Not your standard io.

Dual Booting ChomeOS on a Macbook Air

| Comments

I have been wanting to try out ChromeOS for quite a while. I worked on compiling my own version with some added hardware support a while back, but never really finished it. Lately the old Macbook Air has been having some issues with bogging down when running a lot of browser tabs. So, I started looking into ChromeOS again.

I saw that Hexxeh was able to get it running on the newer Macbook Air 3,1. I have the Macbook Air 1,1 with 1.6ghz Dual Core. His post mentioned that someone tried it on an earlier version of the Macbook Air but it failed to recognize the Wifi card because of the lack of support for the broadcom drivers. His post also mentioned that nVidia’s GPU drivers don’t work very well under EFI so you will have to install to the local disk.

Since then Hexxeh has rolled out ChromeOS Lime (Which is badass) it has added additional hardware support. One of the key features is the support for the broadcom wifi drivers (BCM43XX). I took a look at my Macbook Air and sure enough, it has a bcm43xx broadcom wifi card so I decided to try running Lime on it. To my surprise it worked, and worked well.

First I didn’t want a huge flash drive sticking out of the side of my Macbook Air so I ordered a tiny usb flash drive from Amazon. Can’t beat 10 bucks. http://www.amazon.com/SanDisk-Cruzer-Flash-Drive-SDCZ33-008G-B35/dp/B005XVC4VE/ref=sr_1_1?s=electronics&ie=UTF8&qid=1332528427&sr=1-1

Once that came in, I installed the latest version of Lime 3/22/2012 using the super easy chrome install tool. This took about 10 minutes.

I booted it up holding down the “option” key until I saw my disk choices to boot from. One thing I did was I checked if I was able to connect to the wifi from here.

Once I was connect to the AP, I then proceeded to boot off of the USB Drive. Like it said in his post it takes 20-25 to get to a login screen, which isn’t all that bad. Once you get the login screen you are good to start “Chroming?”.

I was pretty surprised on how much of the Mac key functionality worked. Even the camera worked. The only thing that I could find that didn’t work was the keyboard illumination, which is no big deal. Also, the touchpad has it’s quirks as well.

The thing that I found strange when using this was the lack of Flash support. After poking around some of the chrome forums it looks like they removed the chrome driver recently, which really sucked. So now you can only watch 1/3 of youtube videos. I hope we can get the Flash back in the Lime build. (libflashplayer.so) Also when watching HTML5 videos on youtube there are weird orange pixel interference which can be very distracting.

All in all, this is pretty rad and hopefully this post helps some other people breathe some new life into their old Macbook Airs.


keg.io Development Continues…

| Comments

Last weekend Chris, Dylan, Garret, and I had a mini hack-a-thon to try and bust out some more code. We were able to reliably get all the GET and PUT requests to the keg.io server in AWS working reliably. Dylan also was able to get a ton of routes done. This also included logging all of the REST api calls from the Arduino into the DB. I guess I should back up a bit and explain a bit of the architecture.

Originally we had an Arduino with a custom shield that talked to a server running node.js over a usb serial connection. As you can imagine this is probably not the best communication method, plus we need to have a computer running next to the Kegerator. Now with the help of sparkfun’s wifly shield we are now going send HTTP requests over wifi. Rad. This will eliminate the computer entirely and allow us to develop and host the server in AWS. Here is a list of all the GET routes we have for the Web UI:


  1. /hello - basic ping of the keg,io server

  2. /config/socketPort - Retrieving the port to use for websocket connections

  3. /kegerators/ACCESS_KEY/temperatures - Get temperatures for a kegerator

  4. /kegerators/ACCESS_KEY/users - Gets users of a kegerator based on recent pours

  5. /kegerators/ACCESS_KEY/pours - Get pours from a kegerator

  6. /kegerators/ACCESS_KEY/kegs - Get the list of kegs used in this kegerator

  7. /users - Get info about users

  8. /users/RFID - Get user info

  9. /users/RFID/coasters - Get users earned coasters

  10. /coasters - Get info about coasters

  11. /coasters/ID - Get info about coasters

There are also a set of API routes for the Ardunio code to interact with. These are routes designed for the Kegerator to interact with the server. They include things like, Authorize a User, Get the Keg temp, and record the flow of the beer. Since each Kegerator is unique, all the requests are signed with a secret key and hashed with SHA256-HMAC to verify it’s sender. The server then sends back a hashed response with the same key for the Arduino to validate and open the Kegerator. No, you can’t replay the hash.

