Sprint 15 R&R

Today is the first R&R I'm doing as part of ISR G! Over the last few weeks, I have been working on using the SPECTRE proof-of-concept code that I found on GitHub to access specific memory. Right now, I can write a "secret" message to memory, but I am unsure of how to access sensitive data such as passwords - part of what I will do next week is search up documentation on where such things are located in storage. I have also downloaded Samy Kamkar's SkyJack program, in hopes of finding an application for Kali and Aircrack-ng programs by using a Raspberry Pi to detect and misdirect drones by harmlessly disconnecting them from their operators. This project needs more research, but I have ordered componentry from Adafruit including a microphone for drone detection.

0 comments

Daily Weblog 1/15/18

Today, I spent most of the period fixing the 3D printer, which was severely over-extruding and "stringing", producing long strands of extra plastic rather than printing normally. The problem turned out to be a combination of build plate adhesion (I had forgotten to place glue on the build plate) and a too-low print speed, which can be adjusted in Cura. I ended up downloading Cura onto my own laptop, where it runs smoothly - Cura runs extremely slowly on the computer that is set up on for the printer - I cannot stress enough that the entire system will be much easier to use with a different computer at the printer! We might even be able to use the live print monitoring functions of Cura, which currently do not work because of the extreme slowness.

0 comments

Weekly Weblog 1/13/18

This week, I worked on creating the muon detector parts list and doing some preliminary research for this semester's cybersecurity project, which I would like to focus on more targeted attacks than the general web attacks that I researched last year. I also learned more about CAD in Blender for my side project, a small-scale walking robot I am designing to help Jackie Payne and Hayley Emmons with their own ISR.

0 comments

Daily Weblog 1/11/18

Today was time for a side project! During G period, I decided to help Jackie Payne and Hayley Emmons with their walking robot, and I thought it might be helpful to actually get the 3D printed robot that Janelle fabricated last year to work. However, it was not quite that simple, as the pieces were improperly designed, and lacked a space for one of the motor flanges. Rather than designing an entirely new set of components and wasting those pieces, I decided I would just modify them by hand - the best way I discovered for this was to use a soldering iron to melt the PLA thermoplastic into the shape I wanted, which worked quite well! Luckily, I also discovered that PLA does not create toxic gases when melted/burned, as an organic-based plastic - its only inhaled danger is the possibility of micro-particles, so I melted the components with the door open behind me and using Mr. Halstead's portable fume hood.

0 comments

Daily Weblog 1/10/18

Today, I put together an updated parts list for the muon detector, complete with an index of ordered parts and the prices for each (irritatingly, significantly higher than $100 per unit). I also researched the physics behind the mechanism, where to get custom PCBs, and talked to the Keck astronomers about acquiring a scintillator (sadly the optics catalog I was given did not include a scintillator).

1 comment

Daily Weblog 1/9/18

First class of the new year! This semester, I want to research more targeted attacks, such as malware (I may write proof-of-concept viruses). I found several resources for this:
I may also need to learn C or C++ for low-level attacks. Looking forward to 2018!

0 comments

Daily Weblog 12/7/17

Today was only 45 minutes long. I wrote most of my white paper and planned my video for tomorrow.

0 comments

Daily Weblog 12/6/17

Placeholder! I'm doing computer voodoo on my Kali partition (this is the first weblog from Kali) and will update later!


UPDATE: Compiled libraries for Krack and created wpa-supplicant config file. Too sleepy to finish testing tonight. Also performed black resurrection magic on OSX, which deleted the entire Chinese language while I wasn't looking.

0 comments

Daily Weblog 12/4/17

Today, I fixed rEFInd for my MacBook with High Sierra. The new and more secure AFPS file system also updated the Mac bootloader in such a way that rEFInd no longer functioned; I had to reinstall it, then manually configure the program and "bless" the ESP mounting point. Now, my computer always boots with rEFInd, so I can switch to Kali and back with every restart. I also installed the dependencies of the Krack attack; I'll do more at home or tomorrow (not an ISR day) to get some data before the quarter ends.

