BIOS Password Cracking

October 7, 2010 by Mike Szczys 45 Comments

[Dogbert] took a look at the security that goes into BIOS passwords on many laptops. He starts off with a little background about how the systems work. People are bound to forget their passwords, so when you enter a wrong one three times in a row you get a message similar to the one above that locks you out until all power is removed from the system (then you get three more tries). But check out that five-digit number in the picture. That’s a checksum of the password. Some BIOS versions display it automatically, some require you to hold down a certain key during POST, but it’s the pivotal data needed to crack the password.

[Dogbert’s] post doesn’t go into verbose detail about the algorithms he uses to brute force the passwords. But he has posted the Python scripts he uses to do so. Learning how to generate the passwords based on the checksum is as simple as studying the code, which is often the best way to learn.

Arduino, RFID, And You

October 7, 2010 by Jakob Griffith 13 Comments

[Matt] has mixed up a batch of two RFID reading door lock systems. While the “door lock” part of the setup has yet to come into existence, the “RFID reading” section is up and running. By using the Parallax RFID readers (for cheap, remember?) and an Arduino, [Matt] is able to parse an RFID tag, look its number up in a database, and then have a computer announce “Access Denied” in a creamy “Douglas Adam’s sliding door of Hitchiker’s Guide” kind of way with Python.

Good books aside, catch a not as exciting as you’re thinking video after the jump.

Continue reading “Arduino, RFID, And You” →

Decoding MP3 In Python

October 2, 2010 by Mike Szczys 32 Comments

We all listen to them, but do you know how the compression for an MP3 file actually works? [Portalfire] wanted to find out, while honing his Python skills at the same time. He’s been working on an MP3 decoder in the Python language. So far he’s had some success, with the first working decoder clocking in at just 34 times slower than real-time. But since then a bit of optimization improved that to 10 times slower.

Sure, it’s not a usable module yet but his goal of learning the algorithms has been reached. A combination of reading about the standard and looking at code from other projects made that possible. In the future he plans to try the same thing with the H.264 codec.

Python Library For Emotiv EEG

September 13, 2010 by Mike Szczys 23 Comments

Want to control things with your mind? The Emotiv EPOCH EEG is one of the best pieces of hardware you can get that is ready to be hacked into your project. Too bad the entry-level SDK will set you back $500. Or you can take advantage of [Cody Brocious’] work by using his Emotiv Python Library. He sniffed around the data coming in over the USB connection and discovered that it’s encrypted. With a bit of trickery he extracted the key and built the 128-aes decryption routine into his package. So far this just pulls raw data from the unit so it’s up to you to figure out how to properly filter the signals and differentiate which sensor corresponds to each data stream. But it’s a start, and hopefully it’ll lead to more mind controlled doo-dads.

SOAP Compatibility For SQLmap

June 25, 2010 by Mike Szczys 11 Comments

[_coreDump] was doing some database vulnerability testing using SQLmap to automate the process. To his dismay, the package was unable to test using the Simple Object Access Protocol. Faced with having to manually test all of the SOAP vulnerabilities he decided to work some Python magic and add support. His solution allows SQLmap 0.8 to parses XML data from the SOAP protocol by modifying three files from the package. He’s made the diff files available if you need this functionality for your own security testing.

Tweet-a-Watt Now Speaks To Google Power Meter

May 17, 2010 by Mike Szczys 10 Comments

Hackaday’s own [Devlin Thyne] has been working with Adafruit to come up with a way to use the Tweet-a-Watt along with Google Power Meter. Back in March we put out the word that Google had unveiled the API for Power Meter and [Devlin] is the first we’ve heard of to come up with a way to use your own equipment with the service. You can build your own or use Adafruit’s kit and the data pulled from your energy use will be nicely displayed using the big G’s tools. Right now there’s only support for one Tweet-a-Watt but we’d image this will evolve fairly quickly into a much larger house solution. Head over to the Tweet-a-Watt code page to get the source files for this project.

[Thanks PT]

Robotic Chess Opponent

April 14, 2010 by Mike Szczys 22 Comments

[youtube=http://www.youtube.com/watch?v=CkGqn5rNzK8]

[Dennis] is using a robotic arm as a chess opponent. Rather than using an under-board movement system, a Lynxmotion AL5A robotic arm plucks each piece and moves it to the next space. He tells us that he’s using a Python script that he created to process the moves and decide what’s next. That must mean he’s using a webcam to capture the location of the pieces on the board. About half way through you can see the robot run into one of the pawns. We’d like to know if he has problems with picking up the pieces as the game progresses and they get further away from the center of each square. From what we can see, looks like a great job!