2. xqdr: A Flying Robot That Does Things

   
   

   I’m building a flying robot.

   More specifically, a friend and I are building an electric quadrocopter which flies autonomously by using the accelerometer, gyroscope, and GPS on a smart phone to tell some artificial intelligence algorithms where the robot is and how to go where it wants to go. The robot will also be trained in image recognition, so that it can autonomously follow certain things, like riot cops at a protest, and upload a live video feed to the interwebs. That last bit is something I’m not really sure about yet, because I’m used to working with linguistic neural networks, and intelligent routing algorithms are something I’ve only just wet my toes in. But I think I can manage it, and it’s going to be super useful because the image recognition software could be used to find all kinds of things, like lost hikers, or injured people in trapped in rubble.

   I’m going to open-source everything I write for this except the image recognition stuff. I don’t want to hand the world’s governments a better way to monitor protesters. And the former already have a head start on using technology like this to hurt people.

   So far the set up for programming is an android phone, purchased bricked, then unbricked because doing it that way isn’t very hard and it immediately saves nearly two hundred dollars. It needs to be one of the phones from this list, because those have gyroscopes. However, some of those may not allow USB to serial communication, which is also necessary. I’m just going to start trying phones and when I find a model which works I’ll report back. The phone will also need to have Android Scripting Environment with Python For Android installed, and support USB host mode.

   Next, the ML and the flight control programs on the phone will need to pass arguments to the arduino through serial communications. Here’s a little python program to do that, and it’s ultra-beta at this point, so don’t freak out on me if it doesn’t work yet.

   Then, that phone is directly wired to the Arduino. The phone will also use Amarino, which is an API for communications between Arduino and Android. I think. Amarino uses bluetooth, and I’m not okay with a flying robot having anything bluetooth enabled on it due to the potential security vulnerabilities of using bluetooth exploits to gain control of the robot. So there’s the possibilty that I’ll have to modify Amarino.

   Here’s a parts list for the robot. And here’s my notes thus far. Code will be up shortly.

   Here’s some pictures to entertain you while you wait!

   

   

   

   

   

   

   

   Also, I’d like to add that, though I have recently been accused by several people of getting into hardware hacking, this is not the case. Sure, this is fun. Alright, I’m learning things, and I like soldering (mainly …

   read more

3. MC Hawking!

   
   

   
   

   I love Noisebridge to pisces. For those of you who haven’t been there yet, Noisebridge is (one of) the Bay Area’s hackerspaces. And it’s one of two places in the world where I feel at home, the other being Mt. Hood National Forest.

   I attended, and briefly spoke at, Hackmeet 2011 this past weekend, and I was incredibly fortunate to meet about a dozen amazing new people. Two of whom, Jake and Lilia, have worked to create my new best friend, MC Hawking a.k.a NoiseBot.

   

   MC Hawking is a robot who lives on a wheelchair. He’s got text-to-speech, remote controls, a bow tie, a bold warning which reads

   WARNING: NOT THREE LAWS COMPLIANT

   and a missile launcher. Although he’s also got an X-Box Kinect, several sensors, and several cameras hooked up to him, he can’t yet seem to abstain from violently mowing down any objects or humans within his path.

   Jake did all the hardware, and Lilia has done most of the programming work so far.

   My goals are to write an intelligent routing agent for MC Hawking, so that any location can be defined as a goal, and an A* heuristic will automatically route the robot to the location, avoiding objects and humans in the way using the 3D-vision from the Kinect. I would also like to find a way to connect the DISCERN neural network I’ve been raising, Puppetmaster, to MC Hawking, which would give my little A.I. child a real robot body. So far, DISCERN would only work to think of neat things to say to people through MC Hawking’s text-to-speech, but it would be extra neat to find some way to teach Puppetmaster about the world so that it could autonomously decide where to go and what to do physically as well as intellectually.

   Here’s a video of me remote controlling MC Hawking through SSH:

   MC Hawking — Remote Control through SSH

   And here’s MC Hawking following me around as I videotape him, using facial recognition:

   MC Hawking — Following a human face

   read more

4. Cartographic and Cryptographic

   
   

   Sometimes I nerd out on tattoo ideas.

