whitenoise

Today I found this video here as an complex extension of the idea above. The guys from the research group manage it to count people with WiFi inside a closed area:

Thanks for the input Cooper. Those fractal antennas look interesting. When I searched them on youtube I found an interesting video of 'spraying' antennas: So I just need to buy some graphene (or cooper :P ) spray, print a mask, put in onto my substrate and happy spraying. Awesome! What I want to achieve is to increase the sensitivits due to the array design. From a theoretical point of view this makes sense, from a practical one ... it depends. As Darren said in one of the episodes, the horizon is the limit. Its more or less just an experiment, playing around. What I already did is forming kind a colinear antenna by just bending wire. It was easy to build (just bending some wire) and looks like: http://martybugs.net/wireless/images/collinear_bare.jpg The antenna works quite well receiving signals from up to 150-200 km (ca 100m above sea level, no mountains around). The biquad also looks interesting, I wonder if it is more effective than a patch array.

Haha probably I should change to some gold sputtered silicium wafers, eh? Yes I guess so that etching would be the best option. However, the more parallel patches you want to run on the panel the bigger the size of the antenna will be. Don't forget that we are not talking about single patches of 1 cm but nearly 14 cm ! I wasn't going to fill my bath tub with HCl/H2O2 although it would be a very cleaning bath. Thus there was the idea of just making some masks, cut the foil and glue it onto some substrate. Connecting all patches with a wire and there we go. The only thing to consider might be that all patches are in-phase to eachother and when the signal is mixed together there are no cancelations. This should be avoided by chosing the right lenght of spacers. I'm not sure whether it really matters as the speed of the signal in relation to the frequency could be so much faster that in the range of several cm the amplitude of the signal peaks are not shifted sooooo much.

Hey! While playing around with ADS-B, I was thinking about boosting the range of detection by building my own panel antenna. Finally it should look similar to this one: http://www.activefrance.com/Antennas/_wp_generated/wpc12cc178_1b.jpg The size of the single patches can be calculated from the center frequency: http://www.raymaps.com/wp-content/uploads/2012/02/patch_antenna_labelled.jpg L = λ/2, so in this case: f = 1090 MHz --> λ = 0.275 m and thus resulting in a L of 13,75 cm. A DIN A2 sized circuit board could carry 24 patches. As the ADS-B signal already contains information about the location of the signal, it is not necessary to point the antenna always to one direction. Thus finally I want to mount the antenna onto a rotating motor, collecting data from all directions and plot the data with dump1090. I'm still not 100 % sure how to construct the panel. Maybe I could do it on my own using a patch mask and cutting cooper foil or I'l ask some guys that have access to a PCB milling machine. In the last case the size of the panel might be a problem so I probably should think about a modular design and finally plug everything together. What do you think?

I think besides from technical issues such as cookies and browser tracking there is also the fingerprint of your web behaviour. You visit certain sites again and again, certain services of your computer may connect to sources in the internet and so on. Really to cover all aspects is very hard indeed. You can deactivate cookies, okay. Tails is trackable via browser information. I guess one has to generate a browser signature that has as less individual data as possible, meaning not to delete all entries but to see, what is the most common setting so there are lots of other users that use the same setting, too. Then as Cooper said, separating anonymous and non-anonymous activities is important (if possible at all). Theoretical for every website you could assign yourself a new IP address so a single IP assignement to you cannot collect enough data to classify it a fingerprint. You probaly also could do it the other way around and add fake behaviour to your normal web behaviour. This could be done by an automatically script that has a huge list of garbage websites and here and then sending requests there. I would not really trust the last solution as relevant data probably can become extracted by simple statistical analysis. If the websites you regularly visit stick out they have a pattern. To make this work the frequency of visiting regular websites has to be as high as the frequency of random websites so the 'true' signal can hide in the 'noise'. Be aware that there are probably other mechanisms to track you, too.

That is exactly the point. Just start to solve the problem from the other side which means, ask yourself WHAT is your AIM and specify the problems. Make a list of things you want to solve and then search the tools you need to fix that. You could start like this: - easy to setup Firewall -> controlling data flow in general - recognizing attacks in LAN -> software that i.e detects arp spoofing or other kind a man-in-the-middle - recognizing Wifi attacks -> deploy a raspberry pi that scans for packets (monitor mode) and detects i.e. deauthentication packets against your network, logging known devices around (as probe requests and beacon frames) and detecting abnormalities and so on ... - logging what is going on -> who is in your network and which ip/mac adresses are used, maybe logging traffic as well (source ip, destination ip, data volume) you can extend the list as you want. Just try first to define your problems/aims.

