Thanks go to sometimes hacker, C.K. Sample, III, author of PSP Hacks for contributing this how-to.
So you’ve heard about this homebrew thing that all the cool kids have been doing, but you have already upgraded to version 2.6 of the firmware so that you could play all the latest and greatest games on the PSP. Fortunately for you, some very diligent hackers have been working round the clock to discover ways to get around the limitations put in place by the latest firmware.
The solution isn’t in the form of a downgrader, but rather in the form of an eLoader (EBOOT loader) that lets you use Grand Theft Auto: Liberty City Stories to run homebrew on a PSP with version 2.0, 2.01, 2.5, and 2.6 of the firmware. Not all homebrew will run via this method, but there is a rather easy to read compatibility chart and I’m sure more things will begin working in future releases of the eLoader.
To help you along in your quest to homebrew, here’s a step by step (with pictures!) guide to using the eLoader:
Continue reading “How-to: PSP 2.00-2.60 homebrew with eLoader”
If you payed attention to the comments on our story about a Magnetic stripe card emulator you would have seen Abend announce his Shmoocon talk. It was a pretty interesting talk about the basics of mag cards and some of the tricks employed by companies to obfuscate the data. To get the feel for the talk I suggest you listen to SploitCast #004 which features Abend as a guest. That combined with his slides and tools should give you a fine crash course in the technology. He also recommend’s Count Zero’s “A Day in the Life of a Flux Reversal“. Billy Hoffman, who did the Covert Crawler, has also worked with mag stripes and developed the program Stripe Snoop.
Continue reading “Shmoocon 2006: A Young Gentleman’s Primer on the Reading and Emulation of Magnetic Cards”
You could spend hours exploring the R/C Tank Combat website, so we will highlight one project to get you started. Steve Tyng built this awesome model based on the Russian T34-85 tank. The body is all wood an uses stainless steel axles salvaged from a printer. The original drive system used 24-volt DC motors from dot-matrix printers, but they’ve since been replaced. The most tedious part of this build appears to be the tracks which are made from a treadmill belt sandwiched between wooden blocks. The turret rotates and the barrel can elevate as well. The entire turret package can be easily removed. Inside is a cheap paintball gun that has been lightened and has a small RC servo bolted on to depress the trigger. Definitely have a look at the Maryland Attack Group’s other projects like their field artillery and armoured cars.
Continue reading “RC paintball tank built from printer parts”
Franck Veysset and Laurent Butti, both from France Telecom R&D, presented several proof-of-concept tools at Shmoocon that use 802.11 raw injection. The first is Raw Fake AP. The original Fake AP is a script that generates thousands of fake access points. It is easy to spot because of tell-tale signs like the BSSID showing the AP has only been up for a couple milliseconds. Raw Fake AP tries to generate legitimate access points by modifying BSSIDs and sending beacon frames at coherent time intervals.
Raw Glue AP is designed catch probe requests from clients scanning for a preferred ESSID. It then tries to generate the appropriate probe responses to keep the client occupied.
Raw Covert was the final tool. It creates a covert channel inside of valid ACK frames. ACK frames are usually considered harmless and ignored by wireless IDS. The tool is really basic right now, there is no encryption and it doesn’t handle dropped frames.
Continue reading “Shmoocon 2006: Wi-Fi Trickery or How to Secure, Break and Have Fun with Wi-Fi”
We’ve had fun with the sensors in optical mice before, but [Mac Cody] wrote in to tell us about his legitimate application of the technology. First, he disassembled the mouse and bypassed the on-board controller. He then wired the clock and data lines to a Harris RTXEB single board computer. It’s based around a Harris RTX2001A microcontroller which he programmed in Forth to talk to the Agilent optical mouse sensor. Documented code is provided in case you want to implement it in a different language. His future plans for the system are to roll it into some robot projects for dead reckoning navigation.
Continue reading “Robotic motion sensing using an optical mouse”
The Church of WiFi gave a presentation on some of their recent projects. The first was coWPAtty, a program for brute forcing WPA-PSK. To speed up the process they created a table for pre-hashed WPA-PSK. WPA-PSK is seeded using the SSID of the router, so they grabbed the top 1000 SSIDs from Wigle.net and calculated the hashes when using a 170,000 word dictionary. Now they are able to check 18,000 keys/sec instead of just 12 keys/sec.
The next project was Evil Bastard, a custom WRT firmware. It is similar to Rogue Squadron which is a firmware designed to spoof an access point and collect user information by phishing. Evil Bastard has even more tools like Aircrack and Driftnet. It even features a “Point ‘n 0wn” interface that lets you just click on the target you want to automatically spoof.
The CoWF is also responsible for Kiswin, Kismet for Windows, which saves you from having to install Cygwin.
Continue reading “Shmoocon 2006: The Church of Wi-Fi presents: An evil bastard, a rainbow and a great dane!”
Billy Hoffman has built a site crawler that can hide its activity within normal web traffic. Crawling a website is one of the easiest ways to find exploitable pages, but the systematic nature of the crawl makes it stand out in logs. Billy set out to design a crawler that would behave like a normal web browser. It follows more popular links first (think “news”, not “legal notice”) and it doesn’t hit deep linked pages directly without first creating an appropriate Google referrer. There are tons of other tricks involved in making the crawler look “human” which you’ll find in Billy’s slides over at SPI Labs. You can also read about the talk on Wired News.
Continue reading “Shmoocon 2006: Covert crawling: a wolf among lambs”