Alright, so Doom isn’t actually running on the key chain itself, but rather a BifferBoard: a small 150MHz x86 containing ethernet, serial, and even USB with only one watt of power consumption! The project is to show how easy it is to program the BifferBoard and getting it talking to other hackable items – such as the picture key chain for a display. Doom does appear a bit slow, but [Biff] figures its do to how haphazardly it grabs keyboard input over SSH.
In November, we covered installing Boxee on AppleTV using atv-usb-creator. [Danny] has written a tutorial on installing Boxee, XBMC, NitoTV, SSH access, and external USB hard drive support. His method installs most of the software via the USB patch stick, then uses the SSH support to enable the external drive and install NitoTV. The tutorial lists a Mac running OSX 10.4 or newer as a prerequisite but there is now a Windows version of atv-usb-creator. According to their Google Code page Linux support for this package is on the way.
[via AppleTV Hacks]
Bittorrent is a great distribution method for large files, but its heavy bandwidth usage can be disruptive to both work and home networks. [Brett O'Connor] has decided to push all of his torrenting activity into the cloud. Amazon’s EC2 service lets you run any number of Amazon Machine Images (AMI, virtual machines) on top of their hardware. You pay for processing time and data transferred. [Brett] put together a guide for building your own seedbox on the service. First, you set up the Security Group, the firewall for the machine. Next, you specify what AMI you want to use. In this example, it’s a community build of Ubuntu. Once you have your SSH keypair, you can start the instance and install Apache, PHP, and MySQL. TorrentFlux is the web frontend for bittorrent in this case. It manages all the torrents and you just need to click download when you want to grab the completed file.
Even if you don’t plan on setting up a seedbox, the post is a straightforward example of how-to get started with EC2. He’s not sure what the cost will be; the current estimate is ~$30/mo.
It’s the season of gift giving. Did you get anything interesting/hackable? What will you work on next?
We gave ourselves an Android Dev Phone 1 (ADP1). We hadn’t really considered getting a G1 until the ADP1 was announced… It’s actually a lot of fun to use as our primary phone. Our favorite app so far is connectbot, the SSH client. The interface is really smart, way better than all of the iPhone clients.
What did you get?
With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.
To appease people waiting for the iPhone 3G unlock, iphone-dev team member [MuscleNerd] did a live video demo this afternoon. The video shows him removing the AT&T SIM and putting in a T-Mobile SIM. After the switch, the phone shows no connectivity. He then runs “yellosn0w” in an SSH session with the phone. The phone then unlocks without needing to be rebooted and the signal bars appear. The final test shows the phone receiving a call.
The target for this release is New Year’s Eve and it doesn’t support the most recent baseband. Well be attending the 25C3 talk hosted by [MuscleNerd] and other team members. The VNC screen you see in the video is thanks to [saurik]‘s Veency.
T-Mobile’s G1 was released last week and there has been at least one Android vulnerability announced already. The New York Times reported on research done by [Charlie Miller], who also helped find one of the first iPhone bugs, so we think the report is fairly credible. Last year, we saw him deliver a seminar on real world fuzzing at ToorCon 9. It covered exactly how they found the iPhone bug.
If you just want to use a G1 without service, you can activate it with any T-Mobile SIM card.
The iphone-dev team published a video today showing access to the iPhone’s baseband processor. They connect to the device over ssh and then use minicom to issue AT commands. They’re writing custom AT commands for full control.