War Gaming for Security Cred

Maybe you are an elite hax0r. But probably not. Maybe you feel like you should know more about how systems are compromised, and we’re all about that. You can’t keep the black hats out if you have no idea how they go about breaking in in the first place. That’s why war-gaming sites sprouted up in the first place. We find this one in particular to be delightfully engaging. OverTheWire’s Wargames teach you a little about security while the uninitiated also learn about simple concepts like SSH and, well… Linux!

On-the-job training is the best way to learn, and this is pretty close to it. Instead of providing an artificial avenue of learning the creators of OverTheWire have used the real thing to illustrate poor online security. You don’t “play the game” on an artificial web interface, you do it on legitimate platforms. The very first level (appropriately named Level 0) starts by figuring out how to connect to a system using Secure Shell (aka SSH). From there you’re prompted to use Linux command line tools to figure out where to go next.

Even veteran Linux/Security users should find this offering entertaining. The early stages are both quick and simple to navigate as an experienced admin while providing a welcoming learning platform for those who aren’t quite there yet. Work your way through a few different “servers” and before long your own knowledge will be tested. This isn’t a new platform, mentions of the site in Hackaday comments go back to 2010. But if you haven’t given it a try, Wargames is well worth adding to your weekend entertainment list.

[Thanks NightPhoenix]

Running Doom On The Intel Edison

A few months ago, the Intel Edison launched with the promise of putting a complete x86 system on a board the size of an SD card. This inevitably led to comparisons of other, ARM-based single board computers and the fact that the Edison doesn’t have a video output, Ethernet, or GPIO pins on a 0.100″ grid. Ethernet and easy breakout is another matter entirely but [Lutz] did manage to give the Edison a proper display, allowing him to run Doom at about the same speed as a 486 did back in the day.

The hardware used for the build is an Edison, an Arduino breakout board, Adafruit display, speaker, and PS4 controller. By far the hardest part of this build was writing a display driver for the Edison. The starting point for this was Adafruit’s guide for the display, but the pin mapping of the Edison proved troublesome. Ideally, the display should be sent 16 bits at a time, but only eight bits are exposed on the breakout board. Not that it mattered; the Edison doesn’t have 16 pins in a single 32-bit memory register anyway. The solution of writing eight bits at a time to the display means Doom runs at about 15 frames per second. Not great, but more than enough to be playable.

For sound, [Lutz] used PWM running at 100kHz. It works, and with a tiny speaker it’s good enough. Control is through Bluetooth with a PS4 controller, and the setup worked as it should. The end result is more of a proof of concept, but it’s fairly easy to see how the Edison can be used as a complete system with video, sound, and wireless networking. It’s not great, but if you want high performance, you probably won’t be picking a board the size of an SD card.

Video demo below.

Continue reading “Running Doom On The Intel Edison”

Messing Around With Naenara, North Korea’s Web Browser

[Robert] has been snooping around Naenara in order to learn more about how North Korea’s intranet might work. Naenara is the web browser that comes bundled with North Korea’s official Linux-based operating system known as Red Star OS. [Robert] once saw a screenshot of the browser and found it interesting that the browser seemed to automatically load a non-routable IP address immediately upon start-up. This made him curious about what other oddities one might uncover from the software.

Upon start-up, the browser tries to load a page located at IP address, which is a reserved IP address for private use. This indicated that North Korea’s “Internet” is actually more of in intranet. [Robert] suspects that the entire country may be running in private address space, similar to how your home or business likely runs.

[Robert’s] next thoughts were that the browser looks like a very old version of Mozilla Firefox, but with some default configuration changes. For one, all crashes are automatically transmitted to “the mothership”, as [Robert] calls it. He suspects this is to fix not only bugs, but also to find and repair any security vulnerabilities that may allow users more control.

There are some other interesting changes as well, such as the supported security certificates. The Naenara browser only accepts certificates issued by the DPRK, which would make it very easy for them to snoop on encrypted HTTPS traffic. there is also evidence suggesting that all traffic for the entire country is routed through a single government controlled proxy server.

None of these findings are all that surprising, but it’s still interesting to see what kind of information can be gleamed from poking around the browser and operating system. [Robert] has found more than just these few findings. You can check out the rest of his findings on his blog.

[via Reddit]

What is this thing called Linux?

It should come as no surprise that we at Hackaday love Linux above all others (that should start a nice little flamewar on the internal email list). If you still haven’t given it a whirl yet, don’t fear. Everyone starts from scratch at some point. With each passing year it becomes more and more likely that knowing something about Linux will eventually benefit every hardware hacker. Take part of your time off in the coming weeks to give it a whirl. First thing’s first, check out this quick guide on what Linux actually is.

