Hackszine.com

Most recent posts: page 2 of 6 1 2 3 4 5 6
Browse the complete archive by category or month.

August 4, 2008

Photos of the Large Hadron Collider

View of the CMS (Compact Muon Solenoid) experiment Tracker Outer Barrel (TOB) in the cleaning room. The CMS is one of two general-purpose LHC experiments designed to explore the physics of the Terascale, the energy region where physicists believe they will find answers to the central questions at the heart of 21st-century particle physics. (Maximilien Brice, © CERN)

The following link contains a number of high-res photographs from CERN of the Large Hadron Collider. It's set to begin testing this month, and I must say it's about the most beautiful thing I've ever seen.

Large Hadron Collider nearly ready

August 3, 2008

Magnetic stripe card spoofer

We posted David Cranor's Arduino card reader the other day, and today he wrote in with an even better magstripe hack: a way to simulate a card swipe using an iPod an electromagnet. David writes:

When the card is swiped past the card reader, the changing magnetic field of the passing flux reversals induce a current in the reader element, which is then decoded into binary bits, and the original data stored on the magnetic stripe is reconstructed.
So, in order to emulate a particular magnetic stripe, all we need to do is find a way to recreate the pattern of the way its magnetic field changes as it's being swiped past the reader. How are we going to do this? With an electromagnet!

...

The final piece of this puzzle is how to control the electromagnet. Well, we're trying to recreate a particular waveform of current through the solenoid in order to create a particular waveform of magnetism. What's a common way of storing waveforms and converting them to electric current? Sound files! So, all we have to do is encode the highs and lows representing the desired flux reversal pattern into a .wav file and play it back on an iPod or similar music player through the solenoid.

So between these two howtos, you now know how to read the contents of a magstripe card, encode that data into a wav file, and then simulate a card swipe using that recorded data. For more information on magnetic stripe technology, you should check out "A Day in the Life of a Flux Reversal" by Count Zero, written in 1992 for Phrack #37.

It'd be cool to make a nice looking version of the interface so that you could put all your cards, be they student IDs, bank cards, or gift cards, on your iPhone. My guess, though, is that there's no chance any supermarket checkout attendant would let that simulated card slide. On the bright side, this aught to be a reminder that a thing you have (magstripe card) isn't very sufficient as an identification tool unless it's combined with a thing you know (pin number) or a thing you are (a face that matches the photo on the card).

Magnetic Stripe Card Spoofer
A Day in the Life of a Flux Reversal - Phrack #37

Previously: Decoding magstrip cards with Arduino

August 2, 2008

Film canister flash diffuser

When you take pictures with the built-in flash on your digital camera, it's common to get a washed-out, deer-in-headlights result from your subject. This is particularly noticeable with portraits and close-range photography. To obtain a softer, more natural look from your photographs and eliminate the glare, you need a flash diffuser to help disperse and soften the light.

If you have an old white film canister and an x-acto knife, you can make a clever little flash diffuser that will slip over the flash on your typical SLR camera. Photojojo has a guide for making one. It should really take you about 5 minutes (assuming you have a canister on hand), so give it a shot. Your photographs—and your photo subjects—will thank you for it.

Make Your Own Flash Diffuser from an Old Film Container

August 1, 2008

Decoding magstrip cards with Arduino

Instructables user powerpants created a quick and dirty card reader interface with an Arduino. The Arduino decodes the data from the swiped card and transfers it to a PC over a USB serial connection.

This instructable shows how to use some freely available code, an arduino, and a standard magnetic stripe reader to scan and display the data stored on magnetic stripe cards such as credit cards, student IDs, etc.
I was inspired to post this after reading the intro to magnetic stripe reading and Stripe Snoop that is found in MAKE magazine Volume 1. That tutorial details how to interface a stripe reader to a game port interface, but I have a mac laptop, so I don't have a game port interface!

There are a lot of cool uses for this besides just seeing what kind of personal information is contained on all the cards in your wallet (you'd be surprised). A friend of mine in college once hacked together something like this with Microsoft Word and a bunch of Visual Basic macros to automate computer literacy testing for the whole campus. Students could swipe their student id, the test would start automatically, and when they were finished the results were saved to a database. He was hired to administer all these tests manually, so he basically put himself out of a job after a month and got a promotion.

Arduino Magnetic Stripe Decoder
Magnetic Stripe Reader from MAKE: 01
Stripe Snoop - magstripe research tools

July 31, 2008

Buzz Kill - stopping iPhone GSM speaker noise

Every GSM cellphone user is familiar with the annoying Bzzzhtzttt noises that tend to emanate from random electronics anywhere you take your device. The iPhone is no exception, but the problem is exacerbated since most people have it sitting on their desk with a speaker close by playing music at reasonable amplification. It sucks.

