«
Expand/Collapse
228 items tagged "source"
Related tags:
video [+],
web application developers [+],
penetration testers [+],
mantra [+],
owasp [+],
open source tool [+],
beta [+],
txt [+],
system [+],
ruby [+],
hacking [+],
gallery [+],
cms [+],
Hardware [+],
usa [+],
suffers [+],
security [+],
open source hardware [+],
news [+],
iscanner [+],
free open source [+],
fpga [+],
webserver [+],
webadmin [+],
trojan [+],
tool [+],
synspam [+],
source packages [+],
source ip address [+],
project [+],
open source system [+],
open source projects [+],
mybb [+],
misc [+],
milkymist [+],
mail server [+],
home [+],
cnc [+],
bugtraq [+],
Release [+],
wolfgang beck tags [+],
windows version [+],
webinterface [+],
value pairs [+],
using open source tools [+],
trojan source [+],
trojan code [+],
storage functions [+],
state [+],
sql [+],
source release [+],
source php [+],
source package [+],
source code analysis [+],
software version [+],
sip [+],
seth fogie [+],
session initiation protocol [+],
server code [+],
role based access control [+],
raspberry [+],
openpgp [+],
open source project [+],
open source initiative [+],
open source implementations [+],
open source implementation [+],
online [+],
null byte [+],
network layer protocols [+],
netsaro [+],
nat [+],
n webadmin [+],
minalic [+],
messenger server [+],
martin johns tags [+],
many false positives [+],
mail gateway [+],
logic cores [+],
logic [+],
linux components [+],
lilhttp [+],
library [+],
lattice theory [+],
kinect [+],
jdownloader [+],
inclusion [+],
hash data [+],
gpg [+],
gnu privacy guard [+],
gallery 3 [+],
ffmpeg [+],
destination buffer [+],
denial of service [+],
day [+],
control mechanisms [+],
condition [+],
cert [+],
capitalist economy [+],
business source [+],
business [+],
background context [+],
backdoor [+],
audio [+],
asp source code [+],
arduino [+],
arbitrary code execution [+],
application [+],
android [+],
alpha [+],
access road [+],
Wireless [+],
Tools [+],
vulnerability [+],
zorg [+],
xerver [+],
xbox [+],
william grant [+],
web application security assessment [+],
web application security [+],
web application [+],
vulnerabilities [+],
vmware [+],
usn [+],
udp packet [+],
udp [+],
translation [+],
titanmist [+],
symantec [+],
stm [+],
statistical machine translation [+],
source tracking system [+],
sharetronix [+],
scanner [+],
sagan [+],
ryan pentney [+],
robots [+],
remote [+],
regular expressions [+],
protocol implementation [+],
proof of concept [+],
portal source [+],
platform [+],
pjsip [+],
pid [+],
phillip torrone [+],
persian [+],
penetration [+],
patrick mullen [+],
openssl apache [+],
openldap openssl [+],
openca [+],
open source movement [+],
open source framework [+],
nginx [+],
moses [+],
microsoft [+],
mario vuksan [+],
malware [+],
machine [+],
mac os x [+],
mac os [+],
linux [+],
legato networker [+],
leaked [+],
laser [+],
kismet [+],
intrusion detection solutions [+],
informix dynamic server [+],
ids [+],
ian lesnet [+],
help [+],
hacker [+],
hackaday [+],
functional tools [+],
forensics [+],
exploits [+],
exploit [+],
edinburgh [+],
datahub [+],
cross site scripting [+],
controller [+],
community tool [+],
cogent [+],
code leak [+],
classifieds [+],
cifrex [+],
christine corbett [+],
chaos communication camp [+],
board [+],
authentication [+],
application source code [+],
analyzer [+],
HackIt [+],
Countermeasures [+],
source code [+],
hacks [+],
code [+],
chaos communication congress [+],
disclosure [+],
zeus [+],
xsser [+],
xavier carcelle [+],
with [+],
wireless mesh networking [+],
wireless keyboards [+],
wireless keyboard [+],
windows drivers [+],
windows [+],
wep wpa [+],
weekend security [+],
webapps [+],
web applications [+],
wayne [+],
w. examples [+],
voting [+],
voice commands [+],
video digitizer [+],
vhdl [+],
vertical axis [+],
vega [+],
vb 6 [+],
vacuum tweezers [+],
usb ports [+],
unusual [+],
unspoken rules [+],
unlocks [+],
true rms voltage [+],
truck [+],
trackuino [+],
tracking [+],
toolchain [+],
tom hargreaves [+],
tides of war [+],
thomas biege [+],
thieves [+],
thermostat [+],
thermocouple [+],
testing tool [+],
testing [+],
technology [+],
synthesis [+],
synth [+],
submissions [+],
stefan esser [+],
sql commands [+],
spyeye [+],
splattered [+],
spi [+],
sparkfun [+],
spam mail [+],
source vb [+],
source technology [+],
source index [+],
source codes [+],
source code viewer [+],
source code analyzer [+],
source calculator [+],
solder [+],
solar panels charge [+],
snort ids [+],
skateboard [+],
simple [+],
showcase [+],
seneca college [+],
seeed [+],
security framework [+],
security audits [+],
secret source [+],
scanning tunneling microscope [+],
router [+],
rotational [+],
rootkits [+],
robotic platform [+],
robot car [+],
robot [+],
right off the bat [+],
rich smith [+],
rgb [+],
replay attack [+],
remote control airplanes [+],
redbull [+],
recipes [+],
recent poll [+],
raw stock [+],
rave [+],
rasperry [+],
random number generator [+],
radiation detector [+],
quantum physics [+],
python objects [+],
python applications [+],
python [+],
pwdr [+],
professional source [+],
professional [+],
product [+],
problem [+],
printed circuit board manufacturers [+],
prevention tool [+],
power boxes [+],
power [+],
powder [+],
positive feedback [+],
port scanners [+],
popular [+],
plz [+],
plc [+],
playstation [+],
play station 3 [+],
play station [+],
play [+],
plasma cutter [+],
plainsight [+],
pin [+],
physics classes [+],
php [+],
phil [+],
per [+],
pcb [+],
pcanywhere [+],
patience [+],
pat on the back [+],
password [+],
pasco [+],
parallax [+],
packetfence [+],
packet reporting system [+],
package [+],
own graphics [+],
oses [+],
orsoc [+],
opera [+],
opendlp [+],
open workbench [+],
open source web [+],
open source version [+],
open source utility [+],
open source software [+],
open source security [+],
open source revolution [+],
open source product [+],
open source plc [+],
open source platform [+],
open source music [+],
open source drivers [+],
open source driver [+],
open source database [+],
open source community [+],
open hardware [+],
old school flavor [+],
null space [+],
null character [+],
norton antivirus [+],
norton [+],
nmap [+],
nikhil wagholikar [+],
new [+],
network exploration [+],
network access control [+],
network [+],
nac system [+],
musical [+],
music creation tool [+],
music [+],
multiple [+],
mult [+],
motor [+],
motive force [+],
moritz von buttlar [+],
mongoose [+],
molding [+],
mold [+],
mikey [+],
mike calvino [+],
microsoft windows systems [+],
microsoft team [+],
microsoft source code [+],
microkorg [+],
microcontrollers [+],
microchip [+],
michael [+],
meter [+],
medical [+],
matt stack [+],
manufacturing companies [+],
mandy [+],
man hours [+],
mail source [+],
lua [+],
loss [+],
logisim [+],
logic analyzers [+],
logic analyzer [+],
little bird [+],
little beauty [+],
lithium ion batteries [+],
linux machine [+],
links [+],
linear [+],
levers pulleys [+],
legal [+],
leaks [+],
laser projectors [+],
laser projection [+],
laser cutter [+],
ladyada [+],
kraken [+],
knowledge [+],
kickstarter [+],
julius [+],
johnny chung lee [+],
jay kickliter [+],
jay [+],
javier martin [+],
japan [+],
jailbreak [+],
irc bot [+],
irc [+],
internet connectivity [+],
interested parties [+],
initiative [+],
industrial settings [+],
index [+],
ian [+],
horde [+],
hope [+],
hitting [+],
hector [+],
hardware work [+],
hardware guidelines [+],
handhelds [+],
hacker web [+],
hack [+],
gypsum [+],
gsm [+],
groupware [+],
grimwepa [+],
greensql [+],
green [+],
graphics card [+],
google maps [+],
goaheaad [+],
global event [+],
gdb [+],
fun [+],
frank lynam [+],
frank [+],
foss [+],
fortify [+],
forensic security [+],
first model [+],
finger [+],
financial firms [+],
file [+],
fantastic news [+],
faifa [+],
example source [+],
event [+],
esx [+],
entropy [+],
energy [+],
emacs [+],
electronic voting machines [+],
electronic speed controllers [+],
editorial piece [+],
editorial [+],
editing [+],
ebay [+],
driver demo [+],
driver [+],
dring [+],
don [+],
discovery [+],
digital logic simulator [+],
digital [+],
devs [+],
development [+],
denver business journal [+],
denver [+],
davis [+],
dave [+],
database [+],
data loss prevention [+],
darknet [+],
cutter [+],
crimeware [+],
cracking software [+],
cookers [+],
control panel [+],
control [+],
continuous speech recognition [+],
contest [+],
config [+],
computer forensics [+],
computer [+],
compromised [+],
code authors [+],
classic [+],
circuit board manufacturers [+],
circuit [+],
christian weichel [+],
chop chop [+],
chip [+],
charger [+],
cellphones [+],
card [+],
calculator [+],
cahoots [+],
bytecode [+],
building [+],
broadcom [+],
bright images [+],
brewtarget [+],
brew [+],
boulder [+],
bldc [+],
blank slate [+],
black hat [+],
bird [+],
bill porter [+],
beer [+],
beauregard [+],
bearing system [+],
bearing [+],
beagleboard [+],
barton dring [+],
backup batteries [+],
axis cnc router [+],
automatic packet reporting system [+],
authors [+],
aurelio [+],
auditing [+],
atx power supply [+],
atx [+],
attention [+],
attack [+],
area of japan [+],
aprs [+],
appsec [+],
apple tv [+],
apache [+],
anton [+],
andiparos [+],
ambika [+],
amateur radio [+],
alum [+],
airodump [+],
ah battery [+],
africa [+],
administrative commands [+],
address space [+],
activemq [+],
achu [+],
Software [+],
Issues [+],
Hackerspaces [+],
General [+],
Discussion [+],
ARM [+],
version [+],
open [+],
web [+],
source destination [+],
open source tools [+],
open source [+],
mptcp [+],
mac [+],
ip packets [+],
destination ip address [+],
destination [+],
read [+],
tar gz [+],
tar [+],
sql injection [+]
-
-
19:32
»
Packet Storm Security Recent Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
19:32
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
19:32
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
19:32
»
Packet Storm Security Misc. Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
-
10:01
»
Hack a Day
Here’s [Mikey Sklar] posing on his new electric skateboard. Well, it’s new to him at any rate. He bought it used on eBay for $250. That may not sound like much of a deal, but these will run more like $800 retail. The savings comes because the thing would no longer charge. But it took [...]
-
-
9:42
»
Hack a Day
If you’ve been following the developments of building Android, Chromium, and other OSes for the Raspberry Pi, you’ll come across a common theme. The drivers for the Raspi’s chip are closed source and protected by Broadcom with an NDA. This limits the ability of devs to take on projects that involve messing around deep inside [...]
-
-
12:01
»
Hack a Day
Here’s a project that is striving to develop a set of open source finger prosthesis. They are aimed at patients who have partial amputations. This means that part of the digit remains and can be used as the motive force behind a well designed mechanical prosthesis like you see above. This uses levers, pulleys, and [...]
-
-
8:01
»
Hack a Day
Put that old Android phone to good use by mounting it on the wall as a smart thermostat. This open source hardware and software project lets you replace your home’s thermostat with an Android device which adds Internet connectivity and all that comes with the increase in computing power. The brunt of the hardware work [...]