The topic is quite interesting, by the way it is not too hard to prevent such attacks. Have a look at this paper: http://www.blockyourid.com/~gbpprorg/mil/gps4/Wen_Spoof.pdf

Here is an up to date article, the discussion keeps on: ... ... source: http://rt.com/uk/225643-encryption-unethical-spy-behaviour/

@Cooper: Thanks for your input! Of course you're right and sure, if you want to send an encrypted email then do it via PGP. But still the meta data will always be readable. I just like that topic because there are already people saying "privacy does not exist anymore". I'd love to prove they're wrong and to keep this good alive despite all those new regulations. For me this looks more like that after the Snowden revelations more and more people care about security and might use encryption. So how to stop that from a government side? - By law. In Germany right after the attacks in Paris the topic is back again and is currently discussed. I'm curious about the outcome. We call that 'Vorratsdatenspeicherung' which means that all the meta data will be stored for a peroiod of time and can be required - as you already wrote :). The Germans are a bit special ... we care more about having horse meat in the lasagne than the state is reading our emails, you probably know the story ;) I'm also curious if in general encrypted communication will still be allowed in 5 or 10 years. It might be that if encrypted traffic is detected you automatically get classified as suspicious. I can hardly imagine that besides the fact that there are a lot of useful applications for encryption i.e. money transfer and how they will seperate this. Anyway, also encrypted communication is developing and new ideas are comming up (like bitmessage and others).

Here is an update for the EU! A high ranking EU official wants to force telecommunication companies to hand over the encryption keys of the encryption of the user data to the police and other intellegence agencies. A reason for legalizing this is the alleged increasing danger of terrorism. http://www.statewatch.org/news/2015/jan/eu-council-ct-ds-1035-15.pdf

Hey! Inspired by this article http://arstechnica.com/tech-policy/2015/01/uk-prime-minister-wants-backdoors-into-messaging-apps-or-hell-ban-them/ which was recently published by ars in relation to the attacks in paris I want to start a discussion about the (legal) use of encryption in the future. What do you guys think? Will rights be restricted so much that encrypted communication for everyone won't be allowed anymore? Is this a possible scenario or just some public crying of politicians? And let us not forget: encryption != encryption An encrypted communication needn't be a trusted encryption and we all know about encrypted services that have their own backdoors embedded (such as Skype).

Everyone who is interested in that topic should read this paper: https://panopticlick.eff.org/browser-uniqueness.pdf It gives a good overview about what kind of traces you leave while surfing.

I would say the EIRP is the actual radiated power by the antenna (sum of amplification gain and antenna gain minus cable loss) and the RSSI is what the receiver gets. So the RSSI will drop by increasing the range to the antenna. Because there is no information in the packet about the EIRP the calculation of the RSSI is a thing of its own (depending on the energy that is induced in the receiving antenna). Also the medium in which the signal travels takes influence depending on its grade to absorb the power of the signal (i.e. 2,4 GHz under water would be a bad idea :D ). In general low frequencies travel further than high frequencies (same conditions assumed - probably because high frequencies are more likely to interact with our terrestrial environment).

Makes sense as the HTML source code probably comes in several packets. If you are able to choose what to replace you could search for comments (i.e. with regular expression), cut them out, inject your code and fill it up until the original size is restored. This might be a little workaround without making too much damage to the website itself.

Wenn Ettercap Zeichenketten austauscht, korrigiert es dann auch die Paketlänge? Falls nicht kann das dazu führen, dass das Paket am anderen Ende zwecks Fehler verworfen wird. Wenn man die Pakete verändert muss man nicht nur die Länge sondern auch die Prüfsumme neu berechnen! :P // Does Ettercap recalculate the lenght of the packet (and the checksum) ? This might be a problem because wrong packets might be dropped by the client.

