How much would you pay for such a neat little device? $100? $120? What if I told you that this device is ~$35. What a deal. Lose your P4 electricity guzzler and stick this on your shelf with some harddrives plugged into it.

Now the next question, what Linux distro should we use, and how does one go about installing it? After all, there is no keyboard ports, no display, no cdrom drive. No problem.

To hack this thing, all you need to do is connect to its internal serial port. Here are some instructions to hook up a serial port to the Seagate Dockstar.

Now, there are lots of distros, not too many that support the ARM processor. The stock OS is indeed Ubuntu 9.04, however my OS of choice for this hardware is OpenWRT. Openwrt is a very light, simple, linux distro, designed for embedded systems and routers.  If you wish to follow my steps, here are some instructions on installing Openwrt on a Dockstar. I plan to buy a bunch of these and build some sort of super cheap SAN. I’ll let you know where it goes. The possibilities are only bounded by your imagination. (And I guess maybe the hardware)

Things you can do with a PXE server

Sound like something that you could benefit from? Setting up your own PXE boot environment is easy and Fun! Check out my presentation and then later my wiki page for notes, commands, and configuration snippets to get your own setup going.

Well I don’t know if your friends will stop calling your or not, but I was curious about what the graph would actually look like. The graph in the comic looks like it was created with Graphviz, one of my favorite programs!

So I wrote a quick bash script to generate the approrpiate links for graphviz to interpret:

#!/bin/bash
echo "digraph \"xkcd\" {"
for NUMBER in `seq 1 100`
do
 if [ $[$NUMBER % 2] -eq 0 ]; then #We are even
 let OUTPUT=$NUMBER/2
 else  #Odd
 let OUTPUT=$NUMBER*3+1
 fi
 echo "$NUMBER -> $OUTPUT"
done
echo "}"

So what does it really look like? Here:

There are lots of straggling links. This is of course only because I went to 100. Why not 1000? It is a little big… click Here.

Turns out with even more numbers we end up with even more isolated links, no big super chain.

If you would like to run this code for yourself, first make sure you have the graphviz package installed in your linux system. Then copy that code above into a script, say called xkcd.sh. Then run like so:

./xkcd.sh | neato -Tpng | display

Adjust as necessary.

This is a bot I wrote to play Aftershock games for me. Aftershock produces these 5 games that are all basically the same, but with different themes:

Engines of War – 138071613
Undead Live – 175496321
Mark of Mafia – 833613775
Gunshock Racing – 124286853
Dragon Masters – 304299067

If you play any of these games, feel free to ally with me If aftershock bans me, no big deal

These are the types of games that make you log in often to check your status, and use your energy (otherwise it is wasted). The thing is, most of the decisions and things I do in these games are just to preocupy your time, I could write a program to do the simple things for me. So I did! Now only if I could run it periodically from a cronjob. You see, they require you to type in a CAPTCHA every time you log into the web interface, so for my program to work I have to manually log in first. But wait, the ipod app doesn’t require a captcha… if only I could run the app from the ipod, steal it’s auth cookie, then run my program it could be compeltely automated! Well the best way I could find to do this was to use the T-Plan vnc robot to do the required key presses, then let ssh and bash do the rest.

I also looked into using the Erica Utilities to start the game without the complexity of vnc, but I found they didn’t work on my platform with the 3.0 firmware. So now I can just sit back and let my robot level me up forever!