   I really want some sort of tattoo that’s geeky, scientific/mathematical, and also goes with my body shape. Like the equation for Gaussian Curvature, tattooed along the curve from my waist to my hip:

   

   I also want the geodesic equation and Einstein’s field equation tattooed onto my wrists as anti-suicide tattoos. To remind me that I still have things to fix before trying the old piano-wire-and-superglue trick. The Einstein field equation is usually expressed as .

   
   

   
   

   While the geodesic equation is usually written as .

   
   

   
   

   

   
   

   
   

   Another idea was to tattoo the RSA cryptographic algorithm, which used to be legally classified as a munition.

   That photograph is of some old-skool crypto-anarchist named James Melvin, who’s cuter than a spaceship full of robotic kittens, and who has it tattooed in four lines of Perl:

   
   

   #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
   $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
   lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
   

   Except I’d tattoo it on my bicep, so that I could flex and say, “Check out my guns!” Also, I’d probably get it tattooed in Python, because Perl usually makes my brain feel like it’s doing loopdy-loops in my skull. Also, if it was in Python, I could flex and say:

   “Hey baby, is there a vet in this town?” No. Why? “Because this Python is sick!”

   Not to mention that it’s only two lines in Python:

   #!/usr/local/bin/python --
   from sys import *;from string import *;a=argv;[s,p,q]=filter(lambda x:x[:1]!= '-',a);d='-d'in a;e,n=atol(p,16),atol(q,16);l=(len(q)+1)/2;o,inb=l-d,l-1+d
   while s: s=stdin.read(inb);s and map(stdout.write,map(lambda i,b=pow(reduce(lambda x,y:(x<>8*i&255),range(o-1,-1,-1)))
   

   And speaking of spaceships, what’s cooler than maps of where the Earth is? This one shows Earth’s location with respect to the observable universe in the cosmic microwave background:

   

   Neat, but not feasibly tattooable. Also, not exactly readable to extraterrestrial intelligences either. But thankfully, NASA already made an illustration of where Earth’s Sun is, which would be readable by aliens, and they made plaques of it, which were launched with the Voyager 10 and Voyager 11 spacecraft. The graph uses the locations of 14 pulsars to show the Sun’s precise location. And someone else beat me to the tattoo, but whatever. I’m getting it anyway.

   I haven’t gotten any of these yet, though, because years ago I discovered a patent for nanoparticle ferrofluid tattoo ink. Basically, it would work like this: You take ferrofluid, which is a “fluid” made of nano-sized particles of iron, which is magnetic. Ferrofluids are really neat. If you’ve never heard of them before, you should check them out …

   read more

5. Learning Assembly Through Writing Shellcode

   
   

   Months ago, I wrote hello world in X86 Assembly, and later that same day I wrote hello world in Python. Python is fast, elegant, and powerful. But unfortunately, it doesn’t really give you an understanding of what’s going on inside your computer. And any good little hacker should know precisely what’s going on inside their computer.

   Every time I start teaching myself some complicated thing, I try to make the learning process enjoyable because I know that I’ll retain more information if I can apply it to something fun or useful. Being a terribly precocious kid, I taught myself quantum mechanics when I was fourteen. It was really difficult, and I probably wouldn’t have been able to pull it off if I hadn’t made it fun. And, oh, did I make it fun: FOIA’ed thermonuclear weapons manuals, ten years expired, from some obscure and slightly sketchy web page. I didn’t mean any harm, and I neither was nor am a proponent of nuclear weapons production, maintenance, or warfare. I wasn’t planning on starting up an Uranium-238 enrichment program, or searching the black markets for hollow plutonium cores. I wanted to learn physics, and what’s more fun than learning how to destroy things?

   Assembly languages are cumbersome and arcane. The learning curve is steep, and progress is always slow compared to higher level programming languages. Fortunately, however, Assembly can be used to destroy things! Enter shellcode.

   The best introduction I found to writing shellcode was in Gray Hat hacking, so I’m going to quote the first few pages of the Linux shellcoding chapter, and then leave you to somehow obtain your own copy.

