Not your standard io.

Shark Attack!

| Comments

First, I want to say that I am a big supporter of Grooveshark. I think it’s an awesome service and I have purchased merch from them. That being said, yesterday I started looking for a way to rip the songs from Grooveshark. It has been a while since I kept an up-to-date music collection.

The files that are streamed to your computer are temporarily stored on your local machine. This means that we can save the packets that are being sent to your computer as an actual audio file. First, we need to use a network protocol analyzer that will allow us to find the packets being sent the to the computer. This is where Wireshark comes in. We can start by downloading Wireshark and installing it. (not going to show you that here) Once we have it running, it should look like this: (May need to run as root)

Next we need to configure some settings. Since we know that we are accessing Grooveshark through a web page is a good bet that they are pushing these packets over http. We will limit the filter to only capture port 80 traffic since that’s all we really care about right now. Set this up in Capture -> Options. See below.

Now we can start the capture. Next go the the Grooveshark site and start playing a song. There will be a lot of packets showing up in your list. The main packet that you are looking for is one with a type of “audio/mpeg”. You can also make this easier if you use this filter: http.content_type == “audio/mpeg”

If you use the filter method then you should only see one packet show up. It should look something like this:

Right click on the packet and choose follow tcp stream. This should assemble all the related packets and bring up a summary asking you what you would like to do with the packets. On the right hand side there will be some options for how you would like to save your stream content. Choose “Raw” and click the “Save As” button. You can now save the file as whateveryouwant.mp3. You can now go to the folder that you saved it in and play the file in your favorite music player. (May need to chmod the file if was downloaded by root.)

Note: I found someone who has done the same thing when I was looking how to save the stream. So I can not take 100% credit for this.

Also: I looked into writing something to automate this process but there is already another project that is doing this. Check out http://groovedown.tasteless.us/

Apple TV With Compact Flash

| Comments

I have been pretty busy these past couple months. I got a new job working with the Amazon AWS environment which has kept me pretty busy. I tried this compact flash swap a month ago with poor results. I tried it again last weekend with a faster compact flash card which was a lot better.

First I ordered a 2.5” ide 44pin to compact flash adapter and a Transcend 4gb 133 CF card. The read and write speeds on this card are terrible. I would not recommend this card for this purpose. They were listed on ebay as:

  • CF Compact flash to 2.5” IDE 44 pin Adapter SSD ($8.99)

  • TRANSCEND 4 GB Compact Flash Card Type 133X NEW ($14.94)

I later bought a “PixelFlash 4gb 400x” card. Although this was a no-name brand (at least to me) it worked pretty well. The read and write speeds were decent and are similar to the internal HDD. I swapped it into the Apple TV and I’m running a the Beta4 of the Openelec OS

Compact Flash Apple TV (SSD)

| Comments

I have been recently been working closely with the guys from openelec. I have also been testing the builds on the apple tv and reporting bugs. I replaced the original 40gb apple drive with a spare 30gb dive I had laying around to install openelec on. If you are familiar with the 1st gen apple tv’s then you know about the heat they give off during normal use. Since I don’t store any media locally on the ATV, (stream from NAS) I have decided to try out a SSD setup.

I ordered a 44pin ide (2.5 hdd) to compact flash adapter along with a 4gb compact flash card. The adapter is nice because it has mounting holes in the same place as the 2.5in hdd. This will allow me to mount the the adapter in the same fashion as the original hard drive. I will post with some pictures and results on both heat and speed when I get it setup.

Openelec on ATV Progress

| Comments

The last couple days I have been messing around with installing OpenELEC on the Apple TV. I have posted a rough how-to here. This is still in early stages and there are some things that don’t work but I am pretty excited about the progress.

There should be some more development for the ATV platform sometime soon. I am going to possibly start working on a script to install OpenELEC to the internal HDD off of the patchstick. Hopefully I have time this weekend.

Here is a pic of OpenELEC running on the ATV. (Although you can’t really tell since its just XMBC)

Arduino LCD Over Ethernet (Cat5/6)

| Comments

I was looking at some pictures of the Makerbot the other day and thought it was cool how they used Ethernet cable for connecting some of the boards together. I was also trying to find something useful to do with these LCD’s I had lying around. Then I came up with the idea of driving the LCD over Ethernet cable.

First, I knew that the ST7565 LCD that I was using is a serial LCD, which means I only need 4 or 5 digital pins to drive the LCD. There are 9 total pins total on the LCD including the backlight. Since there is a backlight GND (LED cathode) and a GND to run the display, I really only 8 connections. This is the number of connections in an Ethernet cable.