-
-
21:47
»
SecDocs
Authors:
Seth Fogie Tags:
cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. To do this, I will show off a number of the OpenPGP-based projects I've been working on lately, including: subliminally leaking keys in digital signatures; vanity key generation; extending the web of trust to ssh host keys; and maybe even some attacks against the keyserver network that I'll later regret showing off code for. In years past, PGP was the de facto standard for application level encryption, specifically for applications such as email. Now, with the advancement of the open source movement, we have the open source replacement (GPG, Gnu Privacy Guard), as well as an open standard for future interoperability (the openPGP standard, aka RFC 2440). Open source code and a well documented open standard make for a much easier time to improve and develop tools that make encryption readily available to everyone, even people who are not very technical. The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. I will cover the recent work i have been doing with gpg, including: use of the subliminal channel in DSA for purposes of leaking keys, tagging, and tracking people; extension of gpg to allow for beneficial use of the subliminal channel; how writing tools to integrate encryption functionality with existing systems is easy, using the perl Crypt::OpenPGP implementation; and how i am working on implementing elliptic curve cryptography for GPG.
-
21:47
»
SecDocs
Authors:
Seth Fogie Tags:
cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. To do this, I will show off a number of the OpenPGP-based projects I've been working on lately, including: subliminally leaking keys in digital signatures; vanity key generation; extending the web of trust to ssh host keys; and maybe even some attacks against the keyserver network that I'll later regret showing off code for. In years past, PGP was the de facto standard for application level encryption, specifically for applications such as email. Now, with the advancement of the open source movement, we have the open source replacement (GPG, Gnu Privacy Guard), as well as an open standard for future interoperability (the openPGP standard, aka RFC 2440). Open source code and a well documented open standard make for a much easier time to improve and develop tools that make encryption readily available to everyone, even people who are not very technical. The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. I will cover the recent work i have been doing with gpg, including: use of the subliminal channel in DSA for purposes of leaking keys, tagging, and tracking people; extension of gpg to allow for beneficial use of the subliminal channel; how writing tools to integrate encryption functionality with existing systems is easy, using the perl Crypt::OpenPGP implementation; and how i am working on implementing elliptic curve cryptography for GPG.
-
21:47
»
SecDocs
Authors:
Seth Fogie Tags:
cryptography Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. To do this, I will show off a number of the OpenPGP-based projects I've been working on lately, including: subliminally leaking keys in digital signatures; vanity key generation; extending the web of trust to ssh host keys; and maybe even some attacks against the keyserver network that I'll later regret showing off code for. In years past, PGP was the de facto standard for application level encryption, specifically for applications such as email. Now, with the advancement of the open source movement, we have the open source replacement (GPG, Gnu Privacy Guard), as well as an open standard for future interoperability (the openPGP standard, aka RFC 2440). Open source code and a well documented open standard make for a much easier time to improve and develop tools that make encryption readily available to everyone, even people who are not very technical. The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. I will cover the recent work i have been doing with gpg, including: use of the subliminal channel in DSA for purposes of leaking keys, tagging, and tracking people; extension of gpg to allow for beneficial use of the subliminal channel; how writing tools to integrate encryption functionality with existing systems is easy, using the perl Crypt::OpenPGP implementation; and how i am working on implementing elliptic curve cryptography for GPG.
-
-
11:01
»
Hack a Day
[Pulko Mandy] got his hands on the new STM32 F3 Discovery board. He’s a fan of the open source tools just like we are, so he posted a guide covering the use of an open source toolchain with the F3 hardware. This board was just announced earlier this month but there is already support for it [...]
-
-
11:01
»
Hack a Day
[Zaion] grabbed an ATX power supply to source the 5V the Raspberry Pi needs to run. The common problem when it comes to RPi supplies is a shortfall in how much current a USB wall adapter can source. The ATX shouldn’t have this problem, but none-the-less he found that the USB ports were only reading [...]
-
10:01
»
Hack a Day
It’s been a long time coming, but efforts to create Open Source brushless motor controller are finally paying off. The Open-BLDC project aims to create an open source motor controller for the brushless motors usually found in remote control airplanes, helicopters, and quadcopters. Normally, these motor controllers – usually called electronic speed controllers – can’t supply [...]
-
-
4:09
»
SecDocs
Authors:
Martin Johns Tags:
buffer overflow Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: A talk that will present academic tools, which are designed to find or disarm security problems in C code The last years have proven that humans are notorious producers of insecure code. They also seem to have problems security bigs on their own. For this reason scientist spend a reasonable amount of time in developing ideas how to automate the process of finding those security bugs (using static analysis) or how to fix those bugs automatically (with dynamic measures which take effect on runtime). The talk will give an introduction to both approaches. The presented tools are aimed at problems that belong to the programming language C: Buffer Overflows, Format String Exploits and their friends. Static tools examine the source code before the compilation. Depending on the tool methods like functional verification, finite automatons or lattice theory are used to find security bugs. The talk will try to show, how these tools work and what their shortcomings are (e.g. to many false positives, no weighting, hard to configure,...) Dynamic tools alter the source code before or during the compilation. They try to add constructs to the control flow with additions that are supposed to prevent the exploitation of security flaws. Classic examples (Stack Guard) and modern approaches (StoBo) are presented and discussed. Only tools and methods that are applicable by the programmer are addressed. Methods of preventing exploitation by altering the underlying infrastructure (i.e. the OS) are omitted. The focus is on measures that can be employed by the actual programmer. We think it is important that the usage of these kind of tools (esp. static analysis) grows in the open source community. Commercial companies are employing static analysis on a broad basis nowadays (for example Microsoft requires their coders to use the tools PreFast and PreFix daily). Otherwise the security advantage, that open source claims to possess, may diminish.
-
3:56
»
SecDocs
Authors:
Martin Johns Tags:
buffer overflow Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: A talk that will present academic tools, which are designed to find or disarm security problems in C code The last years have proven that humans are notorious producers of insecure code. They also seem to have problems security bigs on their own. For this reason scientist spend a reasonable amount of time in developing ideas how to automate the process of finding those security bugs (using static analysis) or how to fix those bugs automatically (with dynamic measures which take effect on runtime). The talk will give an introduction to both approaches. The presented tools are aimed at problems that belong to the programming language C: Buffer Overflows, Format String Exploits and their friends. Static tools examine the source code before the compilation. Depending on the tool methods like functional verification, finite automatons or lattice theory are used to find security bugs. The talk will try to show, how these tools work and what their shortcomings are (e.g. to many false positives, no weighting, hard to configure,...) Dynamic tools alter the source code before or during the compilation. They try to add constructs to the control flow with additions that are supposed to prevent the exploitation of security flaws. Classic examples (Stack Guard) and modern approaches (StoBo) are presented and discussed. Only tools and methods that are applicable by the programmer are addressed. Methods of preventing exploitation by altering the underlying infrastructure (i.e. the OS) are omitted. The focus is on measures that can be employed by the actual programmer. We think it is important that the usage of these kind of tools (esp. static analysis) grows in the open source community. Commercial companies are employing static analysis on a broad basis nowadays (for example Microsoft requires their coders to use the tools PreFast and PreFix daily). Otherwise the security advantage, that open source claims to possess, may diminish.
-
3:54
»
SecDocs
Authors:
Martin Johns Tags:
buffer overflow Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: A talk that will present academic tools, which are designed to find or disarm security problems in C code The last years have proven that humans are notorious producers of insecure code. They also seem to have problems security bigs on their own. For this reason scientist spend a reasonable amount of time in developing ideas how to automate the process of finding those security bugs (using static analysis) or how to fix those bugs automatically (with dynamic measures which take effect on runtime). The talk will give an introduction to both approaches. The presented tools are aimed at problems that belong to the programming language C: Buffer Overflows, Format String Exploits and their friends. Static tools examine the source code before the compilation. Depending on the tool methods like functional verification, finite automatons or lattice theory are used to find security bugs. The talk will try to show, how these tools work and what their shortcomings are (e.g. to many false positives, no weighting, hard to configure,...) Dynamic tools alter the source code before or during the compilation. They try to add constructs to the control flow with additions that are supposed to prevent the exploitation of security flaws. Classic examples (Stack Guard) and modern approaches (StoBo) are presented and discussed. Only tools and methods that are applicable by the programmer are addressed. Methods of preventing exploitation by altering the underlying infrastructure (i.e. the OS) are omitted. The focus is on measures that can be employed by the actual programmer. We think it is important that the usage of these kind of tools (esp. static analysis) grows in the open source community. Commercial companies are employing static analysis on a broad basis nowadays (for example Microsoft requires their coders to use the tools PreFast and PreFix daily). Otherwise the security advantage, that open source claims to possess, may diminish.
-
-
14:04
»
Hack a Day
The Denver Business Journal has recognized Sparkfun Electronics as the 2nd fastest growing company in the Denver area (in the $17.5-$46million class). This is fantastic news, not only for Sparkfun, but for Open Source Hardware. Sparkfun is the worlds largest manufacturer of open source hardware, located right in the middle of the country, Boulder Colorado. [...]
-
4:00
»
Hack a Day
Meet pwdr, the open source 3D printer that is a complete departure from the RepRaps and Makerbots we’ve come to love. Instead of squirting plastic onto a build surface, pwdr operates just like the very, very expensive powder printers used in industrial settings. Pwdr uses gypsum, ceramics, and concrete for its raw stock and binds these [...]
-
-
14:48
»
SecDocs
Authors:
Thomas Biege Tags:
cryptography Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This paper (and slides) will descibe the inner workings of the the random number generator (/dev/{u}random) of Linux. Additionally some possible security flaws are shown (entropy overestimation, zero'izing the pool, etc.) Almost all cryptographic protocols depend on random (unpredictable) values to create keys, cookies, tokens, initialisation vectors, and so on. The Linux (as well as other Unix flavours) kernel provides a character device as a source for randomness. This device represents the essential part needed by various cryptographic protocol implementations for a secure operation (conditional security), therefore it needs special attention from security experts. This paper will give an extract of results taken from analysing the input sources used by Linux' PRNG implementation. The statistical entropy of each source and of the whole pool is calculated to get a better picture of the entropy quality during the boot--process and to spot entropy overestimation by the kernel. Observation taken by process show a repeating behaviour for different system startups. This can be used by an attacker to create profiles and to simulate a more complex system. Even observations of the events generated by the block-device show timing patterns between different boot--sequences. To dispel doubts of developers to add untrusted sources, two kinds of untrusted sources, low-quality and malicious source, were examined. It will be shown that low--quality sources are not able to reduce the entropy in the pool that already exists but can lead to an overestimation. A more dangerous situation exists with the presence of a malicious source which is theoretically able to led the mixing algorithm produce a stream of zeros. The goal of this work is not to show a practical attack against the random device but to provide more transparency and to ease further analysis.
-
-
11:44
»
SecDocs
Authors:
Christine Corbett Moran Tags:
technology Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Today two revolutions are pushing the machine translation field forward: the open source movement, and the broader application of statistical methods. This talk is at the intersection of the two: centering around the applications and contributions to be made to Moses, a state of the art open source toolkit for statistical machine translation developed by researchers from MIT, Edinburgh, Cornell, and Aachen. Today two revolutions are pushing the machine translation field forward: the open source movement, and the broader application of statistical methods. This talk is at the intersection of the two: centering around the applications and contributions to be made to Moses, a state of the art open source toolkit for statistical machine translation developed by researchers from MIT, Edinburgh, Cornell, and Aachen. In the past, those who wanted quality machine translations were forced to rely on closed source, rule based engines such a SYSTRAN. Even most of Google's translation engine uses SYSTRAN software. But Google and others are moving towards flexible, trainable systems, based on computer generated statistics rather than PhD linguist generated rules. This means a machine translation is accessible to the average user. Next time, instead of getting angry or amused by a poor translation provided by Google Translate or BabelFish, use your own copy of the open source engine and you can hack away, helping to improve translation quality for yourself and users around the globe.