Mac Life has a solution that may work for you. Just yank the ferrite beads from an old usb cable—they are inside the plastic bulge near one end of most cables—and place them around or taped in-line with your speaker cable. There are a few stories of success with this method, and nobody has mentioned an impact on audio quality, so it's a cheap fix that's worth a shot.

iPhone Buzz Kill

July 30, 2008

Asterisk File Transfer Protocol

Cory Menscher writes:

As part of the NYU ITP "5in5" event this week, I created the Asterisk File Transfer Protocol. Using the CSound audio programming language, I wrote a PHP script that converts a binary file into an audio WAV file based on the "Kansas City standard", created in 1975, for transferring binary files via audio cassette. However, instead of a cassette, a user can dial my extension on an Asterisk VoIP PBX server and "retrieve" a file (an 8kb jpeg image) at 300 baud over POTS. You can access the file by dialing (212) 796-0729 ext. 160.

In reality, the audio quality of the GSM codec I was limited to by the server probably precludes one from ACTUALLY downloading the file, but it's still fun! If you want to hear a higher-fidelity version of the file you can access it at http://www.menscher.com/itp/blogmedia/aftp.mp3.

Corey posted the source he used to generate the encoded WAV from an image, so you can see the nuts and bolts of using CSound to generate audio data in PHP. It'd be neat to see the decoder half of this, but it's been left as an exercise for the reader.

I have fond memories of saving and loading files from a C64 datasette drive like this, so it's pretty cool to see this sort of thing done in PHP.

The Asterisk File Transfer Protocol

July 29, 2008

DJBDNS, DNS exploits, Bernstein, Schneier, and security by design

If you haven't been living under a rock, you've probably heard of the DNS vulnerability that Dan Kaminsky announced about a half year ago. The plan was that Kaminsky would be working with DNS server vendors to provide a patch, giving ample time for administrators to upgrade before the details of the exploit were released later this year. Unfortunately the exploit was leaked prematurely, causing a general freak-out mode amongst people that administer DNS systems.

When I read the article on Slashdot, the "all name servers should be patched as soon as possible" quote dropped a bit of scare on me too. What about my sad little DNS server? I envisioned spending an evening working through a time consuming process of patching and reconfiguring things that I haven't had to touch in years. Much to my pleasant surprise, djbdns, D. J. Bernstein's DNS server, was not vulnerable. My decision to use djbdns a number of years ago was primarily due to his vocal philosophy of engineering security by design instead of by response.

Bruce Schneier's analysis of things is spot on as usual. It's a solid case study for hygienic software engineering practices and the design of secure systems.

The real lesson is that the patch treadmill doesn't work, and it hasn't for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance. We need security engineers involved in system design. This process won't prevent every vulnerability, but it's much more secure -- and cheaper -- than the patch treadmill we're all on now.

What a security engineer brings to the problem is a particular mindset. He thinks about systems from a security perspective. It's not that he discovers all possible attacks before the bad guys do; it's more that he anticipates potential types of attacks, and defends against them even if he doesn't know their details. I see this all the time in good cryptographic designs. It's over-engineering based on intuition, but if the security engineer has good intuition, it generally works.

Kaminsky's vulnerability is a perfect example of this. Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's discovery. Bernstein didn't discover Kaminsky's attack; instead, he saw a general class of attacks and realized that this enhancement could protect against them. Consequently, the DNS program he wrote in 2000, djbdns, doesn't need to be patched; it's already immune to Kaminsky's attack.

The djbdns server wasn't pre-installed on the Linux distro I based my poor old server on. DJB's deamontools package, which manages the startup and shutdown of the service, was annoying to deal with when every other application just uses a normal init rc script. The dns server configuration and setup was also unfamiliar to me, having previously only worked with BIND zone files.

There's one other thing that has really been different with djbdns than any other DNS server I've ever administered: I've never had to patch it. I've only had one other software experience like this, with the qmail mail transfer system. Qmail is also designed by Bernstein. Hmm.

If you're upgrading your DNS server anyway, maybe now is the time to start thinking about your alternatives.

Daniel J. Bernstein's djbdns server
Schneier - The DNS Vulnerability
DJB on DNS forgery
Slashdot - Kaminsky's DNS Attack Disclosed, Then Pulled

July 28, 2008

Web application hotkeys with Javascript

It's unfortunate, but there are only a few sites that have done a good job of enhancing the user experience with hotkey support. In searching for the easiest way to do this in my own applications, I stumbled across the Hotkeys plugin for jQuery. In typical jQuery form it lets you do something moderately complicated, like capturing keyboard events, with a single line of Javascript code. You use the hotkeys.add method to bind a keyboard event to a callback function and the hotkeys.remove method to remove the handler.