0 comments

Weekly Weblog 12/2/17

This week, the Meta headsets coming in was the main event. We set one up (and it will be trivial to set the other one up, when the laptop that Dr. Bill ordered arrives), and next week I will configure Unity to work with the AR goggles. Using tutorials from https://devcenter.metavision.com/develop, we can learn to create AR apps that are more immersive than was ever possible with the Oculus or other technology.

0 comments

Daily Weblog 12/1/17

Today, I did more work with the Meta system. I now know how to use the hand controls effectively, which will be very useful when developing apps for it! I was not able to access Unity, though, as apparently when the computer is in use for running the Meta headset, changing the application also disrupts the Meta display. I downloaded Krack onto my Kali partition instead, and I am installing the dependencies.

0 comments

Daily Weblog 11/30/17

Today, the Meta headsets came in! Zoe and I set one up on the Hydra. In the current state, the demo works, with access to hand controls (although we're still figuring out how exactly to get those to function as we'd like). A user can currently access a "bookshelf" full of apps and objects, and move them around in three dimensions. In Unity, the SDK did not come with a namespace, so all of the script references are broken; I'll need to fix that somehow. Something important to note, however: there are only 2 connected HDMI ports on the Hydra, as far as I remember, which means that the Oculus and Meta cannot be plugged in at the same time at this moment.





0 comments

Daily Weblog 11/28/17

Today, I fixed my Kali Linux partition so that I can run the Krack attacks. I also read about an honestly ridiculous hack of MacOS High Sierra - apparently it is possible, somehow, to log in as root from the lock screen without a password if the root password has not been set by hitting the "Enter" key several times quickly. I verified this on my own laptop this evening. It's kind of astounding that an issue of that magnitude made it past any sort of screening that was supposedly done before release. This is why we need security professionals who know what they're doing! (As an aside, it's also why security researchers who do know what they are doing WAIT until the manufacturer has been given a chance to come out with a patch before announcing it, which the hacker who first found this bug did not do, just adding to the absurdity of the situation).

0 comments

Weekly Weblog 11/25/17

This week was a short week, although we had two class periods of ISR. I taught Brianna about IPNetMonitorX, and I also downloaded the Krack scripts from GitHub at https://github.com/vanhoefm/krackattacks-scripts. I'll try those next week (if there are any machines that have not been updated yet). I hope to pass on my hacker skills to the next generation of nerds at the Elab!

0 comments

Daily Weblog 11/21/17

Today, I oversaw the Debian 9 installation on the hacked Aries server. I also helped teach Bri about the process, and about some basic sysadmin functions, including DNS servers. I think I'm going to put together a guide on IPNetMonitorX for her, to try and share some of my knowledge of hacking (and maybe Kali, too).

0 comments

Daily Weblog 11/20/17

Today, I took apart one of the MacBook chargers of the same type as the one that caught fire. This one was not defective, but they are all being replaced, and with a normal model as a control, it will be easier to determine what exactly caused the problem that led to an electrical fire in the other charger (which Brianna dismantled with my help).

Once we are finished using this for research, I'm going to further dismantle it for parts, especially the AC/DC converter piece and the fun-looking giant capacitors. Maybe I'll need some sort of Franken-charger in the future!



0 comments

Weekly Weblog 11/18/17

This week we had only 2 classes. I did not have time to do any work on my actual project; the only thing that ended up happening was setup in the Space Classroom.

0 comments

Daily Weblog 11/17/17

Today, Dr. Bill talked about HI-SEAS and other developments, including that he is buying a ninth drone, all class. I did not have time to do any project work.

0 comments

Supplemental Weblog 11/16/17

http://osxdaily.com/2012/05/03/mac-security-camera-watch-live-video-remotely-from-ipad-iphone/ details how the PrinterCam will be set up to monitor the Ultimaker (and maybe the laser cutter too) via FaceTime.

0 comments

Daily Weblog 11/14/17

Today, I put up posters in the conference room, now the Space Classroom. I also started updating the firmware on the laser cutters; since there are no Windows 10 machines in the Energy Lab with disk drives, that was somewhat difficult.

0 comments