unstdio.org

What’s a Friday with out Rebecca…http://www.youtube.com/watch?v=kfVsfOSbJY0

And and nice beer from keg.io

I meant to write about this last week but have been pretty busy with some other projects I have been working on. I have to say I had a great time at toorcon Seattle this year. Props to David for getting this event all put together.

There were definitely some good talks, which inspired me to do a bit more poking around. The first one I want to mention was the talk titled “Get Off of My Cloud: Cloud Credential Compromise and Exposure” This touched on amazon’s ec2 public AMI distribution and the security risks involved with using AMI’s not created by you. It brought up some interesting points and some issues that people may have overlooked. He mentioned that they have written some tools to “clean up” the AMI’s before sharing them out to the public. They didn’t release the scripts at the con and he mentioned that they weren’t publicly available yet so I went ahead an wrote some scripts (in bash) to look for the vulnerabilities when using an ami for the the first time, whether it a be a public ec2 AMI or an AMI that is put out by amazon.

The second talk that I found real interesting was the “We Are The Robots: Social Hacking With Bot Swarms” which talked about the connections made by users on twitter. They had a competition with bots on twitter to see what relationships bots can create between two other people and what information links them.

The last talk I that was interesting was “Highly concurrent Python for brute forcing and discovery”. I only have just started using python in some projects so this was a bit more advanced that I was used to but seriously great information. He talked about Python coroutines and epoll to build your own high performance brute forcing and discovery tools.

I was doing some php scripting today and needed to call a remote server to see if it was running a certain process. It seems like a valid enough request. I spent some time looking into php’s exec() and system() functions to find a way to call ssh to login and run the command. I kept running into the problem of the ssh session needing to be interactive. I started to look around for other options in php to ssh to remote machine and saw the SSH2 Manual. This was great but needed the ssh2 extension to be installed and in my case it wasn’t and I didn’t want to have to install additional software. I then found the phpseclib library which worked out great. It’s easy to use and worked right out of the box without any other software needed. Check it out: http://phpseclib.sourceforge.net/

You can read the documentation on the site or use this simple test script to get it working.

<?php
require_once("Net/SSH2.php");
$passwd='sup3rs3cr3t';
$user='username';
$server='remoteserver.com';
$ssh = new Net_SSH2($server);
if (!$ssh-&gt;login($user, $passwd)) {
exit('Login Failed');
}
$who = $ssh-&gt;exec('whoami');
echo $who;
 
?>

I know, command line line php has been forever and it’s nothing new. I have been coding in php for over 5 years now but not until recently have I needed to use to use it for something more than web application development. In the past couple months I have been using the amazon AWS environment. There are a ton of tools built for AWS and a very good API but I have found some things that I have needed to do that arn’t made easy. One example is duplicating or copying an EC2 security group. Do to some infrastructure changes we wanted to duplicate an already existing security group with only minor changes. In our case the security group had a lot of custom firewall rules that would take too long to duplicate. So here is a script to copy EC2 groups:

<?php
 
echo "\n";
 
echo "#######################\n";
 
echo "Copy EC2 Security Group\n";
 
echo "#######################\n";
 
echo "\n";
 
echo "Enter security group you want to copy FROM: ";
 
$handle = fopen ("php://stdin","r");
 
$grp1 = fgets($handle);
 
$grp1 = trim($grp1);
 
echo "\n";
 
echo "Enter security group you want to copy TO: ";
 
$handle = fopen ("php://stdin","r");
 
$grp2 = fgets($handle);
 
$grp2 = trim($grp2);
 
echo "\n";
 
echo "You are going to copy settings from ".$grp1." to ".$grp2." Is this correct? (y/n):";
 
$handle = fopen ("php://stdin","r");
 
$response = fgets($handle);
 
$response = trim($response);
 
//echo $response;
 
if($response == 'y'){
 
echo "Getting settings from ".$grp1."...\n";
 
$cmd = "ec2-describe-group ".$grp1;
 
exec($cmd, $lines);
 
echo "Copying group settings...\n";
 
foreach($lines as $line){
 
//echo $line."\n";
 
$values = explode("\t",$line);
 
//foreach($values as $value){
 
//echo $value."\n";
 
//}
 
if(isset($values[4])){
 
if($values[4] == "icmp"){
 
$cmd = "ec2-authorize ".$grp2." -P icmp ".$values[5].":".$values[6]." -u ".$values[1]." -o ".$values[11];
 
//echo $cmd;
 
exec($cmd);
 
}elseif($values[4] == "tcp"){
 
if(isset($values[10])){
 
$cmd = "ec2-authorize ".$grp2." -P tcp -p ".$values[5]." -u ".$values[1]." -o ".$values[11];
 
//echo $cmd."\n";
 
exec($cmd);
 
}else{
 
$cmd = "ec2-authorize ".$grp2." -P tcp -p ".$values[5]." -s ".$values[9];
 
//echo $cmd."\n";
 
exec($cmd);
 