There is more to come. Stay tuned.


Stripe.com CTF

| Comments

First of all, it’s really hard for me to turn down a challenge. So when a buddy of mine sent me a link to the stripe.com CTF / war game last thursday I was pretty intrigued. Can find it here: https://stripe.com/blog/capture-the-flag  It’s been a couple of years since I was able to complete a decent amount of the STS IO challenge (http://io.smashthestack.org:84/). I always seem to underestimate how addicting these things are.

After a couple of hours working on it I am now on level 4. It took me a bit to get back in the groove, having to re-learn all the gdb commands. I think the thing that is the biggest time waste for me on the first couple was not looking at the obvious. I spent a bit of time trying to jump in and look for a printf() implementation vuln or something, when all you really need to do is step back and look at the obvious. I don’t want to give anything away for those who want to join in on the addicting fun. I hope to be able to finish the rest of it this weekend. Taking a quick look at 4, I think we are looking at a buffer overflow. If you haven’t already, you should give it a try. But make sure you have a couple hours to burn.

keg.io V2 Development Begins…

| Comments

Well, It’s been a little while since I’ve worked on any projects that I could put up on unstdio.org. But the wait is over! I am officially starting a new project and it’s keg.io v2. When we built the hardware for keg.io last year it was a great achievement because I’d never done anything that would be used by so many people. (Everyone at the Vivaki Nerve Center Seattle Office) But we haven’t really been able to put the time in the project that it deserves. So now we are going to do two projects at once. We got a sweet older pop machine that we also want to “technoligify”, so this will kill two birds with one stone.

The first couple posts of this project will be all hardware based. There is a bunch of new things to figure out since we have new ideas in mind for this. First we want to ditch the lame computer that the Arduino is connected to and move it “To the Cloud”! So we’re going wireless with the connection using sparkfun’s wifly shield. I haven’t played with this yet but CRC (aka “checksum”) bought a bunch of new stuff and the wifly shield was in there. The other thing we are going to do with this project is actually get real (badass) PCB’s made. We definitely need some cool branding of our own.

So the first thing I’m going to do is get this shield soldered up and start writing some code. So stay tuned and there will be some updates in the next couple days.



| Comments

A few months ago (in March) a few guys from work and I thought it would be a great idea to get a kegerator for our office. It started out with brainstorming some pretty cool ideas. Being technology geeks we immediately decided that the kegerator needed and RFID reader to track who is drinking the keg. We did get some inspiration from the guys at yelp. (http://www.youtube.com/watch?v=BwVoir5HSo4)

After we decided on the auth method we then moved to the question “Should people be allowed to pour beer if they don’t have a card?” of course we came to an unanimous “No!” decision. So the next thing that was decided on was putting in a (closed by default) solenoid. Third, we had the issue of trying to figure out how much beer was poured and how much was left. The way we saw it there were two main ways to accomplish this. One being we could measure the weight of the keg / kegerator and calculate the difference after each pour. The other was to measure the flow going through the line during a pour. We decided on the latter. We then got a hall-effect flow sensor to measure flow. Lastly, We also wanted to know the temp of the beer / kegerator so we decided to get a temp sensor and put it in there as well.

Here is some coding in the kitchen. (Yeah, that’s a shot.)

After everyone decided all of the things that we wanted to see on this thing, we needed to put it all together. I decided the easiest and fastest way was creating an Arduino shield and using an Arduino Duemilanove. I worked on most of the hardware stuff and getting it all working. Two of the other guys(Dylan and Chris) decided to use Node.js to write the application, which turned out to be pretty nice besides a few serial library issues.

Here is a little description of the hardware:

“Starting from the top, the Arduino is powered by a usb cable plugged into the source computer it is running with. The Arduino has a custom made “shield” that allows the Arduino talk to the other components in the system. The shield was made out of a RadioShack pcb that was cut to fit into an arduino  shield. The shield has 3 io “ports” on it. The first is the 12v power source input. This is needed to run the 12v solenoid that allows flow access through the line. The second ports communicates with the UART based Parallax RFID Reader. This is a basic 125Khz RFID reader talking at 2400 baud. The third port allows communication with the temp sensor, solenoid, and flow rate sensor. I used Cat5 cable for the connection between these components and the Arduino shield.”