Here are some more technical details on the script itself if you are interested. Anyone who plays these games would find these features very desireable:

• Recovers from raids
• Repairs your buildings
• Accepts all incoming ally invitations
• Automatically uses all your fighting power to get at least 2exp for every fight, and choosing opponents that you can win against. (It automatically heals you if you need it)
• Redeems combo/key/spell codes from a large number of websites to gain a huge amount of free, non-upkeep items. (And it posts your code everywhere when you have a new one)
• Sends ally invitations to a huge list of available codes from a large number of code sharing sites to build up your command.
• Goes through internal game pages to scrape profiles for ally codes to send more invites to.
• Quits automatically when you reach the 50 invite 24 hour limit or if your cookie expires.
• Deposits money in the bank

Of course you can change the order or the functions, and they are all optional. All the code is here. The code is just bash, using grep, sed, awk, html2text, cat, etc. You will want to edit the variables to meet your needs before you use it of course. You can check out the code with svn:

svn co http://dev.xkyle.com/aftershock

Explaination of commands:

aftershock.sh – Main script, takes the argument 1-5 for the particular game you are playing. Needs the -i argument if you need the cookie from the ipod instead of firefox
go-ipod.sh – Runs each game consecutivly by vnc’ing to the ipod, running the game, getting the cookie, then running the appropriate aftershock.sh instance
spawnall.sh – Runs an exterm for each aftershock game. Useful if you have logged into each game through firefox, and need the robot to just do everything

I will try to support people who genuily who want to run this program. It is GPL. Email kyle@xkyle.com if you need help.

I finilized the code, installed the clock in my church, and programmed it for there needs. The code is stored here if someone want to see it. If you want to check it out run:

svn co http://dev.xkyle.com/clock

I have a little more technical info on my wiki, but it basically goes like this:

So using this and Openvpn, I can control the clock through the serial interface anywhere in the world, even Colorado! And of course the best part of it all, the church staff can also control it by sending an @reply using twitter!

It has this crappy DRM that only lets me view the pdf on one computer using only “Adobe Digital Editions”.

If that wasn’t so bad, only a small subset of the text is OCR’d, so most of it isn’t even searchable!

Now I’m pissed, but wait, what do you say? These files are just RSA encrypted, and I have the key?

Some cool guy named i♥cabbages has released code do extract your key, and then decrypt the file to a good ol’ plain pdf. If you want to reproduce my steps you will need to use the PDF decrypter unless you have epubs.

So I use the tool and get a pdf, now I can use one of the most awesome tools in the world: Imagemagick.

Imagemagick can whip this pdf into shape. The first thing I’m going to do is convert each page into a tiff:

$ convert -density 200 input.pdf[1-124] -depth 8 -monochrome %05d.tif

Then I’m going to run tesseract-ocr on them to get the text:

$ for i in $(seq –format=%005.f 1 324)
do
tesseract $i.tif tesseract-$i -l eng
done

Now all I have to do is cat all the text together:

cat *.txt > output.txt

Now I have a fully searchable, plain text file. Exactly what I wanted in the first place!

For the REAL magic, I use agrep to search for strings similar to provided example test questions to help “highlight” the answers. More technical details on that magic on my wiki.

The act of cracking encryption is not illegal just like picking a lock is not illegal. It is the unauthorized access of that network which is illegal, just like breaking and entering is illegal.

So. To sum it up, there are two types of encryption. There is the weak kind (wep) and the strong kind (wpa). WEP can be broken in about 5-10 minutes. WPA can be broken in about 24 hours (as long as their password is in your password try-out list).

The actual process or hacking into a network like this requires a suite of tools called the aircrack-ng suite. You can read their tutorials and such, and I highly recommend you do if you want to get into this sort of thing. It’s a lot of FUN! Be prepared to learn linux while you are at it….

But, once you understand what you are doing, you will appreciate the tool I have written. It automates the process of getting the keys. I wrote it as a type of “set-it-and-forget-it” tool that I could just leave running. It isn’t too clean, but if you can read bash scripting you can figure it out.

Here is a screen shot of my tool cracking wep

Remember! Don’t try to just run this tool without understanding what it does and how to read it. If you haven’t breaking a wep key manually you don’t want to run this. It does WEP and WPA cracking (saving the handshake for later). Good luck! I will provide minimal support via comments on this post. Don’t forget to have your radio in monitor mode first, and if you are  going to do wpa you need the mdk3 tool.

