C-c-c-c-c-combobreaker!
Wednesday, 27 May 2009 at 22:31
OCZ NIA hacking, now with Python!
Monday, 25 May 2009 at 15:45
Disclaimer the first: I don't know a whole lot about USB or device drivers. Those of you who do will no doubt point and laugh.Disclaimer the second: Where applicable, I've given credit for and linked to the work of others. I've independently discovered a few things that others have already figured out, so one or two things may not be attributed. In that case, please let me know and I'll put a reference where applicable.
Over the past few weeks I've been playing with my OCZ NIA on and off. My first attempt at getting anything out of it involved recompiling Windbringer's kernel with HID debugging and /dev/hidraw device support to maximize my chances of having a device node to play with. As far as I can tell these are probably unnecessary because when you plug in the NIA device nodes under /dev appear and some of them will emit binary when you read from them. While you can `cat` from the device node you won't get much from it. After running niasnoop (which defaults to maximum debugging output) it automatically found my NIA at device node /dev/bus/usb/005/002 and started pulling data from it, just as it's supposed to do.
Using niasnoop I captured a couple of megabytes of data in a text file and stared at it for a while in an attempt to gain more insight into the format of the data stream, only to no avail. I then got the bright idea to check out the OCZ forums again, and there discovered that someone called dr-mephisto had written a Python module that hooks into libusb and makes it possible to write apps in Python that read data from the NIA, thus beating me to the punch by a few weeks (realistically speaking, probably a few months). PyNIA has a few dependencies that have to be met before you can use it - the aforementioned libusb, Pyglet, pyusb, and numpy to provide the signal analysis algorithms. These dependencies are pretty easy to satisfy; you can probably pull what you need from your distribution's package repository (unless you're running Python on Windows or Mac OSX, in which case you're on your own).
More under the cut...
EDIT: All-ages goth night starting in Virginia.
Wednesday, 20 May 2009 at 20:00
While talking with Lori-Beth at Spellbound last weekend she brought up something that had been bumping around in the back of my head for a while, which was that northern Virginia and Washington, DC had some great club nights for older folks - Spellbound, Midnight, Umlaut, what have you - but nothing for the younger folks who aren't of legal age (regardless of whether or not they want to drink). These days, it's harder to sneak into clubs when you're still in high school because most every club really does check ID these days. Not that I'd know or anything...Starting at Jaxx (6355 Rolling Road; West Springfield, VA; 222152; phone 703-569-5940) on the 22nd of May (this coming Friday) will be Sanctuary, an all-ages goth/industrial club night. The cover charge will be $10us, and the bar at Jaxx will be fenced off so folks under the age of 21 will be able to get in. Transept of Spellbound is the DJ in residence, and will be playing a mix of newer and older tracks. On 5 June 2009 and thereafter Sanctuary will move to Monday nights and run from 8:00pm until 12:00am, still all ages. Perfect for folks like me, who have to get up at 0600 for work the next morning.
Dress to die for. I know I'll be breaking out my best this upcoming weekend...
Never apologize for giving something a good life.
Tuesday, 19 May 2009 at 00:55
We lost Lucy tonight.Lyssa and I spent a quiet evening in the living room watching Babylon-5 and just before bed I went into the library to check on her and say 'good night' as I usually did, and I found her stretched out on the bottom of her cage. Cold, stiff, and quite dead.
I half-wondered how long it would be, truth be told. Lucy had been slowing down, and she'd stopped running up and down the ramps of her cage to get food, instead preferring to stuff as much as she could into her cheek pouches in one go and cart the whole lot downstairs to hide in her bed so she wouldn't have to move as far. She even stopped running in her wheel about a month ago, and every once in a while I thought I could hear a little sneeze coming from her cage. I tried to get her out of her cage this weekend so I could clean it but she refused to leave the little plastic igloo she used as her den.