Adafruit’s offering is pretty low level, so if you’re the kind that likes to argue “kernel” versus “OS” please keep it to yourself. For us the important distinction pointed out here is microcontroller (Arduino) versus Raspberry Pi. The Pi generally runs one flavor or another of Linux for good reasons, while microcontroller-driven systems tend to run use-specific code (with the exception of projects that leverage Real Time Operating Systems). Of course it extends past pre-fab options, Linux is a popular choice on bare-bones roll-your-own machines.

This is the year of Linux! Ha, we’ve heard that one every year for at least a decade. To us it makes no difference, you should know a bit about each OS out there. What are you waiting for? Read the guide then download (for free!) a CD image of our current favorite Linux flavor.

Crypto Photography and Custom Firmware

Imagine a camera that took encrypted pictures. If your camera is stolen, the only thing on the memory card would be random data that can only be unlocked with a key. If you hire a photographer, those images cannot be copied without the key. At the very least, it’s an interesting idea made impressive because this actually exists.

[Doug] recently got his hands on a Samsung NX300, a nice camera for the price that conveniently runs Linux and is kinda open-sourced by Samsung. With special firmware, [Doug] created public/private key encryption for this camera, giving only the person with the private key the ability to unlock the pictures taken with this camera.

[Doug] started his build by looking at the firmware for this camera, figuring out how to take everything apart and put it back together. With a few modifications that included encryption for all images taken with this camera, [Doug] repackaged the firmware and upgraded the camera.

The encryption firmware is available on the site, but considering how easily [Doug] was able to make this hack happen, and a great walkthrough of how to actually do it raises some interesting possibilities. The NX300 is a pretty nice camera that’s a little bit above the Canon PowerShot cameras supported by CHDK. It also runs Linux, so if you’re looking for something cool to do with a nice camera, [Doug] has a very good resource.

Simple Terminal Hack is Fit For Hollywood

We’ve all seen the cheesy hacker scenes in movies and on TV. Three dimensional file system browsers, computer chip cityscapes, and other ridiculous visualizations to make the dull act of sitting at a keyboard look pretty on the silver screen. While real hackers know those things are often silly and impractical, sometimes we do go out of our way to pretty things up a bit.

Hollywood might be able to learn a thing or two from this latest hack. [Yuri] modified his Linux terminal to change the color of the back lights on his laptop’s keyboard. It’s the kind of thing that actually would look good in a modern hacker movie, and [Yuri] is living proof that it’s something that a real-life hacker would actually use!

[Yuri] has been running Simple Terminal. The Simple Terminal project aims to build a replacement for the default xterm program that removes all of the unnecessary features and simplifies the source code. It also aims to make your terminal experience prettier. Part of making things prettier means that you can choose the font color for your terminals, and of course each terminal window can have its own color if you so choose.

[Yuri] happens to own an Alienware laptop. This laptop comes with RGB LEDs behind the keyboard, allowing you to light them up just about any color you could ever want. [Yuri] thought it would be cool if his keyboard color matched the font color of his terminal windows. Thanks to AlienFX, he was able to write a simple patch for Simple Terminal that does exactly this. Now whenever he selects a terminal window, the keyboard automatically switches colors to match the text in that window. Be sure to check out the video below. Continue reading “Simple Terminal Hack is Fit For Hollywood”

Running Debian on a Graphing Calculator

While the ubiquitous TI-83 still runs off an ancient Zilog Z80 processor, the newer TI-Nspire series of graphing calculators uses modern ARM devices. [Codinghobbit] managed to get Debian Linux running on a TI-Nspire calculator, and has written a guide explaining how it’s done.

The process uses Ndless, a jailbreak which allows code to run at a low level on the device. Ndless also includes a full SDK, emulator, and debugger for developing apps. In this case, Ndless is used to load the Linux kernel.

The root filesystem is built on a PC using debootstrap and the QEMU ARM emulator. This allows you to install whatever packages are needed via apt, before transitioning to the calculator itself.

With the root filesystem on a USB flash drive, Ndless runs the Linux loader, which starts the kernel, mounts the root filesystem, and boots in to a Debian system in about two minutes. As the video after the break demonstrates, this leaves you with a shell on the calculator. We’re not exactly sure what to do with Linux on a graphing calculator, but it is a neat demonstration.

Continue reading “Running Debian on a Graphing Calculator”