Cory Doctorow captures what I’m saying in a quote from his book Little Brother:

If you’ve never programmed a computer, you should. There’s nothing like it in the whole world. When you program a computer, it does exactly what you tell it to do. It’s like designing a machine — any machine, like a car, like a faucet, like a gas-hinge for a door — using math and instructions. It’s awesome in the truest sense: it can fill you with awe.

A computer is the most complicated machine you’ll ever use. It’s made of billions of micro-miniaturized transistors that can be configured to run any program you can imagine. But when you sit down at the keyboard and write a line of code, those transistors do what you tell them to.

Most of us will never build a car. Pretty much none of us will ever create an aviation system. Design a building. Lay out a city.

While the quote discusses programming specifically, it explains the brilliance of using the tools available to you to invent new tools. Check out a hackerspace near you, or the MAKE homepage, or Hack-A-Day. Look at all the links in this single post: all people who make things and want to help others do the same.

Go make something.

J’s house. is near two public schools, so we decided to go walk around near them. We weren’t doing anything wrong– just walking around and having a conversation. N decided to give a “thumbs up” sign to a passing car, but we really thought nothing of it. It’s a lot better than flipping them off– but that probably would have got us into less trouble in the end.

We started heading home after around 45 minutes, but about halfway there a cop car stops right behind us. The cop gets out of the car and says “stop right there! Why are you boys walking late at night?” Our response of “to get some fresh air” apparently was invalid to him. While in the middle of asking us some questions like “where are you headed?” and “what are your names?”, another car shows up. Officer R. Christopher of the BIPD (our first officer) begins to explain to us that somebody called in about kids walking along the road hitchhiking. He then explains that in the past week there have been five fires set, a school broken into, and a house vandalized. He adds that most of these are confirmed to be done by juveniles. He goes on to give us the scare treatment: “So you know, if we get a call about anything wrong here, or at the bus barn, or at the schools, you know who our first suspects will be?” The three of us stayed silent throughout most of the ordeal, only speaking to give information. The two officers treat us like children and say things like “you see the problem here?” and “now I’m a suspicious guy.”

For future reference, giving the thumbs-up sign to a car is frequently misinterpreted.

Officer 2 looks at the bottom of our shoes while officer 1 calls all of our parents and asks if we’re supposed to be where we are. G’s father answers and confirms that he’s free to continue. N’s father comes to get him and take him back to the house where we were headed back to anyways. My parents both didn’t answer their phones, so by protocol the officers had to escort me back to J’s house in the cop car. G comes along for the ride.

G and I stand laughing behind the officer while he knocks on the door. A few of the boys at the party come up the stairs expecting only us, but see the cop and freak out. “J! There’s a cop outside your door!!” J gets to the door and gives G and I the most disgusted look I’ve ever seen. “What the hell did you guys do?” The officer tells J to wake up his parents and then the officer explains the situation to them. G and I are free to go back to the house, but now N’s father is pissed off, J’s parents are woken up, and J won’t talk to us.

This subsides quickly though, as we all realize how silly the situation is.

That was my first ever encounter with the police, and I think I’ve learned something from it: in a town as small as mine, the cops don’t have too much to do. This would explain why they sent two cars. Hopefully I won’t have to deal with them too much more. I would hope that police could treat us more like adults in the future. And I hope next time I spend time with the police, I do something worth getting caught for. ;)

I’d like to extend a thank you to San Francisco’s Noisebridge hackerspace for being so hospitable and friendly towards me during my time here. On Friday when I arrived in SFO, I took the BART straight to Noisebridge and hung out there till that night. It was nice to be in an environment where I could work, learn, and talk, despite being a stranger in this city.

I’ve met a lot of interesting people and was even invited out to dinner that night. San Franciscans really love their lights, I’ve found. Our crepe restaraunt had fancy fading rainbow lights.

I’ve included a picture of Noisebridge at a fairly dormant time.

Fulgurites are the figures made by lightning hitting sand (or other melty grainy materials). We don’t have lightning but we can definitely simulate it with the pole pig. We start by putting sand (100lb for $7 at Home Depot) in a terracotta pot. We stick electrodes from the transformer straight into the pot and turn it on. The result comes out like this.

We then epoxy them into nice solid pieces of art. I made a video about the process for my science class.

Fulgurite Production at Hackerbot Labs from Nick Mooney on Vimeo.

Credits to Pip aka @yoyojedi for helping me out with this. He’s the fulgurite master and was nice enough to teach me how.

When the phone arrived I went through the fairly standard procedure: wipe data from old phone, keep battery/card/back-cover, install them in new phone and activate by dialing *228. In a few minutes after waiting on crappy activation music, it was done. My phone instantly picked up a signal and I went on my merry way packaging up the old phone to send back.

I started to notice some weird things that night though. The first was that I was told I had to dial the area code while ‘roaming’. This was weird, but I figured dialing *22899 to refresh the cell tower data would fix it. No luck though. Oh well– it’ll sort itself out. Then I started getting messages from my friends asking why I wasn’t answering my phone. I decided to run an experiment by calling my home phone from my cell. The caller ID showed up as a 410 area code (Maryland). It was bidirectional too, meaning my phone rang when I called the Maryland number. My old local number went straight to voicemail.

I called up Verizon and told them about the issue, and the rep I had was very confused by the situation. I was put on hold a couple times and told that he would have to converse with a higher-up. Verizon claims that they can’t program the phone remotely to my correct number and decide to ship me yet another new phone, same as last time. Meanwhile, I have no access to my old number and some poor soul in Maryland probably wants their number back. I can make and receive calls on this Maryland number, and Verizon recognizes me as the person on that account. Luckily though, it was secure enough such that I couldn’t make any account changes without the social security number.