Here's an example that will create an alert box when you press control-c:

$.hotkeys.add('Ctrl+c', function(){ alert('ctrl-c pressed');});

You remove the handler like this:

$.hotkeys.remove('Ctrl+c');

hotkeys.add can also has a 3 parameter evocation: hotkeys.add(key, options, handler). The options parameter is just an associative array which you can use to pass options such as the target DOM path or the type of key press event (keyup or keydown). The key parameter is a string representing the key combination. Instead of using scan codes, you send in the names of the key combination, such as "a", "Shift+b", "f9", or "pageup". It's really that easy.

Javascript jQuery Hotkeys Plugin
Using jQuery Hotkeys

July 27, 2008

Cyber Security Awareness Week

Dan Guido from the Information Systems and Internet Security Lab at the Polytechnic Institute of NYU wrote in about the Institute's 5th annual Cyber Security Awareness Week. If you're in high-school or a college undergraduate program, this is a great opportunity to test your infosec skills against your peers, and hopefully earn a little prize money in the process.

ISIS Lab is organizing NYU-Poly's 5th annual Cyber Security Awareness Week (CSAW) where students can compete and win prizes in a variety of information security challenges. There will be door prizes, raffles for participating, and bonus prizes for undergrad and high school participants. Qualified finalists will receive a travel scholarship to attend the awards ceremony in New York City.

There are a number of events, including an application security "capture the flag" challenge, a security quiz which covers everything from cryptography to risk management, and a 5-day forensics puzzle. There's even an embedded systems challenge where teams are tasked with trying to find hardware and software bugs in a mock control system.

This looks like a lot of fun. Some of the contest materials become available at the beginning of September, so sign up soon if you're interested in participating.

Cyber Security Awareness Week 2008

July 26, 2008

MySQL performance tuning

Jay Pipes, MySQL employee and co-author Pro MySQL, gave a great presentation to Google employees which covers a number of techniques for tuning performance on MySQL. His examples include debugging and analyzing problems as well as best practices for table and index design, query and join operations, and server variable adjustments.

It's a little over 40 minutes long, but incredibly informative, whether you're a casual querier or a power MySQL user. Though some of this stuff is MySQL (or MyISAM or InnoDB) specific, the majority of the content is essential material for the average database application developer.

If you don't have time to sit through it (shame on you) or you're looking to jump right to a specific topic, there's a nice time-coded dissection of the talk over at Peteris Krumins' blog. There's something so appropriate about adding a search index to a video about MySQL optimization.

Performance Tuning Best Practices for MySQL
Video Index

July 25, 2008

Peggy LED lightboard

MAKE's Collin Cunningham really impressed me with this short film "A Date With Peggy," a story of an overworked hacker finding relaxation through his craft.

After a frustrating day at the office, it feels good to go make something that simply works. (playing with a bunch of ultra-bright LEDs doesn't hurt either)

The Peggy kit from Evil Mad Scientist Laboratories is sort of like a big kid's Light Bright. It's a large 25x25 array that you can wire LEDs into however you like, without worrying about details like load resistors. The LEDs aren't individually addressable, but you do have some programatic control over the whole array, and there's a built in light sensor that you can use to adjust the display based on light conditions.

A Date With Peggy
Peggy kit at the Maker Shed
"Peggy," A Light Emitting Pegboard Display - Evil Mad Scientist

July 24, 2008

Farm Fountain - edible eco-sculpture

Equal parts hydroponic garden, aquarium, and interactive art, the Farm Fountain is an experiment in self-contained, indoor ecosystem design created by artists Ken Rinaldo and Amy Youngs. The idea is that you can raise edible fish and cycle their waste nutrients through a hanging garden which filters the water before returning it to the aquarium.

Their 4th generation Farm Fountain is currently on display at the Te Papa Museum in New Zealand until January 2009. From the Farm Fountain website:

This project is an experiment in local, sustainable agriculture and recycling. It utilizes 2-liter plastic soda bottles as planters and continuously recycles the water in the system to create a symbiotic relationship between edible plants, fish and humans. The work creates an indoor healthy environment that also provides oxygen and light to the humans working and moving through the space. The sound of water trickling through the plant containers creates a peaceful, relaxing waterfall. The Koi and Tilapia fish that are part of this project also provide a focus for relaxed viewing.

