enmaku

Members
  • Content count

    165
  • Joined

  • Last visited

Community Reputation

2 Neutral

About enmaku

  • Rank
    SUP3R 31337
  • Birthday 02/15/1983

Profile Information

  • Gender
    Male
  • Country
    United States
  • Location
    Las Vegas, NV

Contact Methods

  • ICQ
    0
  1. So I've been hitting the gym a lot lately, and I was looking at some of the various calorimeters on the market. For the money the BodyBugg looks nice but I hate that they rope you into a monthly payment just to get the data off of your own property. I've decided to pick up a used one and try to RE it, see if I can pull the data off and do my own analysis, and of course release whatever I cobble together for the general good. I'm here because I'm not sure if it's been done or if my Google-fu is failing me... I found some python scripts circa 2009 here that may or may not work with the current generation of devices, and a handful of links from that site go to questionably valid places, the other half are dead. Does anyone have more recent experience with such devices or perhaps a suggestion for a similar device that doesn't require a subscription? I'd rather give my money to more reasonable people, but I think if I were to make a workable free alternative to the monthly subscription crap they offer I could do more than enough damage to offset the profit they'll make from one sale
  2. So I just had a thought and wanted to see what the court of public opinion had to say before I possibly waste a perfectly good phone. I saw the PirateBox (http://wiki.daviddarts.com/PirateBox) while browsing around the other day and wondered how hard it would be to run that on my old Droid eris since I'm about ready to upgrade to a new phone. As it turns out, running a web server is fairly trivial, it wouldn't be hard at all to do something similar, though it wouldn't be nearly as snappy - it WOULD however, be much lower power consumption than the parts bundled in the PirateBox, especially when left on standby. So here's my idea: Car battery, power inverter, 1.8W (or higher) solar trickle charger + my old phone = low-powered pirate box that can run practically forever off-the-grid. Build this all into something relatively secure (fire safe, lockbox, ammo can etc) and chain it up in a cave somewhere = Digital Geocaching. My big concern is that it would get stolen, so I'm looking for ways to prevent theft, though it WILL be prohibitively heavy by virtue of containing a car battery and since I live in Vegas it WOULD be in the middle of the desert so hefting it back to civilization might put off would-be thieves. I also think I've done my math correctly, but would like verification. Without 3G my phone eats about 125mw on standby with wifi tethering enabled and the screen turned off. Spike the CPU and WiFi radio and that can go up to 600-700mw. A 60 watt-hour car battery should last for ages with that small a load and considering the amount of sunlight our desert gets it would never have to run long without solar power anyway. A cheap 1.8W trickle charger produces much more power than the phone is capable of consuming in this configuration, even with the screen on. So is there anything I'm forgetting or missing? Or is the whole idea flawed in the first place. Do any of you participate in Geocaching, and if so would you be interested in this spinoff?
  3. Anyone use pyrit? (https://code.google.com/p/pyrit/) I've now wasted so much time trying out so many crappy products in this vein that I'm just gonna start asking people who are further ahead of the curve than me
  4. I'd really love to get on Demonoid but I can never seem to catch them when registration is open. Anyone got an invite perhaps?
  5. So I know it's significantly faster to generate rainbow tables with GPU than CPU and I finally got tired enough of the crappy availability of good large tables and decided to throw some GPU time at it, I have a couple old dual-SLI gaming PCs that I can dedicate to the task for as long as it takes but I can't for the life of me find a copy of rtgen for CUDA or anything at all like it. rtgen for CUDA is apparently a commercial product that you have to pay like $300 for and it comes with gobs of tables that I don't really care about, I just want the executable or perhaps a FOSS alternative?
  6. Another fun use, though not really useful either, VNC into your droid from an iPhone, hide the VNC interface and REALLY confuse your friends.
  7. Yeah, password works. There's also options for screen rotation and scaling. Just for the hell of it I remote controlled my phone from my girlfriend's phone. Possibly the geekiest thing I've done all week. Not 100% sure what I'm going to do with this but it's at least a cool thing to have around. Yeah having a version for non-rooted phones would be nice, though likely impossible, but it's easy enough to root most phones
  8. Sorry I didn't specify, but the USB audio device is wireless, the idea is to take a $60 wireless USB headset and hook it up to the little Plantronics box at my work so I don't have to pay $300 for a proprietary Plantronics headset that doesn't work as well as my $60 Logitech Ideally I'd love to see a USB to Plantronics Quick-Disconnect adapter but if someone knows of something that'll work for 3.5mm I can get a 3.5mm to QD adapter easily enough.
  9. So I'm the type who owns a soldering iron that collects dust in my garage. I have a basic understanding of theory but for the most part I consider myself a "software guy" and I've got a hardware problem. I have a USB audio device (headset) that I'd like to connect to a device with standard 3.5mm plugs. I know that USB audio requires some kind of intelligent processing device to hook up to, but my knowledge on the hardware side of the fence is not strong so I have no idea exactly how powerful such a device needs to be. I certainly can't find any pre-made adapters for such a thing and I'd rather not have a laptop sitting between headset and plug, though I could do so if there's simply no other way. So that's my question: Anyone know of a device (or have any idea how to build one) that will recognize & connect to a standard USB audio device and provide standard 3.5mm headphone/mic I/O?
