NotPike
-
Posts
101 -
Joined
-
Last visited
-
Days Won
3
Everything posted by NotPike
-
That's me cheating. I was having trouble creating two different bots on the same server using the same class so I cheated and made the another class to accomplish my goal. Something that needs to be fixed with threading :3.
-
Yup, just a simple USB power pack. I added a switch on the + lead for the USB cable so I can turn it on and off.
-
Hi, I've been crunching away at this python3 script(s) for the past month and I would like some input on how to make it better. I based this bot off of Paul Mutton's work from the book “IRC Hacks.” Threading, having less hard coded variables, self healing, and making this code less dyslexic is definitely on the to do list! Let me know what you think :3 https://github.com/notpike/PikeBot
-
You disagree with me thinking it was a letdown? Ok :3 S2 was more fun then S1 but they lost me on how they ended S2. Kinda lazy IMO. But that's just me :3.
-
Boo... 2nd season final was such a letdown! They just went full DBZ with that one. :/
-
I would but the Proxmark I have hates the Linux and only works with the windows... :/ Not a bad Idea thou.
-
Cool stuff Foxtrot! I'm trying to figure out something here. I'm trying to see if it's possible to TX a GPS-SDR-SIM bin file to spoof a GPS receiver using the Pineapple Nano. The problem I'm having is that when I TX the SD card (where the bin is located) becomes unreachable for a while and then it self correctors. Here's the HackRF log when I selected the "Repeat transmission" option. I shortened log because the, "Input file end reached. Rewind to beginning." repeated 100 or so times. call hackrf_sample_rate_set(2600000 Hz/2.600 MHz) call hackrf_baseband_filter_bandwidth_set(2500000 Hz/2.500 MHz) call hackrf_set_freq(1575420000 Hz/1575.420 MHz) Stop with Ctrl-C 5.2 MiB / 1.005 sec = 5.2 MiB/second 5.0 MiB / 1.000 sec = 5.0 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second Input file end reached. Rewind to beginning. Input file end reached. Rewind to beginning. Input file end reached. Rewind to beginning. Input file end reached. Rewind to beginning. Input file end reached. Rewind to beginning. Input file end reached. Rewind to beginning. Input file end reached. Rewind to beginning. 5.2 MiB / 1.189 sec = 4.4 MiB/second 5.2 MiB / 1.005 sec = 5.2 MiB/second 5.0 MiB / 1.003 sec = 5.0 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second 5.2 MiB / 1.000 sec = 5.2 MiB/second The bin file should last for 300s but it stops after 6s. It isn't consistent either. Some times it will TX a little longer or a little shorter then 6sec. Also when I SSH into the pineapple to take a look at /SD, I can't see whats in the directory while the HackRF is TX the bin. I think this might be a power restraint issue with the Nano but I'm open to your thoughts. Now when I try to TX with out the "Repeat Transmission" option I get this error. call hackrf_sample_rate_set(2600000 Hz/2.600 MHz) call hackrf_baseband_filter_bandwidth_set(2500000 Hz/2.500 MHz) call hackrf_set_freq(1575420000 Hz/1575.420 MHz) Stop with Ctrl-C 0.8 MiB / 1.000 sec = 0.8 MiB/second Exiting... hackrf_is_streaming() result: HACKRF_ERROR_STREAMING_EXIT_CALLED (-1004) Total time: 1.00063 s hackrf_stop_tx() done hackrf_close() done hackrf_exit() done fclose(fd) done exit
-
So... Because Foxtrot ported the HackRF library's over to the Pineapple I think we can all guess what's going to happen next .
-
Sup HackerFur! I've been to Rainfurest (when it was still alive), Vancoufur and BLFC. Bark I'm a cat.
-
Thanks! I like them. $220 USD for a solid Laptop with everything you'll ever need except a DVD drive. Even Hak5 uses these laptops for their pen test class's.
-
I love a good Nerd Convention! :3 -=Tech=- 2015 Lenovo Thinkpad, 11.6-inch, Quad-Core AMD A4-6210 1.8GHz, 8GB DDR3L, 500GB HDD. (Kali 2016 Bleeding Edge) 12in Laptop Bag (holds everything below) Ubuntu 16.04 via USB Thumb Drive Tails via SD Card 32g Thumb Drive WiFi Pineapple Nano w/ Case Lan Tap 3x Cat 6 Cables ALFA WiFi Dongle w/ Directional Antenna Panda WiFi Dongle Yard Stick One w/ 900mhz Antenna 3G Cell Network Dongle Amazon Battery USB Cables and Adapters USB Charger Paper & Pen/Highlighter -=Stuff=- Walet Keys Cell Phone Knife Pistol w/ Extra Mag Lock Pick Kit
-
Thanks! I hope to do more soon.
-
Besides reading some of No Starch Press's books on the topic I found this tutorial series very useful. Like what everyone said, having a project in mind relay helps with the learning process.
-
Nice! We should start adding modulation protocols to your list.
-
Hacknet and Undertale. I'm a sucker for quick indie games.
-
Thanks! Yah, I used 1in heat-shrink to protect the RTL-SDR's from shorting out on each other. The SDR's came with a a beefed up aluminum heat sink that was too large to fit inside the project case. I think I might switch out both the RTL-SDR's with a Yard Stick One and an extra WiFi dongle. I found that running a GUI and both SDR's kinda stretches the limits of what the RPI3 can do. -=Update=- I glued the touch screen in place to keep it from popping out and I decided not to paint it. I think It looks better with out the paint. I'm going to do some more work this weekend and finish messing with the touch screen settings.