Here is a list of the hardware components:

Some Hardware pictures…



In the software side, as I mentioned earlier, we are using Node.js. Everything is open source and you can find it on github https://github.com/vnc/keg.io. Some cool features that we added to keg.io are twitter integration, and some gamification type badges we call “coasters”. A member of keg.io can earn these coasters by different drinking habits. One of the first badges a person will receive is the “Welcome Coaster” after drinking their first beer poured from the kegerator.

So…I’ll explain how everything works. We have come up with a very simple communication protocol for communication between the Arduino and the host computer over serial. When the Arduino is started it initially grabs the temperature of the temp sensor and sends this data to the host computer. It will continue to do this every 10 seconds (adjustable) to allow close to real time temperature of the kegerator. Now we have an RFID card reader that is waiting for input from the user. When a card is scanned it grabs the card ID and sends that to the host computer for validation. If the card is not registered in the database, the application will display a denied message. (Don’t you even think about drinking from our Keg!)  If the card is registered and the user is valid the host computer sends back a request to the Arduino to open the solenoid and allow the user to pour beer. At this time the web ui displays a welcome message and shows a picture and information about the user pouring beer. Once the user starts to pour the beer, the flow is measured by the flow sensor and the flow rate is sent every second to the host computer which tracks the rates and calculates the amount of beer poured for that session. After 3 seconds of no flow rate the solenoid is closed and the next user can proceed to scan and repeat the process. What would a cool application like this be without twitter integration? After a user finishes his/her pour keg.io tweets about it. Check it out here: http://twitter.com/#!/keg_io

Here’s what keg.io looks like (at time of writing):

Thanks to the people that have contributed to the project:

  • Dylan

  • Carl

  • Chris

  • Garrett


Toorcon: Seattle

| Comments

I meant to write about this last week but have been pretty busy with some other projects I have been working on. I have to say I had a great time at toorcon Seattle this year. Props to David for getting this event all put together.

There were definitely some good talks, which inspired me to do a bit more poking around. The first one I want to mention was the talk titled “Get Off of My Cloud: Cloud Credential Compromise and Exposure” This touched on amazon’s ec2 public AMI distribution and the security risks involved with using AMI’s not created by you. It brought up some interesting points and some issues that people may have overlooked. He mentioned that they have written some tools to “clean up” the AMI’s before sharing them out to the public. They didn’t release the scripts at the con and he mentioned that they weren’t publicly available yet so I went ahead an wrote some scripts (in bash) to look for the vulnerabilities when using an ami for the the first time, whether it a be a public ec2 AMI or an AMI that is put out by amazon.

The second talk that I found real interesting was the “We Are The Robots: Social Hacking With Bot Swarms” which talked about the connections made by users on twitter. They had a competition with bots on twitter to see what relationships bots can create between two other people and what information links them.

The last talk I that was interesting was “Highly concurrent Python for brute forcing and discovery”. I only have just started using python in some projects so this was a bit more advanced that I was used to but seriously great information. He talked about Python coroutines and epoll to build your own high performance brute forcing and discovery tools.

Make Windows Calls From Linux.

| Comments

I was recently taking a look a making remote calls from linux to a windows server. I found this nice little tool that makes this task pretty simple with winexe.  It’s basically like psexe but for linux. I was having problems getting version 0.80 working on some environments but v 0.90 seems to work on everything I have tried. (complied with a new version of glibc)  Here are the options.

winexe version 0.90This program may be freely redistributed under the terms of the GNU GPLUsage:

winexe [-?|--help] [--usage] [-d|--debuglevel DEBUGLEVEL]       [--debug-stderr] [-s|--configfile CONFIGFILE] [--option=name=value]        [-l|--log-basename LOGFILEBASE] [--leak-report] [--leak-report-full]        [-R|--name-resolve NAME-RESOLVE-ORDER]        [-O|--socket-options SOCKETOPTIONS] [-n|--netbiosname NETBIOSNAME]        [-W|--workgroup WORKGROUP] [--realm=REALM] [-i|--scope SCOPE]        [-m|--maxprotocol MAXPROTOCOL] [-U|--user [DOMAIN\]USERNAME[%PASSWORD]]        [-N|--no-pass] [--password=STRING] [-A|--authentication-file FILE]        [-S|--signing on|off|required] [-P|--machine-pass]        [--simple-bind-dn=STRING] [-k|--kerberos STRING]        [--use-security-mechanisms=STRING] [-V|--version] [--uninstall]        [--reinstall] [--system] [--runas=[DOMAIN\]USERNAME%PASSWORD]        [--interactive=0|1] [--ostype=0|1|2] //host command

