NotPike

Anyone else try coding their own IRC bots? Here's my dirty little Python script for 'PikeBot' https://github.com/notpike/PikeBot

Would be cool to see more people share what they where working on. :/

-=UPDATE=- V0.4 has been released. https://github.com/notpike/The-Fonz TX all commands as you would with the remote Passive PIN discovery Brute Force a command, loops threw all 256 PINs for a single command. Dank ass meme's! Booze, Chicks/Dudes and more!

Hey, Do you know how to script in Python2.7? If not no worries, it's easy :D Yes! You can write a dedicated script that pulls from the RfCat liberies (The software used to control CC1111 chips) and have them run independently from the RfCat interactive environment. So here's what you'll need to do. 1.) You either need to have your script run the same directory where 'rfcat' is located or... 2.) Make a copy of the folders 'rflib' and 'vstruct' and and all their contents and put them in the same working directory of your script. 3.) Import the rflib libraries into your python script with 'from rflib import *' 4.) assign the function 'RfCat()' to 'd' 5.) set variables and make calls to each function as you would in RfCat Here's a quick and dirty example on how to use RfCat in a python script. I didn't call any of the functions in the example below but you can use this as an example on how to format your script. You can always read up on any RfCat function by typing in 'help(d)' while your in the rfcat interactive environment. #!/usr/bin/python #Lets make a python script for RfCat! #Example below deminstrates TX with ASK/OOK #Imports all the liberys from rflib into your script from rflib import * import datetime #assign the function RfCat() to 'd' d = RfCat() #Just like in the interactive environment, you can set veriables by typing in 'd.FUNCTION(VALUE)' def SetRadio(): d.setFreq(433.92e6) d.setMdmModulation(MOD_ASK_OOK) d.setMdmDRate(1766) d.setPktPQT(0) d.setMdmSyncMode(2) d.setMdmSyncWord(0xff) d.setMdmNumPreamble(0) d.makePktFLEN(16) #How to RX def RX(): while True: #or 'while not keystop()' if you want to kill the loop by hitting the enter key packet, timestamp = d.RFrecv() if VerifyPacket(packet): #sanity check, makes sure the packet is valid time = datetime.datetime.fromtimestamp(ts).strftime('%H:%M:%S') data = str(pkt.encode('hex')) print "<*> %s: RX: %s" % (time,data) #Example sanity check, if your packet dosen't start with 0x00a2888a after what you have the preamble set to #this function will return False and 'if VerifyPacket(packet):' will not execute the commands below. #It will loop back to 'while True:' and try again. def VerifyPkt(pkt): if ord(pkt[0]) != 0x00: return False if ord(pkt[1]) != 0xa2: return False if ord(pkt[2]) != 0x88: return False if ord(pkt[3]) != 0x8a: return False return True #Any data being TXed can be ASCII, decoded HEX, at least as far as I know :D #d.RFxmit(data, repeat=0, offset=0) #repeat of 65535 means 'forever' #How to TX ASCII def TxASCII(): d.RFxmit('HELLOWORLD') #How to TX decoded HEX def TxHEX(): #Hex hardcoded in, 0xff00ff is 111111110000000011111111 in binary and your ASK/OOK will look like that too! #1 is on, 0 is off d.RFxmit('\xff\x00\xff') #Hex in a veriable HexMessage = '1234ffff0000' #starts as a string d.RFxmit(HexMessage.decode('hex')) #decoded so RfCat is happy :D If you want to learn more about RfCat I would recommend watching this. Also I just finished a project using RfCat to reverse a Juke Box remote and made a small script that dose sends remote commands, passive PIN discovery, and brute forcing! https://github.com/notpike/The-Fonz Here's a video series I recommend if you are brand new to Python. The video series teaches Python3 and even thou RfCat works with Python2.7, both versions of python are not that different. If you google the differences between Python2.7 and Python3 you'll see what I mean. https://www.youtube.com/playlist?list=PLQVvvaa0QuDe8XSftW-RAxdo6OmaeL85M Let me know if you have any questions and happy hacking! :D

Cool! Yah run it in mint and learn how all the tools. SDR works better on bear metal anyway. Although if you have any trouble playing with the software both Kali and the live boot have SDR tools/drivers pre installed. You shouldn't have too much trouble getting an adapter and making your old antennas work. Might experience a little bit of signal loss (Adapters, and long cables cause signal) but they should work.

