July 28th, 2014

Random API of the Day

Today’s random API is pow(), from the C standard library. The exp() function is used to take a real number to the power of a real number, which you may remember from high school algebra as exponentiation.

Over the past week, I’ve been adding a feature to wicrawl which allows the network discovery engine to capture frame metadata from the radio driver. This is handy to get things like the power level of the received packet, the signal-to-noise ratio, and other things that don’t show up in the 802.11 header of the captured frames.

In the radio world, the power is described in a unit called dBm, or decibels referenced to one milliwatt. The radiotap header provided by the ipw2200 driver for my Dell’s wireless card uses dBm when reporting the power of a rx packet, and I wanted to know how many milliwatts each packet represented.

The formula to convert dBm to milliwatts is mW = 10dBm/10, which requires use of the pow() function.  The conversion routine is:

inline double dBm_to_mW(int dBm) { return pow(10.0, ((double) dBm/10.0)); }

One problem I create by doing this is breaking wicrawl on targets like the Linksys WRT devices.  Like most cheap embedded platforms, the WRT series have a 32-bit processor that doesn’t including floating point hardware.   Without this hardware, we can’t use the float and double types in our program.

So what now?  Well, consider the input data we’re getting from the radio.  The dBm figure is provided as an integer, and it’s guaranteed to be within about -100 and 0 dBm.  Because there is only about a hundred values for the dBm figure, we can create a conversion table to go between dBm and nanowatts.  This way, we don’t have to do any floating-point work at all, at the expense of a little precision.

MRL meeting announcement

I haven’t published the official meeting announcement here for a while, so I thought I’d post it as an example of what we’ve been up to. I usually post them directly to the email list with full details if you’re interested in attending.


/* ****************************************************************************
*                           Midnight Research Labs                            *
*                      !!  July Meeting announcement !!                       *
*                        (http://midnightresearch.com)                        *
**************************************************************************** */

                Fellow Hackers, Slackers, and Code-crackers:

        On Friday July 21st at 7pm PST we will be holding our monthly official
        Midnight Research Labs meeting.

        Since we got a little side-tracked with CTF and binary reversing topics
        last month, we still have a couple of the same events listed this month
        that we didn't get to cover last month.

                - Mini-presentation on BiDiBLAH, an "Automated Assessment
                  Tool" written by SensePost, and presented by Aaron.
                - Javascript and sockets, etc mini-presentation by Focus
                - Ferro-Fluid:  We tried with not much success to create some
                  ferrofluid last week, so we hope to have some *real*
                  ferrofluid to play with this week.

http://en.wikipedia.org/wiki/Ferrofluid

        As always, anyone with cool toys, or interesting project ideas, bring
        them along.


        Light refreshments, pizza and beer will be served.  If anyone has a
        better/newer/different suggestion for food, let me know.

        Agenda:
                Phase 0x0: Bootstrapping
                  - Greetings and welcome
                  - MRL updates and status
                Phase 0x1: Initialization
                  - BiDiBlah mini-preso
                  - Javascript ans socks mini-preso
                  - FerroFluid Fun
                Phase 0x2: Local exploits
                  - Food
                  - Off topic tools, toys and other shiny things -- If anyone
                    has any interesting to show off or play with, please bring
                    it.
                  - Whatever till whenever -- This is the more social
                    part of the event.  People are invited to stay and
                    hack and have a couple drinks till whenever this
                    phase is no longer self-sustaining, =)


        This is an "invite only" event, so, don't distribute the location to
        just anyone =).  That being said, we're still looking for active
        members, so if you know someone that would be interested in
        contributing and want to sponsor or vouch for them, feel free to bring
        them along (let me know in advance if possible)

        Location:

               [private residence and contact.  Removed for public posting] 

                For those remote, we will have a conference number, and I'll
                email that out shortly before the meeting.

        Notes (nfo):
        - We're about 1.5 miles from bart (the Bayfair stop).
        - Bringing a Laptop is a probably good idea if you have one.
        - Please feel free to contact me by email or phone if you have
          any questions

Thanks! Hope to see you there!

Binary rewriting

Diablo is a better link-time optimizer, but LOCO implements Wang.

Data Mining for Terrorists

A while ago Bruce Schneier posted an intersting article about how the data mining we’re doing to catch terrorists won’t be effective. He followed that up recently with another post that points to a more throrough analysis.

Floyd Rudmin, a professor at a Norwegian university, applies the mathematics of conditional probability, known as Bayes’ Theorem, to demonstrate that the NSA’s surveillance cannot successfully detect terrorists unless both the percentage of terrorists in the population and the accuracy rate of their identification are far higher than they are. He correctly concludes that “NSA’s surveillance system is useless for finding terrorists.”

San Francisco is highest risk city for stolen identity

According to this report on The top 10 Cities to Have Your Identity Stolen (otherwise known as “iJacking“[*] if Intersections, Inc is successful in coining the term), San Francisco is number one. I should know, being an “iJacking” victim myself.

TEN MOST RISKY CITIES
1) San Francisco
2) Seattle
3) Denver
4) San Jose
5) San Diego
6) Atlanta
7) Salt Lake City
8) Las Vegas
9) Sacramento
10) Phoenix

Oh, and apparently this is what you look like after you’ve been iJacked:

[*] A google search shows that iJacking seems to have caught on with a different meaning (laptops snatched from coffee shops).

Longest hacker prison term upheld

From wired magzine:

A federal appeals court upheld a nine-year prison term Monday for a hacker who tried and failed to steal customer credit-card numbers from the Lowe’s chain of home improvement stores.

I think what I find more stupefying (but not too surprising) is the fact that Lowes had allowed access to their internal network, including credit processing systems, from an unsecured wireless network. Frankly, given this glaring hole in their system, I’m a little surprised that they were actually able to not only track down the offenders, but determine what exactly they had done in that short a time.

Though there’s no evidence either man saw a single stolen credit-card number, and despite cooperating to help Lowe’s boost its security after his arrest, Salcedo was sentenced to what the government described at the time as the longest U.S. prison term for a hacker in history.

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS