ASCII Skulls

I needed an ASCII Skull for… err… reasons, so decided to post the best ones I could find here. Unfortunately nearly all of them are on multiple websites without any credit to the authors, so if you made them or know who did I’ll happily give credit where credit is due.

Read More

Alpine Linux as a Docker host and portable dev VM

I’m a fan of Docker – especially for software development, allowing me to switch machines or operating systems and not have to spend hours re-configuring them to have the same services and configuration. There’s a growing trend to use Alpine Linux for Docker containers, rather than something like Ubuntu, because it has a smaller footprint (making it faster to download and more convenient for smaller, such as solid state, drives).

While all the operating systems I switch between (Linux, Mac and Windows) can run Docker and thus let me easily run my code, I’ve found there’s still a lot of config I want to keep bundled together but would prefer to keep out of “the cloud” – stuff like AWS environment variables, bash history and various utility scripts. I’ve settled on using a (previously Ubuntu) VM as the Docker host and file server, with Samba providing file sharing access so I can edit code in a native editor (Sublime). All I need is an operating system that can run Virtual Box and an SSH client and I’m “home”, able to dev and commit code with everything where I left it. I also don’t have to juggle SSH keys (either for connecting out or authorized keys for connecting in), guessing what IP my host is running on (the VM’s mac address and ip config remains fixed across machines).

Read More

The death of a hard drive, and eBay shopping…

Just weeks out of warranty my Western Digital Green 2TB hard drive died. Here are some of my thoughts and findings while trying to find a new replacement drive.

The Western Digital Green drives, which are supposed to be “energy efficient” and “quiet”, have a bit of a poor track record. It seems the drive powers down when not in use, and spins back up when you access it (but this causes a delay). All this stopping and starting is likely a cause of some wear and tear. I wont be buying one again.

BackBlaze (a “cloud backup” provider) publish “Hard Drive Reliability” stats which shows “HGST” hard drives as one of the the most reliable. Unfortunately HGST are now owned by Western Digital, but there is hope… “In May 2012, WD divested to Toshiba assets that enabled Toshiba to manufacture and sell 3.5-inch hard drives for the desktop“. Apart from this the Toshiba drives fare rather well anyway… so my next drive will be a Toshiba 3.5″.

Read More

Custom ROMS on the NES Classic Mini

(If you’ve used the older method below – “hakchi 1” – make sure you backup your “dump” folder which should contain your original kernel files)

Dumping your kernel:
(this is a relatively safe step – at leat for your NES Classic – as it only reads from it)

  • Download “hakchi2
  • Run hakchi2, from the menu select “Kernel” and “Dump kernel” (say “yes” when asked if you’re sure, and follow the instructions it gives)
  • Once you’ve held down reset and pressed the power like the instructions tell you it, it should automatically start dumping your kernel
  • Do yourself a favour and backup the “dump” folder created in the “hakchi2” folder – this contains your original firmware which can be used later to reset/fix your NES Classic
  • If you get a “Kernel dumped but MD5 checksum is unknown: {0} xxxxxxxxxxxxxxxxxxxx. Maybe kernel already patched or it’s unknown revision.” error, it’s probably best not to continue (unless you used the older method below in which case you should be able to copy that “dump” folder of the hakchi2 “dump” folder and choose “Kernel” -> “Flash original kernel” to reset your device to the original firmware)

Read More

SANS Holiday Hack 2016

It all starts on https://holidayhackchallenge.com/2016/ – where we’re shown Santa Claus’s business card, told the story, and asked to solve some questions/challenges.

Part 1: A Most Curious Business Card

1) What is the secret message in Santa’s tweets?
2) What is inside the ZIP file distributed by Santa’s team?

We’re told to look at Santa’s business card, and enter the game, then answer the questions:


Read More

MIPSEL reverse engineering in Docker

While I’m not much a reverse engineer myself, there have been times when I’ve needed to poke at a MIPSEL binary – be it for a hacking challenge or just some firmware I’m looking at – and while there are tools to identify and reverse engineer these binaries on a different host architecture, sometimes it really helps to be able to run and watch the files more natively.

