Computers and Programming
I've been into computers, tech, coding, and hacking stuff for a long time. I'll talk about it here and let you folks know what I'm up to in this field.
Exploit Development
These are tutorials and thoughts on attacking programs in their binary/executable form. We'll explore concepts like stack and heap overflows, format
strings, return-to-libc attacks, off-by-one errors, and more.
Arduino Baby Steps
I finally broke down and bought an arduino and some bits to go with it. For those that don't know, the Arduino is an insanely popular open-source microcontroller board. You use the built-in USB interface to load code into it which you write and compile in a C-like language on the connected PC. Its pretty much like having a tiny programmable computer with a bunch of digital and analog inputs and outputs available to it. There have been tons of cool projects made with these things; check out Hack-a-Day for examples. I've been programming and into electronics for years so I figured it was time to combine the two and learn the microcontroller side. These things are really easy to code for and setup was a breeze.
The picture on the left links to a little video of how I've been fiddling with it in the first couple of hours after arrival. Already I'm glad that I
ordered the nice jumper wire bundle and irritated that I didn't order a normal sized breadboard. This one is made to stack on top of a prototyping board
that itself stacks onto the Arduino. The prototyping board pretty much just extends the I/O and power headers up and gives you a clear space in the middle
for circuit building (that tiny breadboard being a good fit). I haven't build this extender board yet (came as a kit), but I should be able to find some
free time at work to solder it. Anywho, the little project in the video counts in binary up to 31 and then resets. If you hold down the push button, it goes
into a bouncing ball mode. Adjusting the potentiometer changes the speed of both modes. If you folks have any ideas for stuff to build; especially
if related to security let me know.
San Diego 802.11 Setup
So I'm now in San Diego, CA going through Navy circuit-board-fixer school. The standards we have to meet with these repairs are frustratingly strict.
Its a tough school, but I'm making it work. During this time, I have to stay in the barracks on-base where there is no wifi. The only option is to go to
the bowling alley and compete with a bunch World of Warcraft geeks for bandwidth. The first thing I did was learn the pcap packet capture library and then I
wrote a tool that would look for WoW players and deauthenticate them from the access point. I didn't get a chance to try out this evil little program, though.
While testing and learning to write code with pcap, I grabbed my Orinoco Silver card and Hawking directional antenna and set them up. It turned out that by
setting the antenna on a chair, opening the window, and aiming it precisely, I could get on an access point. It happens to belong to the barracks across the street which is reserved
for higher ranking folks. Also can get it on my Alfa 500mW USB adapter using the same setup so I can switch the interwebz back and forth between my Linux and Vista laptops. I have
tried everything to make Linux relay the access to give the whole barracks wifi, but no such luck.
WiiSafeCracking
During an off-day; I wrote a safecracking game that uses the Wiimote for input. By combining a cardboard box, plastic tube, water bottle and Wiimote; I built a dial control. It tracks the IR LEDs in the sensor bar (positioned about 4 feet away). The remote sends these coordinates to the PC by way of Bluetooth. My app then does some fancy trig math to figure out what angle the Wiimote is rotated and what dial graduation it is on. It then uses this in a simple simulation of a safe combination lock. The user can manipulate it using conventional methods (for an S&G 6730) to discover the combo and open it (indicated by a little message box for now). The contact points can be sensed through the fingers because the app tells the Wiimote to vibrate for a few milliseconds when passing over them. The next step is to find a real safe dial and attach it to the current dial. This would allow the player to crack the safe without even looking at the monitor (just you and the lock).
Update: Originally, the onscreen safe dial that rotates along with the dial controller was made of lines and labels. Not only did this not look very good, but the moving those labels around was a bit slow and jerky at times (Windows doesn't like to move controls around). Click the image to the left for a view of what the game looks like now. I used Blender to model a little safe dial+ring and then rendered 725 JPG images of it. Basically I told Blender to animate the safe dial rotating through 360 degrees and then save the ouput frames. My app uses the dial controller input to choose the frame of animation and displays that image (all 725 of them are preloaded at app-startup). The result is a good-looking 3d rendered safe dial that rotates smoothly and accurately as the player turns the real-world dial controller.
Update #2: I have zipped the app (including the safe dial images) and, with the help of What, uploaded it here. For now, this is only the executable for Windows (tested on Vista so far); I'll toss the source code up soon. In order to run this thing: Unzip the files into any old random folder and run the exe. Prior to that, you must make you wiimote link up with the PC by way of Bluetooth adapter. It must be recognized as a "Human Interface Device" by Windows. I went out and picked up a cheapie USB Bluetooth adapter and everything worked out fine. To get it recognized, I have to double-click the Bluetooth icon in the taskbar and then "Add a Device" while holding down the bottom two buttons on the remote (the lights on it will flash blue). Once the device is registered, it should notify you that it has been recognized as an "HID device". From here, just run the executable, point the wiimote at a sensor bar and give it a turn :-) Building a little safe dial mockup makes this much better; trying to spin the remote like a dial freehand is an exercise in futility. Here is the download link to WiiSafeCracking.
Also I'd like to thank Brian Peek for writing the library that made this all possible: WiimoteLib.
First-Person Shooter
Making a first-person shooter from scratch is fun. Follow my epic journey toward insanity while writing an FPS.
BOOM Headshot!
802.11 Setup
Although there is free wifi offered on-base here in Africa, it cannot be received
inside our living units because of the construction materials. A great many folks around here have bought Wifi antennas and
mounted them to broomsticks on their roof to get reception. Others have built antennas from scratch or repurposed satellite
TV dishes. Naturally, I decided to have a go at it and ordered a
400mW USB adapter w/ antenna and
USB extension cable from Data-Alliance. I'm not sure of the capabilities of this adapter (RF monitor mode, injection, etc..) but
I did notice that it uses a RealTek chipset which I recall is fairly capable for this sort of experimentation. My roomate and I
mounted the adapter/antenna combo at the top of a broomstick and weather-sealed it with electrical and duct tape. The USB cable
was then ran down through a fan vent and into my laptop. From there, a crossover cable was used to connect our ethernet ports and
create a little local network. I then shared the internet through this connection so we can both surf from the comfort of air
conditioning.
Wiimote Experiments
After reading some articles about people using their Nintendo Wii Remotes in unorthodox ways (esp. Johnny Lee ), I picked one up. These
things can communicate with a plain-jane PC using normal Bluetooth and have lots of features to play with. The big one is its high-res
infrared camera for motion tracking. Under normal use, it tracks several IR LEDS inside a sensor bar that you rest on top of your TV in order
to determine its position/orientation. It turns out that if you have some programming chops and can get hold of this data, you can
use it for other stuff (like a whiteboard/multi-touch screen or for head tracking). The "wiimote" also has a few buttons and can
make a great programable remote control for your PC. The thing even has a 3d accelerometer to experiment with. The versatility and
hackability of these reminds of the more recent Defcon badges. So far, I've built an IR-light pen and done some fancy math to turn my
laptop screen into an interactive whiteboard. I'll update this with some info/guides along the way as things progress...and yes I know what you're thinking: lockpicking game :-)
LockGame 3D
This is a game I wrote that I believe is the first and only realistic 3D lockpicking game. It is available for Windows and Linux and also open
source. Be sure to read the documentation to learn how to play and let me know what you think.