Wednesday, November 04, 2009

worst malware analysis ever

Symantec has decided that Lose/Lose is a trojan. It is, in fact, a video game that deletes files. The game's web site warns that the game deletes files. The game itself warns the player that it deletes files. There is nothing whatsoever malicious about a program deleting files after warning the user that it will delete files.

Why does Symantec (oh, Trend too) think this is malware? Because "there’s nothing stopping someone with more malicious intentions from modifying it slightly and then passing it on to unsuspecting users, causing significant damage to a computer." By that logic, rm should be considered malware because it could be modified (say, by renaming it) to delete files contrary to a user's expectation. Frozen Bubble must be malware too, because it could easily be modified to delete files!

Saturday, September 12, 2009

ToorCon workshop

I'll be running a software radio workshop at ToorCon in October. It will be similar to the workshop at ToorCamp but with more electricity and less volcanic ash! With a more pleasant environment and more structured lessons, a greater amount of material will be covered.

Friday, September 11, 2009

building an all-channel Bluetooth monitor

video (179M) of my presentation with Dominic Spill at ShmooCon 2009 has been posted.

Saturday, July 18, 2009

toorcamp badge hacking

The badges at Toorcamp were solder-yourself passive RFID detectors. With the jumper in one position, an LED lights up in the presence of 125 kHz signals (used by low frequency RFID tags). With the jumper in the other position, a second LED indicates the presence of 13.56 MHz signals (used by high frequency RFID tags and Near Field Communication).

The circuit is very simple. Each side consists of an inductive loop (of traces on the circuit board), a tuning capacitor (forming a tank circuit with the loop), and an LED. It is powered by the received signals (as are passive RFID tags). I've tested my badge by holding it up to both types of RFID readers, and it works perfectly. Unfortunately it only works at very close range, so it isn't the most useful device on its own. As a component in other circuits, however, the unit has great potential.

Thanks to some spare parts and excellent soldering equipment provided by my friends at the Dorkbot campsite, I was able not only to assemble the badge but to perform a simple modification that turned it into a low frequency RFID decoder (in conjunction with a laptop computer). All I had to do was attach a cable with an audio plug in place of the jumper. At the camp, I soldered the audio cable directly to the board, but I have since reworked it with a plug that can be removed or repositioned on the header.

125 kHz RFID tags (at least the ones I've had an opportunity to play with) use a double modulation scheme. The data signal is frequency modulated (FSK) in the neighborhood of 14 kHz, and then the resulting signal is amplitude modulated up to 125 kHz. One way to demodulate the over-the-air signal is to perform the whole process in reverse: undo the amplitude modulation to get back to 14 kHz FSK, and then FM demodulate back to the baseband signal.

The fist step can be done with a small analog circuit. The simplest way to demodulate an AM signal is to rectify the signal (only allowing current to pass in one direction) with a diode and then smooth the resulting signal with a low pass filter (which can be as simple as a single capacitor). This results in a waveform that represents the envelope, the amplitude variations over time, of the original signal. Lucky for me, the LED on the Toorcamp badge is a diode that rectifies the signal! With the badge plugged into a laptop's microphone jack, the sound card's anti-aliasing filter does the smoothing, and the resulting signal of approximately 14 kHz is within the range that the sound card can record.

The FSK demodulation can then be done in software, allowing the whole setup to act as a close-range RFID decoder. You could even plug the badge into a small audio recorder and decode recorded signals later on a computer.

This simple modification just scratches the surface of what can be done with the Toorcamp badges. Having RFID frequency tuned loops available to plug into your own circuits makes it easy to play with both reception and transmission of RFID and NFC signals. For example, at the camp I used a second badge plugged into a USRP in order to transmit the 125 kHz signal needed to excite an RFID tag for testing the decoder.

Thanks again to everyone who made Toorcamp possible and to all the new friends I made there, especially the Dorkbot campers. It was an incredible experience.

Friday, June 26, 2009

toorcamp awaits

Next week Dominic and I will reprise our ShmooCon Bluetooth talk at Toorcamp, North America's first hacker camp (which happens to be taking place at a defunct Titan-1 missile silo). The nice folks from DorkbotPDX have allowed us to join their campsite. While we're there we also plan to run a software radio workshop. It is high time that more hackers learn how to use this technology.

Thursday, March 26, 2009

Black Hat video up

Video (warning! 283 MB!) of my talk, Software Radio and the Future of Wireless Security, at Black Hat USA 2008 is now available along with all the other presentations from the event.