The pinout for the LCD is:

  1. /CS - Chip Select
  2. /RST - Reset
  3. A0 - sometimes called RS
  4. SCLK - Serial clock
  5. SID - Serial Input Data
  6. VDD - 3.3V power
  7. GND - ground
  8. K - LED cathode
  9. A - LED anode

Making the shield.

I wanted everything to fit on an arduino shield and not sit on a breadboard. Looking back I should have just bought a prototype shield because it would have been way easier. Since I had a basic RadioShack PCB which is a bit smaller than the arduino but roughly the same size, I decided to use it for the shield. I would not suggest using this for arduino shields. The board is not wide enough. In order to make it fit I needed to bend the male pin headers 90 degrees and then 90 degrees the other way. There are some pictures below that show what I did.

After I had the pins in place, I needed to figure out what I was going to put on the shield. I wanted to be able to use this with arduino clones that may not have the 3.3v output available. I used a LM1117 voltage regulator to drop the voltage to 3.3v. I also needed a 4050 chip that would drop the voltage down from 5v to 3v on the digital pins. The LCD runs on 3.3v so the voltage needs to be dropped down from the arduino. There is also a 100ohm resistor for the backlight. Also wanted to be able to bypass and not use the Ethernet cable if I wanted to so I added some female headers to connect the LCD directly.

Arduino – 4050

D8 – Pin5 D9 – Pin7 D10 – Pin9 D11 – Pin11 D12 – Pin14

I then took the output pins from the 4050 and connected them to the female header. After hooking up the LCD everything was working.

Adding the Ethernet jacks.

Now that the shield was working I needed to add the Ethernet jacks to the board and the LCD. I picked some of these up from mouser. These have the pins tailed out of the back, which is what I needed to be able to solder to them. I ended up hot gluing the jack to the shield. There was really no other way to keep it on the board. After the jack was on, I solder all the connections to the Ethernet leads. This is not for the faint of heart. There were a few times I bridged the pins and it took forever to get them desoldered. I would not attempt this unless you have a nice small soldering tip.

I tested all the connections to make sure they were all good. After that I put a layer of hot glue down to keep them from moving and possibly bridging.

Here is the pins I used for connecting them to Ethernet. (568-B Cable)

Ethernet - LCD

Orange/White – SID Orange – SCLK Green/White – A0 Blue - /RST Blue/White - /CS Green – 3.3v Brown/White – GND Brown – Backlight

I picked these pins because of how I was able to place the Ethernet jack on the LCD. The /CS pin which was the 4 in from the right, when bent down, fit directly in the hole for the LCD. The rest followed suite when picking placement. This was also a PITA to solder and took some time. After getting those all soldered in and testing the connections, I hot glued the connections like I did on the shield. After plugging it in, everything worked.

Thanks to ladyada for providing awesome documentation on her projects.

PWN Your Coffee Shop

| Comments

I had meant to write about this a couple days ago but just have been pretty busy. At Toorcon 12 I mentioned that the last talk I saw was about session hijacking (sidejacking) and they (Eric Butler and Ian Gallagher) released a pretty nifty tool that makes it really easy to steal a users session while on the same wifi AP. I downloaded it when I was at the airport and was the 14th person to download it. After checking this morning it has 373,535 downloads. That’s amazing and kind of frightening since I know what this tool can do.

So the theory isn’t that new, it’s been a problem for quite a while. I actually remember talking about this at a coffee shop with a friend while still in college. When accessing most popular sites that require logins you receive a HTTP session cookie from the server once you authenticate. The vulnerability is not about getting a users password and user name, because most times those are done using SSL and you aren’t able to sniff that data. The vulnerability comes into play when you move from a https page to a http page. (ie login page to regular non-encrypted page) When you log into a page and successfully authenticate, you are issued (or start) a session id(cookie) by the server. That id is used by the site to recognize you as the user you logged in as. It displays certain preferences and adds functionality when you are logged in to that site. If you can somehow steal that id(cookie) lets say over wifi or something, since everything is broadcast to everyone on that access point, you would then become that person to the website. So for example, if I was sniffing wireless traffic and was able to obtain someone’s facebook session and used that session id to go back to facebook, I would then see their account and would be logged in as that user.

So if that’s not a new vulnerability then why has it been so popular in the last few days?

Firesheep. It’s a program that makes it super easy to do what I just described above automatically. No programming, or learning how to use packet tools, or loading cookies into your browser. I literally installed this firefox extension in less than 5 minutes. (Including DL time) The hardest part was trying to find out how to display the side bar.