Lyssa and I took her cage apart and carefully wrapped her in a piece of one of Lyssa's old altar cloths, and we buried her near the foundation of our apartment building next to the lillies that had been discarded there last season, only to sprout a couple of weeks ago. The rest of her stuff we really couldn't re-use with another pet, and so bundled up in a couple of garbage bags and carted off to the dumpster a couple of minutes later.
Lucy.
More under the cut...
Leonard Cohen, movies, and a busy life.
Monday, 18 May 2009 at 20:48
Last Monday night Lyssa and I took to the DC Beltway in the middle of rush hour, cast caution to the wind, and set course for the Meriweather Post Pavilion in Maryland to attend one of the rarest of events: the first Leonard Cohen concert in fifteen years. Yes, the man, the myth, the legend himself is on the road once again with a top notch band and a soulful voice and double entendes that'll turn your knees to jelly. From Cohen's rich as whisky basso voice to Javier Mas' talented hands dancing across most every stringed instrument known to the western world, Sharon Robinson and the Webb sisters' backing vocals that carried even without the benefit of amplification and Dino Soldo's amazing coterie of saxophones, clarinet, and harmonica, the entire evening was a veritable feast of music which lasted three hours. Lyssa and I met up with the Wrong Hands shortly after arrival at the Pavilion and after a quick stop to pick up what passed for food from the concession stands we picked our way through the crowd (we were almost but not quite the youngest people in attendence) to our seats at the back of the stadium seating. Unfortunately, Laurelinde wasn't able to join us that night so we gifted our spare ticket to TWH, who was most appreciative of not having to sit in the grass on a chilly spring evening with the threat (later, the promise) of rain. There was no introductory act, no warmup, only the main attraction hitting the ground running and pausing once an hour to regroup backstage. At the age of 77, Cohen still has the energy to put on an amazing show, even going so far as to skip off stage at the end of each act. The ensemble took the stage dressed in pinstripes and old-fashioned fedoras; Cohen stood out at center stage with the microphone cable coiled in his left hand next to his face, his fedora in his right, and that amazing voice issuing from vocal cords touched by the Host. They played the songs that everybody remembers like Everybody Knows, Dance Me To the End of Love, Tower of Song, and Democracy.Unfortunately I took no pictures because I didn't know if we'd be allowed to bring cameras to the concert and decided not to risk it. I rather regret that, but a few other people did.
Cohen is an unusually gracious performer: he introduced everyone in the band twice (once per act), and everyone had solos long enough to really show off their skills. It's plain to see that they have a lot of respect for each other, and it wouldn't surprise me at all if they've worked together for years. Back at the souvenier stand, I discovered that practically everyone in Cohen's band has recorded their own albums, which were all on sale along with the usual t-shirts, posters, compact disks, signet rings (!), and guitar picks. I'll have to see about picking a few of them up to listen to one of these days.
More under the cut...
Uh-oh...
Saturday, 16 May 2009 at 01:39
I've updated my .plan file again. As always, there is not-safe-for-work content, so use discretion if you click on that link.Coming to you live and direct from HacDC's noisemaker class.
Thursday, 14 May 2009 at 23:17
Taking one of Elliott's noisemaker classes at HacDC is a lot like practicing chaos magick: you're never sure what you're going to have to work with at any given time, you don't know what sort of result you're going to get until you're halfway through the process, a large part of your instructions will consist of "Let's try this and see what happens," and you're guaranteed lots of funny noises (often modulated with different kinds of light).Scaring the neighbors is completely optional.
A week after the VPMP deadline.
