mungewell

Agents of the Revolution
  • Content count

    391
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by mungewell


  1. This won't work against anyone who knows what they're doing sniffing a network, with a card in monitor mode, unassociated to the network. In this mode, the sniffer gets raw 802.11 frames and also has the benefit of being able to capture packets from multiple networks simultaneously.

    This got me thinking on the way home from work. Can you be absolutely sure that the firmware in the wireless card will not interact in some way with the network?

    I believe that in the wired-world there are techniques for detecting promisuous clients on ethernet segments, and the only sure way is to use an AUI port (15pin D) transciever with the TX pair disconnected/cut.

    There is a possibility that by accident (or by design) that a wireless card in monitor mode might be made to relieve itself from something transmitted at it...

    Munge

    PS. In general, No you can't tell if someone is sniffing wireless.

    0

  2. it is highly unlikely that the cell phone is dual channel or can cope with inband signalling

    Wrong again.... It appears that the data path is 'inband audio' and we all know what a bad idea that can be ;-)

    System is aqLink from Airbiquity, it uses carefully crafted audio tones to achieve data rates of 100 bit/sec.

    'Glossy' information - http://www.airbiquity.com/index1.html

    'Real' information - http://www.google.com/patents?id=DYsLAAAAE...p;dq=Airbiquity

    Haven't found info on what protocol OnStar uses over the link, I won't take a random guess as I'm bound to be wrong.

    So my thinking is that they give everyone aqLink capable hardware (in the form of OnStar hardware), presumably a hacked unit could be made to call another unit and 'talk' over the data channel.

    Since the digital data stream is mixed in the analogue domain, is it actually audible on the call? If so, can it be recorded?

    Munge

    0

  3. OK answering my own posts again.... at least I'm not arguing with myself.

    OnStar's own page gives quite a lot away.

    https://www.myonstar.com/ovm_register.os

    I believe that the OnStar system uses CDMA technology in the back end, but what comms method do they use for transmitting data to/from the unit. If they can send data whilst the 'talk' part is active then they must either use SMS or a IP data path, it is highly unlikely that the cell phone is dual channel or can cope with inband signalling.

    My bet is SMS, in which case how secure can this be.... an example capture would be highly informative. So when they unlock the doors, how wrapped in crypto is the command?

    Munge.

    PS. Blondstar link - http://www.youtube.com/watch?v=B3UGhRjPry4...ted&search=

    0

  4. I was intending to make an RF card reader/cloner.

    Check out the RF Guardian project:

    http://www.rfidguardian.org/prototype.html

    I've not played in the RFID sphere yet, but I assume that they are quite tolerant frequency variation.

    I believe that the basic concept is that a burst of RF both powers and synchronises the tag, you may be able to work with something as simple as a square wave with some minimal filtering. Maybe start with a PIC or even a PC driving a serial RTS signal/parallel port.

    A simple amplifier and tuned antenna should be enough to get some RF emissions.

    Munge.

    0

  5. 'GM's OnStar system could soon halt stolen cars' - http://www.ctv.ca/servlet/ArticleNews/stor...009?hub=SciTech

    This article got me thinking about how tightly integrated OnStar (and presumable other systems) are becoming with the on-board computers in modern cars, and how susceptible they are to hack/attack.

    One of my work colleagues says that they already have the ability to read things like tyre pressure sensors, ODB-II codes etc, so they are hooked right in there at present; even to the point of sending you a monthly email with a current status. Connecting into the engine management with remote control control the of the engine it's self is I guess the next step.

    Questions:

    Does the inbuilt cellphone answer all incoming calls?

    What level of authentication do they have once connected?

    Assuming GSM, how easy is it to snoop on the GSM call whilst in process?

    How long before we start hearing that the vocal opponents of GM start gettting involved in mysterious car crashes? (OK that's just conspirency talk ;-)

    Munge.

    0

  6. Anyone know a kit or bit of circuitry that could make a ~125khz sine wave and transmit it?

    The circuit you posted is basically just a filter, removing the higher order harmonics of the square wave to produce a sine wave.

    JimmyRidge's link gives the basic L-C concept.

    What are you intending to do with the 125KHz? What accuracy do you need?

    Munge.

    0

  7. ok so how is GParted and QT Parted different? do they use different libs?

    According to packages.ubuntu.com Gparted and QTparted both depend on libparted, so I guess it's just gui differences.

    Mungewell.

    0

  8. Hi,

    The '/var' tree is also taking up quite a bit of space, you'll probably find that there are all the downloaded '.deb's sitting in '/var/cache/apt/archives'. The '.deb's can be safely deleted (they are already installed on the system and the are only useful if you want to re-install them).

    Cheers,

    Munge.

    0

  9. You don't say whether you are concerned about privacy on the calls, normally VoIP is about as secure as a 'post-card' - anyone with access to the network could listen in on the calls. Is this personal setup, or for business (ie. more than one extension at asterisk end)?

    If this doesn't bother you, then you could:

    1) Expose your asterisk server to the web and allow remote phones to register. You'd have to open ports on both ends to allow the SIP (assuming SIP) and RTP streams through.

    2) Use any of the free dialtone providers (such as FWD, Gizmo, etc). Get the remote phone and asterisk to register a number each and get asterisk to redirect extension to remote FWD number. Again you'd have to open (at least) some ports, or use a proxy on the web as a 'reflector'.

    If you want to be secure then you'd need some way of encrypting RTP stream, this can be done via VPN but VoIP is sensitive to jitter and normally uses UDP. If the 7900 supports SRTP then maybe that can be enabled.

