http://revision3.com/hak5/LaserRangeFindingFileRecover/
Download it here!

In this new years eve episode Jason Appelbaum joins us to talk about Laser Range Finding using the USB Missile Launcher and some custom code. Chris Gerling is in the house doing file recovery the down and dirty way. Trust your Technolust and thanks for a great ‘08!

Laser Range Finding

Adding laser range finding to the web missile software would make is so the web user could determine if a target is in range of the missile launcher. The laser range finding software does work but it is a slightly changeling getting it work with current hardware because of the age of the software. It’s really more of a proof of concept than a real tool. The theory behind it, is that distance of the laser can be determined by counting the number of pixels from the center of the CCD to the point lasers reflects on the CDD, that count plus the distance between the laser and the camera gives us the side of the triangle. Then using some simple trigonometry you can find the base of the triangle which is the distance that the object is from the laser.

The problem is the size of the dot on the CCD is not taken into account, so this theory only works for objects in a certain range. That range depends on the distance between the laser and camera. The missile launcher has a short range so the new idea is using two cameras for the laser range finding, one for the missile launchers short range needs and one for long range playing with the cat. Then you can get the best of both worlds the new concept.

There is also a hardware solution

–Jason Appelbaum

File Recovery with the SIFT

In 418 I demonstrated some of the basics in recovering deleted files. Using a DD image taken from a usb drive which had files deleted from it first, I showed off a program called fls which shows you the inodes for each file on a system. Using these inode references, you can carve out in a filesystem exactly where a given file is supposed to reside in the unallocated space. Darren and I discuss some of the math behind this. In the next part I will be showing an easier method of doing this via foremost.

–Chris Gerling

Until next week we welcome your feedback and remind you to Trust your Technolust

Download it here!

Shannon takes the spotlight and opens the show. Darren threatens to vote her off the hakhouse. We postponed the open sourcing of the missile launcher due to finals. Thanks Jason Appelbaum. Our friend Mubix has a great article on Multi-Boot Security Live CDs that makes last weeks pick, UNetbootin even more amazing.

Our next LAN Party will be Half-Life 2 Deathmatch on Saturday, December 13 at game.hak5.org. Prepare to get smack in the face with a flying toilet! Check out all the details at our brand spankin’ new Hak5 LAN Site (with leetness by Squarespace)

Public Key Encryption

In this segment we show you how to setup public key authentication between a windows and a linux host. There are many different software packages through which to accomplish this but we used openssh and putty.

Requirements:

Linux machine or VM running OpenSSH (most distros have it in their repository, or you can find it here: http://www.openssh.com/portable.html

Windows machine with putty software (download the whole package) http://www.openssh.com/portable.html

Installing openssh on linux is relatively straightforward. Refer to their site for details. Once that’s setup, we generated a key using the command “ssh-keygen” and specified the filenames. You can customize the keys you generate as you wish, but we went with the defaults. After entering a passphrase twice, you’ll have a public and private key file, with the public having the extension .pub. The private key file stays on the server but we copy the public key over to our windows machine and convert it into putty format using Putty Generator. After you have the key, you can either pass it with scp using scp -i (pscp in our example since we’re using putty’s scp executable), or you can use the putty ssh client in order to pass the key instead of just a password to authenticate to the server. This makes an easy two-factor authentication mechanism.

–Chris

Driver Backup

After installing a fresh copy of your Windows OS of choice, the biggest headache for most of us is the arduous task of trying to locate drivers for all of our different components. So this post is all about making your reinstall a little less troublesome.

Hereís a list of some of the better driver backup utilities!

DriverBackup2 is a lightweight driver-backup tool. The application is portable with a caveat: youíll need administrative privileges for full use. You can opt to backup one or all of your drivers, the backed up files are dumped into a tree structure based on driver name. DriverBackup2 also allows you to restore and delete unnecessary drivers. If you ever hunted for obscure drivers online, when installing legacy or obscure hardware for instance, DriverBackup2 will save you the hassle of searching them out again.

Double Driver lists all the hardware drivers installed on your system and creates backups of both the actual drivers and lists of the driver names. While handy with any computer, Double Driver really shines if you have a computer that came with pre-installed drivers that are hard if not impossible to come by. With a few clicks youíll have those archaic laptop drivers backed up and ready to put back to work after a fresh install.

DriverMax allows you to easily reinstall all your Windows drivers. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other. Simply export all your drivers (or just the ones that work ok) to a folder or a compressed file. After reinstalling Windows all drivers can be back in place in less than 5 minutes.

DriverView is a helpful upgrade from looking through devices individually in the Device Manager, but the real value here is in the list generation. Create an HTML-formatted backup list for your future troubleshooting needs or export to text to show friends or forum members just whatís gone wrong. While it doesnít actually backup drivers, if youíre still into doing things the old fashion way, DriverView is a great choice!

Now that weíve got all of the corporate slogans and descriptions out of the way, my personal favorite is the first link weíve talked about here. The interface is the least cluttered, and the process really couldnít be any easier. For those of you who are looking to deploy driver backups in an automated fashion, thereís a built in commandline builder! Like I said, Iíve personally used it and really does make life alot easier after a reinstall.