-
11:40
»
SecDocs
Authors:
Christine Corbett Moran Tags:
technology Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Today two revolutions are pushing the machine translation field forward: the open source movement, and the broader application of statistical methods. This talk is at the intersection of the two: centering around the applications and contributions to be made to Moses, a state of the art open source toolkit for statistical machine translation developed by researchers from MIT, Edinburgh, Cornell, and Aachen. Today two revolutions are pushing the machine translation field forward: the open source movement, and the broader application of statistical methods. This talk is at the intersection of the two: centering around the applications and contributions to be made to Moses, a state of the art open source toolkit for statistical machine translation developed by researchers from MIT, Edinburgh, Cornell, and Aachen. In the past, those who wanted quality machine translations were forced to rely on closed source, rule based engines such a SYSTRAN. Even most of Google's translation engine uses SYSTRAN software. But Google and others are moving towards flexible, trainable systems, based on computer generated statistics rather than PhD linguist generated rules. This means a machine translation is accessible to the average user. Next time, instead of getting angry or amused by a poor translation provided by Google Translate or BabelFish, use your own copy of the open source engine and you can hack away, helping to improve translation quality for yourself and users around the globe.
-
-
6:01
»
Hack a Day
[Dave] noted that in a recent poll of FPGA developers, emacs was far and away the most popular VHDL and Verilog editor. There are a few reasons for this – namely, emacs comes with packages for editing your HDL of choice. For those of us not wanting to install (and learn) the emacs operating system, [...]
-
-
21:56
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: The Open Source initiative re-interpreted Free Software to include it into the neo-liberal ideology and the capitalist economy - whose aims are contrary to the FS starting axioms/freedoms. This platform will focus on ideological and political aspects of this. It will also suggest FS recovery strategies.
-
21:56
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: The Open Source initiative re-interpreted Free Software to include it into the neo-liberal ideology and the capitalist economy - whose aims are contrary to the FS starting axioms/freedoms. This platform will focus on ideological and political aspects of this. It will also suggest FS recovery strategies.
-
21:56
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: The Open Source initiative re-interpreted Free Software to include it into the neo-liberal ideology and the capitalist economy - whose aims are contrary to the FS starting axioms/freedoms. This platform will focus on ideological and political aspects of this. It will also suggest FS recovery strategies.
-
-
5:01
»
Hack a Day
A little bird sent in a tip about a really cool MIDI synth. It’s called the Ambika, and it seems like just the thing to introduce a synth head to the world of soldering. Compared to an entry-level synthesizer like the microKorg or its ilk, the Ambika is packed full of really cool features that [...]
-
12:01
»
Hack a Day
Parallax has done something that is unthinkable for most microcontroller manufacturing companies. They’ve decided to throw their support behind an open source toolchain based on GCC. That’s right, instead of fighting to get your code compiling on a platform whose example code uses crippleware, you can actually download, compile, and start using this toolchain without code size [...]
-
-
21:37
»
SecDocs
Authors:
Xavier Carcelle Tags:
PLC Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: PLC (PowerLineCommunications) had been widely used currently for the in-home LANs and for Internet access over PowerLineCommunications based on the market standard called HomePlug. Electricity is a great medium to transport data over existing cables in-home and outdoor but gives the network an old-school flavor of the behaviour of the hub where all stations share the medium. In this lecture, we present the freshly released FAIFA open source software that can be used to audit the security of PLC networks and script some flawnesses of the PLC devices.
-
-
21:36
»
SecDocs
Authors:
Stefan Esser Tags:
web application vulnerability PHP Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.
-
-
18:29
»
Packet Storm Security Recent Files
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
-
18:29
»
Packet Storm Security Tools
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
-
18:29
»
Packet Storm Security Misc. Files
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
-
12:00
»
Hack a Day
Even though NVidia and ATI have been open-source friendly for a while now, there still isn’t a true open-source graphics card. [Anton] and [Per] are trying to fix that by building his own graphics card around an FPGA. The project is called ORSoC, and it’s available on opencores.com. The guys are building the ORSoC graphics [...]
-
-
21:47
»
SecDocs
Authors:
Moritz von Buttlar Tags:
science Event:
Chaos Communication Camp 2011 Abstract: Opensource-solar.org is working on open hardware power supplies for off-grid applications. The systems consist of self-build solar panels, charge controllers with microcontroller, and LiFePo4 rechargeable batteries. Green energy for your gadgets ! A photovoltaic based power supply for small devices is especially useful if an electricity grid is unavailable, if cabling is inconvenient, and in emergency situations. Opensource-solar.org designs modular open hardware photovoltaic power systems which can be incorporated in other projects. The focus is on micro-energy systems with less then 16 W. Examples for usage include LED lighting systems, cell-phone charging and power for wireless networks. The goal is to make a very high quality system at a fraction of the cost of current systems. Currently it consists of a self-made solar panel build from solar cells, a MSP430 based charging and control module, and a rechargeable LiFePo4 battery. The open hardware approach allows collaborative development, support and building instructions for users worldwide. This could be especially interesting for makers in Africa and other parts of the world without grid connectivity in rural areas. Success of photovoltaic based systems is slowed down by a scarcity of skilled people and high costs. Open source hardware and internet comunities can provide essential information for self-learning the required skills to assemble, develop and install such systems.
-
-
21:34
»
SecDocs
Authors:
Sébastien Bourdeauducq Tags:
embedded microcontroller Event:
Chaos Communication Camp 2011 Abstract: Milkymist develops a comprehensive solution for the live synthesis of interactive visual effects. It features one of the first open source system-on-chip designs. This talk gives a roundup of what has happened during the last 1.5 year in this project. The Milkymist project is an informal organization of people and companies who develop, manufacture and sell a comprehensive open source hardware and software solution for the live synthesis of interactive visual effects for VJs. The project goes great lengths to apply the open source principles at every level possible, and is best known for the Milkymist system-on-chip (SoC) which is among the first commercialized system-on-chip designs with free HDL source code. As a result, several Milkymist components have been reused in applications unrelated to video synthesis. For example, NASA's Communication Navigation and Networking Reconfigurable Testbed (CoNNeCT) experiment uses the memory controller that was originally developed for the Milkymist system-on-chip and published under the GNU GPL. A lot has happened since the introduction to the project at the 26C3. We have designed and are now producing and selling our own hardware called Milkymist One. The system-on-chip design has reached a very usable state, with improved graphics acceleration capabilities, support for all the interfaces on the Milkymist One (e.g. video digitizer, USB, Ethernet, MIDI, DMX, ...) and a GDB-compatible in-system debugger. On the software side, we have ported the RTEMS real time operating system and up-leveled the Linux port. We also have developed our own end-user video synthesis application which runs on RTEMS and uses the MTK embedded GUI toolkit (based on Genode FX). Several third-party applications and many libraries were successfully run on the Milkymist SoC, such as the MuPDF document viewer and the Lua and Ruby programming languagues. The SoC software can also be run and debugged in the latest versions of the QEMU emulator. This talk presents all this, and more. Demonstrations included.
-
-
8:43
»
Packet Storm Security Recent Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals, etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the source code release.
-
-
21:45
»
SecDocs
Authors:
Wolfgang Beck Tags:
VoIP SIP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The SIP home gateway -- which combines a NAT router, a SIP proxy, and analogue phone adapters -- is the weakest link in a Voice over IP network. SIP's numerous source routing mechanisms share the well-known security weaknesses of IP source routing. The talk discusses possible exploits and countermeasures. Telephony is steadily moving to Voice over IP, opening up a world of hacking opportunities. While many security issues have long been addressed in standardization, real-world VoIP suffers from incomplete and sometimes broken implementations. SIP home gateways -- which combine a NAT router, a SIP proxy, and a phone adapter are especially at risk. The predominant VoIP protocol SIP (Session Initiation Protocol) has been designed as an -- almost -- stateless protocol. The network elements responsible for call routing only keep very little and short-lived state. This makes SIP highly scalable and substantially simplifies fail-over. To achieve this, SIP uses source routing mechanisms extensively. Due to its security weaknesses, the network layer protocols have long abandoned the idea of source routing, despite its theoretical appeal. Some IP source routing attacks and countermeasures can be applied to SIP.
-
21:45
»
SecDocs
Authors:
Wolfgang Beck Tags:
VoIP SIP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The SIP home gateway -- which combines a NAT router, a SIP proxy, and analogue phone adapters -- is the weakest link in a Voice over IP network. SIP's numerous source routing mechanisms share the well-known security weaknesses of IP source routing. The talk discusses possible exploits and countermeasures. Telephony is steadily moving to Voice over IP, opening up a world of hacking opportunities. While many security issues have long been addressed in standardization, real-world VoIP suffers from incomplete and sometimes broken implementations. SIP home gateways -- which combine a NAT router, a SIP proxy, and a phone adapter are especially at risk. The predominant VoIP protocol SIP (Session Initiation Protocol) has been designed as an -- almost -- stateless protocol. The network elements responsible for call routing only keep very little and short-lived state. This makes SIP highly scalable and substantially simplifies fail-over. To achieve this, SIP uses source routing mechanisms extensively. Due to its security weaknesses, the network layer protocols have long abandoned the idea of source routing, despite its theoretical appeal. Some IP source routing attacks and countermeasures can be applied to SIP.
-
18:37
»
Packet Storm Security Tools
cIFrex is a small script written in PHP that supports searching for bugs in the analysis of the source code. It uses a database of regular expressions.
-
18:37
»
Packet Storm Security Misc. Files
cIFrex is a small script written in PHP that supports searching for bugs in the analysis of the source code. It uses a database of regular expressions.
-
-
21:45
»
SecDocs
Authors:
Wolfgang Beck Tags:
VoIP SIP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The SIP home gateway -- which combines a NAT router, a SIP proxy, and analogue phone adapters -- is the weakest link in a Voice over IP network. SIP's numerous source routing mechanisms share the well-known security weaknesses of IP source routing. The talk discusses possible exploits and countermeasures. Telephony is steadily moving to Voice over IP, opening up a world of hacking opportunities. While many security issues have long been addressed in standardization, real-world VoIP suffers from incomplete and sometimes broken implementations. SIP home gateways -- which combine a NAT router, a SIP proxy, and a phone adapter are especially at risk. The predominant VoIP protocol SIP (Session Initiation Protocol) has been designed as an -- almost -- stateless protocol. The network elements responsible for call routing only keep very little and short-lived state. This makes SIP highly scalable and substantially simplifies fail-over. To achieve this, SIP uses source routing mechanisms extensively. Due to its security weaknesses, the network layer protocols have long abandoned the idea of source routing, despite its theoretical appeal. Some IP source routing attacks and countermeasures can be applied to SIP.
-
-
14:08
»
Hack a Day
What happens if you’re a prolific developer and decide to release all of the source code from your work? Well, you should get a huge pat on the back from all interested parties. And so we say thank you to [Hunter Davis] for releasing the source code for his 70+ Android apps. But just making [...]
-
-
6:01
»
Hack a Day
Many of the hacks featured here inspire others to build on the creator’s work, and on occasion the positive feedback brings the hack to market. Last year we told you about [Wayne’s] creation, a system aimed at tracking down would-be game console thieves. He received a bunch of requests to document the tracker in full, [...]
