Updates from June, 2012 Toggle Comment Threads | Keyboard Shortcuts

  • Kartik 1:09 AM on June 23, 2012 Permalink | Reply
    Tags: , , Capture the flag, , ethical hacking, , Hacking, , KaNiJe, Meetup, , Security,   

    A Fun Security Weekend with null and sCTF 

    I know it’s quite late to post about the last weekend when another weekend is around the corner, but couldn’t control myself as the last one was so eventful. :)

    It was almost 2 weeks back that I got to know about sCTF 2012. I have always wanted to learn about computer security (and the darker side of hacking), but haven’t been able to give time it to it. What followed was a quick search for team members from among my batch via FB – Nithin immediately showed interest, we pulled Jerrin in too. We quickly registered ourselves as Team KaNiJe (sounds Manga-ish right?) after calling Vinod Pathari Sir and convincing him to become our mentor.

    We were handed over the first set of questions for Round 1 via email. What I liked most about sCTF and its organizers was that they focused on being newbie friendly and were maintaining a decent level of quality with the contest. This was demonstrated in the Round 1 (christened – Learning Round by them) questions. They ranged from basics like installing VirtualBox, learning basics of PHP and SQL, and going up to buffer overflow exploits and reverse engineering. The sets of tasks were many and very few days with us – June 16 was the deadline. During this period I enjoyed hacking the basic missions at hackthissite.org, learnt a lot about iptables – default linux kernel firewall, buffer overflows, etc. I also went through my study report prepared for my Networks course assignment on common networking tools like ping, ssh, traceroute, ifconfig, netstat, wireshark, etc. to recall useful stuff and then tried to familiarize myself with the ethical hacking parlance using the suggested flashcards.

    I also happened to attend null Bangalore’s monthly meetup on Saturday (16th) and, need I mention, this was THE best community meetup I have ever attended! I got to learn basic SQL injection, some JavaScript obfuscation techniques and some memory forensics basics, the last one was arguably the best session in the meetup. Through the meetup I got in touch with an MCA alumnus from my college – Shruti (who apparently knew me by name already) and then enjoyed a buffet at a nearby restaurant with her friends (a gang of 6 white-hat hackers!). I was astonished to discover a whole new (for me) world of security professionals in India and how deeply they enjoy their work. This will definitely keep me interested in security area for a while, more so because I will be taking Vinod Pathari Sir’s elective on Computer Security in the coming sem. Sadly, I was unable to attend BangPypers June Meetup due to approaching deadline of sCTF’s first round.

    Earlier, on 15th night, we had divided the tasks among ourselves with 2 sections for each. On 16th afternoon, Jerrin and me met at CIS to finish up our submission for the first round, Nithin was collaborating from his home at Trivandrum. We had about 3 hours remaining for the deadline and I was yet to start on my sections (the lazy procrastinator that I am; and there had been a confusion about extension of deadline to add to my procrastination). My sections were Part 2 (mysql, apache, hardening, log file, php log file etc) and Part 4 (secure coding, attacks). Given my experience sysadmining for about past three years, it didn’t take me more than an hour to finish up the first section (of course, there were new things to learn as well). The other section was more of a problem with the time constraint but I managed to do most of it. Just near the deadline of 7 pm we submitted our partial solutions (the poor reverse engineering section was left blank completely!) and parted for the day.

    The next day was the second round (also online), scheduled from 10am to 4pm and which along with round 1 would decide our qualification for the finals. I reached CIS at 10 and logged in to the contest portal, Jerrin joined in soon and Nithin too remotely. There were questions divided into multiple sections – Crypto, Web, Binary, and Trivia. We got a good lead in the beginning when Nithin solved the first two in Binary section. I started with Trivia and found it fairly easy (Google was our assistant for that section ;-) ) in the beginning, but really got stuck at two questions in that section. Jerrin was solving Crypto questions one by one. The fun part was that all the teams and organizers were connected together with irc. We could ask doubts from them and they kept us entertained with their irc bot, live announcements of score board, and poking fun at each other and us. So, after a while I discovered that organizers had done a minor mistake which led to our advantage (I managed to finish those nasty 2 remaining Trivia questions) and put us on top for a while on the rankings. The next 2-3 hours were spent struggling on remaining questions with little progress and we ended up at rank 5 among the total 18 teams that were present.

