Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Contact Methods

  • ICQ

Profile Information

  • Gender
  • Location

Recent Profile Visitors

2,617 profile views

redxine's Achievements


Newbie (1/14)

  1. If possible I'd lose the inverter - they are incredibly inefficient. Everything ends up having to be converted back to DC again, so going from DC -> AC -> DC generates quite a bit of heat. Instead opt for a DC-DC converter. A switching one will also do good for battery life if there's a wide gap (Converting 12V to 5V for example). You can find universal DC adapters at plenty of discount and retail stores, but chances are they're linear. If you're good with a soldering iron you can whip up a very nice supply on a bit of perfboard and some small switching power regulators fairly easily, but even linear regulators would be better than an inverter. Also, from what I've read about taking these to the airport, it should be no problem carrying a sealed lead-acid battery on board (they'd rather spare batteries of any type be in the cabin rather than in cargo, since fire extinguishers are at hand). Just follow the recommendations at http://safetravel.do..._batteries.html and tips at http://safetravel.dot.gov/tips.html — namely keeping them installed in your project or taping or otherwise protecting the terminals, putting the battery in a plastic bag for good measure. The TSA, believe it or not, does know how to spot the difference between an explosive device and an UL certified battery, and often have the appropriate equipment to check for actual explosives. Just don't opt for a DIY battery pack any time soon. I'd also stay away from any battery with lithium chemistry, however there are specific TSA restrictions to carrying them on board (no more than 25g equivilent lithium content). If you suspect you'll run into trouble, print the above links and carry them to show someone if asked. Bottom line is don't make it look remotely dangerous to anyone, and security shouldn't as much as blink an eye. I am also in possession of a very nice aluminium brief case that I was interested in building a ruggedized laptop into, but this might be a far more interesting application :P
  2. Great. I see many statistics and plenty of scientific method here... except the system in question has been promised to be "coming soon" (as a free research prototype) for nearly a year now. It's not science if it can't be reproduced.
  3. But USB mass storage isn't the problem (unless it's a windows box with autorun, a vulnerability in explorer, etc.) - it's emulated HID. However since USB keyboards and mice are so commonplace today this is a difficult vector to defend. Perhaps having a whitelist for certain manufacturers of keyboards/mice (although this could probably be annoying for end users, so would the banning of USB devices entirely). You could put this off to physical security, which is really what it comes down to, but it wouldn't hurt to hinder the exploit with even a little bit of work.
  4. IT crowd was Channel 4, not BBC. I enjoyed it - it's not often you see any mainstream purely IT comedy.
  5. That relies on the actual hardware - the controller in USB keyboards and mice can sense the PS/2 handshake and adjust the protocol. So it'd have to be a burned-in feature of the duck's hardware or of a Teensy.
  6. True, but there's many instances when controlled media is a necessity, keyboards and mice break, etc.
  7. Haven't seen too many threads about protecting against rogue USB devices, or anything about testing to see if an USB device is "safe", as mentioned in the letter in episode 1023. I got thinking of protecting against evil rubber duckies and realised that mass storage isn’t the problem. While it’s relatively simple to prevent FUSE from mounting mass storage automatically, the thing we want is to prevent the “mass storage device” from sending HID events. Perhaps setting up a cheap and old box (or perhaps even a little RaspberryPi) with the usbhid module blacklisted (sudo modprobe -r usbhid) to plug a device to check into. A wireshark/usb dump can be done over ssh, et al to inspect the true intentions of the device. It’s a simple way to check for vendor ID, etc. and since it only requires runlevel 3, mouse and keyboard events/attacks can be rendered useless with a repurposed getty input (perhaps just an inkey program that redirects to a file to figure out what said evil rubberducky is up to). I smell some utilities for testing for rubber ducks for *nix boxes in the future :P I might test some of these concepts later, but I'll need to get my paws on a duck first.
  8. Just recently, I noticed I had trouble connecting wirelessly to my Linksys E2000. After updating the firmware and resetting the thing a dozen times, I've finally figured out that the wireless would return to normal operation if I unplugged anything with wired gigabit. The old machine being used as a server has a 100T-base NIC and it works fine, but as soon as I connect a new machine or my laptop on wired, ping round trip time goes from ~1 ms to an average of 11256 ms. I'm less than a metre from the router. The same thing happen independent of device or operating system, or as far as I can tell from two linux boxes, and android phone, and an iMac. This didn't start happening until a few days ago and my network configuration hasn't changed the slightest. Any ideas?
  9. same problem here. I can't even get the original aliosa27 user land to boot. 2 gig flash using dd if=file.img of=/dev/sdb bs=1M Then I eject the disk and throw it in the zipit, turn it on, and the LED for flash activity gives the impression that it's booting... then nothing. EDIT: Update - this is what gparted tells me. Doesn't make much sense. Never had this problem before, and it's definately a 2 gig flash. Grr. I'll try the 1 gig image. I wrote the above disc with sudo dd if=debianZ2-diskimage-2G.img of=/dev/sdb bs=512K Update 2: I was curious to find this in the image file: redxine@redxine-laptop:~/Desktop$ tail debianZ2-diskimage-2G.img to: gspi8686.bin gspi8686_hlp.bin And you should be good to go. I guess it untarred incorrectly. I'll try again. Edit: fixed it with some magic voodoo. No idea what did it, it just boot fine suddenly. Here's a new question: I've noticed that whenever it's not connected to wireless, that startx is really slow. I have to press Ctrl+C after getting "Host name lookup failure" to get it to start. And the clock resets at every boot. Any suggestions?
  10. +1 for DC-DC converters. As for controlling the car, if you want it to do cool things like roll the windows down and turn on the head lights, it'll need some kind of relay interface. But if you want to read sensor values you could interface to the GM port with parallel.
  11. public PM's are disabled! AARGH! lol