Tuesday, March 03, 2009

Star Crossed

After four years of developing tools and techniques, three gloves and mittens cut by angle grinders, two broken slabs of ice intended for moving parts, one tool confiscated by the TSA, and zero broken beaks, we completed Star Crossed. The sculpture features a realistic penguin on the left and a mechanical penguin on the right. It is the first working mechanical ice sculpture that we have completed in the Single Block Classic.

The head of the realistic penguin is shown in this detail photo. We used two textures: scratched and transparent.

This shot shows the mechanism on edge. The head piece rotates on the upper axle and has a long slot that extends downward. The key on the lower axle turns a cam with a lug that rides along the slot. You can watch a video of the mechanism in action.

We carved Star Crossed in three days and had a great time doing it. Thanks to all the volunteers and sculptors at Ice Alaska who make the experience a fun one every year. Thanks to Sharon Hansen for the shooting the photos and video.

Monday, March 02, 2009


Throughout the final day of competition we worked primarily on converting the rough penguin bodies into finished sculptures. The first step was a thorough scratching with the devil's back scratcher. This removed all the chainsaw and chisel marks, refined the shape of the piece, and left only small scratches to be polished away. We decided to use the scratched texture for the black portion of the realistic penguin and a transparent texture for the white portion and for the entire mechanical penguin (in order to make the machine parts visible).

For the transparent texture, we removed the scratches by polishing with a Scotch Brite pad on an angle grinder and applied heat with a weed burner and hair dryer for the final finish. "Scratch, buff, burn" was our mantra for the day. By dinner, both penguins were finished as were all of the machine parts.

After a quick dinner, our first priority was assembly of the machine. We had done a trial assembly the day before to verify fit and clearance for all the parts, but the final assembly was a bit different. For one thing, we had to add bushings to keep parts from sliding along the length of axles. We also had to waterglue parts together, eliminating a bit of play between various parts. Once we had everything welded into place, the mechanism didn't work! There wasn't enough clearance for the cam's lug at one end of the slot in the head piece. Fortunately we had anticipated that this might happen, so Lars was able to correct the problem by thinning the lug while I worked on finishing the beak of the realistic bird. The rest of the penguin was done, but we had left the beak for last in order to avoid breaking it. I trimmed an inch or so of diameter with a small chisel and added a beak line and eyes.

By the time I was done, Lars had the mechanism working, but he had only tested it with his hands guiding the interior parts. He hadn't actually turned the entire mechanism from the key on the front. We decided to try it together, rotating it a few times just before the final horn sounded. It worked!

During clean-up, several people, including sculptors and the event director, stopped by to try it out. We constructed fence posts within reach of the key and a sign instructing people to turn it gently. Sharon made a short video of Lars and I turning it as well. When we left, the mechanism was still working, but we didn't know how long it would last.

We crashed at Belfair that night and woke up the next day in time to thaw and dry our equipment before heading out for an 11 mile hike-and-sled to remote Tolovana Hot Springs. It was a delightful weekend of snow, sun, and good company.

Thursday, February 26, 2009


It is the morning of the final day of competition. Last night we stopped a bit early (?) and made it back to Belfair around 11:00. Lars made lesson plans while I sharpened chisels. (Thanks for the diamond stone, mom and dad!) Actually, Lars made lesson plans while I had a beer (Belfair home brew) and played guitar. Then I stayed up a couple hours after him to sharpen chisels, and I'm glad I did! I made short work of the head first thing this morning, and I did it all with two freshly sharpened chisels. Meanwhile Lars taught a pre-calculus class and has now arrived at the warming hut to join me in a mid-morning snack. (Unlimited coffee and doughnuts!) We didn't get much sleep last night, but at least we didn't spend the entire night carving ice like a few of the other sculptors.

day two

What a beautiful day for carving ice! The weather has been perfect for ice, not too warm, not too cold. After the ice warmed up a bit in the morning and our liquid water cooled down, we worked on the welds and had them done by lunch. They could be prettier, but they are structurally sound. After lunch we finished the mechanism pieces (except for the handle) and performed a trial assembly. Everything fit and had enough clearance through the complete range of motion.

Later in the day we turned to the task of removing large quantities of ice to shape the bodies. It has been slow going but is mostly done. While Lars is at school for a bit Thursday morning I'll tackle the head of the realistic penguin. I'm terrified that I will ruin the thing!