-
-
21:46
»
SecDocs
Tags:
cryptography Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: A non-copyright circumventing application of the HDCP master key A man-in-the-middle attack on HDCP-secured video links is demonstrated. The attack is implemented on an embedded Linux platform, with the help of a Spartan-6 FPGA, and is capable of operating real-time on HD video links. It utilizes the HDCP master key to derive the corresponding private keys of the video source and sink through observation and computation upon the exchanged public keys. The man-in-the-middle then genlocks its raster and cipher state to the incoming video stream, enabling it to do pixel by pixel swapping of encrypted data. Since the link does no CRC or hash verification of the data, one is able to forge video using this method. Significantly, the attack enables forging of video data without decrypting original video data, so executing the attack does not constitute copyright circumvention. Therefore, this novel and commercially useful application of the HDCP master key impairs equating, in a legal sense, the master key with circumvention. Finally, the embodiment of the exploit is entirely open-source, including the hardware and the Verilog implementation of the FPGA. BACKGROUND & CONTEXT In September 2010, the HDCP master key was circulated via Pastebin. Speculation ensued around the application of the master key to create HDCP strippers, which would enable the circumvention of certain copyright control mechanisms put in place around video links. Unfortunately, this is a legally risky application, for a number of reasons, including potential conflicts with DMCA legislation that criminalizes the circumvention of copyright control mechanisms. This talk discloses a new use for the HDCP master key that side-steps some of the potential legal issues. This hack never decrypts video; without decryption, there is no circumvention, and as a result the DMCA cannot apply to this hack. Significantly, by demonstrating a bona-fide commercially significant purpose for the HDCP master key that does not circumvent an access control measure, this hack impairs the equating of trafficking or possession of the HDCP master key to circumvention and/or circumvention-related crimes. The main purpose of this hack is to enable the overlay of video content onto an HDCP encrypted stream. The simple fact that a trivial video overlay becomes an interesting topic is illustrative of the distortion of traditional rights and freedoms brought about by the DMCA. While the creation of derivative works of video through dynamic compositing and overlay (such as picture in picture) seems intuitively legal and natural in a pre-HDCP world, the introduction of HDCP made it difficult to build such in-line equipment. The putative purpose role of HDCP in the digital video ecosystem is to patch the plaintext-hole in the transmission of otherwise encrypted video from shiny disks (DVDs, BDs) to the glass (LCD, CRT). Since the implementation of video overlay would typically require manipulation of plaintext by intermediate processing elements, or at least the buffering of a plaintext frame where it can be vulnerable to readout, the creation of such devices has generally been very difficult to get past the body that controls the granting of HDCP keys, for fear that they can be hacked and/or repurposed to build an HDCP stripper. Also, while a manufacturer could implement such a feature without the controlling body's blessing, they would have to live in constant fear that their device keys would be revoked. While the applications of video overlay are numerous, the basic scenario is that while you may be enjoying content X, you would also like to be aware of content Y. To combine the two together would require a video overlay mechanism. Since video overlay mechanisms are effectively banned by the HDCP controlling organization, consumers are slaves to the video producers and distribution networks, because consumers have not been empowered to remix video at the consumption point. The specific implementation of this hack enables the overlay of a WebKit browser over any video feed; a concrete example of the capability enabled by this technology is the overlay of twitter feeds as "news crawlers" across a TV program, so that one may watch community commentary in real-time on the same screen. While some TV programs have attempted to incorporate twitter feeds into the show, the incorporation has always been on the source side, and as such users are unable to pick their hashtags. Now, with this hack, the same broadcast program (say, a political debate) can have a very different viewing experience based on which hashtag is keyed into the viewer's twitter crawler. TECHNICAL IMPLEMENTATION A Spartan-6 FPGA was used to implement a TMDS-compatible source and sink. TMDS is the signaling standard used by HDMI and DVI. The basic pipeline within the FPGA deserializes incoming video and reserializes it to the output. In this trivial mode, it is simply a signal amplifier for the video. In order to enable the overlay of a WebKit browser, an 800 MHz ARM-based Linux computer is connected to the FPGA. The Linux computer is based upon the PXA168 by Marvell, and it features 128 MB of DDR2 and a microSD card for firmware. The distribution is based upon Angstrom and it is built using OpenEmbedded with the help of buildbot. The entire build system for the Linux computer is available through a public EC2 cloud image that anyone can copy and rent from Amazon. From the Linux computer's standpoint, the FPGA emulates a parallel RGB LCD, and thus from the programming standpoint looks simply like a framebuffer at /dev/fb0. There is also a device management interface revealed through I2C that is managed using the standard Linux I2C driver. The I2C management interface handles routine status requests, such as reading the video timing and PLL state, and also handles reading out sections of snooping buffers, the significance of which will be discussed later. The FPGA also has a chroma-key feature where a magic color (240,0,240) is remapped to "transparent". The FPGA itself is bootstrapped through a programming interface where the device’s compiled bitstream is sent to the FPGA by writing to /dev/fpga. There are also IOCTLs available on /dev/fpga that enable other meta-level functions such as resetting the FPGA or querying its configuration state. In addition to passing through the TMDS signal, the FPGA also has the ability to listen to and manipulate the DDC. The DDC is an I2C link found on HDMI cables that enables the reporting of monitor capability records (EDIDs) and also is the medium upon which the key exchange happens. Therefore, being able to listen to this passively is of great importance to the hack. The FPGA implements a "shadow-RAM" which records all reads and writes to specific addresses that fall within the expected address ranges for EDID and HDCP transactions. The FPGA also implements a "squash-RAM" which is used to override bits on the I2C bus. Since I2C is an open collector standard, overriding a 1 to a 0 is trivial; but, overriding a 0 to a 1 requires an active pull-up. The hardware implements a beefy FET on the DDC to enable overriding 0's to 1's. The DDC implementation uses a highly oversampled I2C state machine. I2C itself only runs at 100 kHz, but the state machine implementation runs at 26 MHz. This allows the state machine to determine the next state of the I2C bus and decide to override or allow the transaction on-the-fly. The "squash-RAM" feature is used to override the EDID negotiation such that the video source is only informed of modes that the FPGA implementation can handle. For example, this implementation cannot handle 3D TV resolutions, so the reporting of such capabilities from the TV is squashed before it can get to the video source. This causes the source to automatically limit its content to be within the hardware capabilities of the FPGA, and to be within the resolutions that are supported by the WebKit UI. The key exchange on HDCP consists of three pieces of data being passed back and forth: the source public key (Aksv), the sink public key (Bksv), and a piece of shared state (An). The order in which these are written is well-defined. The completion of the transfer of the final byte of Aksv serves as a trigger to initialize the cipher states of the source and the sink. During this time period, each device computes the dot-product of the other device's KSV with their internal private key (which is a table of forty 56-bit numbers) and derives a shared secret, known as Km. This is basically an implementation of Blom's Scheme. In order to implement the man-in-the-middle attack, the three pieces of data are recorded, and the authentication trigger is passed from the FPGA to the Linux computer through an udev event. udev triggers a program that reads the KSVs from the snoop memory, and performs a computation upon the HDCP master key and the KSVs to derive the private keys that mirrors those found in each of the source and sink devices. In a nutshell, the computation loops through the 40x40 matrix of the HDCP master key, and based upon the KSV having a 1 at a particular bit position it sums in the corresponding 40-entry row or column of the master key to the 40-entry private key vector. The use of a row or columns depends upon if the KSV belongs to a source or a sink. Once the private keys vectors have been derived, they can be multiplied in exactly the same fashion as would be found in the source or sink to derive the shared secret, Km. This shared secret, Km, is then written into the FPGA's HDCP engine, and the cipher state is ready to go. In practice, the entire computation can happen in real-time, but some devices go faster or slower than others, so it is hard to guarantee it always completes in time, particularly with the variable interrupt latency of the udev handler. As a result, the actual link negotiation caches the value of Km from previous authentications, and the udev event primarily verifies that Km hasn't changed (note that for each given source and sink pair, Km is static and never changes, so unless users are pulling cables out and swapping them between devices, Km is essentially static). If the Km has changed, it updates the Km in the FPGA and forces a 150ms hot plug event, which re-initiates the authentication, thereby making the transaction fairly reliable yet effectively real-time. Significantly, this system as implemented is incapable of operating without having the public keys provided by both the source and the sink. This means that it cannot "create" an HDCP link: this implementation is not an operational HDCP engine on its own. Rather, it requires the user of this overlay hack to "prove" it has previously purchased a full HDCP link through evidence of valid public keys. This “proof of purchase” exhausts the proprietary rights to the link associated with first sale doctrine. Once the FPGA's HDCP cipher state is matched to the video source's cipher state, one can now selectively encrypt different pixels to replace original pixels, and the receiver will decrypt all without any error condition. This is because encryption is done on a pixel by pixel basis and the receiver does little in the way of verification. The lack of link verification is in fact quite intentional and necessary. The natural bit error rate of HD video links is atrocious; but this is acceptable, because the human eye probably won't detect bit errors even on the level of 1 in every 10,000 bits (at high error rates, users see a “sparkle” or “snow” on the screen, but largely the image is intact). Therefore, this latitude in allowing pixel-level corruption is necessary to keep consumer costs low; otherwise, much higher quality cables would be required along with FEC techniques to achieve a bit error rate that is compatible with strict cryptographic verification techniques such as full-frame hashing. The selection of which pixel to swap is done by observing the color of the overlay's video. The overlay video is not encrypted and is generated by the user, so there is no legal violation to look at the color of the overlay video. Note that other pixel-combining methods, such as alpha blending, would necessitate the decryption of video. If the overlay video matches a certain chroma key color, the incoming video is selected; otherwise, the overlay video is selected. This allows for the creation of transparent "holes" in the UI. Since the UI is rendered by a WebKit browser, chroma-key is implemented by simply setting the background color in the CSS of the UI pages to magic-pink. This makes the default state of a web page transparent, with all items rendered on top of it opaque. Note that pixel-by-pixel manipulation of the incoming video feed is done without any real buffering of the video. A TMDS pixel "lives" inside the FPGA for less than a couple dozen clock cycles: the lifetime of a pixel is simply the latency of the pipelines and the elastic buffers required to deskew wire length differences between differential pairs. This means that the overlay video from the Linux computer must be strictly available at exactly the right time, or else the user will see the overlay jitter and shake. In order to avoid such artifacts, the time resolution requirement of the pixel synchronization is stricter than the width of a pixclock period, which can be as short as dozen nanoseconds. In order to accomplish this fine-grain synchronization, a genlock mechanism was implemented where vertical retrace signals (which are unencrypted) trigger an interrupt that initiates the readout of /dev/fb0 to the FPGA. However, the interrupt jitter of a non-realtime Linux is much larger than a single pixel time, so in order to absorb this uncertainty, a dynamic genlock engine was implemented in the FPGA. An 8-line overlay video FIFO is used to provide the timing elasticity between the Linux computer and the primary video feed; and the vertical sync interrupt-to-pixel-out latency of the Linux computer is dynamically measured by the FPGA and pre-compensated. In effect, the FPGA measures how slow the Linux box's reflexes are, and requests for the frame to start coming in advance of when the data is needed. These measures, along with a few lines of FIFO, ensure pixel availability at the precise time when the pixel is needed. SUMMARY A system has been described that enables a man-in-the-middle attack upon HDCP secured links. The attack enables the overlay of video upon existing streams; an example of an application of the attack is the overlay of a personalized twitter feed over video programs. The attack relies upon the HDCP master key and a snooping mechanism implemented using an FPGA. The implementation of the attack never decrypts previously encrypted video, and it is incapable of operating without an existing, valid HDCP link. It is thus an embodiment of a bona-fide, non-infringing and commercially useful application of the HDCP master key. This embodiment impairs the equating of the HDCP master key with copyright circumvention purposes.
