This post will function as a short walk through for installing and using a TPM on a BeagleBone to implement a Secured Boot (wooo...). I will use an example Secure Boot implementation called libsboot for U-Boot. Let's jump right in with a schematic for the (mostly) required additions to the BeagleBone.Read More
This is an 'easy mode' guide to the NFPC at Defcon 20. Let's begin: starting at packet 253, there is a TCP/LPD session from 10.0.1.4 to 10.0.1.3. A quick scan of the reconstructed session reveals little:
I plan to have a series of posts outlining my curiosity with embedded development and trust. Let's start with poking around where my (our) trust lies when deciding on a SoC for embedded development, using the BeagleBone [SRM] as an example. In this post we'll move trust from CircuitCO's (the Bone manufacture) included bootloaders, Angstrom Linux kernel, and Angstrom development environment to your own compiled bootloaders, kernel, and OS.
Last month we built an improved version of the DIY Fog Screen found here.
We call it "improved" since we managed to create a thinner sheet of fog, maintain the projection longer (a fog machine is bursty), and thicken the sheet. We use the same technique of creating a laminar flow. Instead of using a window fan we installed 10 120mm  computer fans with a variable speed controller  to optimize the flow, since we did not know the fog density.
Since the original article doesn't explain the steps / tools / resources required to create a DIY Fog Screen, we'd like to take the opportunity and provide a "how to". In a nut shell, the screen needs to distribute "fog machine"-fog from end-to-end, width-wise, and keep the fog flowing downward sandwiched between two flows of air.Read More
This achieves a non-jailbroken, non-rooted, poor-man's network tether. Here's the catch, Gelf needs to run on a device inside each target network. Gelf functions as the L2 tunnel end-points, and the L1 emulation: achieved through an HTTP client.
Take a look at Eindbazen's write-up on Network 100.
I wanted to do the same write-up, highlighting an alternate path. (This will be the last CODEGATE 2012 write-up of mine, since both Leetmore and Eindbazen have all the other challenges we solved well documented.)
You start with a file: A0EBE9F0416498632193F769867744A3
And a note:
Someone have leaked very important documents. We couldn't find any proof without one PCAP file. But this file was damaged.
¡Ø The password of disclosure document is very weakness and based on Time, can be found easily.
Cryptographic algorithm is below. Msg = "ThisIsNotARealEncryption!SeemToEncoding"
Key = 0x20120224 (if date format is 2012/02/24 00:01:01)
Cryto = C(M) = Msg * Key = 0xa92fd3a82cb4eb2ad323d795322c34f2d809f78
The challenge starts with a file and description:
When IU who lives in Seoul tried to do SQL Injection attack a certain WEB site, suddenly the browser was closed abnormally. What is the SQL Injection value she tried to enter and when the browser was closed? The time is based on Korea Standard Time(UTC +09:00)
Time Format is YYYY-MM-DDThh:mm:ssTZD (TZD : +hh:mm or hh:mm)
Answer : injection_value|time ('|' is just a character)
Convert ' ' to '_' for injection value.
This is a fun forensic challenge created originally for NYU's CSAW Capture the Flag Finals event. The story behind the challenge, along with additional forensic challenges were also used for ACSAC's Tracer Fire class. Now I'm hosting both the forensic image and command and control server on the net so anyone can play.
Begin here: [challenge01.c0.cx] (the challenge is over, thanks to those who played!)
Tools / Techniques / Skills involved:
- Filesystem forensic analysis
- Email forensics and cryptographic tools
- Python, small bit of source code analysis
- Filetype header analysis, image forensics
- Minor HTML/HTTP understanding
- Patience, etc...
One of these days this webserver will be torn open by some low-hanging vulnerability. Sure, but that wont be very exciting, so let's think outside of the inevitable, and into the what-if.
What-if someone did break into this poor little webserver? Regardless of how they did it, what would they do? What would they find? Step 1: Break into my box, Step 2: ..., Step 3: Profit. You'll achieve profit without any 'Step 2' by killing my ego and any minuscule reputation I have among my friends. But assuming you're not out for defamation: let's think about the 'Step 2', and some possible defensive methods to protect a box once someone has broken in.
A few months ago I took an interest in the layer 2/3 protocols (and their implementations) for mobile networks. I quickly arrived at SIM card hacking and like a young schoolboy thought, “man if only I could MitM the hardware communication I could spoof other’s SIM cards and use free Internet!” Nope. Well, not nope, but it’s not that easy.