You can still do some fun stuff with that last RTL you posted. It has the same chipset as the RTL with the TCXO but the osculator isn't as nice. Personally I would get the one with the TCXO because their more forgiving to work with. You can tune it by adjusting for the frequency offset but I prefer one less thing to fight. Also if you decided to do more low power small bandwith monitoring (GPS for example) you would have a hard time with the cheaper RTL. If you're running windows I would recomend getting Virtuabox and download both Kali with the SDR meta package and GNU Radio Live. They both come with a lot of usefull tools. https://www.kali.org/news/kali-linux-metapackages/ http://gnuradio.org/redmine/projects/gnuradio/wiki/GNURadioLiveDVD Also I would recommend watching these to learn more about SDR. Alot of the examples you can do with the RTL. https://greatscottgadgets.com/sdr/

I would get the RTL you had in the link. The ebay posting didn't provide any info about what chipset, osculator tolerance, or max bandwith. Never seen that one befor either lol. If you're just starting out go with that RTL. That one in particular as a 1PPM TXCO (Temp Compensated Crystal Osculator) which means it has a tigher tuning tolerance. You can do more fun stuff like liston to Satellite communications with less of the struggle. :D Also, regions doesn't mean anything in SDR, it will work as well in China as it would in the US. SDR works with the raw frequencys amplitude as interpreted via the SDR device. Modulation (AM,FM), some tuning, filters, and or channels (if you're working with a known chanel set) are all handled in software. Basically it gives you the 3 primary colors, its up to you to make it a painting.

Thank you :3

Well, because I hang out at bars and night clubs a lot I started a project reversing a wireless jukebox remote. I learned how it transmited codes last month. Recorded all 256 difrent keys (the part in the transmission where it goes pass = 123). And last night I finished a script for the YSO that snifs out wireless keys and coralates them to their respected PIN for the remote. Works with all Gen2 and above TouchTunes Jukeboxs. https://github.com/notpike/The-Fonz

