Saturday, March 12, 2011

My lame IR copy toy.

I got a sweet arduino for my bday and it kind of just sat around till i got a few things together to start work on my first project. Well i finally got off my ass, got all the shit i needed and got to work! I am about half way done and i thought i would share my progress so far. heres a little video of my toy in action and i go over the operation and components.



Here is a better view of how its put together:


And here is my uber 1337 code :P

#include < IRremote.h >

int IRRECV = 11;
int READYLED = 9;
int PLAYBUTTON = 5;
int IRLED = 3;
int RESETBUTTON = 7;
int PLAYLED = 2;
decode_results results;
IRrecv irrecv(IRRECV);
IRsend irsend;

void setup()
{
Serial.begin(9600);
irrecv.enableIRIn();
pinMode(READYLED, OUTPUT);
pinMode(PLAYBUTTON, INPUT);
pinMode(RESETBUTTON, INPUT);
pinMode(PLAYLED, OUTPUT);
}
int codeType = -1;
unsigned int rawCodes[RAWBUF];
int codeLen;
void rec(decode_results *results)
{
int count = results->rawlen;
codeLen = results->rawlen - 1;
for (int i = 1; i <= codeLen; i++) {
if (i % 2) {
rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK - MARK_EXCESS;
Serial.print(" m");
}
else {
rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK + MARK_EXCESS;
Serial.print(" s");
}
Serial.print(rawCodes[i - 1], DEC);
}
Serial.println("");
digitalWrite(READYLED, HIGH);
}

void play()
{
digitalWrite(PLAYLED, HIGH);
Serial.println(rawCodes[0]);
irsend.sendRaw(rawCodes, codeLen, 38);
delay(800);
digitalWrite(PLAYLED, LOW);
}

void reset()
{
int codeType = -1;
unsigned int rawCodes[RAWBUF];
int codeLen;
digitalWrite(READYLED, LOW);
setup();
}

void loop()
{
if (irrecv.decode(&results) && digitalRead(READYLED) == LOW) {
rec(&results);
irrecv.resume();
}
if (digitalRead(PLAYBUTTON) == LOW && digitalRead(READYLED) == HIGH)
{
play();
}
if (digitalRead(RESETBUTTON) == LOW)
{
reset();
}
}


Ok thats all i got, peace.

Thursday, February 3, 2011

Material related to operation Tunisia

First the why:

Yeah i hope someone finds the ppl in that van and gives them a slow death!

Anonymous care package for the poor ppl of Egypt - www.bit.ly/hsAjGq

This from - http://typewith.me/optunisia
´======================================================
( ),,( )                         irc.anonops.ru:6667 #optunisia                                        ( ),( )
( ';' )                                                                                                                            (';' )
-(. )-                                                                                                                           -('.')-
I I CENTRAL COLLECTION PAD FOR OPERATION TUNISIA RELATED MATERIAL I I
=======================================================
If you started a pad about something related to Operation Tunisia, add it to this list.
Please save with Nick!!!

Anonymous Press Declarations
[2011-01-15] Tunisia and its chance... (not completed; need rework!)
http://piratenpad.de/APR20110115

Guide to Protecting the Tunisian Revolution, Part One: Initial Security
http://typewith.me/how-to-protect-tunisian-arabic-french yo
Guide to Protecting the Tunisian Revolution, Part Two: Safety in Confrontation
http://www.dailykos.com/story/2011/1/16/936793/-Please-distribute-to-Tunisians:-Safety-in-Confrontation

Guide to Protecting the Tunisian Revolution, Part Three: Transforming National Politics (still in progress, please assist)
http://www.typewith.me/qdjqeFFu8O

Stuff about the families who're stealing Tunisia: (Arabic->English Translation needed!!)
http://piratepad.net/lMiNqsnZfi
copy at http://typewith.me/MvarLgc6u6

Manifesto from tunisian protesters:
http://typewith.me/stDHppshwJ <

Video footage of Tunisia (add your own!)
http://typewith.me/TunisiaVideoFootage

Tunisians needs FTPs for mirror - #ftp (died?)no #ftp
Info-List: http://piratenpad.de/6V13pN0sxM

Untrusted Twitter accounts spreading false news
http://piratepad.net/GGYVc6RtnA < reverted

Translation pad for Tunisia IRC project
http://typewith.me/TunisiaIRCTranslation

Tunisians, tell your stories here! (need translators)
http://piratepad.net/G9CvOF3dbg
copy at http://typewith.me/wzfsEVIx7B

