Friday March 21, 2008 7pm-midnight
Trabant Coffee & Chai
Security Computer Fuzzing Root Vuln Hands-on Hacking
See ya there!
Wednesday, March 12, 2008
Neg9 Meeting - March 21 in University District
Join us for the first Neg9 meet in a good while, the style is casual, the people geeky and bright, the caffeine a-plenty, and the details are below!
Friday March 21, 2008 7pm-midnight
Trabant Coffee & Chai
Security Computer Fuzzing Root Vuln Hands-on Hacking
See ya there!
Friday March 21, 2008 7pm-midnight
Trabant Coffee & Chai
Security Computer Fuzzing Root Vuln Hands-on Hacking
See ya there!
Saturday, February 9, 2008
A simple way to manage encrypted filesystems on shell servers
If you haven't checked out the FUSE tool encfs, look it up - it doesn't need any information on itself, it's incredibly simple to use.
http://fuse.sourceforge.net/
http://www.arg0.net/encfs
I've made a simple script to automatically mount and unmount an encfs filesystem on a system (This is designed with connecting to a remote shell server in mind).
Right now, it mounts the encfs on login if you tell it to, and if once you logout there are no more interactive sessions logged in (NOTE: My check for this is potentially NASTY! Please provide feedback on a better solution if you have any ideas! I think what I have will only work on Linux systems that store TTY info in /dev/pts/, and even then it's kind of tailored to my environment - you've been warned!
What this does when you SSH in to the server:
1) Ask if you want to mount your encrypted filesystem
2) If you just hit enter, or say "n" (Actually, if you say anything other than "y" or "Y") it will not mount the FS.
2a) If you say "y" or "Y" it will go ahead and mount the filesystem, attempting to create it if it does not yet exist.
3) It will write the status of the mount operation to ~/.encfsmounted
When you logout:
1) If ~/.encfsmounted has the mount point in it, -and- you're on your last interactive (TTY allocated) session, it will try to unmount it.
1a) If either of the above is false, it won't be anything.
Potential Problems:
1) Race conditions - what if you ssh in more than once and don't answer the prompt in order? Weirdness could occur.
2) Bizarre TTY allocations could trick the script in to thinking more or less sessions are active (Think about using screen for example - no good!)
3) Probably other things, this was written in about an hour and half across two days.
I've started putting the code in a mercurial repository, so you may browse and check it out here:
http://seadine.org/hg/encfs_automount/
Here's a current snapshot of the code as it exists now, it mostly works - but it seems that FUSE or the EncFS project itself may have some bugs - you'll sometimes see that it hangs on the umount_encfs function (This could very well be a flaw in my script! Feedback is welcome!)
I presented this as a short lightning talk at GSLUG on February 9th, 2008.
http://fuse.sourceforge.net/
http://www.arg0.net/encfs
I've made a simple script to automatically mount and unmount an encfs filesystem on a system (This is designed with connecting to a remote shell server in mind).
Right now, it mounts the encfs on login if you tell it to, and if once you logout there are no more interactive sessions logged in (NOTE: My check for this is potentially NASTY! Please provide feedback on a better solution if you have any ideas! I think what I have will only work on Linux systems that store TTY info in /dev/pts/, and even then it's kind of tailored to my environment - you've been warned!
What this does when you SSH in to the server:
1) Ask if you want to mount your encrypted filesystem
2) If you just hit enter, or say "n" (Actually, if you say anything other than "y" or "Y") it will not mount the FS.
2a) If you say "y" or "Y" it will go ahead and mount the filesystem, attempting to create it if it does not yet exist.
3) It will write the status of the mount operation to ~/.encfsmounted
When you logout:
1) If ~/.encfsmounted has the mount point in it, -and- you're on your last interactive (TTY allocated) session, it will try to unmount it.
1a) If either of the above is false, it won't be anything.
Potential Problems:
1) Race conditions - what if you ssh in more than once and don't answer the prompt in order? Weirdness could occur.
2) Bizarre TTY allocations could trick the script in to thinking more or less sessions are active (Think about using screen for example - no good!)
3) Probably other things, this was written in about an hour and half across two days.
I've started putting the code in a mercurial repository, so you may browse and check it out here:
http://seadine.org/hg/encfs_automount/
Here's a current snapshot of the code as it exists now, it mostly works - but it seems that FUSE or the EncFS project itself may have some bugs - you'll sometimes see that it hangs on the umount_encfs function (This could very well be a flaw in my script! Feedback is welcome!)
1 #!/bin/bash
2 #
3 # This defines two bash functions to mount and unmount a FUSE EncFS.
4 # You must have setup encfs with $HOME/.encfs/ as the encrypted store,
5 # and $HOME/encfs/ as the mount point prior to this being useful.
6 # Add mount_encfs to a login script, like .bash_login, and umount_encfs
7 # to your .bash_logout script.