-
21:46
»
SecDocs
Tags:
cryptography Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: A non-copyright circumventing application of the HDCP master key A man-in-the-middle attack on HDCP-secured video links is demonstrated. The attack is implemented on an embedded Linux platform, with the help of a Spartan-6 FPGA, and is capable of operating real-time on HD video links. It utilizes the HDCP master key to derive the corresponding private keys of the video source and sink through observation and computation upon the exchanged public keys. The man-in-the-middle then genlocks its raster and cipher state to the incoming video stream, enabling it to do pixel by pixel swapping of encrypted data. Since the link does no CRC or hash verification of the data, one is able to forge video using this method. Significantly, the attack enables forging of video data without decrypting original video data, so executing the attack does not constitute copyright circumvention. Therefore, this novel and commercially useful application of the HDCP master key impairs equating, in a legal sense, the master key with circumvention. Finally, the embodiment of the exploit is entirely open-source, including the hardware and the Verilog implementation of the FPGA. BACKGROUND & CONTEXT In September 2010, the HDCP master key was circulated via Pastebin. Speculation ensued around the application of the master key to create HDCP strippers, which would enable the circumvention of certain copyright control mechanisms put in place around video links. Unfortunately, this is a legally risky application, for a number of reasons, including potential conflicts with DMCA legislation that criminalizes the circumvention of copyright control mechanisms. This talk discloses a new use for the HDCP master key that side-steps some of the potential legal issues. This hack never decrypts video; without decryption, there is no circumvention, and as a result the DMCA cannot apply to this hack. Significantly, by demonstrating a bona-fide commercially significant purpose for the HDCP master key that does not circumvent an access control measure, this hack impairs the equating of trafficking or possession of the HDCP master key to circumvention and/or circumvention-related crimes. The main purpose of this hack is to enable the overlay of video content onto an HDCP encrypted stream. The simple fact that a trivial video overlay becomes an interesting topic is illustrative of the distortion of traditional rights and freedoms brought about by the DMCA. While the creation of derivative works of video through dynamic compositing and overlay (such as picture in picture) seems intuitively legal and natural in a pre-HDCP world, the introduction of HDCP made it difficult to build such in-line equipment. The putative purpose role of HDCP in the digital video ecosystem is to patch the plaintext-hole in the transmission of otherwise encrypted video from shiny disks (DVDs, BDs) to the glass (LCD, CRT). Since the implementation of video overlay would typically require manipulation of plaintext by intermediate processing elements, or at least the buffering of a plaintext frame where it can be vulnerable to readout, the creation of such devices has generally been very difficult to get past the body that controls the granting of HDCP keys, for fear that they can be hacked and/or repurposed to build an HDCP stripper. Also, while a manufacturer could implement such a feature without the controlling body's blessing, they would have to live in constant fear that their device keys would be revoked. While the applications of video overlay are numerous, the basic scenario is that while you may be enjoying content X, you would also like to be aware of content Y. To combine the two together would require a video overlay mechanism. Since video overlay mechanisms are effectively banned by the HDCP controlling organization, consumers are slaves to the video producers and distribution networks, because consumers have not been empowered to remix video at the consumption point. The specific implementation of this hack enables the overlay of a WebKit browser over any video feed; a concrete example of the capability enabled by this technology is the overlay of twitter feeds as "news crawlers" across a TV program, so that one may watch community commentary in real-time on the same screen. While some TV programs have attempted to incorporate twitter feeds into the show, the incorporation has always been on the source side, and as such users are unable to pick their hashtags. Now, with this hack, the same broadcast program (say, a political debate) can have a very different viewing experience based on which hashtag is keyed into the viewer's twitter crawler. TECHNICAL IMPLEMENTATION A Spartan-6 FPGA was used to implement a TMDS-compatible source and sink. TMDS is the signaling standard used by HDMI and DVI. The basic pipeline within the FPGA deserializes incoming video and reserializes it to the output. In this trivial mode, it is simply a signal amplifier for the video. In order to enable the overlay of a WebKit browser, an 800 MHz ARM-based Linux computer is connected to the FPGA. The Linux computer is based upon the PXA168 by Marvell, and it features 128 MB of DDR2 and a microSD card for firmware. The distribution is based upon Angstrom and it is built using OpenEmbedded with the help of buildbot. The entire build system for the Linux computer is available through a public EC2 cloud image that anyone can copy and rent from Amazon. From the Linux computer's standpoint, the FPGA emulates a parallel RGB LCD, and thus from the programming standpoint looks simply like a framebuffer at /dev/fb0. There is also a device management interface revealed through I2C that is managed using the standard Linux I2C driver. The I2C management interface handles routine status requests, such as reading the video timing and PLL state, and also handles reading out sections of snooping buffers, the significance of which will be discussed later. The FPGA also has a chroma-key feature where a magic color (240,0,240) is remapped to "transparent". The FPGA itself is bootstrapped through a programming interface where the device’s compiled bitstream is sent to the FPGA by writing to /dev/fpga. There are also IOCTLs available on /dev/fpga that enable other meta-level functions such as resetting the FPGA or querying its configuration state. In addition to passing through the TMDS signal, the FPGA also has the ability to listen to and manipulate the DDC. The DDC is an I2C link found on HDMI cables that enables the reporting of monitor capability records (EDIDs) and also is the medium upon which the key exchange happens. Therefore, being able to listen to this passively is of great importance to the hack. The FPGA implements a "shadow-RAM" which records all reads and writes to specific addresses that fall within the expected address ranges for EDID and HDCP transactions. The FPGA also implements a "squash-RAM" which is used to override bits on the I2C bus. Since I2C is an open collector standard, overriding a 1 to a 0 is trivial; but, overriding a 0 to a 1 requires an active pull-up. The hardware implements a beefy FET on the DDC to enable overriding 0's to 1's. The DDC implementation uses a highly oversampled I2C state machine. I2C itself only runs at 100 kHz, but the state machine implementation runs at 26 MHz. This allows the state machine to determine the next state of the I2C bus and decide to override or allow the transaction on-the-fly. The "squash-RAM" feature is used to override the EDID negotiation such that the video source is only informed of modes that the FPGA implementation can handle. For example, this implementation cannot handle 3D TV resolutions, so the reporting of such capabilities from the TV is squashed before it can get to the video source. This causes the source to automatically limit its content to be within the hardware capabilities of the FPGA, and to be within the resolutions that are supported by the WebKit UI. The key exchange on HDCP consists of three pieces of data being passed back and forth: the source public key (Aksv), the sink public key (Bksv), and a piece of shared state (An). The order in which these are written is well-defined. The completion of the transfer of the final byte of Aksv serves as a trigger to initialize the cipher states of the source and the sink. During this time period, each device computes the dot-product of the other device's KSV with their internal private key (which is a table of forty 56-bit numbers) and derives a shared secret, known as Km. This is basically an implementation of Blom's Scheme. In order to implement the man-in-the-middle attack, the three pieces of data are recorded, and the authentication trigger is passed from the FPGA to the Linux computer through an udev event. udev triggers a program that reads the KSVs from the snoop memory, and performs a computation upon the HDCP master key and the KSVs to derive the private keys that mirrors those found in each of the source and sink devices. In a nutshell, the computation loops through the 40x40 matrix of the HDCP master key, and based upon the KSV having a 1 at a particular bit position it sums in the corresponding 40-entry row or column of the master key to the 40-entry private key vector. The use of a row or columns depends upon if the KSV belongs to a source or a sink. Once the private keys vectors have been derived, they can be multiplied in exactly the same fashion as would be found in the source or sink to derive the shared secret, Km. This shared secret, Km, is then written into the FPGA's HDCP engine, and the cipher state is ready to go. In practice, the entire computation can happen in real-time, but some devices go faster or slower than others, so it is hard to guarantee it always completes in time, particularly with the variable interrupt latency of the udev handler. As a result, the actual link negotiation caches the value of Km from previous authentications, and the udev event primarily verifies that Km hasn't changed (note that for each given source and sink pair, Km is static and never changes, so unless users are pulling cables out and swapping them between devices, Km is essentially static). If the Km has changed, it updates the Km in the FPGA and forces a 150ms hot plug event, which re-initiates the authentication, thereby making the transaction fairly reliable yet effectively real-time. Significantly, this system as implemented is incapable of operating without having the public keys provided by both the source and the sink. This means that it cannot "create" an HDCP link: this implementation is not an operational HDCP engine on its own. Rather, it requires the user of this overlay hack to "prove" it has previously purchased a full HDCP link through evidence of valid public keys. This “proof of purchase” exhausts the proprietary rights to the link associated with first sale doctrine. Once the FPGA's HDCP cipher state is matched to the video source's cipher state, one can now selectively encrypt different pixels to replace original pixels, and the receiver will decrypt all without any error condition. This is because encryption is done on a pixel by pixel basis and the receiver does little in the way of verification. The lack of link verification is in fact quite intentional and necessary. The natural bit error rate of HD video links is atrocious; but this is acceptable, because the human eye probably won't detect bit errors even on the level of 1 in every 10,000 bits (at high error rates, users see a “sparkle” or “snow” on the screen, but largely the image is intact). Therefore, this latitude in allowing pixel-level corruption is necessary to keep consumer costs low; otherwise, much higher quality cables would be required along with FEC techniques to achieve a bit error rate that is compatible with strict cryptographic verification techniques such as full-frame hashing. The selection of which pixel to swap is done by observing the color of the overlay's video. The overlay video is not encrypted and is generated by the user, so there is no legal violation to look at the color of the overlay video. Note that other pixel-combining methods, such as alpha blending, would necessitate the decryption of video. If the overlay video matches a certain chroma key color, the incoming video is selected; otherwise, the overlay video is selected. This allows for the creation of transparent "holes" in the UI. Since the UI is rendered by a WebKit browser, chroma-key is implemented by simply setting the background color in the CSS of the UI pages to magic-pink. This makes the default state of a web page transparent, with all items rendered on top of it opaque. Note that pixel-by-pixel manipulation of the incoming video feed is done without any real buffering of the video. A TMDS pixel "lives" inside the FPGA for less than a couple dozen clock cycles: the lifetime of a pixel is simply the latency of the pipelines and the elastic buffers required to deskew wire length differences between differential pairs. This means that the overlay video from the Linux computer must be strictly available at exactly the right time, or else the user will see the overlay jitter and shake. In order to avoid such artifacts, the time resolution requirement of the pixel synchronization is stricter than the width of a pixclock period, which can be as short as dozen nanoseconds. In order to accomplish this fine-grain synchronization, a genlock mechanism was implemented where vertical retrace signals (which are unencrypted) trigger an interrupt that initiates the readout of /dev/fb0 to the FPGA. However, the interrupt jitter of a non-realtime Linux is much larger than a single pixel time, so in order to absorb this uncertainty, a dynamic genlock engine was implemented in the FPGA. An 8-line overlay video FIFO is used to provide the timing elasticity between the Linux computer and the primary video feed; and the vertical sync interrupt-to-pixel-out latency of the Linux computer is dynamically measured by the FPGA and pre-compensated. In effect, the FPGA measures how slow the Linux box's reflexes are, and requests for the frame to start coming in advance of when the data is needed. These measures, along with a few lines of FIFO, ensure pixel availability at the precise time when the pixel is needed. SUMMARY A system has been described that enables a man-in-the-middle attack upon HDCP secured links. The attack enables the overlay of video upon existing streams; an example of an application of the attack is the overlay of a personalized twitter feed over video programs. The attack relies upon the HDCP master key and a snooping mechanism implemented using an FPGA. The implementation of the attack never decrypts previously encrypted video, and it is incapable of operating without an existing, valid HDCP link. It is thus an embodiment of a bona-fide, non-infringing and commercially useful application of the HDCP master key. This embodiment impairs the equating of the HDCP master key with copyright circumvention purposes.