The plants we are currently growing include lettuces, cilantro, mint, basil, tomatoes, chives, parsley, mizuna, watercress and tatsoi. The Tilapia fish in this work are also edible and are a variety that have been farmed for thousands of years in the Nile delta.

A Basic Stamp program controls the pump mechanism, allowing the plants to be watered at regular intervals for a set period of time. Depending on available natural light, supplemental lighting can be provided by a combination of fluorescent and grow-spectrum LED lighting, switched from a standard light timer. Ken and Amy worked out a lot of the details during the construction of their 3rd Farm Fountain design (pictured above) and they've assembled a how-to instructional gallery which you can use to design your own Farm Fountain system.

There are a lot of external inputs required to keep the ecosystem healthy for a long period of time including fish food, PH and nitrate monitoring, and general gardening tasks. Once you've gotten accustomed to it, though, it's probably not much more work than maintaining a lawn, and a lawn can't give you tomatoes in the middle of winter.

Farm Fountain - a sculptural ecosystem you can eat

July 23, 2008

NTFS Alternate Data Streams - hide files inside other files

The NTFS file system has support for additional data, called Alternate Data Streams (ADS), to be attached to any file. Normally this is used by the operating system and file explorer to bind extra data to a file, such as the file's access control information, searchable file meta-data like keywords, comments and revision history, and even information that can mark a file as having been downloaded from the internet. Because this extra information is bound to the file at the filesystem level, you can move the file from one folder to another and all of the various meta-information and permission data stays with the file.

The interesting thing is that a file can have 0 to many ADS forks attached to any file or directory. While some of the ADS identifiers are use by the OS, there's nothing stopping you from adding other ADS forks to a file. You can do this directly from the command line, using a simple colon ":" notation.

Let's say you have a file called test.txt. You can store a secret message in the file like this:
echo "This is a secret" > test.txt:secretdata

If you view the contents of the file, you won't see anything peculiar. If you know about the existence of the secretdata ADS entry, however, you can easily extract the hidden information with the following command:
more < test.txt:secretdata > output.txt

When you now open output.txt, you'll find your secret data inside.

Because it's a lower level OS feature, you can even trick most programs into loading the data. In the scenario above, you could actually load and edit the secretdata stream inside of notepad by running "notepad test.txt:secretdata".You can even store and execute binary data of any particular size in an ADS fork. For instance, maybe you want to shove solitaire inside one of your text file's ADS entries:

type c:\winnt\system32\sol.exe > test.txt:timewaster.exe

Running the file is as simple as "start .\test.txt:timewaster.exe". Wild, no?

So the odd thing is that all these hidden streams are floating about your filesystem and until Vista's /R flag on the DIR command, there hasn't really been a very good built-in way of detecting them. To solve this, Frank Heyne created an application called LADS which is an excellent command line utility that will scan a directory and print out stream names and sizes for files within it.

There's was also a tool released in an MSDN article about file streams that will at an extra tab to the file properties in Windows Explorer. I've linked to a FAQ that Frank maintains about ADS that walks you through setting up the dll and registry entries to make this work. When it's activated, the Streams tab in the properties panel will let you create, view, edit or delete the stream data that's attached to any file, right in Explorer.

I can see how this file system feature could be useful, but it's a little odd that it's so hidden from the user and there seem to be a few problems with the concept. Obviously, because of ADS's hidden nature, there are a number of malicious uses that can be employed by jerk-o's who write virii and that sort of thing. Even ignoring that, there are also data interchange issues—moving a file between NTFS and another file system causes the loss of all this attached information. Call me old fashioned, but I like my files the way they used to be, with a start, an end, and some bytes in between.

Frank Heyne - Alternate Data Streams in NTFS FAQ
LADS - NTFS alternate data stream list utility
The Dark Side of NTFS
MSDN: A Programmer's Perspective on NTFS Streams and Hard Links

July 22, 2008

PocketMod and Mapufacture: the anti-iPhone

Here's a clever way to fold an 8.5x11 sheet of paper into a small book. The way it's folded, all of the book's 8 outward-facing pages are from the same side of the sheet of paper. This allows you to easily construct a handy little daily planner by printing a single sheet of paper. When you're done folding, the first and third leaf will have a little pouch that you can shove a business card or two inside.

The PocketMod website has a flash application that lets you quickly build a layout for your planner. You can drag calendars, todo-lists, grids, conversion tables, and even RSS feed articles to the page and print it directly from your browser.

I love it. It's the iPhone for the mobile Luddite.

You're probably thinking: this pocketmod thing is awesome and all, but what about maps? Well, PocketMod does maps too. Or rather, a cool Web2.0 mapping service does PocketMods.