So, like, how do I use this tool?

First, lets start with downloading the firefox extension. I’m using OS X but I’m pretty sure you can use Windows too but you have to install winpcap. You can download it here. Once you have it you can either open it with firefox or click on it and choose firefox as the application. Note: I had an older version of FF and I had to update my version before being able to install the extension. Once it’s installed, you can choose Tools -> Add-ons then find the Extensions tab. You should now see Firesheep 0.1 installed. Click preferences and check the Capture option to make sure that it’s pointed to your wireless device. (en0 for me) Websites is where you add new websites to the list of sites that you know how the session cookie is stored. Advanced is what type of traffic you would like to filer, default is TCP traffic on port 80. Once everything is setup you can then enable it by going to View -> Sidebar and then choosing Firesheep. You will then get a sidebar on the left hand side with a button that says start capturing. Once you start capturing people’s data and hijacking their sessions you are probably breaking one law or another depending on where you are. What you do at this point is up to you.

Can I protect against this?

Kinda. You can do a few things like VPN, tunnel http over ssh to a location that you know is legit, use ssl on the site if they have/allow it, or don’t access any of those sites while on public wifi. Those will definitely work but are not really convenient. I think the point of this tool was to make it so widespread for anyone to run this type of attack that it would force sites to use ssl for everything. So go complain to vulnerable sites that they need to improve their security.

Back From Toorcon12

| Comments

I’m finally back from Toorcon after some flight delays. I had a good time. Met some cool people and saw some good talks. One worth mentioning was Dan Kaminsky’s talk on DNSSEC. He brought up some good points on how DNSSEC could be the “answer” we have been searching for, for secure email. (and other things) Another awesome talk was about Session Hijacking. Although this isn’t a new topic, Eric Butler and Ian Gallagher did release a pretty badass tool called firesheep, which I will be talking about in my next post.

The Badge

Before Toorcon I was under the impression that the badge would be an electronic badge by the guys who made the Defcon Ninja Badge this year. (cstone and woz) After emailing them a couple days before, I was informed that due to some time constraints it wasn’t going to happen. They might possibly use it for another con in the future.

The actual badge was some laser cut acrylic (possibly from metrix?) in different colors for various types of attendees. They were shaped in the Toorcon gear logo.

They announced they would have a badge hacking contest and provided some parts to solder up cool stuff to the badge. I apparently didn’t get the memo they would be providing free (as in beer) stuff to do some hardware hacking on the badge. So I took a trip on the bus to the closest radio shack and bought some LEDs and stuff.

I really wanted to find/buy an ATmega (168 or 328) to put on the badge but I couldn’t get a hold of one. By that time I had already put in the LEDs, 9v bat, and LM7805 voltage reg. So I looked around the table and found an NE555 timer chip. My theory was to blink the LEDs on off in a sequence. After spending a ton of time trying to wire the thing up with the proper resistors and capacitor I ended up giving up and just wiring them up. Either the chip was bad or I messed up on the resistors/capacitor and the timing was just really fast so it looked like it was constantly on. Here are a few pics:

I had to leave a bit early to catch a flight home, so I didn’t get to a few talks I would have liked to see. (woz’s “Hardware will cut you.” And Joel’s “LANrev’s Multiple Vulnerabilities Come to Light”)

Oh, I did meet someone from “Square” which makes software (and a small device) for doing credit card transaction on your iPhone or iPad. He ended up giving me one.

I might trying playing with this a little bit when I have some spare time.

Spoof Your Mac on Your Mac.

| Comments

I’m on my way to San Diego for Toorcon 12 and I have a lay over in San Fran. As I jump onto the free wifi (provided by t-mobile) I’m greeted by a nice page with a ”Check here to indicate you have read and agree to the Service Terms and Conditions.” and a limit on the free wifi time you get, ”San Francisco International Airport is pleased to provide our airport visitors with 45 minutes of complimentary Wi-Fi access.” only 45 min? That’s kind of a bummer. I’m guessing it’s based on the MAC address of the device. Let’s see if we can get a little bit more time out of the free wifi.

I’m running 10.6 so this this might change for other versions. First we need to find our current mac address.

ifconfig en0 | grep ether

This finds the current address of your network card. You might need to change to en1 or whatever for your specific setup. If you want to save your original mac address run:

ifconfig en0 | grep ether > mac.orig

This stores your original mac in a file call mac.orig. Next you need to disassociate your wlan card with any networks you are associated. run this as root or add sudo to the beginning of the command.