So check it out and if you have any questions, remember: matt@hak5.org - Revision3 Forum or Hak5 Forum

–Matt

Congrats to Mesartwell who correctly answered last week’s trivia. Answer: “Tom is king” and “Jules sucks”. Grab yourself a copy of the Doom alphas

“Hackers Are People Too”

Ashley Schwartau joins us via skype to talk about her documentary Hackers Are People Too

–Darren

Music Organizers

I have thousands of songs on my computer and some of them are missing titles, artists, etc. So when I hop on iTunes to download my feed of podcasts (like Hak5!), I use TuneUp Media to clean up some of my music.

TuneUpMedia

TuneUp Media has the ability to find your songs basically by listening to them, and tell you the information for each one. You simply drag your song over to the clean up bar on the right, and TuneUp finds your songs info in a few seconds. It even gives you a choice of album art you can use.

I like TuneUp simply because Iím really organizational. There are a few bugs thoughÖ Firstly, once you download TuneUp, you donít have the option to close it while in iTunes (unless this has changed recently). Second, there are two versions - free and not free. With the free version, you only have 500 songs to clean up. In the payed version- you can clean up as much as you want.

TagScanner

The second one is TagScanner. Tagscanner is good for someone who doesnít like iTunes. In tagscanner, you can not only clean up the names and artists on your music, but you can also fix up the ID3 tags for each song, down to lyrics and album art. You can also export your music into a .txt or excel spreadsheet, which is pretty neat.

–Shannon
2

Questions

Skybar Baron writes I have a computer from my school and was wondering if there was a way to wipe everything but like Microsoft Office and the OS?

Darren recommends Sdelete.

Until next week we welcome your feedback and remind you to Trust your Technolust

Download it here!

Show Notes

Is WPA Broken? Interesting stuff coming out of PacSec this year. Ars has a great writeup about it our check out Martin Beck and Erik Tews’ paper Practical attacks against WEP and WPA (PDF). There is a proof of concept tool available from the Aircrack-NG folks. Take a look at Tkiptun-ng. At time of writing the tool is not fully functional. Something to keep an eye on.

Steve P. writes to us about the Helmer beowulf cluster. This 6xCore2Quad is sure to make any geek smile. Kitty approved too! While stuffing a personal cluster into an Ikea cabinet is novel in and of itself the mad scientist behind it has thought some insane cluster designs including the 50 tflop Helmer 2 and the 4 pflop Helmer 3. All I can say is I want one. Thanks for the links Steve.

Darren enjoys a Bondages’ No Problem while Matt and Shannon stick with the margaritas.

More importantly Darren talks about Session Hijacking and demos a tool from Errata Security called Hamster and Ferret that, in conjunction with the latest 2.0 build of Jasager, an ICS’d EVDO connection and Tftpd32 we’re able to “sidejack” with our little man-in-the-middle setup. Lesson learned? Be suspicious of any wifi. Check for signatures of trusted networks and tunnel your traffic. We’ll come back to this topic with a more indepth segment on Jasager detection and traffic encryption soon.

A note on trivia. Please answer trivia questions on the Hak5 forums from now on. We would love to continue doing dual winners but with growing prize costs we cannot. Also, if you’re interested in volunteering to help with trivia code challenges lend a hand in the Dev5 board.

Matt shows us how to convert a physical server into a virtual server locally using the free VMware converter tool and talks about some of the concerns you must consider when preparing to virtualize. If you have virtualization questions hit up Matt and we’ll cover ‘em on future segments. Matt at Hak5 d0t org.

Alex W. writes with a question about screen recording. We highly recommend the open source Camstudio as well as FRAPS and Techsmith’s Camtasia Studio (warning: sticker shock may occur at techsmith.com). Paul (our “camera guy”) suggests checking out the new screen capturing functionality of the latest verison of VLC, especially if you’re on the Linux or Mac side.

As always we’d love to hear your feedback. Your questions, comments or concerns can be directed to HakHouse.com. It’s a crazy interactive project we’re working on. Just wait ’till we get the web-enabled robots up in there.

Trust your Technolust

Download it here!

Darren demos optical character recognition and bar code lookups with GOCR. Shannon talks about a new way to organize your desktop with Microsoft Scalable Fabrics. Matt protects a public workstation with Windows Steady State. Plus USB Protocol Analyzers and Paul’s pink flamingo.

Darren demos an Optical Character Recognition with GOCR and lookups at UPC Database proof of concept.

Matt talks about Windows Steady State - an invaluable tool for anyone managing public computers.

Shannon explains Microsoft Scalable Fabrics - an interesting concept in desktop organization.

Darren answers SinisterBlack’s questions about USB sniffing and points out two USB Protocol Analyzers - SniffUSB and USBTrace.