-
21:46
»
SecDocs
Tags:
cryptography Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: A non-copyright circumventing application of the HDCP master key A man-in-the-middle attack on HDCP-secured video links is demonstrated. The attack is implemented on an embedded Linux platform, with the help of a Spartan-6 FPGA, and is capable of operating real-time on HD video links. It utilizes the HDCP master key to derive the corresponding private keys of the video source and sink through observation and computation upon the exchanged public keys. The man-in-the-middle then genlocks its raster and cipher state to the incoming video stream, enabling it to do pixel by pixel swapping of encrypted data. Since the link does no CRC or hash verification of the data, one is able to forge video using this method. Significantly, the attack enables forging of video data without decrypting original video data, so executing the attack does not constitute copyright circumvention. Therefore, this novel and commercially useful application of the HDCP master key impairs equating, in a legal sense, the master key with circumvention. Finally, the embodiment of the exploit is entirely open-source, including the hardware and the Verilog implementation of the FPGA. BACKGROUND & CONTEXT In September 2010, the HDCP master key was circulated via Pastebin. Speculation ensued around the application of the master key to create HDCP strippers, which would enable the circumvention of certain copyright control mechanisms put in place around video links. Unfortunately, this is a legally risky application, for a number of reasons, including potential conflicts with DMCA legislation that criminalizes the circumvention of copyright control mechanisms. This talk discloses a new use for the HDCP master key that side-steps some of the potential legal issues. This hack never decrypts video; without decryption, there is no circumvention, and as a result the DMCA cannot apply to this hack. Significantly, by demonstrating a bona-fide commercially significant purpose for the HDCP master key that does not circumvent an access control measure, this hack impairs the equating of trafficking or possession of the HDCP master key to circumvention and/or circumvention-related crimes. The main purpose of this hack is to enable the overlay of video content onto an HDCP encrypted stream. The simple fact that a trivial video overlay becomes an interesting topic is illustrative of the distortion of traditional rights and freedoms brought about by the DMCA. While the creation of derivative works of video through dynamic compositing and overlay (such as picture in picture) seems intuitively legal and natural in a pre-HDCP world, the introduction of HDCP made it difficult to build such in-line equipment. The putative purpose role of HDCP in the digital video ecosystem is to patch the plaintext-hole in the transmission of otherwise encrypted video from shiny disks (DVDs, BDs) to the glass (LCD, CRT). Since the implementation of video overlay would typically require manipulation of plaintext by intermediate processing elements, or at least the buffering of a plaintext frame where it can be vulnerable to readout, the creation of such devices has generally been very difficult to get past the body that controls the granting of HDCP keys, for fear that they can be hacked and/or repurposed to build an HDCP stripper. Also, while a manufacturer could implement such a feature without the controlling body's blessing, they would have to live in constant fear that their device keys would be revoked. While the applications of video overlay are numerous, the basic scenario is that while you may be enjoying content X, you would also like to be aware of content Y. To combine the two together would require a video overlay mechanism. Since video overlay mechanisms are effectively banned by the HDCP controlling organization, consumers are slaves to the video producers and distribution networks, because consumers have not been empowered to remix video at the consumption point. The specific implementation of this hack enables the overlay of a WebKit browser over any video feed; a concrete example of the capability enabled by this technology is the overlay of twitter feeds as "news crawlers" across a TV program, so that one may watch community commentary in real-time on the same screen. While some TV programs have attempted to incorporate twitter feeds into the show, the incorporation has always been on the source side, and as such users are unable to pick their hashtags. Now, with this hack, the same broadcast program (say, a political debate) can have a very different viewing experience based on which hashtag is keyed into the viewer's twitter crawler. TECHNICAL IMPLEMENTATION A Spartan-6 FPGA was used to implement a TMDS-compatible source and sink. TMDS is the signaling standard used by HDMI and DVI. The basic pipeline within the FPGA deserializes incoming video and reserializes it to the output. In this trivial mode, it is simply a signal amplifier for the video. In order to enable the overlay of a WebKit browser, an 800 MHz ARM-based Linux computer is connected to the FPGA. The Linux computer is based upon the PXA168 by Marvell, and it features 128 MB of DDR2 and a microSD card for firmware. The distribution is based upon Angstrom and it is built using OpenEmbedded with the help of buildbot. The entire build system for the Linux computer is available through a public EC2 cloud image that anyone can copy and rent from Amazon. From the Linux computer's standpoint, the FPGA emulates a parallel RGB LCD, and thus from the programming standpoint looks simply like a framebuffer at /dev/fb0. There is also a device management interface revealed through I2C that is managed using the standard Linux I2C driver. The I2C management interface handles routine status requests, such as reading the video timing and PLL state, and also handles reading out sections of snooping buffers, the significance of which will be discussed later. The FPGA also has a chroma-key feature where a magic color (240,0,240) is remapped to "transparent". The FPGA itself is bootstrapped through a programming interface where the device’s compiled bitstream is sent to the FPGA by writing to /dev/fpga. There are also IOCTLs available on /dev/fpga that enable other meta-level functions such as resetting the FPGA or querying its configuration state. In addition to passing through the TMDS signal, the FPGA also has the ability to listen to and manipulate the DDC. The DDC is an I2C link found on HDMI cables that enables the reporting of monitor capability records (EDIDs) and also is the medium upon which the key exchange happens. Therefore, being able to listen to this passively is of great importance to the hack. The FPGA implements a "shadow-RAM" which records all reads and writes to specific addresses that fall within the expected address ranges for EDID and HDCP transactions. The FPGA also implements a "squash-RAM" which is used to override bits on the I2C bus. Since I2C is an open collector standard, overriding a 1 to a 0 is trivial; but, overriding a 0 to a 1 requires an active pull-up. The hardware implements a beefy FET on the DDC to enable overriding 0's to 1's. The DDC implementation uses a highly oversampled I2C state machine. I2C itself only runs at 100 kHz, but the state machine implementation runs at 26 MHz. This allows the state machine to determine the next state of the I2C bus and decide to override or allow the transaction on-the-fly. The "squash-RAM" feature is used to override the EDID negotiation such that the video source is only informed of modes that the FPGA implementation can handle. For example, this implementation cannot handle 3D TV resolutions, so the reporting of such capabilities from the TV is squashed before it can get to the video source. This causes the source to automatically limit its content to be within the hardware capabilities of the FPGA, and to be within the resolutions that are supported by the WebKit UI. The key exchange on HDCP consists of three pieces of data being passed back and forth: the source public key (Aksv), the sink public key (Bksv), and a piece of shared state (An). The order in which these are written is well-defined. The completion of the transfer of the final byte of Aksv serves as a trigger to initialize the cipher states of the source and the sink. During this time period, each device computes the dot-product of the other device's KSV with their internal private key (which is a table of forty 56-bit numbers) and derives a shared secret, known as Km. This is basically an implementation of Blom's Scheme. In order to implement the man-in-the-middle attack, the three pieces of data are recorded, and the authentication trigger is passed from the FPGA to the Linux computer through an udev event. udev triggers a program that reads the KSVs from the snoop memory, and performs a computation upon the HDCP master key and the KSVs to derive the private keys that mirrors those found in each of the source and sink devices. In a nutshell, the computation loops through the 40x40 matrix of the HDCP master key, and based upon the KSV having a 1 at a particular bit position it sums in the corresponding 40-entry row or column of the master key to the 40-entry private key vector. The use of a row or columns depends upon if the KSV belongs to a source or a sink. Once the private keys vectors have been derived, they can be multiplied in exactly the same fashion as would be found in the source or sink to derive the shared secret, Km. This shared secret, Km, is then written into the FPGA's HDCP engine, and the cipher state is ready to go. In practice, the entire computation can happen in real-time, but some devices go faster or slower than others, so it is hard to guarantee it always completes in time, particularly with the variable interrupt latency of the udev handler. As a result, the actual link negotiation caches the value of Km from previous authentications, and the udev event primarily verifies that Km hasn't changed (note that for each given source and sink pair, Km is static and never changes, so unless users are pulling cables out and swapping them between devices, Km is essentially static). If the Km has changed, it updates the Km in the FPGA and forces a 150ms hot plug event, which re-initiates the authentication, thereby making the transaction fairly reliable yet effectively real-time. Significantly, this system as implemented is incapable of operating without having the public keys provided by both the source and the sink. This means that it cannot "create" an HDCP link: this implementation is not an operational HDCP engine on its own. Rather, it requires the user of this overlay hack to "prove" it has previously purchased a full HDCP link through evidence of valid public keys. This “proof of purchase” exhausts the proprietary rights to the link associated with first sale doctrine. Once the FPGA's HDCP cipher state is matched to the video source's cipher state, one can now selectively encrypt different pixels to replace original pixels, and the receiver will decrypt all without any error condition. This is because encryption is done on a pixel by pixel basis and the receiver does little in the way of verification. The lack of link verification is in fact quite intentional and necessary. The natural bit error rate of HD video links is atrocious; but this is acceptable, because the human eye probably won't detect bit errors even on the level of 1 in every 10,000 bits (at high error rates, users see a “sparkle” or “snow” on the screen, but largely the image is intact). Therefore, this latitude in allowing pixel-level corruption is necessary to keep consumer costs low; otherwise, much higher quality cables would be required along with FEC techniques to achieve a bit error rate that is compatible with strict cryptographic verification techniques such as full-frame hashing. The selection of which pixel to swap is done by observing the color of the overlay's video. The overlay video is not encrypted and is generated by the user, so there is no legal violation to look at the color of the overlay video. Note that other pixel-combining methods, such as alpha blending, would necessitate the decryption of video. If the overlay video matches a certain chroma key color, the incoming video is selected; otherwise, the overlay video is selected. This allows for the creation of transparent "holes" in the UI. Since the UI is rendered by a WebKit browser, chroma-key is implemented by simply setting the background color in the CSS of the UI pages to magic-pink. This makes the default state of a web page transparent, with all items rendered on top of it opaque. Note that pixel-by-pixel manipulation of the incoming video feed is done without any real buffering of the video. A TMDS pixel "lives" inside the FPGA for less than a couple dozen clock cycles: the lifetime of a pixel is simply the latency of the pipelines and the elastic buffers required to deskew wire length differences between differential pairs. This means that the overlay video from the Linux computer must be strictly available at exactly the right time, or else the user will see the overlay jitter and shake. In order to avoid such artifacts, the time resolution requirement of the pixel synchronization is stricter than the width of a pixclock period, which can be as short as dozen nanoseconds. In order to accomplish this fine-grain synchronization, a genlock mechanism was implemented where vertical retrace signals (which are unencrypted) trigger an interrupt that initiates the readout of /dev/fb0 to the FPGA. However, the interrupt jitter of a non-realtime Linux is much larger than a single pixel time, so in order to absorb this uncertainty, a dynamic genlock engine was implemented in the FPGA. An 8-line overlay video FIFO is used to provide the timing elasticity between the Linux computer and the primary video feed; and the vertical sync interrupt-to-pixel-out latency of the Linux computer is dynamically measured by the FPGA and pre-compensated. In effect, the FPGA measures how slow the Linux box's reflexes are, and requests for the frame to start coming in advance of when the data is needed. These measures, along with a few lines of FIFO, ensure pixel availability at the precise time when the pixel is needed. SUMMARY A system has been described that enables a man-in-the-middle attack upon HDCP secured links. The attack enables the overlay of video upon existing streams; an example of an application of the attack is the overlay of a personalized twitter feed over video programs. The attack relies upon the HDCP master key and a snooping mechanism implemented using an FPGA. The implementation of the attack never decrypts previously encrypted video, and it is incapable of operating without an existing, valid HDCP link. It is thus an embodiment of a bona-fide, non-infringing and commercially useful application of the HDCP master key. This embodiment impairs the equating of the HDCP master key with copyright circumvention purposes.
-
-
21:40
»
SecDocs
Authors:
Tom Hargreaves Tags:
music Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Tracking is so 1990s. Nowadays MP3 and other similar formats are overwhelmingly more popular. But is this really a step forward? A (very) brief history of computer music, where we are at now, and why I think people are headed in the wrong direction. And what we can do about it. Distributing music as recordings is terribly limiting to hackers and tinkerers. Music as source code makes dissection, modification and reuse easier. I will introduce a prototype next-generation tracker for the web, with the ultimate aim of being a way to not just create but also distribute music, and to collaborate on music creation: Github for music, if you will. As a music creation tool, trackers have been displaced in popularity because they are: Balky (arcane command+parameter syntax, steep learning curve, have slowly grown by accretion without regard to comprehensibility) Underpowered (many useful DSP effects are unavailable) As a music distribution tool, tracked formats have been displaced in popularity because they are: Not ubiquitous (people may not have playback software) Underspecified (hence behaviour differs across implementations) I believe all of these problems are soluble, and I'm going to talk about how. "modplayjs" (a working title which may well change by December) is a tracker written in javascript. While capable of playing existing module formats, it is primarily a playground for experimenting with shedding two decades of accumulated baggage, and is currently under heavy development.