    Two days later, we were informed via mail that we had qualified for the finals! And that we were fully sponsored to attend the first International Conference on Security of Internet of Things to be held from August 16 to 19 at Amritapuri campus. The final round of the contest will be held on Aug 20 after the conference. I was overly excited because I was not aware that we were eligible to attend the conference just by qualifying for the finals. According to Vinod Sir it will be great to listen to Ross Anderson who is speaking at the conference. Looking forward for a great experience at our first academic conference (and lots of learning in the field of security to prepare for the finals). :)

     
  • Kartik 10:12 PM on June 13, 2012 Permalink | Reply
    Tags: , , , , , , hardware hacker, , Open Hardware, , ,   

    (Bangalore) Summer of ’12… with BeagleBone 

    BeagleBone

    This post will be slightly long. Lots of exciting things happening over a Bangalore summer this year for me. :D

    Somehow I always wanted to learn more about hardware and with a mentor like Khasim the road seems a lot more exciting. I first met him when he came to conduct a workshop on BeagleBoard during Tathva 2009 at my college – NIT Calicut. I was just a fresher then and have since regretted that I could not attend that workshop completely (due to my participation in various CS related competitions).

    Well, life took strange turns and I along with friend Jerrin landed up in Bangalore and got to hack together on a BeagleBone (a low-cost, high-expansion hardware-hacker focused BeagleBoard). We initially learnt the very basics of working with a board like this using the serial output on UART console (and discovered that we couldn’t proceed further until R219 was plucked out, thanks to another mentor Mr. Satish Patel from Khasim’s team; fiola on #beagle channel on freenode was a great help in troubleshooting as well), then there was Starterware which enabled us to experiment with blinking LEDs and other small programs for Bone.

    I then learnt how to read a schematic using the great book by Barr & Massa which Amarjit Singh suggested (now I will recommend this book, Programming Embedded Systems, as a TO-READ if you want to learn basics of embedded systems programming) and tried to understand the schematics of BeagleBone (rev. A4). I was able to identify how various components on the board connect to the processor and the direction of data flow among them and to understand how simple things like power reset, user LEDs, SDRAM, USB host & connector, microSD and expansion slots interact with the CPU.

    Exploration of the design specifications of the board with some details about each external peripheral present on the board from the BeagleBone System Reference Manual followed. I even tried to read ARM335x datasheet and Technical Reference Manual to extract useful information (like memory locations of on-chip peripherals, handling of interrupts at CPU level, etc.) – datasheets are HUGE documents! Using this data, referring the book by Barr & Massa and taking help from Starterware example programs I was able to write my (own) code from scratch for blinking an LED on BeagleBone as a pure learning exercise – believe me it was total fun (no matter however it may sound in this post)!

    Just today, I got my hands on Microchip’s Accessory Development Starter Kit for Android (pictured below). I will be using this to understand the ins and outs of Android’s Open Accessory Protocol and try to port the firmware on BeagleBone such that it could be used as an ADK platform as well. Lots of learning, fiddling with USB APIs, Android hacking, and of course embedded C programming to follow next (and I am up for the game!).

    Here are some pics of the awesome things I am playing with these days (click on image for larger view):

    I will try to regularly post about my progress here and yes, there is a lot more I have to say about this Bangalore Summer, but some other post, some other time. :)

    Ciao

    k4rtik

     
    • appu sajeev 10:30 PM on June 13, 2012 Permalink | Reply

      from where did u buy the beaglebone?

    • Sajjad Anwar (@geohacker) 12:16 AM on June 14, 2012 Permalink | Reply

      Yay! Super excited to know that you are enjoying your time in Bangalore! Good luck :)

      • Kartik 12:45 AM on June 14, 2012 Permalink | Reply

        Thanks. And it’s because of you and so many other people I am meeting here in Bangalore. :)

    • Pranav 9:50 AM on June 14, 2012 Permalink | Reply

      Awesomeness :D

    • Pramode 10:02 PM on June 15, 2012 Permalink | Reply

      Have fun hacking the BeagleBone (and other stuff)!!

      • Kartik 10:06 PM on June 15, 2012 Permalink | Reply

        Yes, loving it.
        And this time I would really love if you could visit our campus for a workshop on hardware hacking. We two would be able to assist too. :)

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
Follow

Get every new post delivered to your Inbox.

Join 55 other followers