#Late20sProblems :3

V0.4 has been released! https://github.com/notpike/The-Fonz TX all commands as you would with the remote! Passive PIN discovery! Brute Force a command, loops threw all 256 PINs for a single command! Dank ass meme's! Booze, Chicks/Dudes and more! No piratical application but here's a script that uses the YSO (or any other CC1111 radio that uses RfCat) to emulate, brute force, and listen for the TouchTunes Jukebox remote transmissions. With this power you could skip songs, turn up/down the volume, or possibly add promotion credits for free songs. For research purposes only of course :D. -=Here's the quick and dirty on how I reversed this remote=- So… This project all started 2 years ago when my wife and I dropped $20 at the local gay bar to listen to some filthy Dubstep, rad ass EDM, and Beck. After inserting that Jackson, I realized my grand idea of saving money isn’t working out… (We spent $120 that night… $40 on the jukebox…) Next morning, hung over and sad, I made it my mission to figure out how to get free music out of this Jukebox. This is how I started, and here’s how I bumbled my way to to figure out an IoT Jukebox known as TouchTunes. -=Reading=- I would just say research but TBH what I did wasn’t that sexy. Armed with my skill of “Google Fu” I found various manuals about the device. I found some good information in these manuals and it gave me a few ideas on how to score free jams. http://productwarranty.touchtunes.com/download/attachments/655383/900475-001-Virtuo Installation and Setup Guide-Rev08.pdf?api=v2 http://productwarranty.touchtunes.com/download/attachments/1572899/900203-002-Dashboard User Guide-Rev00.pdf?version=1 http://www.touchtunes.com/media/marketing_resources/Remote_Control_Users_Guide_1.pdf -=I called random strangers and sat at a bar=- I made a few phone calls to random TouchTunes Techs who specialize in repairing these devices and got a lot of good info for them. I learned it was Linux box, everything is encrypted, It costs money to own the key, everything is locked down, and you need to own ~10 of them to get true admin rights. I wanted a way to experiment with a VM of the OS to figure out how it ticked. Because I don’t have $5000 laying around I’m kinda forced to black box this device. Thanks to a few local bars who had their IoT Juke box on the public WiFi, I was able to take a quick gander. Sadly the techs where right… It’s locked down... I’ll revisit this approach latter when I can save up for my own personal Jukebox lol. You can also add credits via the Internet BTW. Try to see if there’s a way to make the Jukebox believe I’m god and make it sing and dance. -=Three things I learned=- 1.) You can fill the queue with music to play with out paying for it. This was a marketing plan to make people more committed to pay for music if they made a queue first. 2.) If configured, the jukebox can be set up to receive “promotional credit”. Bar tenders and or managers can add to the balance so more music could be played. This is added by pressing the ‘P1’ button the wireless remote… 3.) There is a wireless remote! It, transmits on 433.92 MHz and it can be found for $50 on ebay! -=My plan of attack=- Add music to the queue Add promotion points Get free music! -=I spent money=- Because I’m cheap, I picked up a after market remote that works with all TouchTunes Jukebox’s Gen 2 and above. The plan was to reverse this remote with my Yard Stick One and HackRF and try to figure out how it works. The remote only has 256 PIN provabilities to keep neighboring bars from walking on each other so I could just hand jam all 256 PIN’s (000-255) to figure out which one they are using. 9 times out of 10, it was 000. So yah, nothing complex here. -=Reversing… Kinda…=- The first thing I did was find the FCC data, not a lot of useful info here but I at least figured out it existed. https://fccid.io/2AHXI-T1 I used a HackRF with the 'osmocom_fft' to monitor and record the wireless remotes transmissions. I then took a look of the raw IQ data with 'inspectrum' to see what I was dealing with. Below is what the On/Off command looks like with a 000 PIN. With this I know I'm working with ASK/OOK. The message in raw binary is... 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, In Hex it would be... FFFF00A2888A2AAAA8888AA2AA2220 I found this by right clicking and added an 'Amplitude Plot in 'inspectrum', moved the bar over the transmission, added a 'Threshold Plot', clicked 'Enable cursors' to count out how many symbols are being used (also tells you the Symbol Rate) and then right clicked to 'Extract Symbols' and the values where outputted in the terminal. -=RfCat=- At this point I switched from using an SDR to RfCat and the YSO. After figuring out the preamble was 1111111111111111 or FFFF in hex, Modulation (ASK/OOK), and symbol rate (~1766) I was able to create a script based off Michael Ossmann's work to help me record the data. https://github.com/mossmann/stealthlock/blob/master/sl.py After a lot of beer and recording every PIN possibility for the On/Off a few patterns emerged. If you want to look threw all my data you can check out the paste bin below but here's what I believe how the transmission is formated. ==Preamble== ==key== ==Mesage== ==?== ffff00a2888a2 aaaa 8888aa2aa22 20 I still no idea what the last 2 hex values are about (I noticed that their where 2 possible messages for each command depending on what PIN was. The last 2 where either 02 or 88... I couldn't figure out the pattern so I just hard coded when which command was used vs the other depending on what PIN in my final script) -=After that=- I expand the original script I used to record all the transmissions of the remote and added a passive PIN discovery feature to it. I then recorded all the message's (All the buttons) the remote would send (Both potabilities) and added the ability to determine which command was used. A week later I figured out how to TX the decoded values and I made a working TouchTunes remote for the YSO. And it's been tested. :D http://pastebin.com/Ue7UYAPg http://www.pressonproducts.com/t1-jukebox-remote-touchtunes-compatible/

Found this a few days ago and I just wanted to share it. Lately I've been listening to a lot of Gunship, Carpenter Brut, GosT, and Magic Sword. Curious to know what everyone else has been listening too. I'm open to any recommendations! :D

Cool! That was my next project. Might as well use my RTL for it's original purpose and use it to decode the signal lol.