At mapufacture.com, you can create and manage custom maps and import data layers from news sources, geo blogging services, and Google My Maps. In addition to all the normal embedding and sharing tools that you'd expect, they also have a PocketMod export, allowing you to convert your map into a handy format that you can put in your back pocket.

You can't make phone calls on your PocketMod and it doesn't hold any songs you can't sing or whistle yourself. On the other hand, it's crazy slim, 3rd party application writing is a cinch, the data plan is affordable, and you won't believe the battery life.

PocketMod
Mapufacture - create custom multilayer maps (with pocketmod output support)

July 21, 2008

Tether your iPhone 3G

Your iPhone can connect you to the web from just about anywhere, but sometimes browsing on a tiny screen isn't enough. With jailbroken 3G and some free software, it's pretty easy to bring that internet-anywhere access to your laptop.

Nate True put together a howto that will guide you through the steps for configuring your iPhone 3G as a web proxy using the 3Proxy software. The laptop connects to the iPhone over an ad-hoc WiFi connection, the iPhone connects to the internet on its 3G connection, and 3Proxy sits in the middle, shuttling http requests and responses from your laptop to the world wide internets.

There are a number of steps involved if you include the whole jailbreaking process. If you get this out of the way, though, you'll be prepared to jack in in an emergency (or in a lame-o airport with pay wifi).

How to tether your iPhone 3G
3Proxy
PwnageTool 2.0.1 (for jailbreaking your iPhone 3G)

July 20, 2008

LEGO NXT Rubik's Cube solver

Hand Andersson's Tilted Twister is a LEGO robot that can solve a scrambled Rubik's Cube in about 6 minutes. I've seen LEGO cube solvers before, but there's something a bit different about this one, which you can see in the video below:

If you didn't catch the difference, this robot is solving the puzzle on its own with no attached PC!

A light sensor is used to scan all six faces of the cube. The robot then calculates a solution for the cube, before executing an average of 60 turns to complete the puzzle.

The robot is built from the parts available in a retail NXT kit—no extra or custom pieces are necessary. You can build one yourself using the LEGO Digital Designer CAD file and NXC source code that are available from Hans' site.

Tilted Twister - a Lego Mindstorms robot that solves Rubik's cube [via Hacked Gadgets]

July 19, 2008

Citizen Engineer 01 - SIM card and payphone hacks

Ladyada and PT have kicked off the first episode of their Citizen Engineer video series in style. This episode explores GSM SIM card technology and the more retro tech found inside a retired Bell payphone. Ladyada shows how to create a SIM reader which you can use to do things like read deleted SMS messages or brute-force the card's secret key. In the second part, the team dismantles an old Bell payphone and hacks it to function as a home telephone, require quarters for use, and make Skype calls.

Citizen Engineer

July 18, 2008

Origami Wall-E

Click To Play

Brian Chan figured out how to make this origami Wall-E from a single uncut square of paper. It looks like a 2 hour project for someone with decent folding skill. My mind is officially blown. Images and the Wall-E folding pattern are available on Brian's site. I found the above time-lapse video on MIT's TechTV video site. The site looks like a YouTube for hackers and is also well worth checking out.

Brian Chan's Origami Wall-E
Wall-E Folding @ MIT TechTV

July 17, 2008

Binary Arduino clock

Check out Daniel Andrade's binary LED clock built using the Arduino. It's well thought out, including controls for setting the time and hibernating with the LEDs off. Each hour and minute digit is represented in binary form, so it's actually fairly easy to read once you get accustomed to it.

The circuit and source are available from Daniel's site. If you're ahead of the game and already thinking about what to do this Saturday afternoon, this might be a fun option to add to the list.

DIY: Binary Clock with Arduino

July 16, 2008

Improve Linux laptop performance with Ramlog

One of the most power-hungry components in a traditional laptop is its hard disk, and time between charges can be greatly improved by keeping the disk in sleep mode. On machines like the OLPC that have solid-state disks, keeping disk writes to a minimum improves the life of the drive, minimizing unwritable sectors. Depending on how your machine is configured, log activity from kernel events and running daemons like sshd, a dns cache, or a local copy of apache can force your disk to make tiny writes every few minutes, impacting flash drive lifetime and ensuring that a mechanical drive never sleeps.

One solution to the problem is to disable syslogd entirely. An alternative is Ramlog, which offers a bit of a compromise. With Ramlog installed, log data is stored in RAM until shutdown, when it's copied back to disk in one big write. You will loose your logs if you have a system crash, but in a more usual scenario where you're trying to track down a wireless problem or an apache error on your development laptop, the logs are there for you to examine.

Installing Ramlog [linux.com]
Ramlog downloads