. Obviously this just seems like a security issue waiting to happen, but hopefully they did it right. Maybe if I get my hands on a WP7 device I will do some testing. You can watch the demo video here (Need silverlight).

The one thing I thought was a bit disappointing was the lag and and slowness of the device. He even had multiple devices up there knowing that he might have to switch because of speed issues. The thing I care about most these days is speed on a device. I would gladly give up eye candy for speed and reliability. Hopefully they get some of the “vista” bugs worked out.

IO Badge

Now we are getting somewhere. I was able to get some help on Monday from Pierce a logos-electro.com. I was able to get most of the Eagle files done. I still have to tweak the LCD package to reflect the 14 pins on the no backlight LCD vs the 16 pin one that is on there now. Here is a pic of eagle file.

I know the design is pretty crude but its my first board and first attempt at eagle. The next project will be better. I hope to fix this up in the next day or two and send it out to have some prototypes made.

I got some stuff in from mouser yesterday. I basically ordered most of the stuff from here with the exception of changing the crystal to 8mhz instead of 16mhz and I didn’t need a reset button. I am going to use 3.3v power so I need to clock the MCU down.

I also got a new iPhone so the pictures on here should be a lot better quality now.

Pic of the ninja badge. (from old phone)