Learn how to encrypt the root file system and unlock it with dropbear and bussybox. Something I done for one of my backup servers. https://github.com/NicoHood/NicoHood.github.io/wiki/Raspberry-Pi-Encrypt-Root-Partition-Tutorial

I like it, it's almost 4 years old now and the screen is giving out. Runs Ubuntu Linux just fine and all of it's hardware is supported.

Hay, I'm a visual learner so I prefer watching others to gain knowledge. Here's a few play lists and people that I used to learn something new. -=Pre-Corse Work For Pen Test With Hak5=- Metasploit Minute - https://goo.gl/3oUNU6 HakTip: WiFi 101 - https://goo.gl/7JSUtc Hak5: SSH Inside and Out - https://goo.gl/4BZQ2c HakTip: Linux Terminal - https://goo.gl/Ijto8q HakTip: NMap - https://goo.gl/SbY6k9 HakTip: Netcat - https://goo.gl/InTRPa HakTip: Wireshark - https://goo.gl/pgACde -=SDR=- Michael Ossman the maker of the HackRF has a intro to SDR video series. https://greatscottgadgets.com/sdr/ Cyberspectrum is a SDR meet-up group that hosts a lot of good talks about radio applications and hacking. https://www.youtube.com/user/balint256 -=Others=- LiveOverflow, Covers backwards engineering and how exploits work. https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w Another thing I would recommend is to go to Vulnhub (https://www.vulnhub.com) and start poking at the VM's. They even have howto guides if you get stuck. Grate way to see how other's go about attacking something.

Post you War Rig! Asus R700VJ-RS71 Intel Core i7-3630QM 2.4GHz 8G RAM DDR3 Nvidia Geforce GT 635M, 2G

My lab is mostly virtual but it sounds like your making something cool! I would recommend having your test network separate from everything else but I'm only saying that for everyone else.

I found an old UHF TV at the thrift store today and I thought to myself, what not a better way to learn how NTSC works! Simple stuff relay. If you want to transmit using a HackRF or BladeRF all you need to do is encode a .dat file with a Python script, run it threw GRC, and boom, Bob's your uncle! https://en.wikipedia.org/wiki/NTSC\ ttps://github.com/argilo/sdr-examples/tree/master/ntsc

I use PIA as well, lots of servers in mutable locations.

Looking slick! Now I just need to get a Portapack.

I have a HackRF, BladeRF x115, RTL-SDR, and a YSO. HacRF is a good choice if you want a flexible platform. :3

lol This reminds me of the Sims. Looks fun thou.

Ok I got it to work now. I had to do a clean install of Ubuntu because I already had GNURadio installed via apt-get and from source outside of PyBOMS. It's buggy but it is faster when you get the hang of it.

Has anyone ever got PyBOMBS to work in Ubuntu 16.04? After following the instructions from their GitHub page (https://github.com/gnuradio/pybombs/), both pip install and building from source, I'm running into the same error when trying to run gnuradio-companion. root@robot:/pybombs# pybombs run gnuradio-companion PyBOMBS - INFO - PyBOMBS Version 2.2.0 Traceback (most recent call last): File "/home/pike/prefix/bin/gnuradio-companion", line 99, in <module> run_main() File "/home/pike/prefix/bin/gnuradio-companion", line 87, in run_main from gnuradio.grc.main import main ImportError: No module named main Or... root@robot:/pybombs# source ~/prefix/setup_env.sh root@robot:/pybombs# gnuradio-companion Traceback (most recent call last): File "/home/pike/prefix/bin/gnuradio-companion", line 99, in <module> run_main() File "/home/pike/prefix/bin/gnuradio-companion", line 87, in run_main from gnuradio.grc.main import main ImportError: No module named main It's failing to import main from gnuradio.grc.main but when I dove into the gnuradio.grc python module, main didn't exist :/. Anyone else experience this before?