-
-
9:01
»
Hack a Day
Several of us here at Hackaday Brew our own beer. Needless to say, we got a little excited when we saw members of the open source community building a brew tracking system. Brewtarget is an open source tracking system that you could download right now and begin tracking and building your recipes. It looks like [...]
-
-
10:01
»
Hack a Day
Sous vide cookers aren’t anything new, but [Phil] wanted to build the first sous vide using the osPID, an open source PID controller just released in the last month. The build uses the osPID Open Source PID controller we saw last week that comes with inputs for a thermocouple and pair of relays capable of switching [...]
-
7:01
»
Hack a Day
Solder Your Pin headers Straight If you’re worried about how to solder your pin headers straight, why not try this simple trick and put them into a breadboard before soldering? Etiquette for Open Source Projects If you use or develop open source projects, it’s worth checking out [Phillip Torrone]‘s Unspoken rules of Open Source article. [...]
-
-
8:01
»
Hack a Day
The Seneca College Linux Club figured out a fantastic way to help promote Linux to a wider audience. They took some surplus hardware and made an Open Source software vending machine. That is and isn’t a play on words. The project itself is an open source project, and the goal is to dispense other open [...]
-
-
5:01
»
Hack a Day
This is Chippu, a robot that [Achu] has been working on for some time. His most recent addition was to give the robot the ability to respond to voice commands. This is accomplished using a variation of the open source Continuous Speech Recognition package called Julius. The package depends on two main parts, a set [...]
-
-
11:01
»
Hack a Day
Need PID control in your next project? Perhaps this little beauty can help. It’s an Open Source PID controller that also follows the Open Hardware guidelines. [Brett Beauregard] based the project on the newly minted Arduino PID library which he wrote. In the video after the break [Brett] takes apart the device, walking through some of [...]
-
-
6:22
»
Packet Storm Security Recent Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
6:22
»
Packet Storm Security Tools
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
6:22
»
Packet Storm Security Misc. Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
-
15:37
»
Packet Storm Security Advisories
A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.
-
15:37
»
Packet Storm Security Recent Files
A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.
-
15:37
»
Packet Storm Security Misc. Files
A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.
-
-
5:11
»
Packet Storm Security Recent Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
5:11
»
Packet Storm Security Tools
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
5:11
»
Packet Storm Security Misc. Files
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
-
-
15:33
»
Packet Storm Security Exploits
myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package.
-
15:33
»
Packet Storm Security Recent Files
myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package.
-
15:33
»
Packet Storm Security Misc. Files
myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package.
-
-
12:56
»
SecDocs
Authors:
Mario Vuksan Tomislav Pericin Tags:
reverse engineering Event:
Black Hat USA 2010 Abstract: Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged amd open source catch all tool that will become your first line of defense. The project also goes beyond pure tool development. It builds a forum to share information and reverse engineering experience built around the biggest online and collaborative knowledge base about software packers. With the increase in packed and protected malicious payloads, collaboration and quick response between researchers has become critical. As new sample numbers are quickly closing to 40M samples per year, solution to this problem has to come from reverse engineers themselves, integrating the work that they have done in the past and they continue to do. Huge databases of format identification data and unpacking scripts can be reused in a way to maxize automation. Yet, where do we find a definite collection of functional tools, identification signatures and unpacking tools? And how do we integrate them in a meaningful and accurate way? Come to this talk to hear how we plan to raise reversing collaboration with TitanMist to a whole new level. We will address today's and future challenges, source code, packaging and distribution, and define your role in making TitanMist the most powerful community tool for the years to come. This talk will be a Black Hat exclusive; a launch and demonstration of TitanMist, a new open source project based on TitanEngine. All components will be available for distribution with the conference materials.
-
12:56
»
SecDocs
Authors:
Mario Vuksan Tomislav Pericin Tags:
reverse engineering Event:
Black Hat USA 2010 Abstract: Security is notoriously disunited. Every year multiple tools and projects are released and never maintained. TitanMist is its inverse opposite. Built on top of TitanEngine, it provides automation and manages all known and good PEID signatures, unpacking scripts and other tools in one unified tool. TitanMist is the nicely packaged amd open source catch all tool that will become your first line of defense. The project also goes beyond pure tool development. It builds a forum to share information and reverse engineering experience built around the biggest online and collaborative knowledge base about software packers. With the increase in packed and protected malicious payloads, collaboration and quick response between researchers has become critical. As new sample numbers are quickly closing to 40M samples per year, solution to this problem has to come from reverse engineers themselves, integrating the work that they have done in the past and they continue to do. Huge databases of format identification data and unpacking scripts can be reused in a way to maxize automation. Yet, where do we find a definite collection of functional tools, identification signatures and unpacking tools? And how do we integrate them in a meaningful and accurate way? Come to this talk to hear how we plan to raise reversing collaboration with TitanMist to a whole new level. We will address today's and future challenges, source code, packaging and distribution, and define your role in making TitanMist the most powerful community tool for the years to come. This talk will be a Black Hat exclusive; a launch and demonstration of TitanMist, a new open source project based on TitanEngine. All components will be available for distribution with the conference materials.
-
-
13:56
»
SecDocs
Authors:
Rich Smith Tags:
reverse engineering python Event:
Black Hat USA 2010 Abstract: Increasing numbers of commercial and closed source applications are being developed in Python. The Developers of these applications are investing increasing amounts to stop people being able to see their source code through by a variety of bytecode obfuscation efforts. At the same time Python is an increasingly present component of 'The Cloud' where traditional decompilation techniques fall down through lack of access to files on disk. This presentation outlines a methodology, and releases a toolkit, to be able to reverse obfuscated Python applications from live objects in memory as well as showing how to defeat the obfuscation techniques commonly employed today. This will allow people to find bugs in code that was previously opaque to them.
-
-
10:01
»
Hack a Day
[Aurelio] wrote in to tell us about the smartCaster, an “Open source automatic roto-casting machine.” For those of you not familiar with roto-casting, or rotational molding, it’s a process whereby something to be formed is placed into a mold and then melted while spinning. This item is often plastic, but it can be another material [...]
-
-
4:00
»
Hack a Day
Hackaday alum and owner of Dangerous Prototypes [Ian Lesnet] recently wrote an editorial piece calling out Microchip on some of their less than friendly attitudes towards open source. [Ian] and his company use PIC microcontrollers extensively in their projects, and they have quite a high opinion of their products overall. The gripe that he has [...]
-
-
15:48
»
Packet Storm Security Advisories
A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
-
15:48
»
Packet Storm Security Recent Files
A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
-
15:48
»
Packet Storm Security Misc. Files
A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
-
-
21:48
»
Packet Storm Security Advisories
The libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data outside a destination buffer boundaries. The vulnerability affects the Chinese AVS video (CAVS) file format decoder, specially crafted CAVS files may lead to arbitrary code execution during decoding.
-
21:48
»
Packet Storm Security Recent Files
The libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data outside a destination buffer boundaries. The vulnerability affects the Chinese AVS video (CAVS) file format decoder, specially crafted CAVS files may lead to arbitrary code execution during decoding.
-
21:48
»
Packet Storm Security Misc. Files
The libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data outside a destination buffer boundaries. The vulnerability affects the Chinese AVS video (CAVS) file format decoder, specially crafted CAVS files may lead to arbitrary code execution during decoding.
-
-
8:20
»
Packet Storm Security Exploits
MinaliC Webserver version 2.0 suffers from a remote source disclosure vulnerability. This is the same issue that was previously discovered in version 1.0.
-
8:20
»
Packet Storm Security Recent Files
MinaliC Webserver version 2.0 suffers from a remote source disclosure vulnerability. This is the same issue that was previously discovered in version 1.0.
-
8:20
»
Packet Storm Security Misc. Files
MinaliC Webserver version 2.0 suffers from a remote source disclosure vulnerability. This is the same issue that was previously discovered in version 1.0.
-
-
19:34
»
Packet Storm Security Recent Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
19:34
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
19:34
»
Packet Storm Security Misc. Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
-
19:18
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-168 - This vulnerability allows remote attackers to register RPC services on vulnerable installations of EMC Legato Networker and IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The flaw exists within the librpc.dll component which listens by default on UDP port 111. When handling the pmap_set request the process verifies the source address is "127.0.0.1". This communication is via UDP and a valid source address is not required, a udp packet from source address "127.0.0.1" can be created sent to this service allowing a remote attacker to register and unregister RPC services. A remote attack can use this vulnerability to create a denial of service condition or eavesdrop on process communications.
-
19:18
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-168 - This vulnerability allows remote attackers to register RPC services on vulnerable installations of EMC Legato Networker and IBM Informix Dynamic Server. Authentication is not required to exploit this vulnerability. The flaw exists within the librpc.dll component which listens by default on UDP port 111. When handling the pmap_set request the process verifies the source address is "127.0.0.1". This communication is via UDP and a valid source address is not required, a udp packet from source address "127.0.0.1" can be created sent to this service allowing a remote attacker to register and unregister RPC services. A remote attack can use this vulnerability to create a denial of service condition or eavesdrop on process communications.
-
12:01
»
Hack a Day
While we normally don’t make it a habit to feature Kickstarter projects, we couldn’t pass this one up. [Barton Dring] from BuildLog.net is putting together a project called MakerSlide that we’re sure will interest many of you out there. Through his various CNC builds, he has found that one of the more expensive and frustrating [...]
-
-
6:01
»
Hack a Day
[PT] just published an editorial calling on manufactures to transfer knowledge about products they are discontinuing by making them open source. He makes his case on the basis that millions of dollars and innumerable man hours go into developing these products, only to be lost when the company decides that the project is no longer (or maybe never was) [...]
-
-
14:30
»
Hack a Day
Trackuino is a new open source (GPLv2 license) Arduino APRS tracker designed by [Javier Martin]. If you are unfamiliar: APRS (Automatic Packet Reporting System) is an amateur radio method used to relay small packets of position-tracking data to an online database for easy access and mapping. In this case, GPS telemetry data is used to [...]
-
-
4:05
»
Hack a Day
[Jay Kickliter] writes in to tell us about his open source energy/power meter. With his buddy [Frank Lynam] they designed a small device that crams into existing power boxes and uses and 8 core propeller (P8X32A) microcontroller to perform true RMS voltage and current measurements using a current transformer. [Frank] and [Jay] don’t stop there. [...]
-
-
9:00
»
Hack a Day
Posts Looks like Redbull is harnessing the power of open source hardware to market their product to hackers everywhere. We’d say that it worked because here we are, posting up some free advertising for them. It seems that a rep for the company dropped off a package at a hackerspace in LA called Null Space [...]
-
-
10:00
»
Hack a Day
The Open Source Hardware (OSHW) initiative is rolling right along. But now it’s time for you to share your input. The movement is choosing a logo and you get to decide which one it will be. The ten finalists shown above were narrowed down from the 129 submissions received during the public call for logos. [...]
-
-
8:01
»
Hack a Day
Seeed Studios, makers of the Seeeduino and fabricators of small-run PCB orders have put out a call to help develop an open source radiation detector. Will it be of any help to people in the area of Japan that is at risk? We really can’t say. But if you can lend some expertise with this, [...]
-
-
14:08
»
Hack a Day
This 5-axis CNC router could soon be an open source tool. [Mike Calvino] built it for the School of Architecture at the University of Arkansas. It can be used as a router or as a plasma cutter/welder. Now he’s trying to raise some money that will underwrite his time and effort to develop and release instructions, design [...]
-
-
6:02
»
Hack a Day
The Buildlog.net 2.x Laser is a second generation open source laser cutter that definitely improves the design of the first model. The 2 axis machine (optional vertical axis is manual or an upgrade is available) boasts a large 12” x 20” x 4” workspace while being smaller than its predecessor, fitting a table top design. [...]
-
-
9:02
»
Hack a Day
Microsoft is planning to release Windows drivers for the Kinect this spring, months after open source drivers were developed by a motivated hacking community. [Johnny Chung Lee], who worked with the Microsoft team when the hardware was developed, mentions that he had pushed for the giant to develop and release at least basic Windows drivers. [...]