The new (Droid #4) phone is set to arrive tomorrow, and hopefully it’ll work just fine. I’ll have 3 Droids in the house then… but I have to send 2 of them back via prepaid FedEx.

The Robot Arm project has been gathering some dust for a while. Code is a little slow to develop since I can only access the arm itself on Saturdays. That said, however, I’ve fixed  a problem! To connect to the Gamoto motor control board, I need a USB-Serial adapter and then a janky-as-shit serial-to-Gamoto adapter which connects to some protoboard, which connects finally to the Gamoto.  I learned Saturday that I rushed my first job in creating the janky-as-shit serial-to-Gamoto adapter and barely connected the wire to the correct pin. It was a cold solder joint, so I made a new adapter, and I wanted to share a trick that some people might not know.

When soldering wires to headers (sets of pins), you can put the bottom of the header in a protoboard, hook the wire around the pin, and solder like that. It works really well and is much easier than soldering without the hook.

Anyways, code will be posted soon. It’s currently being edited constantly in an effort to improve/optimize/extend. This is my first real Python project so I’m learning all the time.

Catching lightning from two tesla coils

At the lab we have 3 tesla coils owned by different members. We decided to put them all in one room. Chaos SCIENCE ensued! This is a picture of me catching lightning with a grounded sword. In simple terms: there’s a wire attached to the sword, which is attached to ground. The tesla coil electricity travels through the wire, and not me.

Hopefully, more on tesla coil stuffs later.

Recently, I downloaded a copy of the penetration testing OS Backtrack. This is a great Linux LiveCD that includes many tools for security testing. One of the things that I really wanted to try out was ARP spoofing. For those who aren’t familiar, here’s a little explanation.

On a normal network, when computer A wants to connect to computer B, they do so through the router. In order to find out how to contact the computer, they send out an “ARP Request,” which looks something like “Who has 192.168.1.10? Tell 192.168.1.11.” The router replies accordingly, giving the MAC address (basically the physical address on the network) to the requesting computer. The problem with this is that there’s no security. If Attacker C gets on to the network with a mac address of 11:22:33:44:55:66, and then sends this out:

• 192.168.1.1 is at 11:22:33:44:55:66
• 192.168.1.10 is at 11:22:33:44:55:66
• 192.168.1.11 is at 11:22:33:44:55:66

Suddenly, the whole network thinks Computer A, Computer B, and the router are all located at Attacker C’s MAC address. This means all the traffic is routed to the attacker. If Attacker C has IP forwarding enabled, there will be no interruption in browsing for Computer A or B. Their traffic will simply be passed on, but it will be traveling through Attacker C’s computer. Why is this dangerous you ask? I’ll explain more in the next section. I decided to check this out using a tool called Ettercap, which can do much more than just rerouting traffic. Ettercap comes included on the Backtrack Linux LiveCD I mentioned earlier, which means that anybody can download the file, put it on a CD or USB stick, and boot up into a fully dangerous Linux OS without making any change to their system. I downloaded the USB version and put it on a USB stick, then booted into it.

It took a few minutes to set up my network card, but I’m not going to go into that process this time. Once the network card was set up and ready, I was sitting in front of a fully ready attack/pentesting operating system. I decided to take it to a local public place network that I own with an open WiFi network. This is when I fully realized how insecure ARP is.

I took my laptop to the public place network that I own and sat down, opened up my laptop and connected to the wireless network. There’s a simple Ettercap command that just reroutes all traffic on the network using an ARP poisoning attack.

ettercap -T -q -M ARP // //

This doesn’t run any special filters or anything, but it does spoof to every computer on the network, meaning all their traffic is flowing through your computer. By default, ettercap collects passwords in plaintext and over HTTPS by certificate spoofing. Every HTTPS website has a unique and securely signed certificate that it provides to the browser to prove the site’s authenticity. When ARP spoofing is enabled, ettercap automatically forges these certificates, but it’s not perfect: they’re detected as not authentic by the browser. You may think that this would make people realize something is wrong, but people just click straight through and log into whatever it is they’re trying to access. This is a HUGE problem, and it’s human error.

I enabled two ettercap plugins after I started my spoofing session by pressing “p” and typing the name of the plugins. The plugins were autoadd and repoison_arp. These names are fairly self-explanatory. autoadd automatically detects new hosts on the netwok and adds them to the poisoning list, and repoison_arp keeps sending false ARP replies during the whole session.

The plugin chk_poison told me that my “attack” was working, but I wanted to check for myself, so I opened up Wireshark, my favorite network analyzer. Suddenly I saw everybody’s web traffic passing through my computer. The “attack” was indeed successful.

This default setup that captures passwords is enough for most attackers to do a lot of damage, but I decided to have a little fun, while remaining non-malicious. For this I called upon Ettercap’s filters, which can replace data in a TCP stream in realtime (and a lot of other cool stuff). I used the info and example code listed at IronGeek’s article about Ettercap filters to replace images on any website that people visited with an image of the hypnotoad. It worked great! Anywhere someone on the network tried to browse, they’d get images of the hypnotoad in place of their real images. This was just a proof of concept, and definitely wasn’t going to harm anybody’s computers, but if an attacker wanted to run arbitrary code on another person’s computer, they could do it easily using something like this.

It really all wraps up to this: the internet itself is broken. Stuff is insecure and easily exploitable. Make sure you always use a little common sense. When your browser warns you that Gmail is using an invalid security certificate, don’t just click through it. Warning are put there for a reason. Anyone interested in protecting their network against ARP poisoning should read this paper.

Feel free to yell at me, correct me, or suggest I change things by writing a comment.