  12. http://www.hak5.org/oursituationonthisearthseemsstrange/ I feel accomplished now.
  13. Thanks. I'm almost done generating a master URL list I'm about to run with the following rules: O------ATION/ON/THIS/EART---EMSSTRANG--- <eart.> only matches 'earth' O-/-----ATION/ON/THIS/EARTH/--EMS/STRANG--- O--/----ATION/ON/THIS/EARTH/--EMS/STRANG--- O---/---ATION/ON/THIS/EARTH/--EMS/STRANG--- O----/--ATION/ON/THIS/EARTH/--EMS/STRANG--- O-----/-ATION/ON/THIS/EARTH/--EMS/STRANG--- O-/--/---ATION/ON/THIS/EARTH/--EMS/STRANG--- O--/--/--ATION/ON/THIS/EARTH/--EMS/STRANG--- O--/---/-ATION/ON/THIS/EARTH/--EMS/STRANG--- O---/--/-ATION/ON/THIS/EARTH/--EMS/STRANG--- O-/----/-ATION/ON/THIS/EARTH/--EMS/STRANG--- I sorted through dictionaries of two, three, and four letter words and took out uncommon words, leaving things like able, bent, gate, etc. So far I have a wordlist that follows the rules for 6 spaces, and it has 10992 entries. I think for this one I'll set up parallel wget scripts. ^_^ I'll post the list when it's done. (moments later): $ cat masterlist | wc -l 258120 I think it's back to the drawing board. Unless someone wants to help me rack up 30 megs worth of 404s on the hak5 server logs. lol. Here's the list and sources: http://dl.free.fr/pMpdo4hPP Let me know if anyone wants to help make a joint effort and we'll figure out how to split the file. I'll go ahead and start running the list.
  14. Well I just burned through this word/url list with no luck. http://paste.ubuntu.com/447013/ Matched the missing words against /usr/share/dict/words, but the permutations are huge because the separation of the words is unknown. This list matched the following pattern: o@@@@@/@ation/on/this/eart@/@@ems/strang@@@ The only entry matching eart@ is 'earth'. I also tried a word list where o@@@@@@ation (O --- --- ati on) was assumed to be a whole word, to which the dictionary matches the following words: update: burned through these too: http://paste.ubuntu.com/447030/
  • Create New...