Wednesday, February 25, 2009

the penguins are coming! the penguins are coming!

Day one was quite successful. Our ice had several large cracks (and the heat of the giant chansaw produced an additional one), but we've managed to work around them well. We have been able to find high quality sections for our mechanical parts. We made a last minute decision the night before the event to increase the overall size of the piece. This has required a considerable effort to add large chunks to the top of the pengiuns, but we think it will be worth it. Hopefully the additional time required to do this doesn't burn us later.

By the end of the day we had both penguin bodies very roughly formed, a cavity for moving parts carved out of the mechanical penguin, one of two axle holes drilled, a head roughed out and lifted (oof!) up on top of a body (not yet oriented correctly), and both axles turned on the lathe.

Toward the end of the day, we started doing stupid things. Lars had to remind me to get my safety equipment on before using a chainsaw, we forgot that we should have drilled the axle holes before cutting out the cavity, and we drilled a hole through two panels that only needed to go through one. Fortunately we decided to quit early in the evening before doing anything terribly disastrous. That enabled us to get an early start today, and we are making good progress again.

Lars had a wonderful (terrible?) idea for a technique to deliver liquid water to a weld. We were attaching the shoulders to the body of the mechanical penguin, so we packed the edges with snow and then drilled a 3/4 inch hole all the way from the top of the shoulder piece down to the thin gap between the parts and poured water right down the hole. Unfortunately the liquid water never spread further than an inch from the hole because, we suspect, it encountered too much snow deposited by the drill bit. Maybe it would have worked if we had blown out the hole with compressed air before pouring the water. Anyway we'll have to try to bond the pieces together better today. We hope to have that and the head of the other penguin done very soon.

Watch us on our webcam!

Monday, February 23, 2009


We are in site number one this year. Matt, our inside man in the webcam crew, tells us that our webcam was the first one made operational yesterday, so it should be available when the event starts Tuesday morning at 9:00. We might not be there right when the horn sounds, however, due to some scheduling difficulties. Lars has recently been promoted (yay!) to a full-time teaching position at a local high school, but his students have had so many different teachers that they need a bit of stability. For this reason he'll have to teach one morning class on Tuesday and Thursday, but he'll have substitutes for his other classes.


Here is our official sketch for this year's Single Block Classic. Our plan is to carve a pair of star-crossed lovers, a realistic penguin and a mechanical penguin. The mechanical penguin's head bobs up and down when a wind-up-toy-style key is turned.

greetings, ice machine enthusiasts!

I am a terrible blogger. As all (three) of you know, I have failed to finish blogging about the 2008 World Ice Art Championships. Now a whole year has passed, and I find myself back at Belfair preparing for the 2009 event! Perhaps I will properly finish telling last year's tale at some point, but I want to start blogging about this year, so here is a quick summary: Lars and I constructed what we felt was our best sculpture yet, but the machine portion was non-functional. The primary mechanical problem was that we failed to make gears precise enough to mesh (so what else is new). We did, however, complete a giant half gear, several smaller gears, the flywheel, and axles. Then we made an abstract sculpture with rounded edges and round gears on one end and square edges and square gears (not even pretending to be functional) at the other end. It was great fun and hard work, and we ended up rather burnt out (a contributing factor to the non-blogging condition).

On to 2009! We are back in action with a great new design. We contemplated trying a non-mechanical sculpture this year (I suggested penguins). We also had an idea for a simpler, gear-less mechanical windmill. We ended up deciding that mechanical ice sculpture is our own particular. . . idiom, so a machine it will be. We combined the ideas and intend to produce a mechanical penguin. No gears!

Our goal has been to produce a mechanical sculpture that is visually interesting yet requires minimal preparation. We haven't constructed any new tools this year! I'm sure we'll enhance our arsenal in the future, but we needed a year without the hundreds of hours of tool preparation that has kept us so busy in the past. It will be fun to see what we can create using only previously developed tools and techniques.

Saturday, February 21, 2009

thanks, ShmooCon

Dominic and I had a great time at ShmooCon. Our talk was fun and well attended. Video of the talk will be posted "soon." Slides (PDF, ODP, PPT) and code are up.

We met a lot of great people and had some interesting feedback and discussions of new ideas. We're still working on this stuff, so hopefully we'll have something even better to show off later this year.

Thursday, February 05, 2009

see you at ShmooCon

Dominic Spill and I are presenting Building an All-Channel Bluetooth Monitor at ShmooCon this weekend. It should be fun!