Distracted

As they say, there are too few hours in a day. I have plenty of projects but my time is drained elsewhere in life currently. C’est la vie! I will post when I get a chance — until then, later Space Cowboy.

| No Comments »

Back in the shop

Let’s get to building!

captive_portal_logical_layout

| No Comments »

Physical Reddit message indicator

 

The indicator in action

You’ve got mail!

 

Any “normal” person would look at a project like this and wonder why you would go to such lengths for something seemingly trivial, to which the hacker would simply reply, “because I could.” With that mentality, I give you a physical desk indicator for new Reddit messages.

The Body

I scavenged some potential project boxes at a thrift store for under $10 USD and ended up liking the clock best, so I landed on using it for the body. I hollowed the clock body out in order to make room for my parts & took care when removing the glass plate and gold lip.

 

Clock original

The original clock

Clock body, hollowed out

Clock body, hollowed out

 

The Arduino

This was the primary reason for this project, as I’ve recently gotten into microcontrollers and low voltage electronics. I figured you can do almost anything with an Arduino, so long as you can picture it in your head what you want to accomplish. I used an Arduino Uno, three LED lights with inline resistors & a 1/4 watt speaker for sound. I used some sandpaper to rough up the LED surfaces and diffuse the light better inside the envelope. You can find the source code below as well as a pinout diagram.

 

Trying to get the wiring set up correctly

Trying to get the wiring set up correctly

The computer

The computer is really the engine driving this, because without the ability to poll Reddit for new messages, this desk trinket is little better than a paper weight. Using curl and wget I was able to log into Reddit & pull the JSON info from the specified user’s page. This contains their unread messages variable, which was simple enough to sort through using a REGEX command (all hail Perl — king of the pattern match!) If you know even a little Perl you should have no trouble at all understanding this simple scraper. If it finds the right stuff  from the JSON data, it sends a specific set of commands via serial to the Arduino, flipping the switch to activate its “melody” and start looping its “glow” function. This will repeat every time the number of unread messages changes (essentially, increments since you have to read all new messages at once.)

 

Version 2.0

I had a lot of fun putting this together. My plans to improve on it are detailed in the video, but essentially I’d like to add an ethernet shield to the Arduino so that it isn’t dependent on being connected to a computer via serial. Perhaps you could put this in your living room next to your photos & run ethernet (PoE hack?!) to it & you can always tell if someone is trying to get your attention on Reddit! Happy hacking!

 

 

Files, Source Code, and Notes

This was compiled on the Arduino ALPHA 0023 binaries, so if you have trouble compiling the sketch, try using that version instead. Sorry, I know I should be using up to date software.

Arduino source code for the project

pitches.h

Perl script for the project. Rename to PL extension to be proper.

Arduino Reddit Reader pinout

Arduino Reddit Reader pinout

| 6 Comments »

Planes, Trains, and Weather Balloons

I’ve recently started delving into the world of the micro controller through learning about Arduino programming. I’ve taken it to task to complete a near-space photography shoot with a weather balloon and an Arduino. I have a few friends collaborating together on what we’ve labeled (so cliché and unoriginal:) Project Icarus. More to come on this as the project unfolds. We hope to launch the balloon sometime in October, since we want low humidity for crystal clear shots of the horizon. What better way than to wait until it gets colder?

In the meantime, take a look at this proof of concept I put together using two Arduino controllers, giving a demo of communication over the 315 mhz band: http://www.youtube.com/watch?v=pqpOrxEkF_Y&hd=1

 

 

 

| 2 Comments »

A Decentralized Currency: The Bitcoin

A lot of buzz has started up about this new currency, but what exactly does it mean for us & why should we care about it? We have the USD, the Euro and other major currencies. Why use the Bitcoin? Its strengths lie in its de-centralized & peer managed architecture. If you’re not familiar with it, watch this quick video to bring you (mostly) up to speed.

 

 

This system is inherently unmanageable by any one party, whether that is a government, interest group or some other interested party. The “hive mind” is the governing body for the value of the coin. Every transaction is visible by the entire hive, but every transaction is completely anonymous. It’s no more possible to track it than if every purchase or sale you’ve ever made was done with cash, face to face. I’d love to hear your thoughts on the future of the Bitcoin. If you’d like to get involved you can receive (for free!) your very first small amount of currency by visiting: http://freebitcoins.appspot.com/ .

 

 

Links:

 

The future of the Bitcoin depends on a strong community that believes in it. Any currency is given its worth by the support of the people behind it. Cheers!

If you’d like, feel free to donate! Send coins to 14gy6WY5gHMSyCcdaoiqJZ9CmFmsFpDBe9
 

| No Comments »

Nothing is sacred, nor safe – ha

No, not even the Chinese are safe. /end_conspiracy

Not even the Chinese..

| No Comments »

Why hack?

I would like this month’s article to focus on the mentality of “hacking” and the reasons/motives behind it. This is a touchy subject among the circle because the community that harbors us is built around curiosity and the notion to move beyond the boundaries of legality…and many times basic morals.
Who gives anyone authority to decree law or define for you what is right and wrong? We as a society give power to authority many times simply by not questioning it.