Read More

BSides 2016 NES Game

For our 2016 BSides Cape Town information security conference I made an 8bit NES game as a challenge – inspired by the amazing challenge @s4gi_ put together for ZaCon 2015 (featuring Leisure Suit Larry of old “quest game” infamy) and the incredible def con challenges 1o57 comes up with (though a little more specifically his “how to build a processor in 10 minutes or less” talk I got to attend at this year’s def con). I wanted to do something game related and retro – not just something in “retro style”, something actually retro – and I decided on the Nintendo NES.

Needless to say I learnt a LOT in the process, and have a lot more respect for the game developers of 80’s for the quirkly, limited, hardware they were coding for. There are some great tutorials and videos about the NES hardware that I found on this journey that I’ll hopefully blog about soon.

The .nes ROM can be downloaded here and the source code is available on GitHub.

Read More

NodeJS Tips and Tricks

Some tips and tricks when coding NodeJS:

(Caution: highly opinionated thoughts follow)

  • keep code tidy with “jscs” (decide on a style guide and find or make a jscs template for it) and “jshint” or “eslint
  • use “slow-deps” to find out which packages are slowing down your “npm install” (possibly “jscs” – consider installing it globally) – more info on “slow-deps”
  • lock down your package versions, and their dependencies verisons, with “shrinkwrap” (this is good for stability and security!)
  • scan your dependencies regularly for security issues, using tools like “snyk” (pronounced “sneak”) or “nsp” – I made a docker image for this
  • vax” will help with some other security stuff – run it
  • “you can’t manage what you don’t monitor”… run a “statsd” server to gather metrics on events, actions and durations in your app – I made a docker image to help with this during development
  • improve console  debug/output/start-up output with “cli-tables” and “colors” – personally I like to (programmatically) print out all of the endpoints an application exposes… which saves on external documentation
  • expressjs” is popular, but “restify” lets you add all kinds of extra metadata on to your routes which you can then act on (easier permission handling, debug data output, etc)
  • make use of “sinon“s “sandbox” functionality to easily stub and reset object properties and methods (for testing in isolation) – and “istanbul” makes code coverage easy
  • restrict and validate data with “joi” – note: it does not prevent SQL Injection or HTML characters in strings, that’s on you (take a look at “striptags” and “xss“)
  • update your packages more easily with “npm-check” (run with “-Ue”)
  • pnpm” attempts to speed up “npm install” by downloading in parallel, but I had some issues (seemingly race conditions) – might be worth keeping an eye on and trying
  • be aware of some of the unicode issues: https://www.youtube.com/watch?v=qFfjJ8pOrWY

On NPM, left-pad, and Azer Koçulu’s modules

My working day today started with the drama of 273 node modules being removed from a public repository everyone uses, with one module in particular – “left-pad” – breaking a surprisingly large number of other modules. Talk about a great disturbance in the Force, as if millions of voices suddenly cried out in terror, and were suddenly silenced.

The author of the module posted the reason for his actions: https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c#.xp2dkmk69 and while I mostly agree with him, I do wish the impact weren’t quite so large. A list of the modules he removed was also posted: https://gist.githubusercontent.com/azer/db27417ee84b5f34a6ea/raw/50ab7ef26dbde2d4ea52318a3590af78b2a21162/gistfile1.txt

Apart from breaking application deployments and causing inconvenience, there’s also the very real risk of malicious code being pushed up to the NPM repository under the names of these removed modules, so I did some digging…

Several people have already registered some of the modules names on the NPM repository, hopefully to replace the modules with their previous version or prevent people from doing something malicious as mentioned above:

hypnza: 1
ccbikai: 1
westlac: 1
strml: 1
msanford: 1
ehsalazar: 2
hassoncs: 2
iclanzan: 5
backup: 5
kazmer: 8
case: 8
nj48: 238

Read More

Adventures in “aircrack” with cheap wifi dongles

I recently bought 3 cheap’ish wifi dongles and wanted to see how they’d do with “aircrack” in Kali Linux. I had difficulty getting any of them to work in Kali Linux 2.0 so this blog post contains Kali Linux 1.0 instructions.

  1. 150Mbps High Speed USB Wireless Wifi 802.11n
    Chipset: Realtek 8179 (R8188EU)
    Drivers: https://github.com/lwfinger/rtl8188eu
    Instructions:

    # none – monitor mode doesn’t work 🙁

    Read More