When I first arrived at toor camp, I was issued a Hardhat and a kit of electronics to construct my own badge:
What a cool start! Combined with the already cool scenery:
Only one problem: no silo access. We’ll see if that changes for day two…
So I spent $22 on an ebook for school.
It has this crappy DRM that only lets me view the pdf on one computer using only “Adobe Digital Editions”.
If that wasn’t so bad, only a small subset of the text is OCR’d, so most of it isn’t even searchable!
Now I’m pissed, but wait, what do you say? These files are just RSA encrypted, and I have the key?
Some cool guy named i♥cabbages has released code do extract your key, and then decrypt the file to a good ol’ plain pdf. If you want to reproduce my steps you will need to use the PDF decrypter unless you have epubs.
So I use the tool and get a pdf, now I can use one of the most awesome tools in the world: Imagemagick.
Imagemagick can whip this pdf into shape. The first thing I’m going to do is convert each page into a tiff:
$ convert -density 200 input.pdf[1-124] -depth 8 -monochrome %05d.tif
Then I’m going to run tesseract-ocr on them to get the text:
$ for i in $(seq –format=%005.f 1 324)
do
tesseract $i.tif tesseract-$i -l eng
done
Now all I have to do is cat all the text together:
cat *.txt > output.txt
Now I have a fully searchable, plain text file. Exactly what I wanted in the first place!
For the REAL magic, I use agrep to search for strings similar to provided example test questions to help “highlight” the answers. More technical details on that magic on my wiki.
I’ve become a semi-expert on wireless networking and their security features.. and how to get around them. Before I continue I want to emphasize:
The act of cracking encryption is not illegal just like picking a lock is not illegal. It is the unauthorized access of that network which is illegal, just like breaking and entering is illegal.
So. To sum it up, there are two types of encryption. There is the weak kind (wep) and the strong kind (wpa). WEP can be broken in about 5-10 minutes. WPA can be broken in about 24 hours (as long as their password is in your password try-out list).
The actual process or hacking into a network like this requires a suite of tools called the aircrack-ng suite. You can read their tutorials and such, and I highly recommend you do if you want to get into this sort of thing. It’s a lot of FUN! Be prepared to learn linux while you are at it….
But, once you understand what you are doing, you will appreciate the tool I have written. It automates the process of getting the keys. I wrote it as a type of “set-it-and-forget-it” tool that I could just leave running. It isn’t too clean, but if you can read bash scripting you can figure it out.
Here is a screen shot of my tool cracking wep
Remember! Don’t try to just run this tool without understanding what it does and how to read it. If you haven’t breaking a wep key manually you don’t want to run this. It does WEP and WPA cracking (saving the handshake for later). Good luck! I will provide minimal support via comments on this post. Don’t forget to have your radio in monitor mode first, and if you are going to do wpa you need the mdk3 tool.
Here is the download link to Kyle’s Wireless Cracking Tool.
Here is a link to a more updated versio of my Cracking Tool.
This semester I took a class on Discrete Wavelets. It was awesome. The coolest part was our group final project. My group had the best topic by far: Decoding a Captcha! (Click on any of the following images to view them full size)
We’ve all seen Captchas before. They are used on websites to make sure that the person on the website is a real human, not a computer program. Why do we want to break them? The same reason we want to climb Mount Everest, it’s There!
The above is the captcha we intended to solve. Its not particularly difficult, but this class is an introduction to wavelets and requires no previous experience with the language we had to use: Mathematica. Our real task was to implement the algorithm in this paper.
So how do we do it? First we need to isolate the image without the background.
No problem. The color of the text is different from the background so it is easy to isolate. Next we need to take those pieces of the matrix and turn them into a list of coordinate pairs. Then we can apply a rotation matrix transform to undo the angle. What angle? Well I don’t know. How can we figure out how much it was rotate? Of course! Linear regression from Statistics!
Fortunately Mathematica has a function for this. This is the easy part. Now we need to take these rotated vectors and “Unrotate” them, then put them back into a matrix:
No problem! Well actually this isn’t as easy as it sounds. Arbitrary image rotation is non trivial. But let us press on. Now we must Cut the image into its component letters. This is easy, the columns of the matrix that are all white are the demarcation points.
Ok now what? Well we have an individual matrix for each unknown letter. Let us resize it to a standard square size (pad it), say 80×80. Oh I forgot to mention, before we stared on this we made a “Canon” of letters from A-Z0-9 with the same font into 80×80 squares too. At this point we could compare each letters “difference” and see which has the least difference. Let me show you:
Eh so that is a crappy example. When you take two letters and subtract them, you get all black where they are the same, and some white or gray where the “differences” are (Math terms=2 dimensional norm). The letter with the least difference is most likely to be the original letter.
So all we have to do is iterate through each canonical letter until we get the least difference. Do that for each letter and we can decode (you can see the unknown on the left, and the matching canon on the right):
Seems pretty good. But it gets better with some Discrete Wavelet Magic! Our comparison can get even better if we ignore the errors and wavey crap that was introduced in the align section. The way we do this is with the Haar Wavelet Transform. Don’t mind the math, we are basically blurring the image:
The part we want is in the upper most left hand corner, the “blur”. It turns out that 3 iterations of the HWT gives the best results. By doing this we were able to decode our CAPTCHAs 75% of the time. In the end the major flaws take place in the linear regression and the align function. If we used Mathematica 7 instead of 6 we could have used its built in image processing functions to take the error out of our sloppy rounding.
But of course, the proof is in the code, I mean, the pudding. Here is our notebook:
Mathematica Notebook
To use this you need the Discrete Wavelets Package. Mathematica 7 comes with a function but this is written for 6.
Notebook for Mathematica Player
Not everyone has Mathematica, but their player is cross platform and free as in beer.
Our Powerpoint Presentation
Blarg… If someone can convert this to pdf I will change this.
Cody and I camped two nights at Rocky Bayou State Park!
Yea she doesn’t look very happy. Yes, we are camping on concrete….
Day 2. That’s better!
NEXT: Our previous vacation was a Cruise!