You can do something like this with Deep Packet Inspection. It is also possible to do it in Python. Add a new chain to your IP tables which directs forwarded TCP packets to NFQUEUE. You can grab the packets with a Python script and decide what to do with them (let them pass, alter them or drop them). What you could do is let the GET request pass to the server and then collect all the segments comming from the server to reassemble the HTML source code (basically sending a lot of Acks). In many cases the content of the segments is compressed so you have to puzzle all together and then decompress them. In a next step you can alter the HTML as you like (replace hyperlinks etc). Then you have to simulate the server connection to the client and transmit the altered HTML in segments back to the client (you can use Scapy for that).

I see. Yes, interference with other signals could be a problem or at least drop the resolution. One could test this. Maybe directional antennas could improve that issue a bit but in general if you more or less 'DoS' the receiver with strong signal packets the system gets disturbed.

First of all this is not an AP you want to connect to. At the moment this is based on Beacon frames as it was an easy option using airbase-ng. Of course you could easily write a script in scapy that sends other packets that are then filtered by the receiver or even design your own packets. So basically there are a few options to make it more reliable. I'm not sure if you even could use encryption because at higher packet rates you might get into trouble with CPU speed.

You could even put this onto a Raspberry PI and use it to automatically flush your toilett (:D) or switch on the lights when you come home