-
Here's a quick and dirty python script I'm using with to transmit a my call sign over the Yard Stick One. I'm using MOD_ASK_OOK modulation to transmit in Morse code in binary. Kinda a redundant way to explain it being that Morse code is binary lol. Basically a dash is interpreted as 011 and a dot will be seen as 01. See the example below. K K 1 2 3 4 -.- -.- .---- ..--- ...-- ....- 01101011 01101011 01011011011011 0101011011011 010101011011 01010101011 Old school tech but it works. Here's a converter if you want to find out what your call sign is in Morse code https://cryptii.com/morsecode/binary #!/usr/bin/python2.7 from rflib import * import time print("What Freq do you want to TX on? Ex. 925.2e6") freq = input("Freq: ") print("Time inbetween transmissions in sec? Ex. 600 = 10min") sec = input("Time: ") def callsign(f,t): d = RfCat() d.setFreq(f) d.setMdmModulation(MOD_ASK_OOK) d.setMdmDRate(250) d.setMaxPower() while True: print("Transmitting callsign on "+str(f)+"Hz") d.RFxmit("01101011 01101011 01011011011011 0101011011011 010101011011 01010101011") #binary morce of KK1234 print("Hit Ctl-C to stop") for i in range(t): #Timer time.sleep(1) callsign(freq,sec)
-
Ok! So here's what I found out so far. Yate and YateBTS is a software implementation of a GSM/GPRS radio access network that has the capability to convert GSM traffic to VoIP. GSM (Global System for Mobile Communications) in short this is the technology being used to transmit and receive voice and text. GPRS (General Packet Radio Service) is a packet oriented mobile data service. This is how you get your Internet on a 2g or 3g cell network. GSM and GPRS are legacy now due to LTE (Long-Term Evelution) becoming the slandered for all cell phones. It's old tech but it's still supported by most if not all modern cell phones. One advantage to GSM is for the attacker is how you can set the base station to communicate everything in clear text. I like to think of this as being downgrade attack but TBH it was a struggle for me to make my cell authenticate with my base station. Seams like my phone preferred LTE over GSM so go figure lol. I had to configure my phone manually to make it connect. Another advantage of configuring a base station to be unencrypted is that it keeps it legal for hams to broadcast on the 900mhz HAM band :3. You just need to have another radio running on the same band as your base station's down link transmitting your call sign every 10 min in CW or RTTY. I'm using my Yard Stick One for that task. One limitation about using YateBTS is that any device that connects to the network will only exist in that network unless you configure outgoing SIP. When you connect to the base station your phone will be assigned a new phone number and will only be able to communicate with other devices on the network. Another downside about using a SIP service is that all outgoing calls will have a different phone number which makes call backs difficult. For my transceiver I'm using a BladeRF X115. I love this thing, no complaints, it's been working like a dream! You can do the same with a USRP or LimeSDR(when they come out), you just need something that's full duplex. Below is a tutorial I used to install all the software needed to run the BladeRF. https://github.com/Nuand/bladeRF/wiki/Getting-Started%3A-Linux Installing Yate and YateBTS. I used the tutorial provided by Nuand (the company who makes the BladeRF) https://github.com/Nuand/bladeRF/wiki/Setting-up-Yate-and-YateBTS-with-the-bladeRF Last but not least I used this tutorial to learn about the use and configuration of YateBTS. You have a choice in using a web UI or giving it commands threw telnet. It also explains how to route your Internet traffic threw YateBTS so your connected device will have GPRS capabilities. Kinda sad but I got more satisfaction browsing the Internet threw my own personal 3g network then seeing the web threw fiber :/. https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/ Future plans. Find a SIP service so I can make phone calls and text messages outside of the local network. Route the original phone numbers threw SIP Create personal SIM cards for my own network ????? Hack the Gibson This is barely scratching the surface of GSM poking. If you have any advice or questions about making a base station please let me know. Bonus points! Here's a paper about GSM surveillance that goes into grater detail about MSI-catcher's and using YateBTS to accomplish this. https://homepages.staff.os3.nl/~delaat/rp/2015-2016/p86/report.pdf
-
I'm going to dive down the rabbit hole and make my own personal base station using a BladeRF and YatesBTS. Has anyone else tried doing this? https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ (Not a good Tutorial) http://yatebts.com/
-
Thanks! :3 The case and almost everything else I got was from Amazon. Here is a list of the parts I used. https://www.amazon.com/gp/product/B00D5T2IHG/ref=oh_aui_detailpage_o02_s01?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B0153R2A9I/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B0129EBDS2/ref=oh_aui_detailpage_o04_s01?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B00EDIQA1S/ref=oh_aui_detailpage_o04_s01?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B01CD5VC92/ref=oh_aui_detailpage_o04_s01?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B00ZQ4JQAA/ref=oh_aui_detailpage_o01_s01?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B007POCIM2/ref=oh_aui_detailpage_o02_s01?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B00CJG2ZYM/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B01D0N79K2/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B00VAIEAUM/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1 https://www.amazon.com/gp/product/B00XJDP12W/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1
-
Also here's the screen shot of the source in question. I'm a nubit when it comes to determining wireless modulations but it looks like a from of OOK to me. Let me know if I'm wrong lol. Hard to say just from looking at a wave file. Can you upload an I/Q capture instead? I would recommend experimenting with different dip switch settings and comparing your captures against each other to see if you can find a pattern. For example take a look of what it dose with all the dip switches off vs. one of them on or all switches on. Not sure if you seen this or not (might be grate for the other guy who hasn't) but here's a video about reverse engineering transmitters. https://greatscottgadgets.com/sdr/8/ Edit. I'm thinking Pulse-Code Modulation. https://en.wikipedia.org/wiki/Pulse-code_modulation Taking a stab but it looks like 110101101110101101110101101101
-
Any time! :3
-
What's the FCC number for the remote you're trying to attack?