Manifesto from Anon about Tunisia:
http://piratepad.net/5d891ABcBW

Video ideas and links:
http://piratepad.net/VJhU2KXfMQ

"Video site" zip and mirrors
http://pad.telecomix.org/tnvideos-mirrors

Video about a man put out of his country, and subtitle translation (need an incruster for the subtitle)
http://piratepad.net/7eT1ozHLSN
copy at http://typewith.me/7fc5aYZ2LW

Anon Video to be subtitled: http://www.youtube.com/watch?v=BFLaBRk9wY0
http://piratepad.net/XZtZlf3acf

French Pdf to be translated: Relating to the familie who Reign over Carthage.
http://i3.makcdn.com/wp-content/blogs.dir/14986/files//2009/11/la-regente-2-carthage.pdf
http://piratepad.net/VyLDOHVMyD

Diary of Tunisia:
http://typewith.me/3koSuMGO8O

Related Stuff:
Anonymous PR Pad
http://piratenpad.de/AnonymousPR

Swift Assist - helpful notes on establishing secure networks for Tunisian revolutionaries
http://typewith.me/owA6rmGfP6

What the fuck is freedom of speech, anyway? - introduction via IHRL
http://piratepad.net/whGudXWEmM

Sunday, January 30, 2011

BackupPC 3.2.0 XSS

I dont normally make posts about XSS exploits unless there is some special circumstances. I picked this one because BackupPC is a popular network backup tool that you might find in networks all over the place and because there is no built in security you normally only find it on "secure" trusted networks.

So anyway the issue is in Browse.pm. It gets a num variable passed to it via get request, then displays the unsanitary input back to the user. So heres PoCs of both the vectors i found.

PoC 1: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS] - comes back as a valid request and runs XSS

PoC 2: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS] - comes back as ERROR and runs XSS

Like most XSS holes its a easy fix, just edit line 55 in /usr/local/BackupPC/lib/BackupPC/CGI/Browse.pm to read like so:
my $num = ${EscHTML($In{num})};

or download this Browse.pm file and replace it with the one in /usr/local/BackupPC/lib/BackupPC/CGI/ on the installed server.

Ok thats it, peace.

Sunday, January 9, 2011

Poor mans IR filters for phones

At the last dc414 meeting i gave out IR filters for camera phones that i made my self. Most cameras on phones are made really cheaply and do not filter out IR, thats why camp fires and such come out looking a little purple, or pink when us take a pic using a camera phone. This happens because the sensor interprets IR to the human visual spectrum as white. To make the filters i went to walgreens, got some 35mm film, opened it up and exposed the entire role to bright light, rolled it back up into its container and asked the kind ppl at the one hour photo counter to develop my role. I also informed them that i didnt want any prints, just the negatives. Then of course i had to explain to them what it was i wanted. You can see how this might seem to be a odd request so be expecting to take a little extra time if you choose to go this route, it will take some explaining.

So why IR filters? Well taking pics with these little guys makes stuff like envelopes transparent, as well as some plastics and CLOTHES!! Making this every nerds dream! lol.

Heres a pic of the IR filters "film":


Heres a pic a took of my stove top:

Saturday, January 1, 2011

Re-DROID with stock 2.2.1

Over the holidays i dropped my phone "A Motorola DROID" in some salt filled slush in the parking lot of walmart :( It still worked kind of, buttons seemed to go crazy however. Hitting just one button did multiable things. So i took it to my local verizon store, they informed me that i would be getting a new phone in the mail in the next week or so :( Luckily for me i only had to wait four days or so, but they sent me the wrong fucking phone. Again i go back to Verizon to bitch but this time they have my phone in stock...ok. Sweet i got my new old phone.

My new old phone is nice but i found that it came with Android 2.2.1 and not 2.1 like it did before. I gave the old update.zip root i had from my old phone a try but it didn't do shit. So i took to the net to find a new setup. After a few failed attampts i found this thread about a app called SuperOneClick. I had to use cmoney's XP desktop and install .NET 3.5 form M$. That was all i need to get the SuperOneClick software to run on the desktop. To get the pc to phone data connection going at the level that the app needed i had install the Motorola Phone USB drivers. Now all i had to do was make sure USB debugging was enabled on my phone. Plug in the USB cable from the PC to my phone, hit the root button and wait for it to do its thing! Thanx to everyone involved in the SuperOneClick software, you did a awesome job!! I am now enjoying my new old rooted DROID :D There is still more work to be done on this but that will be later.