8 # The umount_encfs function does some very loose checking to see if it
9 # should unmount the encfs or not. Be sure to manually call umount_encfs
10 # if you can't risk this check failing.
11 # This shall be released AS-IS, author crash@neg9.org
12
13 ENC_STORE="${HOME}/.encfs"
14 ENC_MOUNT="${HOME}/encfs"
15 ENC_STATUS="${HOME}/.encfsmounted"
16
17 function mount_encfs ()
18 {
19 if [ ! -e $ENC_STATUS ]; then
20 echo "nothing mounted" > $ENC_STATUS;
21 fi
22
23 # Check to see if the encfs is already mounted, bail if so
24 ENCFSMOUNTED=$(cat $ENC_STATUS)
25 if [ "${ENCFSMOUNTED}" = "${ENC_MOUNT}" ]; then
26 return;
27 fi;
28
29 # Otherwise, on we go
30 MOUNT="n";
31
32 read -p "Mount encrypted filesystem? [y/N] " MOUNT;
33 if [ "$MOUNT" = "y" -o "$MOUNT" = "Y" ]; then
34 echo "Mounting encrypted filesystem [${ENC_STORE}] on [${ENC_MOUNT}] now..."
35 /usr/bin/encfs $ENC_STORE $ENC_MOUNT;
36 if [ $? -eq 0 ]; then
37 echo "$ENC_MOUNT" > $ENC_STATUS
38 echo "Mounted encrypted filesystem successfully on [${ENC_MOUNT}]";
39 else
40 echo "nothing mounted" > $ENC_STATUS;
41 fi;
42 fi
43
44 return
45 }
46
47 function umount_encfs ()
48 {
49 NINTERACTIVE=$(ls -l /dev/pts/ | grep "^.......... . ${USER}" | wc -l);
50 ENCFSMOUNTED=$(cat $ENC_STATUS)
51 if [ $NINTERACTIVE -le 1 -a "${ENCFSMOUNTED}" = "${ENC_MOUNT}" ]; then
52 /usr/bin/fusermount -u $ENC_MOUNT > /dev/null 2>&1;
53 if [ $? -eq 0 ]; then
54 echo "Unmounted encrypted filesystem [${ENC_STORE}]"
55 echo "nothing mounted" > $ENC_STATUS;
56 else
57 echo "Failed to unmount encrypted filesystem [${ENC_STORE}]";
58 fi;
59 fi
60
61 return
62 }
63
64 function umount_encfs_force ()
65 {
66 /usr/bin/fusermount -u $ENC_MOUNT > /dev/null 2>&1;
67 if [ $? -eq 0 ]; then
68 echo "Unmounted encrypted filesystem [${ENC_STORE}]"
69 echo "nothing mounted" > $ENC_STATUS;
70 else
71 echo "Failed to unmount encrypted filesystem [${ENC_STORE}]";
72 fi;
73
74 return
75 }
I presented this as a short lightning talk at GSLUG on February 9th, 2008.
Tuesday, January 1, 2008
Eye-Fi Flickr Group
I've talked about the Eye-Fi a little bit when it first came out, and I still think it's a great little device. If you don't know about it, just check http://eye.fi, or search Google news for "eye-fi" and you'll figure it out pretty quick.
Anyhow, if you're an Eye-Fi user and use Flickr, you should join the Flickr group for discussion about the Eye-Fi, and the picture pool. Here's the group URL:
http://flickr.com/groups/eye-fi/
Happy shooting!
Anyhow, if you're an Eye-Fi user and use Flickr, you should join the Flickr group for discussion about the Eye-Fi, and the picture pool. Here's the group URL:
http://flickr.com/groups/eye-fi/
Happy shooting!
Back from India
So, obviously - I'm back from my India trip!
I'm not a big blogger, so I probably won't post a whole lot about it here, but I'm slowly working on getting my photos sorted out and placed online (on my Flickr account) - You can check out h1kari's photos that he's gotten online here.
I will say though, three weeks in India was a blast. It's so huge, and there's so many people - you could spend a dozen lifetimes there and probably not see everything. Everyone was very nice, and it wasn't really too hard to get around and figure things out. The food was amazing (except for the rancid palak paneer that gave me food poisoning - or "Delhi Belly" on the last 3 days of our trip - ugh.)
And of course, I had to keep things interesting, so I got bitten by a monkey early on in the trip, near New Delhi at a temple (Akbar's Tomb) - that's all fine though, I've been getting rabies shots and haven't turned in to a crazy drooling fool yet =)
I'll post again once I've gotten all my pictures uploaded, and perhaps again later with a few select photos and commentary on them.
I'm not a big blogger, so I probably won't post a whole lot about it here, but I'm slowly working on getting my photos sorted out and placed online (on my Flickr account) - You can check out h1kari's photos that he's gotten online here.
