May 15 2019
My notes from Thotcon 0x0a:
Hacking Con Badges for Fun and Profit
- Given by an EE
- Badge hacking started with DC23, HHV.
- Turned his DC23 record-badge into an analog clock.
- AND!XOR's DC24 independent badge.
- Maple Mini STM32.
- Live spectrum analysis of 20-20KHz as an add-on.
- Mic, pre-amp, FFT running on the uc.
- Wired into the badge, rock-and-roll.
- Inspiration and OSINT - look at the badge when it's announced, think about it
- Get ideas
- PoC - if you don't have this, you're not going to have anything
- dev & debug
- DC25 - NRF52 - 503.party
- Blow up any images you can and start thinking.
- BMD-300 module
- OxVox - synthesizer and firmware for the badge.
- Thotcon 0x09 badge - Thotcoin miner
- Arduino to toggle the pin to mine as many coins as possible
- Spoiler alert: 0 coins
- ESP8266, similar to the Sparkfun devkit. Picaxe x4.
- Rewrote the firmware in the EPROM that holds the coin count and changed the value. :)
- Added a speaker and amp, built a CW repeater for morse code.
- It's not a badge, it's a development board. Changes how you think about it.
- Addons - badges for your badges.
- DC26 shitty add-on connector, four-pin I2C interface, VCC is marked. Male pins. 0.1" pin pitch.
- Master badges have female headers.
- SAO Genie, based on TPM Genie, PoC for I2C sniffing.
- Badge -> SAO Genie -> Addon to monitor traffic, serial interface to hook to a computer.
- Destination address, packet contents. Passthrough, inject, modify, block packets.
- DCZIA badge - 4x4 keyboard
- Crappy audio processing unit to make a sequencer or a synth.
Mar 03 2019
UPDATED: 18 March 2019 - External display adapters that actually work with this model (and Arch Linux) added.
For various reasons, I found that I had a need to upgrade Windbringer's hardware very recently. This might be the first time that a catastrophic failure of some kind was not involved, so it's kind of a weird feeling to have two laptops side by side, one in process and one to do research as snags cropped up. This time around I bought a Dell XPS 15 Touch (9570) - I was expecting things to be substantially the same, but this did not seem to be the case. Some things that I found myself ignoring because I had no use for them aren't in this newer model, and some things have changed as technology has advanced rather a lot in the last five years.
As before, first I'll post the hardware specs, and then follow up with everything I had to tinker with to get working as well as how I went about it. As usual, I went with 64-bit Arch Linux (2019.02 installation build).
Oct 30 2018
Some time ago I began a search for a decent note-taking tool that I could carry around with me. For many years I was a devotee of the notes.txt file on my desktop, constantly open in a text editor so I could add and refer to it as necessary. When that ceased to scale I turned to software that replicated the legions of sticky notes on my desks at work and home, such as Tomboy. And that worked well enough for a while, but when I started relying upon my mobile more and more for things it too stopped being as useful as I wanted it to be. For about a year I turned to Simplenote, which is pretty much what it says on the tin: It's a note-taking system with a nice web interface, applications on all of the platforms that I use regularly, and even a command line utility which I used to back up my notes a couple of times a day. However, Simplenote is a centralized service and there is always a risk that it could go away at any time. At the very least, the switchover to the Simperium API could have caused problems in the near term for me, and I have enough on my plate these days that I didn't feel like fighting that particular war. So, the search for a replacement that relied more upon my own infrastructure than someone else's began.
Mar 27 2018
A couple of weeks back, as part of our continuing education program at my dayjob I ran a hands-on class on locksport, the quasi-science (perhaps art) of picking locks for fun and... well... fun. I'm a security wonk so most of the talks I run have some security content in them, but I wanted to do something that was fairly suitable for everyone (coders and not). So, I got the go-ahead to expense a few more locks and some intro picksets to give away from The Lockpick Shop (no consideration for mentioning or using them, they had what I needed at a good price) and hauled most of my collection of locks and tools to work over the course of a couple of days.
I used the Creative Commons licensed lockpicking village slides from the TOOOL website for my talk after editing them a bit to condense them for time and spent a couple of evenings practicing both my slides and craft to gear myself up for the class.
What follows are some pictures and ruminations I have on the topic of locksport that come from years of playing around with locks (after spending about as long trying and failing to get any locks open) and doing formal and informal sessions on the topic. Please bear in mind, I'm far from a master of this particular art. I've competed only once (and pulled a Charlie Brown by picking the lock backwards, thus jamming it at the worst possible time) and, while I recognize that there are some very talented people out there who are into locksport for the sheer artistry of it, I'm not one of them. I'm a pragmatic lockpicker: I'm on assignment, I need into something, I'm going to pick the lock and get in. I'm not a spring steel artist.