Using WiFi as a photo sensor and motion detector You need a simple solution to detect if someone is crossing a door? Maybe it also would be great to get a notification directly to your smartphone? You want to count cars? You want to ... ? Let's divert some WiFi stuff! What you need: Hardware: 2 WiFi cards i.e ALFA awus036nha + 5dBi dipol antenna + USB cable Software: Linux Python with modules: - scapy - xmpppy Aircrack suite - airmon-ng - airbase-ng Concept: Basically we need a transmitter and a receiver and analyze the signal strengh of the packets. The transmitter will send Beacon frames at a high rate but low power. The high rate is needed for a good resolution to detect object passing through the barrier. The higher the rate the faster the objects you can detect. Decreasing the txpower will make the system more sensitive. The receiver sniffs the Beacon frames comming from the transmitter and analyzes the signal strengh. As the signal will be a bit noisy this is compensated by calculating averages of 10 Beacon frames. These values are the actual values the script works with. From these, 100 packets will averaged again to calculate a steady-state signal. The steady-state signal is used to detect events i.e. some one crossing the barrier. In every case you have to calibrate the system so it works nicely for your personal purpose! How does it detect events? You have to set a threshold which is the minimum difference between the steady-state signal and a signal value at time X. If something crosses the barrier the signal value at this moment will drop i.e. from -30dB to -50dB. This difference is noticed and an event is triggered. The threshold needs to be set carefully. If it is too low you will get false-positives as interference might produce peaks that go a bit beyond the average peaks of the noise. Setting the threshold too high events might not be detected any more (you can also play with the txpower of the transmitter here). So what happens if a barrier-crossing event is detected? It is up to you (in case you know a bit about Python programming)! At the moment the script is able to send you a message to your Jabber account which you can run on your smartphone (i.e. on Android with GibberBot). The script also has a protection against mass-spamming and always locks the event-detector for a certain amount of packets until the next event can be detected. Can you visualize what is going on? Sure. The output is written into a file called signals.csv containing the packet count (actually every 10 packets the counter increases), the average signal (10 packets) and the average signal for 1000 packets. You can easily plot that in MS Excel or Libre Calc: How do I use this? First of all check if you have all the requirements listed above. In a next step you would build your physically setup (i.e. placing the antennas onto your desk with a distance about ca. 1m). With the current setup I used 5dBi dipol antennas. You have to edit the receiver.py and change the following values according to your setup: jid="" # Jabber account name i.e. myaccount@jabber.com pwd="" # Password for Jabber account recipient="" # Receiver i.e. somereceiver@jabber.com transm_mac ="00:AA:BB:CC:DD:EE" # MAC address of your transmitting device! You should notice that there also is the »THR« variable which is the threshold. Don't forget to save the file. Now open a terminal and login as root. Set the txpower of your transmitter via command line i.e. »iwconfig wlanX txpower 0.1«. Set both interfaces to monitor mode using »airmon-ng start wlanX« (X depending on your interface index). Open a second terminal and login as root as well. Start the transmitter with »python transmitter.py«. Make sure your arms are not inbetween the antennas and carefully start the receiver with »python receiver.py«. Open Pidgin or whatever you use for Jabber and login into your account. Now you should see that packets are comming in. You see the packet numbers, average for 10 and average for 1000 packets. If you move your hand through the barrier and you should get a notification to your Jabber account. You can close both scripts by pressing Ctrl + C. What if nothing happened? You have to recalibrate the system. Open the CSV file in Excel and plot the data. Check if you can identify peaks. If there are no peaks your signal strengh might be too high. Maybe your resolution is too weak, too. You can test this by holding your hands for several seconds in the barrier of better just sit between them. If you see a broad but weak peak then your resolution might be too low. So you have to open the transmitter.py and change »bashCommand = 'airbase-ng mon0 -I 5 -e %s' %(ESSID)« to i.e. »bashCommand = 'airbase-ng mon0 -I 3 -e %s' %(ESSID)« so airbase-ng will send a Beacon frame every 3ms. If there are nice peaks but you still get no signal maybe the threshold is too high. You can simply check that by calculating the difference from the average and the current value. You can change the threshold in »THR« in reciver.py. Have fun! Attention: These scripts are proof of concept and meant to illustrate different applications with WiFi. All the features are static and further modification might require knowledge about programming. Also there is no proper error handling to keep things simple. You use these scripts on your own risk. High packet rates might damage your network interface. Don't use this scripts if you are not fine with that. transmitter.py #!/usr/bin/env python #-*- coding: utf-8 -*- # WLAN photo sensor receives Beacon frames filtered by a specific MAC address and analyzes the signal strengh. # The Beacon transmitter has to be set up weak so the system is sensitive enough to detect events. # Also the packet rate should be high to get a nice resolution for detecting events # Events are stored in a CSV file for plotting i.e. in Libre Calc # Setting the transmitting antenna to 0.1dB (using a 5dBi dipol antenna) and sending 200 packets per second worked fine for me (1m distance). import time import sys import signal import subprocess def signal_handler(signal, frame): print 'You pressed Ctrl+C!' sys.exit(0) signal.signal(signal.SIGINT, signal_handler) print 'Press Ctrl+C to abort' ESSID="sensor" # Type in the name of the network bashCommand = 'airbase-ng mon0 -I 5 -e %s' %(ESSID) # 5 means every 5ms a Beacon frame will be sent. You can decrease this number to get a better resolution. process = subprocess.Popen(bashCommand.split(), stdout=subprocess.PIPE) output = process.communicate()[0] receiver.py #!/usr/bin/env python #-*- coding: utf-8 -*- # WLAN photo sensor receives Beacon frames filtered by a specific MAC address and analyzes the signal strengh. # The Beacon transmitter has to be set up weak so the system is sensitive enough to detect events. # Also the packet rate should be high to get a nice resolution for detecting events # Events are stored in a CSV file for plotting i.e. in Libre Calc # Setting the transmitting antenna to 0.1dB (using a 5dBi dipol antenna) and sending 200 packets per second worked fine for me (1m distance). from scapy.all import * import time import xmpp # Setting initial values count=0 # all captured Beacon frames sig10=0 # sum of 10 packets sig100=0 # sum of 1000 packets (100 x sig10 -> 1000, as sig10 is already 10 packets) m10=0 # averaged signal strengh (10 packets) m100=2 # averaged signal strengh (1000 packets) - is needed for event detection THR = -10 # threshold, minimum distance from sig10 to sig100, if difference is greater than THR probably some event happened. memory=1 # How many packets should pass by until next event can be detected? This is to avoid mass notification filename = "signals.csv" file = open(filename, "w") file.write("frames,sig10,sig100\n") file.close() jid="" # Jabber account name i.e. myaccount@jabber.com pwd="" # Password for Jabber account recipient="" # Receiver i.e. somereceiver@jabber.com transm_mac ="00:AA:BB:CC:DD:EE" # MAC address of your transmitting device! def sendJabberMsg(): global jid global pwd global recipient msg = time.strftime("%Y-%m-%d_%H%M%S") + ": EVENT" # This is the message sent in case of event beginning with a time code. jid=xmpp.protocol.JID(jid) cl=xmpp.Client(jid.getDomain(),debug=[]) file = open(filename, "a") if cl.connect() == "": # If there are connection errors it will be logged print "not connected" msg = msg + ": not connected" event = "%s,%s\n" %(count/10, msg) file.write(event) if cl.auth(jid.getNode(),pwd) == None: # If there are problems with authentication it will be logged as well print "authentication failed" msg = msg + ": authentication failed" event = "%s,%s\n" %(count/10, msg) file.write(event) else: # If everything is fine you will be noticed about the event via Jabber cl.sendInitPresence() cl.send(xmpp.protocol.Message(recipient,msg)) print "Message sent!" event = "%s,%s: Message sent\n" %(count/10, msg) file.write(event) file.close() cl.disconnect() def PacketHandler(pkt) : global count global sig10 global sig100 global m10 global m100 global THR global memory if pkt.haslayer(Dot11) : if pkt.type == 0 and pkt.subtype == 8 and pkt.addr2 == transm_mac : # If there is a Beacon frame and it is from our transmitter if count % 10 != 0: # Count 10 packets and sum up signal strengh signal = int(-(256-ord(pkt.notdecoded[-4:-3]))) sig10= sig10 + signal count+=1 if count % 10 == 0: # If we collected 10 packets... if (count/10) % 100 == 0: #... or even 1000 packets... m100=sig100/1000 # calculate the average sig100 = 0 m10=sig10/10 event = "%s,%s,%s\n" %(count/10, m10, m100) # print the data print event if m10-m100 < THR and (memory+50) < (count/10) and (count/10) > 100: # If the current signal is below the average signal by THR and there was no event during the last 500 packets detected and if already 100 packets passed by then classify this as a crossing event. The last condition is to arm the sensor 100 packets after start. sendJabberMsg() # Send a notification memory = count/10 # Set the memory, so you won't get jammed with notifications. file = open(filename, "a") file.write(event) file.close() sig100+=sig10 sig10 = 0 count+=1 sniff(iface="mon1", prn = PacketHandler)