  10. Just tested the excel "rainbow table" of expiration dates that was in the package, it's accurate but incomplete. BTW if you start the program with a /D flag (case sensitive) it runs in "demo mode" and doesn't appear to communicate with the outside world. Any MOD10 valid card number is authorized. I made an import file with the excel tool included and it ran 20 transactions in a couple seconds so generating one of these tables for all card numbers seems like a very real possibility. I'm thinking I might actually write a program to generate the appropriate import files for, say, all possible visa and MC numbers as well as a more complete list of expiration dates and dedicate some CPU time to running it if anyone is interested. Not sure what format I would store the results in either, any suggestions?
  11. OK, so hopefully this post isn't so old that this would be considered necromancy, but I've come to a conclusion. Counsel advises me that my NDA only covers stuff I learned or knew when I worked for VFI, anything I learn after the fact is fair game so here goes. I never got to support integration, we always referred them to their point-of-sale manufacturer for that stuff, so I've been playing with it a bit since this hit the open market and here's what I've got: Integration in any version before 5.8 appears to be either TCP or SMB based, no encryption anywhere. 5.8 appears to offer SSL but it's clunky and definitely not the default. I've sniffed my own traffic and sure enough there's the whole transaction unencrypted on the local wire for anyone with access to see. I'm pretty sure PCI compliance requires that merchants secure their own networks but it seems like kind of a douche move to dump that kind of a vulnerability on end-users who are probably as technically competent as a garden slug. Talk about enforcing the letter of the law rather than its spirit. Transactions are sent from client to server as unencrypted XML regardless of the method chosen. TCP just connects on the specified port (default 31419) and dumps the XML, then waits for an XML-formatted response before closing the connection. SMB puts the data in a file which is copied into a shared folder over the network, the transaction is run and then the file deleted and another file created with a similar name but different extension. The incoming transaction is a .INX file, the outgoing is a .OUX file, both containing unencrypted plain XML with every detail perfectly human-readable. These are the results of sniffing network traffic between a node running payment server and one running client, I can only assume that integration with third-party software works in much the same way. Based on sniffing I've done at places like Starbucks and McDonalds I'm pretty sure the big name stores hire someone to handle their networks, I've never seen a card number go over the wire there, but this does look similar to something I've seen at a smaller local coffee house, and I'll bet there's a lot of small businesses who could get screwed by this badly. More to come when there's more to tell
  12. Yes, I run Windows 7 and I speak VB. Of course I also run Ubuntu, openSolaris, ClusterKnoppix and I've got a laptop somewhere around here that still has BeOS. None of them run the games I play as well as Windows and yes I've spent countless hours in Ubuntu tweaking Wine. I don't have a preference for Windows, I have a legitimate need for DirectX. I also have a legitimate business need for remote access via LogMeIn. That's where Windows becomes necessary: when you need an exact specific product. OpenOffice != MS Office, but it's close enough for 99% of the people. Sometimes you're just in the other 1%. I speak VB/VBScript/ASP because for a time it was my job. I speak BASIC because it's the first language I ever learned... on an Atari 2600... when I was 7. I also speak PHP, C, C++, Python, Java, JavaScript and tiny bits of less common/useful (to me) languages like LUA, COBOL and FORTRAN. Hacking is not a game of exclusion. We can, each of us, choose to like or dislike whatever products or services we want - we maintain our individuality and there is no "hacker hive mind" to cause us to do otherwise. Matter of fact individuality and freedom of thought are ideals that real members of this community tend to believe in and value highly. Of course the advent of good high-quality FOSS Virtual Machines this all becomes a moot point. Whatever you install directly on your hard drive is just the "host" OS. Once you boot into that you're free to do whatever you want. I've confused a few coworkers by remoting into my Win7 machine via LogMeIn while running an Ubuntu VM fullscreened. They still can't figure out how I got LogMeIn to work on Linux. Once the fun wears off I'll tell them
  13. Most MAC whitelisting happens prior to successful connection. It's rare to see a system allow you to connect and then disconnect you. A lot of very clever attacks only take a handful of carefully crafted packets so the fact that you can connect at all is dangerous. I'd try spoofing the MAC of a machine that's supposed to be on the network and see what happens. Good luck
  14. I'd also recommend a ps/2 KVM over a USB one unless you really really need USB. I've had the absolute worst luck with USB KVMs...
  15. I'm gonna try really hard to be there as well. It all depends on the finances, but I lived in Vegas for 5 years and somehow always managed to miss Defcon. If I have to sell a kidney it's not happening again!