Okay. Enough chitchat, here's what I actually wanted to write.
Jun 19 2017
A couple of months back I did a brief writeup of Keybase and what it's good for. I mentioned briefly that it implements a 1-to-n text chat feature, where n>=1. Yes, this means that you can use Keybase Chat to talk to yourself, which is handy for prototyping and debugging code. What does not seem to be very well known is that the Keybase command line utility has a JSON API, the documentation of which you can scan through by issuing the command `keybase chat help api` from a command window. I'm considering incorporating Keybase into my exocortex so I spent some time one afternoon playing around with the API, seeing what I could make it do, and writing up what I had to do to make it work. As far as I know there is no official API documentation anywhere; at least, Argus and I didn't find any. So, under the cut are my notes in the hope that it helps other people work with the Keybase API.
The API may drift a bit, so here are the software versions I used during testing:
Jun 17 2017
I've been promising myself that I'd do a series of articles about tools that I've incorporated into my exocortex over the years, and now's as good a time as any to start. Rather than jump right into the crunchy stuff I thought I'd start with something that's fairly simple to use, straightforward, and endlessly useful for many purposes - a wiki.
Usually, when somebody brings up the topic of wikis one either immediately thinks of Wikipedia or one of the godsawful corporate wikis that one might be forced to use on a daily basis. And you're not that off the mark, because ultimately they're websites that let one or more people create, modify, and delete articles about just about anything one might be inclined to by using only a web browser. Usually you need to set up or be given an account to log into them because wiki spam is to this day a horrendous problem to fight (I've had to do it as parts of previous jobs, and I wouldn't wish it on my worst enemy). If you've been around a while, when you think of having a wiki you might think of setting up something like WikiWikiWeb or Mediawiki, which also means setting up a server, a database, web server software, the wiki software, configuring everything... and unless you have a big, important project that necessitates it, it's kind of overkill and you go right back to a text file on your desktop. And I don't blame you.
There are other options out there that require much less in the way of overhead that are also nicer than the ubiquitous notes.txt file. For the past couple of years (since 2012.ev at least) I've been using a personal wiki called Tiddlywiki for most of my projects which requires just a fairly modern web browser (if you're using Internet Explorer you need to be running IE 10 or later) and some room on your desktop for another file.
Jun 16 2017
Additionally, this was before I'd ever done any serious information architecture and communications stuff, so you will undoubtedly cringe upon reading some of my assumptions and JSON sketches. Additionally, this was before I discovered PouchDB (which is basically CouchDB in the browser) so a few of my ideas really wouldn't wash today. So, please consider these notes somewhat naive toward the goal of building the application. Please don't facepalm too hard, you'll give yourself a concussion. Maybe somebody will find them useful in their own work.
May 28 2017
Some time ago, I found myself using a Kryoflux interface and a couple of old floppy drives that had been kicking around in my workshop for a while to rip disk images of a colleague's floppy disk collection. It took me a day or two of screwing around to figure out how to use the Kryoflux's software to make it do what I wanted. Of course, I took notes along the way so that I would have something to refer back to later. Recently, I decided that it would probably be helpful to people if I put those notes online for everyone to use. So, here they are.
Jan 02 2017
20170107: It's not "group name" it's "Group ID." I don't know how to find that yet.
The communications program Signal by Open Whisper Systems is unique in several respects. Firstly, its barrier to entry is minimal. You can search for it in the Google Play online store or Apple iOS appstore and it's waiting there for you at no cost. Second, it's designed for security by default, i.e., you don't have to mess around with it to make it work, and it does does the right thing automatically and enforces strong encryption by default (unlike a lot of personal security software). It interoperates seamlessly with people who don't use Signal but you have the option to invite them to install it with a single tap. Its protocol is an open standard that multiple companies have implemented, so theoretically anyone can write their own implementation of the client (Android, iOS) or server, or compile it for themselves. It's an SMS/MMS application, so you can use it as your default text messaging client on your mobile, plus it can do text message conferencing with multiple people automatically (it's a great way to keep in touch with friends if you're at the same con). There's even a desktop Signal client that runs inside of Google Chrome or Chromium (source code for the interested and curious).
So, why, exactly am I posting about Signal?
There is a little-known command-line implementation of Signal that I've been experimenting with because I eventually plan on writing a bot for my exocortex. In playing around with it, I've come to realize that it's not particularly friendly to use at all, and I might have to break down and use the dbus interface to do anything useful with it. Which I don't look forward to, but that's not the point. The point is, I've compiled some notes about how to use the command line version of Signal and I wanted to put them online in case somebody will find them helpful.
Aug 20 2015