Thursday, 14 May 2009 at 14:55
A little more information on the recent compromise of the VPMP and subsequent ransom demand has hit the wires since Wikileaks.org broke the news almost two weeks ago. It was admitted that the VPMP's information security measures were not all they were cracked up to be, as if this would come as a surprise to anyone. The article mentions that a backup system did not appear to be in place, nor a properly configured firewall to control traffic from the public Net. Governor of Virginia Timothy Kaine tried to save face by playing up the countermeasures in place and the sophistication of the attack which, I have to be honest, sounds like jetwash. So long as you don't speak specifically, you can talk about what you know of the state's public homepage and make it sound like a more specific and sensitive information system's security measures by counting on listeners to make the erroneous connection on their own. The state of Virginia went out of its way to hide the fact that this system was cracked rather than alerting the people who were in it that they should call their banks and keep a close eye on their credit records, so I'm not all that inclined to believe him. At this time the system is still offline save for e-mail, and records are now being kept manually until such time that the database can be rebuilt and repopulated.Officials overseeing the VPMP state that it doesn't appear that the cracker is trying to sell the data on the black market since the passing of the deadline without payment. How would they even know? If bank account information for hundreds of people can be bought and sold and thousands of dollars at a time can be laundered with nary a whisper by someone living in a basement apartment, moving a database like this probably wouldn't be all that difficult using standard techniques. Whomever bought the database dump could then chop the records up into easy to move blocks and sell them off a little at a time, and probably turn a profit when compared to the price of purchase.
The FBI's investigation is still underway, and they're not talking save that it'll take another two calendar weeks to finish forensic analysis. Marilyn Tavenner, Secretary of Health and Human Resources for the state of Virginia went on the record as saying that pharmacists and other providers of legal-yet-controlled substances were being told to watch out for people trying to buy drugs using potentially stolen information.. which is entirely the wrong thing to warn them about. Anyone trying to capitalize on this information isn't going to try to gank Dr. House's vicodin prescription to abuse or sell, they're going to take the path of least resistance, which means social engineering the credit card agency or bank to get a new card sent to an address that the attacker controls, or create an alternate identity complete with new credit cards and bank accounts. The path of least resistance minimizes the amount of public contact necessary on the part of the attacker.
It's telling that so many different groups lobbied heavily against the creation of this program since before its inception in the year 2003 for exactly this reason: putting that much PII (Personally Identifable Information) on a system that you can reach from the public Net is a recipe for disaster. As a result, a multi-million dollar contract with Northrop-Grummon was inked to rebuild their systems and update their security measures. We'll see how good a job they do in a couple of years.
An assortment of photographs.
Thursday, 14 May 2009 at 10:12
Does anyone else find it amusing that a cast metal and plastic drum is manufactured by a company called Touch the Earth? This is about as far away from their ideal as you can get without hopping a space shuttle.
More under the cut...
Fjalar Ravia, requisat en pace.
Friday, 08 May 2009 at 22:24
I just returned home a few minutes ago from celebrating the greater feast of someone whom I have admired greatly for a number of years.Fjalar Ravia, better known to the hacker community as Fravia+, was a master of reverse engineering software. Not just for cracking the copy protection of games but reverse engineering for the purpose of figuring out how code works for the sake of doing so. He was also known for his skill at crafting search engine queries to uncover the damndest things in the deep web. Since 1995, he'd written an amazing number of tutorials on those topics which were posted to his website searchlores.org along with the essays of many other RE enthusiasts. If you wanted to learn how to pick code apart Fravia+'s website (or one of its many mirrors) were probably one of the first sites you found, and even though some of the information's a little outdated it's still an excellent place to start.
He passed away on Sunday, 3 May 2009 following a battle with a cancer called metastatic squamous cell carcinoma of the neck which claimed his life at the age of 57. It appears to have moved swiftly: a message posted in October of 2008 suggests that he'd been diagnosed sometime in 2006 or 2007. A document he called his swan song was posted to his website on 29 April 2009.
Fravia+ is survived by his wife Annele, a daughter Franziska, and twins Alvi and Sirkka.
Fravia+, may there be debuggers that step backwards as well as forwards wherever it is you are.
"A feast for fire and a feast for water; a feast for life and a greater feast for death!"
--Liber AL vel Legis, chapter II verse 41
More under the cut...
Virginia Prescription Monitoring Program compromised - 8 million records held for ransom.