Download it here! http://revision3.com/hak5/Phreaknic

The gang heads to Phreaknic in Nashville Tennessee and in Hak5 tradition brings you a sampling including interviews with Russell Butturini about his U3 Incident Response Tool, Adrian Crenchaw, aka Irongeek, about Keyloggers and other embedded hacking, Daniel Hooper about Software Defined Radio and GNU Radio, Eighty of Dual Core, Droops from Hacker Media, and more. Yeehaw!

Russell Butturini shows us the U3 Incident Response Payload for the USB switchblade. Code and tutorial on the forums.

Adrian Crenchaw, aka Irongeek talks about Hardware Keyloggers and other geeky bits.

Daniel Hooper explains Software Defined Radio, GNU Radio, and the universal software radio peripheral.

Plus talks with Nerdcore star Eighty of Dual Core and Droops from Hacker Media and Hacker Public Radio.

Episode 409 - HappyHakoween: Password Cracking Clusters, Remote Control Services, Wireshark Packet Filtering

Matt shows us how to turn anything into a service and provide a web frontend to manage them windows server, great for game server administration. Chris Gerling wraps up his three part series on Packet Sniffing with Wireshark techniques for packet filtering. Darren harnesses the CPU power of the HakHouse for good or evil to demonstrate cluster computing. Plus details on our Hak5 Halloween LAN Party!

Matt Lestock turns any windows application into a service using instsrv and srvany and demonstrates how we use this technique, coupled with Panel Daemon to delegate game server administration at the Hak5 playground.

Chris Gerling shows us some packet filtering techniques using the network analyzer Wireshark. He covers capture filters, display filters, colors and statistics. Read more on packet sniffing on his blog at ChrisGerling.com

Darren Kitchen talks about parallel computing. He touches on grid computing and massively parallel processors though he mainly focuses on clustering. Darren demonstrates simple windows password cracking techniques using an openMosix based image and discusses the theory behind setup. Darren has a lot of further reading for you to check out on his blog and would like to hear your feedback about building the Hak5 beowulf cluster!

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. Unfortunately until we get a Mac Pro and switch to Final Cut Pro for editing we’re unable to release a 720p version of Hak5. But we’re well on our way to bringing you guys truly high def technolust thanks to everyone who has continued to support this cause. Thanks!

Thanks for watching Episode 409! <3

Hak5 ep 408 - Building Packets

Chris Gerling breaks down IP and TCP headers with Wireshark and building blocks. Shannon Morse shows us DosBox, a free IBM PC DOS emulator. Christine Bourquin talks about Alice, a teaching programming language for beginners. Darren Kitchen summarizes his experience at Day-Con and answers some questions about Fon batteries.

Chris Gerling dives into the structure of IP and TCP headers in part two of his three part series on packet sniffing. He covers everything from source ports to checksums and everything in between offering insight into TCP packets in plain English. Then in part three he covers basic Wireshark usage and advanced techniques. Read more on packet sniffing on his blog at ChrisGerling.com

Shannon Morse shares with us DosBox, the free and open source IBM PC emulator that allows you to break out those old floppies and play your DOS games once again. While we wait for DNF, anyone for a Duke Nukem 3D deathmatch?

Christine Bourquin demos Alice, an innovative 3D programming language that makes it easy to teach programming using a simple drag-and-drop interface. Perfect for the next generation of computer scientists.

Darren Kitchen brings us his review of Day-Con with photos courtesy of the security twits. He also talks about Jasager batteries both big and small.

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. We’re not ready to release the full 720p quite yet as we’re ironing out (read: developing on the fly) the post production process but in the mean time we’ve got damn good looking 480p and we’re looking for your feedback. Thanks a million to everyone who has donated and helped make this happen!

On my segment, I chatted with ya’ll about Dosbox. The first time we shot the segment, we had such bad audio quality that I had to go back and shoot the segment again late into the night… /sigh. Such things happen when you work on a show.

Dosbox is a totally nifty creation that emulates an IBM pc compatible computer running MSDOS. Although dosbox is basically intended to run old school video games from the late 80’s and early 90’s, it can take on other tasks.

One of the key features about Dosbox is it’s ability to run peer-to-peer and internet/intranet video games. It simulates an entire modem, so you and your friends can play those old TCP/IP or IPX network multiplayer games easily with each other.

You can also take simple photos of your gameplay or video footage which is created with the ease of the click of a button. Hit CTRL+F5 for your photo, or CTRL+ALT+F5 to begin a video then again to end it. This makes for easy tutorial building, as well as nice video clips to share. The video is recorded into a folder called captures.

I found lots of good information about Dosbox at this wiki: http://en.wikipedia.org/wiki/DOSBox, as well as their main site: http://www.dosbox.com/. Here, you can find a HUGE list of games that are supported by Dosbox as well as FAQ’s, their own wiki, and forums.

Oh, and did I mention it’s open source and free? Yup

Episode 406 - Packet Sniffing 101, Social Media with Boxee, and multiple Gordon Freemans with Synergy

Episode 405 - Windows USB Booting, Fon Hacking Illustrated, DimDim, DeskSpace and Portals

Episode 404 - File Not Found