Apparently it’s maintained by Stuart Henderson, but it looks somewhat dead? The site link doesn’t work. (returns blank page) http://eol.ovh.org/winexe/

Some ways to use it:

winexe -U DOMAIN/Username%Passwd // "ipconfig /all"

winexe -U DOMAIN/Username%Passwd //remote.com \
'cmd /C net stop SomeService && net start SomeService && echo AutoUpdates service restarted'

or get a shell,

winexe -U DOMAIN/Username%Passwd //remote.com 'cmd.exe'

or use it to configure synergy,

OUT='winexe -U MAIN/User%Pass --runas MAIN/UserB%Pass //your-other-comp "ipconfig"'
IP=`$OUT |  grep "IPv4" | awk {'print $14'}`
synergyc $IP

This site also has some more info on it: http://opensourceinfo.blogspot.com/2010/01/winexe.html

Making Remote Server Calls From PHP

| Comments

I was doing some php scripting today and needed to call a remote server to see if it was running a certain process. It seems like a valid enough request. I spent some time looking into php’s exec() and system() functions to find a way to call ssh to login and run the command. I kept running into the problem of the ssh session needing to be interactive. I started to look around for other options in php to ssh to remote machine and saw the SSH2 Manual. This was great but needed the ssh2 extension to be installed and in my case it wasn’t and I didn’t want to have to install additional software. I then found the phpseclib library which worked out great. It’s easy to use and worked right out of the box without any other software needed. Check it out: http://phpseclib.sourceforge.net/

You can read the documentation on the site or use this simple test script to get it working.

Php-cli Awesomeness

| Comments

I know, command line line php has been forever and it’s nothing new. I have been coding in php for over 5 years now but not until recently have I needed to use to use it for something more than web application development. In the past couple months I have been using the amazon AWS environment. There are a ton of tools built for AWS and a very good API but I have found some things that I have needed to do that arn’t made easy. One example is duplicating or copying an EC2 security group. Do to some infrastructure changes we wanted to duplicate an already existing security group with only minor changes. In our case the security group had a lot of custom firewall rules that would take too long to duplicate. So here is a script to copy EC2 groups:


echo "\n";

echo "#######################\n";

echo "Copy EC2 Security Group\n";

echo "#######################\n";

echo "\n";

echo "Enter security group you want to copy FROM: ";

$handle = fopen ("php://stdin","r");

$grp1 = fgets($handle);

$grp1 = trim($grp1);

echo "\n";

echo "Enter security group you want to copy TO: ";

$handle = fopen ("php://stdin","r");

$grp2 = fgets($handle);

$grp2 = trim($grp2);

echo "\n";

echo "You are going to copy settings from ".$grp1." to ".$grp2." Is this correct? (y/n):";

$handle = fopen ("php://stdin","r");

$response = fgets($handle);

$response = trim($response);

//echo $response;

if($response == 'y'){

echo "Getting settings from ".$grp1."...\n";

$cmd = "ec2-describe-group ".$grp1;

exec($cmd, $lines);

echo "Copying group settings...\n";

foreach($lines as $line){

//echo $line."\n";

$values = explode("\t",$line);

//foreach($values as $value){

//echo $value."\n";



if($values[4] == "icmp"){

$cmd = "ec2-authorize ".$grp2." -P icmp ".$values[5].":".$values[6]." -u ".$values[1]." -o ".$values[11];

//echo $cmd;


}elseif($values[4] == "tcp"){


$cmd = "ec2-authorize ".$grp2." -P tcp -p ".$values[5]." -u ".$values[1]." -o ".$values[11];

//echo $cmd."\n";



$cmd = "ec2-authorize ".$grp2." -P tcp -p ".$values[5]." -s ".$values[9];

//echo $cmd."\n";



}elseif($values[4] == "udp"){


$cmd = "ec2-authorize ".$grp2." -P udp -p ".$values[5]." -u ".$values[1]." -o ".$values[11];

//echo $cmd."\n";



$cmd = "ec2-authorize ".$grp2." -P udp -p ".$values[5]." -s ".$values[9];

//echo $cmd."\n";







echo "quit";