/Versions/Current/Resources/airport -z

Now lets change your mac to whatever you want. You might just want to change the last two characters of you mac to make it easier. run (as root):

ifconfig en0 ether 00:1f:5b:d7:f4:a3

You can run that or you can modify that if you want. Now do another ifconfig en0 to make sure your mac is changed and rejoin the the wifi network.

You will need to accept the terms of service, but you will be online for another 45 min. Rinse, Repeat, and Ruse.

Apple TV and openelec.tv

| Comments

I mentioned in my last post about trying to find and ultra cheap streaming media box. I did some research and found that most of the devices that I looked at (that would be good for this type of application) were a bit too expensive for my taste. I like cheap solid solutions.

I have been running XBMC on Apple TV for a couple of years now and really like it. However, recently it’s become a bit slow and sluggish when keeping up to date with the newest versions and releases. I planned on putting together a custom distro so that it didn’t have the bloatware of the ATV OS running underneath the XBMC since I never use it. I came up with an analogy to explain the dilemma to my GF.

Imagine you have a t-shirt (XBMC) and you like to wear that t-shirt all the time. But in order to wear you t-shirt you have to first put on a sweat shirt (ATV OS). So every time you just want to wear the t-shirt you need a sweat shirt on under it, vs just being able to put the t-shirt on directly.

After doing some searching on a lightweight distro, I found that there was already a project with the same goals, Openelec.tv. Open Embedded Linux Entertainment Center is a distro that is aimed at using a minimal linux install to boot directly into XBMC. They have options for installing it to a flash USB drive, compact flash, or directly to your HDD. It also has an ssh server (from what I read) to enable remote access and configuration.

Apparently the current generic imaged worked right out of the box with the ATV (minus some IR and wlan/lan drivers) using the atv-bootloader. They are now going to release an image for the ATV with all the drivers included. The release was scheduled for (10/15) but was pushed back to possibly today (10/22). It has not been released yet on their site but I suspect it will be up there soon. (within the next few days) According to some of the people beta testing it, it boots really fast. They also mentioned that it works really well and is also expected to include for support for CrystalHD. For anyone who doesn’t know, CrystalHD is a card that is installed in the ATV (replaces the WLAN card) to provide HD support for the Apple TV. You can find more info here. I like and use the wireless N all the time, and most of my content isn’t HD so I won’t be using that option on my setup.

I will be doing a writeup of installing and configuring this new distro when it’s released for the ATV. I may also buy a few more ATVs to install and sell them for people who want the application but don’t want to go through the work of setting it up.

Now, on my way to toorcon…

Toorcon 12, PHP, and Blah

| Comments

I will be going to Toorcon 12 tomorrow. I have never been to a San Diego or Toorcon, so this will be a first. It looks to be a pretty good line up of talks this year. In order to get back on Sunday I have to leave a bit early so I won’t be able to catch all the talks on Sunday.

I was also asked this week to write a few PHP functions. And while I didn’t do so hot on the spot, I did find a good way to accomplish the task. The question was: write a function to return true or false (or print) if two elements in a given array SUM to be 100. The first function is really slow, but more of an answer if all else fails type of approach.

$RandomArray = Array(74,122,103,125,80,29,127,123,35,33,142,91,
$RequestedNum = 100;

function Search1($RandomArray, $RNum){
 while($count < count($RandomArray)){
  $count = 0;
  foreach($RandomArray as $Num){
   if($RandomArray[$count]+$Num == $RNum){
    echo $RandomArray[$count] . " + " . $Num . " = " . $RNum . " : True";
    break 2;
 if(count > count($RandomArray)){
  echo "No match found :  False";

The second one is a bit quicker and uses the built in function in_array();

function Search2($RandomArray, $RNum){
 $SortedArray = $RandomArray;
 foreach($SortedArray as $SA){
  $findNum = $RNum - $SA;
  $Success = in_array($findNum, $SortedArray);
  if($Success == True){
   echo $SA .  " + " . $findNum . " = " . $RNum . " : True";
 if($Success == False){
  echo "No match found :  False";

I’ve been playing around with the idea of an ultra cheap (sub $100) HTPC with XBMC running on it. Most boxes that would be suited for this are > $100. I’m looking around at some devices that might be able to run as a cheap media streaming box for those extra TVs you might have sitting around in your room/basement. Most of my focus has been towards Nettops and Thin Clients. I also found a cool project of someone in England porting it to a beagleboard.

This makes me want to get one and continue or contribute to his work.