Author: Baab

Posted on

Crocodile Hunter

One of the most exciting talks at Def Con Safe Mode 28, for me anyway, was Cooper Quintin discussing the EFF project “Crocodile Hunter,” an SDR app that helps to discover rogue cell stations.

As some of you are aware, I spent quite a bit of time two years ago trying to get a working platform for observing 4G behavior. I had a great SDR for it, the BladeRF X40, but I never managed to get a system completely up and running.

With this release, we’ve been given a predictable, stable, working platform for 4G experimentation. The hardest part for entry-level experimenters such as myself has been automated.

My platform:

Ubuntu 20 LTS
BladeRF X40
(2) LTE paddle antennas from Amazon ($10-15)
An HP All-In-One gen 1 PC.

All that’s really required is reasonable processing power, and optimally USB 3.0. It should even run on a Raspberry Pi 4, which is wicked convenient for mobile cell tower mapping.

Caveats:

Make sure you have the 2019 BladeRF libraries, if that’s the device you use.

If you run into any problems compiling, check the issues page on the github page for the project. I ran into a couple and was able to resolve them pretty quickly.

Also, per Cooper, there’s a bug in the initial job to fetch the EARFCN list. I had to populate my config.ini manually.

https://github.com/EFForg/crocodilehunter

Posted on

3D Printing Fails

The world of amateur consumer-grade 3D printing is fraught with challenges and opportunities for catastrophic failure.

We were on a pretty good roll for a while, some good large pieces completed nicely, we got the bed leveling procedure down to a science, the system seemed pretty reliable. Unfortunately, purely mechanical systems like this (at its core, 3d printing is just motors and heaters) prefer to revert to chaos. Vibration shakes things loose, and then all bets are off.

In this case, this piece was probably 80% done when the heating element set screw vibrated loose, and then the heating element itself shook itself loose from the extruder block, and then was just dragged around on the bed by its wires until it was discovered about 15 minutes later. You can see the melted areas along the rim where it dragged over those edges repeatedly, and then the melty paths along the floor of the surface where it was simply dragged across the floor. Gorgeous, and not the quickest repair job for the printer either.

Posted on

Stardate 98195.74 — I have bitten off more than I can chew.

I have yet to even absorb the schedule for Def Con 28 Safe Mode. Don’t even get me started on the Million Channels of Discord. But here I am just the same, in addition to all the mental gymnastics to pump me up for this virtual con, having signed on to participate in a dynamic android debugging CTF remotely at work tomorrow afternoon.

In the process of installing all of the prerequisites, I discover/remember that I had Android Studio 3.1 on this laptop 27 months ago, for. a similar CTF, my first one at this job.

Also, installing Android Studio, plugins, SDK, tools, etc., makes a MacBook Pro a bit… WARM.

WOOHOO, I have a working Pixel 3a XL emulator!

Posted on

Group Participation Invite for Def Con Safe Mode 28

My plan is to stay home from work on Thursday the 6th and Friday the 7th, and be as fully immersed in DCSM28 as I can be. It’s been an important part of my life these past few years, and I refuse to just pretend it’s not happening, or “skip a year.” It’s obviously going to be a very different experience this year than in prior years, so I’m staying open to that experience.

To that end, I’m planning on monitoring the DC540 Discord throughout the event, while participating in whatever ways reveal themselves.

Please feel free to join in if you’re so inclined.

https://discord.gg/XsPwt2M

Posted on

Questionable USBs FTW

I bought some used Def Con USB sticks on ebay. They contain official presentations. I didn’t buy them for the presentations, though — those are available online on Def Con’s media site. I bought them because they are pretty cool Def Con branded swag.

Since I won three separate auctions (DC27, DC26, and one from Blackhat), I got a refund from the seller for a combined shipping discount. When I saw the seller’s name, I did a double-take.

I just bought USB sticks from one of the most well-known hackers on the planet.

This should be fun. And not scary at all.

Posted on

Defcon badge info

SO the Defcon Badge deep-dive was well-received during tonight’s Zoom, there were some interesting ideas thrown about. For now, we’re collecting everything we figure out about it in the bad decisions discord. If you’re not on that, ask yourself what you’re even doing with your life.

Posted on

Managing changed SSH keys in CentOS 8

All these years, I’ve dealt with changed SSH keys (you know, you go to SSH into something and you get the “key has changed” error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

probably because you rebuilt the target server/vm, or you changed an IP somewhere, or whatever) by removing the entry from ~/.ssh/known_hosts. It’s a few annoying extra steps, but it has always worked for me. Call it “old reliable.”

With the release of CentOS 8, everything changes. Known hosts are now managed by sss. Maybe this happened somewhere else and I wasn’t aware of it, but this is how I was made aware of it:

Message as above, along with:
Offending ED25519 key in /var/lib/sss/pubconf/known_hosts:6

Well that’s new. And you can’t delete from that file, because it’s generated behind the scenes and then comes right back. Generated from ~/.ssh/known_hosts, apparently. And nobody wants to enter a new key manually as it suggests. The answer?

ssh-keyscan -t ecdsa 10.120.x.x >> ~/.ssh/known_hosts

(substituting your target IP, of course). Almost worth aliasing “whoopsienewkey” to it with a variable for the IP.

Anyhow, that’s all, I hope you’ve learned something today to make your day easier and brighter.

Posted on

Defcon28 Badge

Anybody interested in collaborating to investigate the Defcon 28 tape badge to uncover its secrets? Hit me up if you’ve got ideas and cycles.