Thursday, 07 May 2009 at 10:40
Yesterday morning, word got out through the Internet Storm Center that the web server of the Virginia Prescription Monitoring Program was compromised by an unknown attacker. The VPMP is tasked with recording all of the pharmaceutical prescriptions filled in the state of Virginia for the purpose of data mining to determine who may or may not be abusing prescription drugs, and probably who may or may not be selling their prescriptions on the street. Given that Virginia enacted some annoying laws a couple of years ago that require a photo ID to get hold of Sudafed and placed limits on how much Sudafed that you could buy in a month's time (nevermind that the meth labs just stole entire shipping crates of Sudafed out of trucks), this database probably also contains the driver's license ID numbers of everyone who's ever picked up a prescription or had an allergy attack for the past couple of years. The cracker replaced the frontpage with a ransom demand stating that he/she/they had downloaded the records of 8.2 million consumers (including the drugs prescribed (which is enough information to potentially embarass a lot of people), names, addresses, and Social Security Numbers), made an encrypted backup of the data, and deleted the original database and all its backups from their production network. The cracker is asking for $10mus to not sell the user data on the black market and turn over the key to decrypt the data.The ransom note was put up on 30 April 2009. The deadline to pay the ransom was supposed to be a week later: today.
What really pisses me off is that they tried to keep this quiet - it wasn't the news media that broke this story, it was Wikileaks publishing the ransom note that had been removed from the Prescription Monitoring Program's website when it was taken offline. Someone working that clusterfuck leaked it when they weren't supposed to around 3 May 2009. It was only yesterday that the news media caught wind of it, probably after it hit the ISC. The FBI and Virginia state police have been called in but it's anyone's guess as to whether or not they've got the tech chops to figure out what actually happened. Laura Southard of the Virginia Department of Health says that the VPMP website is now secure - of course it is, it's been taken offline though it says something, I think, that if you do a Google search on this project the third result returned is the login page for their website (which is also inaccessible).
More under the cut...
Old school phreaking meets X-Men Origins: Wolverine?
Sunday, 03 May 2009 at 19:42
You only need three people to make a blue box if you're standing around bored - two whistling at the proper pitches to make DTMF tones and a third to whistle in-band signaling tones. Finding someplace to whistle to is a bit trickier.(Thanks, Lyssa and Jade! Anybody got an oscilloscope we can borrow?)
Noisemakers and electronics at HacDC.
Saturday, 02 May 2009 at 00:36
Thursday nights at HacDC for the next couple of weeks have been taken up with a nifty new class courtesy of Elliot - a basic electronics course in the guise of building noisemakers. From basic oscillator theory we moved on to... I couldn't make it to the second class due to a scheduling conflict, truth be told, so I don't know what was taught. Jade and I did make it to the third class which was about low-pass filters (which allow low frequencies to pass (the definition of 'low' is highly situational) but filter out high frequencies), how to vary the dynamics of the circuits (we made heavy use of photocells but other attendees used potentiometers, or manually variable resistors, possibly to much better effect), to how to pull nifty tricks with them. The circuit that Elliot diagrammed on the whiteboard has a lot of uncertainty in it - you really have to play around with them to see what each variable will do to the sound. Depending on what you use and how you wire it, a given resistor might vary the volume, the pitch, the gain, or something else entirely. This was Jade's first time working with electronics but she picked up the basic principles very well and it took her less than a minute to become proficient at soldering. It took me a bit longer to figure out exactly what was going on (I really need to start teaching myself electronics, along with every other project I have on my plate). In hindsight, I think that photocells were perhaps not the best way to go due to how wiggy they can be to control when you've got a decent amount of ambient light. We wound up staying until 2330 EST5EDT last night playing with circuitry and watching the various sorts of zaniness going on, but had to leave for home around then because Jade had work in the morning and I had to get up early to go to the dentist and finish my latest root canal.Under the cut, a few photographs taken at the 'space on Thursday night.
More under the cut...