Hey guys, here are two simple bash scripts how to spoof your hostname and mac adress on a rooted android device as command in the terminal emulator. MAC-Spoofing: #!/system/bin/sh if [ "$1" = "" ]; then echo "00AABBCC22DD" > /data/misc/wifi/config_mac else echo "$1" > /data/misc/wifi/config_mac fi echo $(cat /data/misc/wifi/config_mac) exit Save this to a file called chmac and save it in your system/bin directory. Don't forget to give it chmod +X. Starting: First type "su" in your terminal editor to be sure it runs in root-mode. Then just type chmac and the new mac-adress is shown as an echo. You also can type "chmac AABBAABBCCAA" which will change the MAC to the new choosen one. Please notice that the MAC is entered without ":". In a similar way it is possible to change your hostname. Hostname-Spoofing: #!/system/bin/sh if [ "$1" = "" ]; then setprop net.hostname SamsungS3 else setprop net.hostname $1 fi getprop net.hostname exit Again save this to a file i.e. "chname" save it in the bin folder and make it executable. Run the terminal emulator and make it root. You can just type chname and the name will be set to a constant, in this case "SamsungS3". If you want to choose another name just type "chname Strawberrydreams" and your hostname will change. The new hostname is shown as an echo. Have fun!

Hey, relating on episode 1406 I have some questions about extending the idea of a portable secure linux-distro on an USB thumbdrive. In this episode it is explained how to set up an encrypted Linux OS. My idea was to extend the security with kind a dongle system. In case someone finds the encrypted USB there are still folders on it that aren't encrypted because they are used BEFORE the encryption starts (the whole boot stuff i.e.). I want to seperate that onto another Dongle-Key which is physically seperated from the actual os-USB-drive. That means that on the encrypted USB drive there is ONLY ENCRYPTED DATA and nothing else. This also will help against attacks on which the boot folder could become changed or the decryption-software is exchanged to a version including kind a keylogger or what ever. The unencrypted part of the USB drive is for sure a vulnerability. Was it possible to seperate the unencrypted stuff onto another dongle-usb-key which chainloads into the encrypted USB drive? Also the whole encryption/decryption software (including the keys which also have to be stored somewhere?!?!) should be on that dongle USB. Let's assume we are working with USB 3.0 and speed doesn't matter. How could that function? Thanks for your input, whitenoise