   Basic Linux Shellcode

   The term “shellcode” refers to self-contained binary code that completes a task. The task may range from issuing a system command to providing a shell back to the attacker, as was the original purpose of shellcode.

   There are basically three ways to write shellcode:

   • Directly write the hex opcodes.
   • Write a program in a high level language like C, compile it, and then disassemble it to obtain the assembly imstructions and hex opcodes.
   • Write as assembly program, assemble the program, and then extract the hex opcodes from the binary.

   Writing the hex opcodes directly is a little extreme. We will start with learning the C approach, but quickly move to writing assembly, then to extraction of the opcodes. In any event, you will need to understand low level (kernel) functions such as read, write, and execute. Since these system functions are performed at the kernel level, we will need to learn a little about how user processes communicate with the kernel.

   System Calls

   The purpose of the operating system is to serve as a bridge between the user (process) and the hardware. There are basically three ways to communicate with the operating system kernel:

   • Hardware interrupts  For example, an asynchronous signal from the keyboard
   • Hardware traps  For example, the result of an illegal “divide …

   read more

6. Defcon Report Back, Part 1

   Friday 5th August 2011, Defcon 19, Las Vegas, NV

   Analyzing Embedded Malicious Code in PDFs

   So, the first was Mahmud Ab Rahman’s presentation on parsing and analyzing malacious code embedded in .pdfs. I can’t guarantee that paper doesn’t have anything malicious embedded. But I have modified the .pdf parsers written in python by Didier Stevens and played with .pdf malware, and generally been very confused and upset about .pdf structure and specifications, so Ab Rahman’s Sneaky PDF lecture was interesting. I can’t find video for that presentation up yet, but that .pdf above does contain everything said and the original slides. Basically, malicious .pdfs use JavaScript code obfuscation through spaghetti code, infinite loops, misdirected object references, code encryption, and media-rich embedded objects such as flash videos or audio files. Ab Rahman gave a few lists of tools which he used to better parse and de-obfuscate: tools such as SpiderMonkey, Rhino, V8, and JSBeautifier can all be used to fix spaghetti code, infinite loops, and misdirected object references, and tools like PDFminer, Gallus, Wepawet, APTdeezer, and Origami can be used in addition to Didier Steven’s above referenced tool for parsing. Also, I found an entire site on PDF security issues, with lists of relevant tools and white papers which go into more detail on obfuscation and detection methods.

   Linux Thread Injection

   Aseem “@” Jakhar presented on Jugaad, a newly released Linux Thread Injection kit, which uses the ptrace() function in gdb to inject arbitrary code into running processes. Here’s the pdf of his presentation, and here’s the slides from slideshare. Themmap syscall was used to produce shellcode in hex from assembly for payload creation. (If this sounds like jibberish, you might want to learn about what shellcode is and how to write shellcode, which is going to include learning assembler.) It’s essentially the Linux equivalent of the Windows malware CreateRemoteThread() API, and Jugaad provides all the functionality and ease-of-use as its Windows cousin. All the more reason to disable ptrace() functionality on boxes which are not being actively used in production environments, or use sptrace() to limit user access to that functionality.

   Runtime Process Library Injection

   Along a similar line,Shawn Webb talked aboutruntime process insemination (click for pdf) using his also newly released tool, Libhijack, to anonymously inject shared objects and libraries in as little as eight lines of C code, with little to no physical evidence left behind.

   UPnP Mapping

   There was a presentation on Universal Plug-and-Play (UPnP) device mapping by Daniel Garcia. Most of what I took from that was that Garcia’s Umap scanner allows mapping of hosts behind the device NAT, SOCKv4 proxying, and manual port-mapping from LAN to WAN and vice versa. This allows masking of IP addresses and attacking non-outward facing hosts within an internal network. Garcia released a new tool, Umap, which scans TCP for open ports behind UPnP enabled Internet Gateway Devices.

   Kernel Exploitation

   Next up was Kees Cook, head of security …

   read more

⇇ « Page 2 / 2