To truly start thinking for yourself, begin by questioning authority. This doesn’t mean rebelling against, overthrowing, or ignoring authority. It means listening to what any authority figure or organization tells you and discerning their motives

* Wallace Wang – Steal This Computer Book 4.0

Many have their own reasons for breaking into a computer system (traditional), or manipulating the systems that work around us. The obvious common qualifier is that of curiosity. If you need to revisit “The Hacker Manifesto” feel free to geek out now and come back to finish up. But does it justify itself to overthrow tyrants with more tyranny? What exactly is a hacker, you ask? Why, nothing more than a capable individual with an adept knack for manipulating systems. Society needs people like hackers – they keep the systems in check behind the scenes. They are an unbridled power that isn’t as easily manipulated as the rest of society. They tend to see through social norms as the rest of society lie sleeping…under total control of those at the top. We call them tools, cattle, whatever you may.

So you, the hacker ask yourself why it isn’t quite as fun to own some people at a local coffee shop, or take down a site “for the lulz” as it was when you were 14. You wonder what your motivation is to control ANYONE or manipulate the system at all for that matter. It’s a necessity. I believe that we shape society with our abilities, and keep the balance of power in check. We are the people with a voice…a real voice. Not a product of the Youtube generation, where the only voice you have is corporately sponsored BS like J.u.s.t.i.n B.i.e.b.e.r (keywords…) or someone else with a camera and way too much time on their hands. We hack out of curiosity, but we hack for freedom of information. We should be leveling the playground, instead of becoming the face of tyranny ourselves.
Information is everything in this day and age. We are destroyed and beaten for lack of it.

 

Please feel free to comment below…or you know – rage at my post and hack my site, or whatever you see fit. Show me what’s what and put me in my place because I’m wrong/right/whatever. Have a great day.

| No Comments »

ARP Security Sucks

Today, I wanted to touch a bit on man-in-the-middle attacks. Before I do, I need to break down what a man-in-the-middle attack is (from now on referred to as a MITM).

You are Joe. You want to access the internet through your spiffy new router you bought from the local Overpriced Better Buy. Normally, when a computer first enters onto a network it sends out ARP (http://en.wikipedia.org/wiki/Address_Resolution_Protocol) packets to ask the network which MAC addresses are tied to which IP addresses. The network broadcast goes to the hosts on the network, and they hopefully respond with truthful answers. There lies the problem.

Lester, our local hacker baddie wants to get Joe’s Facebook password. Lester knows that there is an inherent flaw in the way that hosts establish the flow of data on the network via ARP. Lester crafts some packets that he sends out on the network to tell the router that his MAC is Joe’s IP address, and to tell Joe’s computer that his MAC is the routers IP. He then directs and manages the flow of data from his own computer. In a nutshell, what Lester has done is forced all of Joe’s traffic through his own computer – in clear text.

ARP has been around for many years. I wonder why there isn’t anything in place to make a network more resistant to such an elementary attack. I wonder why the host isn’t smart enough to say “Hey Mr. router – you were just at 192.168.1.1 ….how are you all of a sudden at 192.168.1.143? Give me the old key we exchanged before to make sure you’re the same person.” An attacker who is in the middle of all your traffic completely controls the flow of your data. Look at a program called Ettercap, for example (found on the Backtrack security boot disc). Once in the middle of your victim and the gateway, you can do anything to them, from forcibly redirecting webpages, to changing images that display on their page (Oh no…all of your pictures are suddenly goetse images. The horror!) Or something less juvenile – like stealing bank passwords, or replacing that file you were going to download with a trojan virus.

The biggest security anyone in this world has is obscurity. Why would anyone go after YOUR data, versus the other 100 million targets they could easily go after. Once you become a target, you begin to realize just how insecure the infrastructure is as a whole. Nothing is un-hackable. Nothing is secure.

| No Comments »

October 2009 Security Article

What would your idea be of the perfect, most secure place to store something? Not thinking electronically, if you had a prized possession…or a family heirloom, where would you keep it? Perhaps in an iron safe, locked with many advanced locks, guarded by a 24 hour watch team, and lasers…and all the other spy stuff you see in the movies? But what have we learned from the movies about keeping your family diamond locked up and hidden? As soon as the other guys who want that jewel learn of its existence and value to them, they immediately begin to devise a plan to infiltrate, bypass, and ultimately steal.

This month’s article speaks briefly on the greatest security of all – the security through what we in the industry call obscurity (obscure – (n.) invisible or unclear.) The greatest asset one can have on their side is keeping prying eyes unbeknownst to the secret, or asset. If a computer hacker wanted to target someone across a large WAN, such as the internet, he would be faced with the decision of choosing from millions upon millions of targets. Who should he/she choose to target? There are an estimated 4.2 billion available addresses on the internet today (IPv6 is beyond the scope of this article). Why should hacker Joe attack your computer network, when there are literally millions exactly alike it? In the world today, this is in itself, somewhat of a false security. But it is the security that many companies rely on.

Recently, our staff at Half Hack have come across some concept code submitted from an anonymous source, giving detail for exploiting the most recent versions of OpenSSH. This is obvious proof that even the most secure of systems have holes. Every “Gibzon” can be “hax0red,” it’s only a matter of drive.

This month, we would like to challenge your mindset on your security, or the security you manage for others. Are you setting yourself up for a well gated and layered security in your home or business, or are you bluntly put, relying on the forethought of vendors and programmers (Cisco, Linksys, and other firewall/router/IDS vendors). In today’s world…we are as secure as we are told. The truth, is that we ride heavily on obscurity until someone finds us, and decides that what we have is worth taking.

| No Comments »