    Have fun,

    Mungewell.

    0

  10. Also, the disk is *really* slow and makes a wonderful amount of noise.

    The 'ka-chunk and re-spin' sound is bad ;-) .... even if it's not that bad the application of SpinRite may freshen the drive some.

    I'd love to hear if anyone has a Free alternative.

    Munge.

    0

  11. Hi,

    Just a thought but do you really want to use an old disk in this machine. I mean that the disk is probably the most likely point of failure, and it would be a real shame to see all your (hard?) work come crashing down in a big heap.

    Obviously I don't know your budget but you should be able to find a 'new' drive for not a significant amount.

    Even if the BIOS can't support large disks, once Linux boots it will be able to access partitions above this boundary.

    Munge.

    0

  12. Dial ... 862548 from Free World Dialup

    Just so people know (if they didn't already) you can use the SipBrooker PSTN access numbers to access the 'world of VoIP phones' for the local call cost.

    A full list is access numbers is here:

    http://www.sipbroker.com/sipbroker/action/pstnNumbers

    Dial the one nearest you and wait for the voice prompt, then dial '*393 862548#' (the # is optional).

    '*393' is the peering code for FWD, a full list of codes for other VoIP providers is here:

    http://www.sipbroker.com/sipbroker/action/providerWhitePages

    I'm sure that SipBroker would appreciate donations if you make 'good' use of this service.

    Thanks to df99 for setting up ProjectMF and the interview - it's a fitting tribute.

    Munge.

    PS. This link might be useful ;-)

    http://www.oldskoolphreak.com/tfiles/phrea...t_your_ipod.txt

    0

  13. So if I read this right, they're hacking the routing so that new 778 numbers in particular (either mainland or island) regions will be able to be called without using on the 778 prefix.

    Allocation of numbers in 778 will be done so that these don't overlap with same region's 250 numbers, so that even more confusion on whether you'll need to dial the 778 prefix or not to get the correct number!

    Couple this with my personal #1 peave and we're sure to have a lot of confused people:

    --

    'We're sorry, it is not necessary to dial a 1 or 0 when dialing this number. Hang up a try again.'

    --

    How the FUCK am I supposed to know which numbers (not just area codes, but the 1st 3 digits of the 7 digit number) are local or long distance, JUST CONNECT THE FUCKING CALL!!!!!!

    [sorry, I'll try to calm down....]

    Munge.

    0

  14. The sort of Captcha you don't want to do in person!

    ---

    Holden: You're in a desert, walking along in the sand when all of a sudden you look down...

    Leon: What one?

    Holden: What?

    Leon: What desert?

    Holden: It doesn't make any difference what desert, it's completely hypothetical.

    Leon: But, how come I'd be there?

    Holden: Maybe you're fed up. Maybe you want to be by yourself. Who knows? You look down and see a tortoise, Leon. It's crawling toward you...

    Leon: Tortoise? What's that?

    Holden: You know what a turtle is?

    Leon: Of course!

    Holden: Same thing.

    Leon: I've never seen a turtle. (pause) But I understand what you mean.

    Holden: You reach down and you flip the tortoise over on its back, Leon.

    Leon: Do you make up these questions, Mr. Holden? Or do they write 'em down for you?

    Holden: The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over but it can't. Not without your help. But you're not helping.

    Leon: WHAT DO YOU MEAN, I'M NOT HELPING?

    Holden: I mean you're not helping! Why is that, Leon?

    [Leon has become visibly shaken]

    Holden: They're just questions, Leon. In answer to your query they're written down for me. It's a test, designed to provoke an emotional response. (pause) Shall we continue?

    ---

    Of course I'm human, I have memories and photos of my childhood,

    Munge.

    0

  15. Being rather old, I started hacking with electronics before computers were really available - 'build a radio' kit, etc.

    I managed to convince my parents to buy a computer, we got a Vic-20 as it had a 'real keyboard'. Many late night writing simple basic programs, got into the inner workings with 'The Vic Revealed' book and 6502 assembler. Memory mapped graphics, perpherial interfacing, etc.

    A couple of dorky friends and I used to write text based adventure games, etc. on school's Dragon 32.

    Missed out completely on BBS :-( (in the UK there just wasn't the scene).

    Got introduced to Unix (serial terms on a Gould) at college, sys-admin was cool and he let us get away with quite a bit. He did take the time to explain multi-tasking after I ran the following program which kinda made the machine unusable.

    ---

    main ()

    {

    while (1) fork();

    }

    ---

    Did electronics at college and now work in that field, still enjoy hacking around - can't look at a gadget without wondering whether the back comes off easily and if the processor is 'Linux enabled'.

    Munge.

    0

  16. Hi,

    I don't know for certain, but I would assume that the RF signal generator can provide for modulating the output (in different modes ie. AM, FM, NFM, etc) from a secondary input.

    Example: http://www.testequity.com/products/1405/

    The function generator almost certain has the ability to generate different types of waveform, if it's an 'Arbitrary Waveform' one you'll be able to output any waveform you choose (given a limit on the number of samples/maximum frequency).

    Munge.

    0

  17. Funny and spot on.

    Occasionally I [have|volunteer] to give presentations and attempt to keep them simple and clean.

    I came across this podcast (http://www.manager-tools.com/complete-index) which is quite informative. The 'Presenting with PowerPoint' was very helpful. The 'Secrets of a Great Handshake' was just bizarre....

    Munge.

    PS what does using 'Gentium' (http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&item_id=Gentium) say about me?????

    0