Here is the download link to Kyle’s Wireless Cracking Tool.

Here is a link to a more updated versio of my Cracking Tool.

It’s Ubuntu 8.10, no big surprise there. I’m using the “Dusk” theme with the proposed background for the next Ubuntu. I really like it.

A couple of years ago, a large list of phished Myspace accounts was leaked on the internet.
I stumpled upon them and ran a very simple analysis. Check it out:

root@a:/# cat myspace.hackedlist | cut -f 2 -d : | sort | uniq -c | sort -n | tail -n 20
14 qwerty1
15 123456a
15 babygirl1
15 blink182
16 123456
16 123abc
16 iloveyou2
17 football1
17 nicole1
18 number1
19 password
23 myspace1
24 fuckyou1
28 iloveyou1
28 monkey1
29 fuckyou
54 abc123
74 password1

The file was in the form of “Username:password”, so the first part of that command “cuts” the second column, with the colon as the delimiter. Then it is piped through sort, which sorts the list alphabetcially, then the uniq -c command, which counts the number of times that a word shows up, then I sort it again to get the most freqent passwords, and tail the last 20 lines.

It is interesting to see that a lot of these passwords just tack “1″ on to them. And of course blink182 was all the rage back then aparently…

Take a look at some wireless keys that I’ve collected from some Verizon FiOS installs around Tampa:

00-18-01-EA-3D-99,E3X12,6,WEP,1801349FCA
00-18-01-F0-6D-C4,NAMX2,1,WEP,18014B311F
00-18-01-F0-95-78,MWXV2,11,WEP,180149FF66
00-18-01-FD-4F-0E,R0LC7,1,WEP,1801BC5C6B
00-18-01-FE-15-46,JE2K7,1,WEP,1801C1B02B
00-18-01-FF-DF-DD,HH150,1,WEP,1F900396C5
00-1F-90-E0-B1-F8,3RA18,6,WEP,1801CDF4AF
00-1F-90-E0-B5-AC,OQ838,6,WEP,1801CF5700
00-1F-90-E2-7E-61,7WY20,6,WEP,1F90021D27
00-1F-90-E3-1E-90,C7WA0,6,WEP,1F9007C188
00-1F-90-E3-2E-07,DJP80,6,WEP,1F90063349
00-1F-90-E6-A7-D5,BJ2Z0,11,WEP,1F9018F797
00-1F-90-E6-D4-E3,RSHZ0,4,WEP,1F901944DB

What you are looking at here is MAC, SSID, Channel, Encryption, Key.

Notice that they are all WEP, 64bit, with 5 Alpha numeric SSID’s.

I want to emphasize that these are the defaults, and only geeks, nerds and the like change the defaults.

Here is a typical type of router (actiontec) that does this:

Take a real close look at two of the examples:

00-18-01-FE-15-46,JE2K7,1,WEP,1801C1B02B
00-1F-90-E2-7E-61,7WY20,6,WEP,1F90021D27

Notice the relationship the MAC and the key have. Let me split up the bytes for you:

00:18:01:FE:15:46   -  18:01:C1:B0:2B

Verizon, or Actiontec, or someone is setting the first byte of the 40bit key to the second byte of the MAC of the unit. And then they are setting the second byte of the key to the third byte of the MAC!

You can look on the list, and this is mostly the case, there is some overlap on the OIDs. (sometimess it is 1801, sometimes 1f90) Why is this useful? Well if you know it is a FiOS install, you have already decreased your “64bit” key to a real “40bit” key, and you already know 16 bits of it, so you only have to crack 24 bits. This is insane. This is like guessing 3 letters.

The way to use this is with the Aircrack-ng program. Capture some packets, and use the -d option to tell it what the key starts with.

aircrack-ng -d 1801 stupid-fios.cap

You will get the key in No time! Silly Verizon, you didn’t think we would notice you weren’t using constructed (not random) keys?

Have FiOS yourself? Want to share your MAC and default key in the comments?