-
-
11:11
»
Packet Storm Security Recent Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
11:11
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
11:11
»
Packet Storm Security Misc. Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
-
0:01
»
Packet Storm Security Tools
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
0:01
»
Packet Storm Security Misc. Files
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
-
-
8:04
»
Hack a Day
[Spi Waterwing] wrote in to make sure that we were aware of Logisim, a Java-based open source digital logic simulator. We’ve used Atanua quite a bit in the past but hadn’t heard of this program. It seems to have a pretty big educational following and right off the bat it’s got a feature we’ve always [...]
-
-
5:00
»
Hack a Day
Without a doubt, Laser Projectors are a great way to project large, bright images on any surface you can imagine. With a high enough quality projector and software package, excellent images and visualizations can be displayed in real time. [marcan], of the openkinect project, decided that there were not any open source laser projection packages [...]
-
-
19:59
»
Packet Storm Security Recent Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
19:59
»
Packet Storm Security Misc. Files
ZORG is an open source implementation of the ZRTP protocol implementation. ZRTP provides end-to-end key exchange with Elliptic Curve Diffie-Hellmann 384bit and AES-256 SRTP encryption. This particular archive is Zorg C++, which has been integrated with PJSIP open source VoIP SDK and it's provided as an integration patch against PJSIP 1.8.5. It has been tested on iPhone, Symbian, Windows, Linux and Mac OS X.
-
-
12:10
»
Packet Storm Security Exploits
Alt-N WebAdmin version 3.3.3 suffers from a remote source code disclosure vulnerability. Also affected is U-Mail for Windows version 9.8 and U-Mail GateWay for Windows version 9.8.
-
12:10
»
Packet Storm Security Recent Files
Alt-N WebAdmin version 3.3.3 suffers from a remote source code disclosure vulnerability. Also affected is U-Mail for Windows version 9.8 and U-Mail GateWay for Windows version 9.8.
-
12:10
»
Packet Storm Security Misc. Files
Alt-N WebAdmin version 3.3.3 suffers from a remote source code disclosure vulnerability. Also affected is U-Mail for Windows version 9.8 and U-Mail GateWay for Windows version 9.8.
-
-
21:13
»
SecDocs
Tags:
culture social Event:
PhreakNIC 11 Abstract: This talk will be a major update on the third track discussion led at HOPE 6. Various topics will include the building blocks of democracy 2.0, reviews of open source voting software and electronic voting machines, and how I believe these steps can go a long way towards turning back the tides of war, corruption, greed and the constant assault on our liberties.
-
-
7:09
»
Hack a Day
Adafruit Technologies has announced the winner of the Open Source Kinect contest. [Hector], who we mentioned yesterday has won, providing both RGB and depth access to the device. Some of you were asking at that time, why the contest was not over yet. Well, Adafruit had to verify. The image you see above are of [...]
-
-
6:57
»
Hack a Day
The competition for the first Open Source driver for the Kinect is heating up. [Marcan42] has released a driver that does video and depth. He was able to do this without an Xbox and you can see it in action after the break. [LadyAda] has been hard at work as well, recording and dumping the [...]
-
-
19:02
»
Packet Storm Security Tools
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
-
-
3:29
»
SecDocs
Tags:
malware malware analysis Event:
AVTokyo 2009 Abstract: I thought this may be interesting if we could map the Malware source IP and the SPAM mail source IP on the global map with the geo coding. This talk will show the current status and how it looks.
-
-
14:16
»
Hack a Day
This is a vacuum tweezers head for an open source pick-and-place. Those are the machines that professional printed circuit board manufacturers use to populate a circuit board with components before heading to the reflow oven. [Drmn4ea] built it with at-home rapid manufacturing in mind. The black orb on the left is a webcam for optical [...]
-
-
6:07
»
Hack a Day
You can make your own lithium-ion batteries if you have a source for individual cells and a control board to match your desired voltage levels. [Bill Porter] put together a quick tutorial where he makes a 14.4V 2.2 AH battery for about $10. He picked up a set of cable-modem backup batteries (used to make [...]
-
-
21:01
»
Packet Storm Security Tools
The OpenCA Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA is based on many Open-Source Projects. Among the supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
-
21:00
»
Packet Storm Security Recent Files
The OpenCA Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA is based on many Open-Source Projects. Among the supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
-
-
9:33
»
Hack a Day
Don’t steal. It’s a lesson that children are taught from the youngest age and a core principle in every society. The PSGroove sets out to follow this mantra in several ways. It is an open source implementation of the PSJailbreak hardware we covered a couple of weeks back. It’s difficult to find a definitive source [...]
-
-
11:46
»
Hack a Day
It looks like we missed the boat on this one but just in case you missed it everywhere else on the Internet, last Saturday [Matt Stack] introduced the world to a completely open source calculator. This marries two heartily tested open source projects; the R Project for Statistical Computing and the Beagleboard. The hardware side [...]
-
-
12:58
»
Hack a Day
Open source GSM cracking software called “Kraken” has been released into the wild. You may recognize some of the information from back in December when we announced that they had cracked GSM encryption. Well, now you can participate as well. You’ll need a pretty beefy Linux machine and some patience. They say that an easier [...]
-
-
11:10
»
Hack a Day
[Christian Weichel] has been hard at work developing LogicAnalyzer, an open source tool that may interest you. It is designed with SUMP Logic Analyzers in mind but a main goal is expandability. What this means is that it plays nicely with things like the Open Workbench Logic Sniffer or you can do a bit of [...]
-
-
14:00
»
Hack a Day
We hope you paid attention in advanced theoretical and quantum physics classes, or making your own Open Source Scanning-Tunneling Microscope might be a bit of a doozy. We’re not even going to try to begin to explain the device (honestly we slept through that course) beyond clarifying it is used for examining the molecular and [...]
-
-
9:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
-
9:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
-
-
13:15
»
Hack a Day
[Michael] sent us a link to his RC robotic platform. He started with the same RC toy as the iPhone Robot (CAR) but ended up with a blank slate waiting for more features. What he has is an Arduino with a motor driver, three bump switches for the front and rear, and a XBee module. [...]
-
-
15:28
»
Hack a Day
Hackaday alum [Ian Lesnet] has been working in cahoots with a dedicated team of developers to produce the OpenBench Logic Sniffer. This caseless logic analyzer can operate at 100MHz and sample 32 channels at once. Better yet, a digital oscilloscope add-on is in the works. The pre-order comes in at $45, that’s a lot of [...]
-
-
0:36
»
remote-exploit & backtrack
Hi everyone,
I'm a big fan of these forums and have learned a lifetime of information simply by reading and lurking. I'm an up-and-coming programmer and I wanted to give something back to the community...
Grim Wepa [v0.5] is currently in beta mode, and I'm looking for testers!
The program is available on Google Code at:
code.google.com/p/grimwepa/
Grim Wepa is heavily influenced by SpoonWEP and SpoonWPA; both in GUI and functionality. I am a fan of ShamanVirtuel's work and wanted to see if I could create something similar.
The Spoon suite (SpoonWEP/2, SpoonWPA) wasn't working properly for me on BT4, so I wrote this program in Java to automate WEP and WPA cracking.
GrimWepa does NOT include a fancy new cracking method: It is the same tried-and-true methods that we are all accustomed to (aircrack-ng, airodump-ng, aireplay-ng, and the like). GrimWepa merely automates the running of these scripts in an easy-to-use GUI format.
I've only been able to test each option briefly, and some attacks have been completely unsuccessful (Chop-chop and Cafe-latte refuse to generate packets on my router). Fragmentation, ARP replay, and -p0841 work very well, as does the WPA handshake capture + wordlist attack.
I have posted the source code (not to v0.6, but a recent revision) to allow others to aid in developing if they wish. If you want to compile the program yourself, you can access the source using the console command:
svn checkout http[colon]//grimwepa.googlecode.com/svn/trunk/
Note: use a real colon : instead of [colon] to properly checkout the code. (I'm not allowed to post full URLs yet!)
Some files that are in the .jar file are not included in the source (such as default_pw.txt and README.txt), so be aware. You will also need the app "javac" to compile the source code (javac is available in the sun-java6-jdk install package).
For those that don't want to compile themselves, just download the .jar file and type:
java -jar grimwepa_0.5.jar
at the console to get started.
Enjoy!
-Derv
-
-
18:00
»
Packet Storm Security Tools
Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
-
18:00
»
Packet Storm Security Recent Files
Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
-
-
21:04
»
SecDocs
Authors:
Sébastien Doucet Tags:
embedded Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: An FPGA-based open-hardware video synthesis platform. The project develops a stand-alone device in a small form factor that is capable of rendering MilkDrop-esque visuals effects in real time, with a high level of interaction with many sensors and using live audio and video streams as a base. The flexibility of the FPGA used as a central component enables advanced users to modify the design, and also permits compact integration of many interfaces (Ethernet, OSC, MIDI, DMX512, video inputs), making Milkymist™ a platform of choice for the mobile VJ. But Milkymist™ is more than a visual synthesizer - it is also one of the leading open source system-on-chip designs. It is today the fastest open source system-on-chip capable of running Linux, and it comes with an extensive set of features and graphics accelerators. The IP cores that make up the system-on-chip are entirely written in open source synthesizable Verilog HDL and come with test benches and documentation, which makes Milkymist™ a great library of re-usable logic cores to serve as a base for other open source hardware. Project homepage: http://www.milkymist.org The conference focuses on the technical aspects of the project.
-
21:04
»
SecDocs
Authors:
Sébastien Doucet Tags:
embedded Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: An FPGA-based open-hardware video synthesis platform. The project develops a stand-alone device in a small form factor that is capable of rendering MilkDrop-esque visuals effects in real time, with a high level of interaction with many sensors and using live audio and video streams as a base. The flexibility of the FPGA used as a central component enables advanced users to modify the design, and also permits compact integration of many interfaces (Ethernet, OSC, MIDI, DMX512, video inputs), making Milkymist™ a platform of choice for the mobile VJ. But Milkymist™ is more than a visual synthesizer - it is also one of the leading open source system-on-chip designs. It is today the fastest open source system-on-chip capable of running Linux, and it comes with an extensive set of features and graphics accelerators. The IP cores that make up the system-on-chip are entirely written in open source synthesizable Verilog HDL and come with test benches and documentation, which makes Milkymist™ a great library of re-usable logic cores to serve as a base for other open source hardware. Project homepage: http://www.milkymist.org The conference focuses on the technical aspects of the project.
-
21:04
»
SecDocs
Authors:
Sébastien Doucet Tags:
embedded Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: An FPGA-based open-hardware video synthesis platform. The project develops a stand-alone device in a small form factor that is capable of rendering MilkDrop-esque visuals effects in real time, with a high level of interaction with many sensors and using live audio and video streams as a base. The flexibility of the FPGA used as a central component enables advanced users to modify the design, and also permits compact integration of many interfaces (Ethernet, OSC, MIDI, DMX512, video inputs), making Milkymist™ a platform of choice for the mobile VJ. But Milkymist™ is more than a visual synthesizer - it is also one of the leading open source system-on-chip designs. It is today the fastest open source system-on-chip capable of running Linux, and it comes with an extensive set of features and graphics accelerators. The IP cores that make up the system-on-chip are entirely written in open source synthesizable Verilog HDL and come with test benches and documentation, which makes Milkymist™ a great library of re-usable logic cores to serve as a base for other open source hardware. Project homepage: http://www.milkymist.org The conference focuses on the technical aspects of the project.
-
-
13:00
»
Packet Storm Security Tools
Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
-
13:00
»
Packet Storm Security Recent Files
Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
-
-
0:39
»
remote-exploit & backtrack
As you know it's a great web application attacking and defending book, it has some example source codes included, the source of the contents is in somewhere that I can't post here right now due to the some reasons related to rules of this forum ... (15 posts needed to post links !)
unluckily it seems it's not available right now,
if anyone has it's source codes or find them with google or somewhere else please post them here, It's immediately for me .
thank you !
- Genius
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution
11:00