}
 
}elseif($values[4] == "udp"){
 
if(isset($values[10])){
 
$cmd = "ec2-authorize ".$grp2." -P udp -p ".$values[5]." -u ".$values[1]." -o ".$values[11];
 
//echo $cmd."\n";
 
exec($cmd);
 
}else{
 
$cmd = "ec2-authorize ".$grp2." -P udp -p ".$values[5]." -s ".$values[9];
 
//echo $cmd."\n";
 
exec($cmd);
 
}
 
}
 
}
 
}
 
}else{
 
echo "quit";
 
exit;
 
}
 
?>

I have been pretty busy these past couple months. I got a new job working with the Amazon AWS environment which has kept me pretty busy. I tried this compact flash swap a month ago with poor results. I tried it again last weekend with a faster compact flash card which was a lot better.

First I ordered a 2.5” ide 44pin to compact flash adapter and a Transcend 4gb 133 CF card. The read and write speeds on this card are terrible. I would not recommend this card for this purpose. They were listed on ebay as:

- CF Compact flash to 2.5″ IDE 44 pin Adapter SSD ($8.99)

- TRANSCEND 4 GB Compact Flash Card Type 133X NEW ($14.94)

I later bought a “PixelFlash 4gb 400x” card. Although this was a no-name brand (at least to me) it worked pretty well. The read and write speeds were decent and are similar to the internal HDD. I swapped it into the Apple TV and I’m running a the Beta4 of the Openelec OS

I have been recently been working closely with the guys from openelec. I have also been testing the builds on the apple tv and reporting bugs. I replaced the original 40gb apple drive with a spare 30gb dive I had laying around to install openelec on. If you are familiar with the 1st gen apple tv’s then you know about the heat they give off during normal use. Since I don’t store any media locally on the ATV, (stream from NAS) I have decided to try out a SSD setup.

I ordered a 44pin ide (2.5 hdd) to compact flash adapter along with a 4gb compact flash card. The adapter is nice because it has mounting holes in the same place as the 2.5in hdd. This will allow me to mount the the adapter in the same fashion as the original hard drive. I will post with some pictures and results on both heat and speed when I get it setup.

Ubuntu 10.10

Ubuntu 10.10 came out this weekend and I had a chance to upgrade one of my desktops. I didn’t see a whole lot of design changes from the 10.04 release. I did notice there were a lot of packages that were upgraded. I took a while to upgrade the system but that’s what you get when you upgrade on release day.

One of the things I really like about the new version is the Netbook edition. The interface (Unity) has been well designed for the smaller screen. It reminds me of a mobile OS. I have always liked the idea of putting a mobile OS like Android on a Netbook. For the majority of what people use them for it’s great. Although with the tablet market on the rise we could see less Netbooks around.

Windows Phone 7

Windows phone 7 was officially released yesterday? It’s kinda hard to tell with all the leaks and people already having a copy of it to demo. I was pleasantly surprised on the design aspect they took. I’m not going to say it’s better than the iPhone but it is comparable. They added some nice features like auto wireless syncing. Obviously this just seems like a security issue waiting to happen, but hopefully they did it right. Maybe if I get my hands on a WP7 device I will do some testing. You can watch the demo video here (Need silverlight).

The one thing I thought was a bit disappointing was the lag and and slowness of the device. He even had multiple devices up there knowing that he might have to switch because of speed issues. The thing I care about most these days is speed on a device. I would gladly give up eye candy for speed and reliability. Hopefully they get some of the “vista” bugs worked out.

IO Badge

Now we are getting somewhere. I was able to get some help on Monday from Pierce a logos-electro.com. I was able to get most of the Eagle files done. I still have to tweak the LCD package to reflect the 14 pins on the no backlight LCD vs the 16 pin one that is on there now. Here is a pic of eagle file.

I know the design is pretty crude but its my first board and first attempt at eagle. The next project will be better. I hope to fix this up in the next day or two and send it out to have some prototypes made.

I got some stuff in from mouser yesterday. I basically ordered most of the stuff from here with the exception of changing the crystal to 8mhz instead of 16mhz and I didn’t need a reset button. I am going to use 3.3v power so I need to clock the MCU down.

I also got a new iPhone so the pictures on here should be a lot better quality now.

Pic of the ninja badge. (from old phone)

I have gotten a chance to play with a few ninja badges in the past week or two. I Started laying out the screens and menus on the Arduino platform.

I also ordered some parts from mouser to make a prototype badge. (without RF) Those should be coming this week. I will have some progress picture up then.

I added a smaller font to the library. I wanted to fit some more text on the screen but didn’t have enough room with the default font.

Here is the font and a comparison.

Here is a start to a game menu. The goal of this project is to have a fully customizable and fully open Arduino board with a mounted LCD and Zigbee wireless. There are a lot of other shields out there that can potentially do the same thing but I personally would like to see it all incorporated onto one board.

If you would like to use the small font in your project you can download it here: ST7565-smallfont