I will say though, three weeks in India was a blast. It's so huge, and there's so many people - you could spend a dozen lifetimes there and probably not see everything. Everyone was very nice, and it wasn't really too hard to get around and figure things out. The food was amazing (except for the rancid palak paneer that gave me food poisoning - or "Delhi Belly" on the last 3 days of our trip - ugh.)
And of course, I had to keep things interesting, so I got bitten by a monkey early on in the trip, near New Delhi at a temple (Akbar's Tomb) - that's all fine though, I've been getting rabies shots and haven't turned in to a crazy drooling fool yet =)
I'll post again once I've gotten all my pictures uploaded, and perhaps again later with a few select photos and commentary on them.
Sunday, December 2, 2007
Off to India
I'm heading off to India tomorrow, and I'll be there until December 25th, which some people know as Christmas - it's gonna be a blast, I'm sure it'll be a quite awesome experience and very different from anything that I'm currently familiar with!
Myself and a friend (h1kari) are going to New Delhi, Pune, and Goa. I'll be attending ClubHack in Pune, which is a hacker conference - h1kari is giving a presentation on some more crypto breaking stuff he's been working on under the OpenCiphers project which utilize FPGAs. That's just a one day conference on the 9th, but it sure works out as a great reason to go to India for three weeks!
I don't really plan on checking email or getting on-line a whole lot while I'm there, I'm not even bringing my laptop along, but I may post one or two things here, we'll see how it goes.
Myself and a friend (h1kari) are going to New Delhi, Pune, and Goa. I'll be attending ClubHack in Pune, which is a hacker conference - h1kari is giving a presentation on some more crypto breaking stuff he's been working on under the OpenCiphers project which utilize FPGAs. That's just a one day conference on the 9th, but it sure works out as a great reason to go to India for three weeks!
I don't really plan on checking email or getting on-line a whole lot while I'm there, I'm not even bringing my laptop along, but I may post one or two things here, we'll see how it goes.
Tuesday, November 13, 2007
Custom etched RFID antenna circuit boards
This is pretty neat!
Down at the Hackerbot Labs, 3ric ordered up a $65 RFID antenna to play with, but $65 is a bit expensive for an RFID antenna, especially when we can duplicate it on the cheap!
So, what did we do, you ask? It's called the "Toner Transfer Method" (Google, makezine.com)
First step, take a nice high-res scan of the original circuit board (Pics), get it into some graphics program (We used Photoshop and Illustrator..), then mask out the leads and vias on their own layer(s) as plain black. We used Illustrator for the actual antenna side, because we wanted the best representation of the curves possible (That's important since it's particular to wavelength and all that.) From there, print out the mask on Stables Photo Basic paper (Yes, that exact paper) and you're ready to transfer the toner on the paper to a fresh copper PCB with an iron. After that, massage the paper off in some water (This takes some patience), then etch the board in some chemical PCB etchant. Once that step's done, remove the toner from your leads with acetone, and voila! You're left with a circuit board, in our case - a sheet holding 6 almost pristine copied of the original RFID antenna.
After that, we just need to get the select few components to solder on and test it out. More to come on that this coming weekend.
I'm not sure what the per-antenna cost is for our solution here, but you can be sure it's far less than $65 a pop!
This was the first time I've ever done something quite like this, thanks to 3ricj and Æther for getting this project going and having me work on it.
Down at the Hackerbot Labs, 3ric ordered up a $65 RFID antenna to play with, but $65 is a bit expensive for an RFID antenna, especially when we can duplicate it on the cheap!
So, what did we do, you ask? It's called the "Toner Transfer Method" (Google, makezine.com)
First step, take a nice high-res scan of the original circuit board (Pics), get it into some graphics program (We used Photoshop and Illustrator..), then mask out the leads and vias on their own layer(s) as plain black. We used Illustrator for the actual antenna side, because we wanted the best representation of the curves possible (That's important since it's particular to wavelength and all that.) From there, print out the mask on Stables Photo Basic paper (Yes, that exact paper) and you're ready to transfer the toner on the paper to a fresh copper PCB with an iron. After that, massage the paper off in some water (This takes some patience), then etch the board in some chemical PCB etchant. Once that step's done, remove the toner from your leads with acetone, and voila! You're left with a circuit board, in our case - a sheet holding 6 almost pristine copied of the original RFID antenna.
After that, we just need to get the select few components to solder on and test it out. More to come on that this coming weekend.
I'm not sure what the per-antenna cost is for our solution here, but you can be sure it's far less than $65 a pop!
This was the first time I've ever done something quite like this, thanks to 3ricj and Æther for getting this project going and having me work on it.
Monday, November 5, 2007
./a.out
I've never really been too big into posting on blogs myself, but I suppose I'll fire this one up and post about any neat projects I'm working on, interesting stuff I find, or what have you.. you know, "blog" stuff, I guess.
Subscribe to:
Posts (Atom)
